

HTML5 Canvas Fingerprinter - logn
https://www.browserleaks.com/canvas

======
mwexler
I think some of the comments re: browser agent are missing the point. I think
the poster was not focused on whether it can identify the system or browser
type, but instead as a technique to provide a potentially unique (or somewhat
unique) fingerprint that a user can't eliminate easily. So, a site could use
this code (along with other techniques) to identify your browser and even if
you delete a set cookie, detect that it's the same browser.

They may discover, btw, that it's not as unique as they think it is, but
combined with other techniques, can be a tracking attribute that is difficult
to disable.

It doesn't seem resilient to change in the underlying system from my cursory
view (if I change my graphics card, resolution, or color depth, does this id
change?) but like
[https://panopticlick.eff.org/](https://panopticlick.eff.org/), it's useful
and a good cautionary tale to see the variety of ways your browser can be
uniquely distinguished, with and without the use of cookies.

BTW, the icons on the left side of the browserleaks page are actually a menu
and offer other "leaks" of info from the browser: some well known, others more
subtle.

------
falcolas
Note that this is browser fingerprinting, not necessarily the user of the
browser. Useful to detect spoofed User-Agent strings, not sure to what end
though.

~~~
davesque
The fingerprint is really on the browser, graphics driver (os-specific), and
graphics hardware. Other sources of information could be used to increase the
probability that the fingerprint is unique to the user.

[http://en.wikipedia.org/wiki/Canvas_fingerprinting](http://en.wikipedia.org/wiki/Canvas_fingerprinting)

------
stolio
> _JavaScript Disabled — Canvas element is part of HTML5, but it also requires
> JavaScript_

Victory! HA!

[enables javascript]

> _General conclusion: Your system fingerprint appears to be unique, yet we
> don 't collect signatures here, just check._

Interesting. That is really not the answer I'd like to see. Is there a "blend
in more" plugin?

~~~
nacs
> Is there a "blend in more" plugin?

There's a Chrome extension called Chameleon (
[https://github.com/ghostwords/chameleon](https://github.com/ghostwords/chameleon)
) that attempts to cut down on fingerprinting.

------
darklajid
General Conclusion It is very likely that you are using [Firefox] on [Windows]

(Aurora/Developer Edition on Arch Linux)

I understand that they can figure out that I'm running some variation of FF,
but .. why would it think this is Windows?

~~~
aselzer
Are you 9B6288AF? (1/41051)

I am also using FF Developer Edition on Arch Linux.

It says Firefox on Linux to me.

~~~
darklajid
Nope, that's not me.

Signature B15C225D

would be me, for what it's worth.

------
whafro
Seems strange that it couldn't identify my pretty-stock Safari 8.0.3...

------
KTastrophy
Interesting, but needing User-Agent string to determine the fingerprint in the
first place makes it a lot less useful in my mind.

~~~
aselzer
It doesn't need it, it stores the User Agent beside the unique fingerprint to
tell people with the same fingerprint what browsers they (probably) have. If
it really doesn't work without UA, then it's just the website not expecting
someone to have disabled it.

