Canvas fingerprinting is a technique used to track users based on the unique characteristics of their devices and browsers. By rendering text or images on an HTML <canvas> element and analyzing the resulting pixel data, a unique "fingerprint" can be created for a specific device. This fingerprint can be used for tracking purposes across different browsing sessions.

Example Code

<!DOCTYPE html>
<html>
<head>
    <title>Canvas Fingerprinting Example</title>
</head>
<body>
    <canvas id="canvas" width="200" height="50" style="border:1px solid #000000;"></canvas>
    <script>
        function getCanvasFingerprint() {
            const canvas = document.getElementById('canvas');
            const ctx = canvas.getContext('2d');

            // Draw text with specific font and color
            ctx.textBaseline = 'top';
            ctx.font = '16px Arial';
            ctx.fillStyle = '#000';
            ctx.fillText('Hello, Canvas!', 10, 10);

            // Draw a rectangle with a specific color
            ctx.fillStyle = 'rgb(100, 100, 100)';
            ctx.fillRect(10, 30, 100, 20);

            // Get the image data from the canvas
            const imageData = ctx.getImageData(0, 0, canvas.width, canvas.height);

            // Convert the image data to a hash (simple example using CRC32 or similar could be used)
            let hash = 0;
            for (let i = 0; i < imageData.data.length; i++) {
                hash = ((hash << 5) - hash) + imageData.data[i];
                hash |= 0; // Convert to 32bit integer
            }

            return hash.toString();
        }

        // Get the fingerprint
        const fingerprint = getCanvasFingerprint();
        console.log("Canvas Fingerprint:", fingerprint);
    </script>
</body>
</html>

How It Works

1. Rendering Text and Shapes:

   • The code creates a canvas element and uses the 2D context (ctx) to draw text and shapes.
   • A specific font (Arial), text color (#000), and rectangle color (rgb(100, 100, 100)) are chosen to ensure consistency in rendering across different devices.

2. Extracting Pixel Data:

   • The getImageData() function is used to extract the raw pixel data from the canvas. This data represents the color values (RGBA) of each pixel on the canvas.

3. Generating a Fingerprint:

   • The pixel data is processed to generate a unique hash. In this example, a simple hashing mechanism is used, but in a real-world scenario, a more sophisticated hash function would be applied to generate a unique identifier.

4. Tracking Users:

   • The generated hash serves as a fingerprint that can uniquely identify the device/browser. This fingerprint can then be stored and used to track the user across different sessions or even across different websites.

Why It Works

• Device & Browser Variations: The rendering of text and shapes can vary slightly depending on the device, browser, operating system, graphics card, font rendering engine, and even installed fonts. These tiny differences lead to variations in the pixel data, which allows for the creation of a unique fingerprint.

Ethical Considerations

Canvas fingerprinting is controversial because it allows for tracking without the user's explicit consent, and unlike cookies, it is much harder to detect and block. Many browsers and privacy-focused extensions have started implementing countermeasures to mitigate the effectiveness of this technique.