Canvas Fingerprinting

POC of Canvas fingerprinting
Alternatives To Canvas Fingerprinting
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Fingerprintjs20,0902797 days ago75November 15, 202318otherTypeScript
Browser fingerprinting library. Accuracy of this version is 40-60%, accuracy of the commercial Fingerprint Identification is 99.5%. V4 of this library is BSL licensed.
3 months ago4September 20, 2022123mitPython
Audio fingerprinting and recognition in Python
4 years ago1June 02, 202186agpl-3.0Go
High-precision indoor positioning framework for most wifi-enabled devices.
a month ago1April 28, 201833bsd-3-clausePython
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
Nothing Private2,028
3 months ago3gpl-3.0JavaScript
Do you think you are safe using private browsing or incognito mode?. :smile: :imp: This will prove that you're wrong. Previously hosted at
Clientjs1,7023361a year ago9October 25, 202149apache-2.0JavaScript
Device information and digital fingerprinting written in pure JavaScript.
Vytal Extension1,616
3 months ago16gpl-3.0TypeScript
Browser extension to spoof timezone, geolocation, locale and user agent.
Utls1,349143408 days ago28October 10, 202324bsd-3-clauseGo
Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.
2 days ago36mitTypeScript
Creepy device and browser fingerprinting
5 months ago10bsd-3-clausePython
Alternatives To Canvas Fingerprinting
Select To Compare

Alternative Project Comparisons

Demo for Canvas fingerprinting

Here you can find JS library for fetching canvas fingerprinting, testing of preventing with addons and experiment with different hash functions, basic skeleton was taken from fingerprintjs.


Canvas fingerprinting is a techniques of tracking online users that allow websites to identify and track visitors using HTML5 canvas element instead of browser cookies or other similar means. Consider it like a cookie on steroids.

Main responsibility of canvas fingerprinting is collecting information about a remote computing device for the purpose of identification. Even if you are browsing GitHub now, this site try to fetch as much as possible your metadata like fonts, OS, specific system properties and it tries to draw hidden 3D canvas which will be converted in unique token for further identification on another sites, advertising some bullshit goods on e-commerce sites or for recommendation system in social network.

Variation of GPU time rendering of 3D canvas allows to generate unique token for each user. Also, this approach was widely used for deanonymization of Tor's user, in force of this fact, Tor's developers made a patch for this exploit, for now, Tor notifies user of canvas read attempt and return blank image data.

Text on a canvas

The text which was pictured on a canvas for the identification and successfully blocked by CanvasFingerprintBlock


A lot of add-ons allow you to prevent attempt to fetch canvas fingerprint like Privacy Badger or Canvas Defender, as mentioned above, Tor browser protect users from it by default. From October of 2017 Firefox prevents canvas fingerprinting by default, Firefox takes a bite out of the canvas while other browsers don't prevent it.


Preventing in action:

Docker hub attempted to fetch canvas fingerprint, but was locked by add-on:


Canvas Defender allows to generate dummy noise:

Dummy noise

Noise generated by canvas defender:

Dummy noise result


This library uses multiple sources for generating unique token:

  1. Canvas fingerprinting
  2. Screen Resolution
  3. Color Depth
  4. Screen Resolution
  5. Time Zone
  6. UserAgent
  7. Languages
  8. CPU class
  9. Fact of storing/presence/facts of:
    • session storage
    • local storage
    • indexed DB
    • open DB
    • IE AddBehaviour
    • IE specific plugins like RealPlayer, AcroPDF, AgControl.AgControl - for Silverlight etc.
    • DNT header - as ironic as it was

After collection all metadata in a single place, they are joined with MurmurHash, in result, you have integer value which represents fingerprint of your browser.

Library usage:

    var fingerprint = new Fingerprint();

If you want to control drawing flag, just pass it directly canvas: true

    var withCanvasDrawing = new Fingerprint({canvas: true});
    var withoutCanvasDrawing = new Fingerprint({canvas: false});

Using custom hash function

    var withCanvasDrawing = new Fingerprint({hasher: pearson});

Example with Java's hashcode from java.lang.String:

    var javaHashCode = function(string, K) {
            var hash = 0;
            if (string.length === 0) {
                return hash;
            for (var i = 0; i < string.length; i++) {
                char = string.charCodeAt(i);
                hash = K*((hash<<5)-hash)+char;
                hash = hash & hash;
            return hash;

    var fingerprint = new Fingerprint({hasher: javaHashCode});

License: MIT

Popular Fingerprinting Projects
Popular Fingerprint Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.