Saturday, May 21, 2016

Less-known way for sites to identify you: Canvas fingerprinting

It's moderately well-known that web browsers include some information about themselves and the system in requests, and that such information can be used to identify ("fingerprint") the user. There are also several less-known pieces of data that can be harvested, including one particularly interesting one.

New-ish browsers support the <canvas> tag, which is a way for web sites to render images and shapes from JavaScript. Different video hardware/software configurations result in ever-so-small differences when instructed to draw some simple shapes. Sites can ask your browser to render things on a canvas and then read the pixel data back to use as part of your fingerprint.

Tor Browser has an option to return blank data when a site tries to read the canvas, thus blocking this potential avenue to anonymity compromise.

No comments:

Post a Comment