New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Canvas Fingerprint #8

Closed
sikjoy opened this Issue Aug 30, 2013 · 19 comments

Comments

Projects
None yet
7 participants
@sikjoy

sikjoy commented Aug 30, 2013

Perhaps adding canvas fingerprint will help with mobile devices. The technique is outlined here: https://www.browserleaks.com/canvas

@sikjoy

This comment has been minimized.

sikjoy commented Aug 30, 2013

"After plugins and plugin-provided information, we believe that the HTML5 Canvas is the single largest fingerprinting threat browsers face today." - Tor Project. Original research: Pixel Perfect: Fingerprinting Canvas in HTML5, demo: HTML5 Canvas Fingerprinting.

@Valve

This comment has been minimized.

Owner

Valve commented Aug 30, 2013

I've read the Pixel Perfect research and came to the conclusion that Canvas fingerprinting serves its purpose only when other, more traditional fingerprinting methods aren't available. For instance on a Tor Firefox browser it's impossible to identify a user by fingerprinting, because all components would be the same, and fingerprinting will identify all Tor-enabled browsers as one.
This research says that canvas fingerprinting is orthogonal to traditional fingerprinting and should be used independently.
Additionally, the browserleaks.com collected statistics suggest that on average there is one distinct PNG CRC checksum per 8 user agent strings, which leads me to think of it as not sufficiently diverse set of crc values.

This fingerprinting library should be as general-purpose as possible, not catering to specialized browser packages.

Please let me know what you think.

@sikjoy

This comment has been minimized.

sikjoy commented Sep 2, 2013

I don't think orthogonality implies that it should be used independently, rather that it is statistically independent. This is a good thing, in that the net gain in entropy, by adding the technique among the other tests, is the full amount, as measured, if the technique were applied by itself.

Looking at the Pixel Perfect whitepaper, they did a small scale experiment with 294 tests which yielded 116 unique fingerprints despite having very little variation in browser and OS. They say this translates to an entropy of 5.73 bits, which is comparable to the entropy gain of the http accept test, which I believe you are currently using.

@Valve

This comment has been minimized.

Owner

Valve commented Sep 2, 2013

OK, I'll implement it as an optional thing, similar to:

var fp = new Fingerprint({canvas: true});

When passed the canvas: true option, the fingerprinting will use this method with others.

Valve added a commit that referenced this issue Sep 2, 2013

v.0.4 - add support for canvas fingerprinting,
registered as a bower 'fingerprint' package,
this fixes issue #8

@Valve Valve closed this Sep 2, 2013

@prismspecs

This comment has been minimized.

prismspecs commented Jul 24, 2014

Valve, is it possible to save the image generated by canvas fingerprinting with this?

@Valve

This comment has been minimized.

Owner

Valve commented Jul 25, 2014

@prismspecs, to save the canvas image, you need to do similar to:

var el = document.getElementsByTagName('canvas')[0];
var base64 = el.toDataURL();
alert(base64);

Once you have the base64, you can save it with any server-side languages, by converting to byte array and saving to the disk.

@tanuj-github

This comment has been minimized.

tanuj-github commented Aug 12, 2014

Valve, how can we use the users information for creating images in canvas?
I have seen many examples but those all are using some predefined values. I am still unable to understand that how can they differentiate users on these values.

Please help...

@Valve

This comment has been minimized.

Owner

Valve commented Aug 12, 2014

@tanuj-github what users information are your referring to?

@tanuj-github

This comment has been minimized.

tanuj-github commented Aug 12, 2014

Thank you Valve for replying immediately...

I am implementing device fingertprinting first time and I have studied we use user machine information like User Agent, App Name, App Code Name, App Version etc which we could get using Java Script.

So my question is how to create canvas image using this information?
And how can we utilize that in Canvas Fingerprinting?

@Valve

This comment has been minimized.

Owner

Valve commented Aug 12, 2014

Canvas fingerptinting doesn't really care what text you draw there, the only thing that matters is applying all the colors (see here https://github.com/Valve/fingerprintjs/blob/master/fingerprint.js#L265)

In other words, it doesn't matter whether you draw abcefghjkl... or your app name and version

@tanuj-github

This comment has been minimized.

tanuj-github commented Aug 12, 2014

That means the image created this way itself contains the all information that we needed to identify a user machine over a network and we just need to store hash coded value in our database?

@Valve

This comment has been minimized.

Owner

Valve commented Aug 12, 2014

fingerptintjs uses a lot of browser capabilities besides image, but overall yes, the way it's built now is sufficient. Remember that fingerprint does not guarantee you the correct identification, it only gives 89-94% of uniqueness.

@tanuj-github

This comment has been minimized.

tanuj-github commented Aug 12, 2014

Thank you Valve.. This information would be very helpful for me.

@tanuj-github

This comment has been minimized.

tanuj-github commented Aug 16, 2014

Hi Valve.

I am done with Canvas fingerprinting but each time I make change in browser config [like changing resolution, browser language setting etc] It is giving me a different hashcode. Then how can we identify a user uniquely?

@simonpucher

This comment has been minimized.

simonpucher commented Aug 16, 2014

Thats fine, this is how it works ;)
Maybe this link is interesting for you: https://panopticlick.eff.org/browser-uniqueness.pdf
You should use canvas fingerprinting additional to other techniques like IP, Cookies, and so on.

@perwoll

This comment has been minimized.

perwoll commented Feb 9, 2018

Privacy Manager from Ivan Iovation is what we have been looking for for many years.
This solve almoust any fingerprints, including canvas.
It is a manager for your own privacy that change everything in a natural way. so no more unique tracking are prossible.

They even change the graphics of the computer and hardware footprints.

dashboard

@AdKiller

This comment has been minimized.

AdKiller commented Apr 19, 2018

@perwoll what is this you are spamming about? closed source addon, with no reputation that costs $199 per month?!?!?

@perwoll

This comment has been minimized.

perwoll commented Apr 20, 2018

Yes, is a software that solve all fingerprint problems not solved in the past.
It is a new pilot product from ivanovation.ro.

@AdKiller

This comment has been minimized.

AdKiller commented May 2, 2018

@perwoll ok but $199 per month?!? Does it cure cancer too?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment