-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Canvas fingerprint changes in Blink on macOS #574
Comments
This difference was introduced on Chrome 83 (checked on macOS 10.15). |
I can confirm this bug is still present in Chrome 87.0.4280.67 on Mac OS 10.15.7. |
TL;DR. The steps to reproduce are:
The images in the tabs will be different. |
- Leave no text to the right of the emoji; - Use concrete fonts to exclude the effect of font preferences (where'll be a separate entropy source for them);
Fixed by d837040 by moving the emojis to the right of the text lines. The fix will be published in the next big release that combines all changes that breaks the fingerprint compatibility. |
I use Chrome 86 on macOS 10.15.6, my laptop has only 1 GPU. The canvas fingerprint produces one picture on some websites and another on other websites:
The only difference is the right margin of the emoji. Both pictures are stable: one of them is produced on a website, and their distribution is almost equal.
Use the following browser console script to run get a canvas fingerprint in your browser:
The results are the same in regular and private mode, the zoom level is 100% in all the cases that I've checked.
So the issue affects only visitors that use a Chromium-based browser on macOS.
The problem doesn't affect the version 2, probably because it has no text after the emoji. Run the following code in a browser console to get an open v2 canvas fingerprint:
A fingerprint variant persists until you close the browser tab (even if no fingerprint was taken on the first page of the tab).
I've found the key difference that causes the image change: at least 1 character on the page must be rendered with the
BlinkMacSystemFont
font, the font can be set through thefont-family
CSS property (the closer the font is to the start of the list, the higher the chance to affect a character). The canvas is affected despite theBlinkMacSystemFont
font not being used in the canvas image. The fact that the fingerprint variant persists until the tab is closed makes me think that this is a subtle bug of Chromium.The right margin of the emoji is reduced regardless of the font that I set to
context.font
. The margin is reduced if the canvas text font size is less than18pt
, it doesn't depend on these browser settings: font size, page zoom, customize font / font size.Possible solutions:
Ask library users to use the same font-family on every page of their websites or not useIt won't help because the picture variant depends on the first page of the browser tab, not on the current page.BlinkMacSystemFont
at all (that isn't always possible).Make the canvas component draw only one of the pictures.I haven't found a way to do so. The picture variant is persistent so the library can affect it only if the agent runs on the first page of the browser tab.We've decided to address the rendering issue to the Chromium team and wait because:
The text was updated successfully, but these errors were encountered: