Canvas fingerprint depends on page encoding

[chiangandy]

I start to try the fingerprintjs functions, so far I would like to use open-source version first. I saw the information in demo site https://fingerprintjs.github.io/fingerprintjs/ amd got visitor id. Then I try to use fp.min.js to make an html page to try same function, however I got the different visitor id from demo site shows. since I check all of checking point and everything is same except visitor id. It confuse me. Does demo site use open source version which is same as fp.min.js?

[Finesse]

@chiangandy The demo page uses the freshest version of the code from the master branch while NPM and CDN contain stable versions that can be a bit outdated. Also some fingerprint component values depend on page protocol (HTTP or HTTPS), this is an expected behavior. Could you please provide debug data for your different identifiers? You can get debug data from your website by adding debug: true to the get() options and copying the console content.

[chiangandy]

after I set debug:boolean, I got something like attached file....
localhost-1606470321996.log

So the js code use in demo site is open-source version too?

Any information will be appreciated.

Andy

[chiangandy]

I found issue here. It's little bit weird.
because I was worry efficiency issue, so I move fp.min.js to local location and use <script src="fp.min.js"></script> to run it. So what is why I get visitor_id is different from load js from CDN.

I know the issue, but I want to know why the visitor id is different when I run js code in local?

I also attach the log infomation (running in local) here.
localhost-1606472168155.log

[Finesse]

@chiangandy Your logs are truncated. Could you please get full logs?

Nevertheless, I can see that the canvas component values are different in your logs. Probably, it's caused by #574. Please try to reproduce it using the instructions at #574 (comment). If you success to reproduce, then try add/remove BlinkMacSystemFont (see #574 for details).

[chiangandy]

@Finesse , so sorry to provide the partial log, let me try to produce it again.

Both full logs are attached. private_mode was running js in local and regular is on CDN. About #574 , I have run the comments html to check canvas result. It is difficult to see the differences. But I think you are maybe right if you find the canvas data is different.

Anyway, so #574 is a bug issue? will it fix in future version?

private_mode.log
regular_mode.log

[Finesse]

@chiangandy Thank you for the full logs. You experience another problem, the canvas emoji is replaced with random symbols in private mode. It can be caused by wrong encoding; if your browser uses no UTF-8 encoding to read your local JS script, the emoji will break.

Please tell me the encoding header returned with the local script. You can do it with dev-tools in any browser or with curl: curl -I https://your/script/url/fp.min.js. See Content-Type header, it shall contain charset=.... Also please replace the minified version (fp.min.js) with the unminified version (fp.js) on your local server and check whether the fingerprint is still different.

[chiangandy]

Yes, my html page doesn't set UTF-8 encoding because it is just a test page.
html code is very simple as below:

<html>
<html>
    <head>
    </head>
    <body>
      <div id = "pub_ip" ></div>
      <div id = "city_info" ></div>
      <div id = "refeerrer" ></div>
      <script src="fino.js"></script>
    </body>
</html>

and fs.min.js is loading on in fino.js.
After I add meta for utf-8 like...

    <head>
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
    </head>

finally I get visitor ID are same in both private and regular mode. So key issue is page encoding. Thanks.
However, could you please tell me why the different from private and regular mode? the environment is different when run js on different location?

the final running log are attached for a references.

localhost-1606717627266_regular_mode.log

localhost-1606717714566_private_mode.log

[Finesse]

@chiangandy

Yes, my html page doesn't set UTF-8 encoding because it is just a test page.

I meant HTTP headers, not HTML headers. Sorry for the ambiguity.

finally I get visitor ID are same in both private and regular mode. So key issue is page encoding.

Thank you for reporting, this is a valuable information.

However, could you please tell me why the different from private and regular mode? the environment is different when run js on different location?

I'm not sure that I understand you. You've answered the question: because you ran pages with different encodings.

the final running log are attached for a references.

The fingerprints are the same, I see no problem.

[Finesse]

Fixed by e073bbd. Will be published in the next NPM release.

[Finesse]

The fixed is published in v3.0.7