Graphical Canvas fingerprinting (demo sites & planning)

[daijro]

This discussion is dedicated to researching & implementing a safe, undetectable way to spoof the HTML Canvas pixel data in Camoufox without causing leaks.

Testing

Here is a test site I put together demonstrating the issue:

https://camoufox.com/tests/canvas

End Goals:

• Randomization should not be detectable
• Hashes should change in new sessions
• Hashes should not change between retests/regenerations of the same image

Randomization

Firefox currently has built-in functionality to spoof the canvas fingerprint by randomizing the image buffer before it is returned:

https://searchfox.org/mozilla-central/source/dom/canvas/CanvasRenderingContext2D.cpp#2078

However, WAFs easily detect this by creating a random canvas with known results, reading it back, and checking the differences (see this paper, the demo website here by the Arkenfox team).

Strategy

A more subtle and less detectable approach could involve introducing randomization earlier in the rendering pipeline, specifically at the operation level.

By randomizing individual rendering steps (anti-aliasing, sub-pixel rendering), or the algorithms used for drawing shapes and text (for example, by randomly offsetting the position similar to how Camoufox already handles font fingerprinting), we can avoid creating obvious image artifacts.

[ThomasAlbrt]

God I wish I could help you.

But the truth is I'm not good enough to even know where to start.

[vlrevolution]

How's this going? Is this relevant perhaps?
#121

[Ghxst]

Vendors have a list of known GPU Vendor + Renderer combinations for a collection of canvas ops, they will always produce the same result on the same hardware, you cannot introduce variance in any part of the rendering pipeline that changes the hash without being penalized, I've tested multiple GPUs with dozens of drivers and the biggest variance you see between drivers for the same GPU + renderer combination is less than a handful so this is a very strong signal for them.