-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
canvas fingerprint is different for different zoom levels on Firefox #103
Comments
I'm working on this. In addition to toDataURL, both getScreenResolution and getAvailableScreenResolution is changing. by using a 12pt font instead of 11pt for that text this issue goes away as far as i can tell. the other issues still remain. both getScreenResolution and getAvailableScreenResolution are returning vaules in virtual pixels as if it was lowering my screens dpi. I need some input on how to work around this. how much entropy will we loose by simply disabling getScreenResolution and getAvailableScreenResolution on firefox? |
Thanks! You may be interested in some of the work I had been doing in this area too here: As for skipping the resolution keys on FF - it's a step I'm reluctant to make, we should try to solve this ideally :) |
Awesome! Unfortunetly I was wrong about the 12pt fix. But setting transform: scale(1); on it does work. Now for the resolution thing. I don't think we can actually calculate it, as it is throwing away information when it rounds it. Had that been the only issue we could've brute forced it similar to how hashed passwords are cracked. But as we have multiple widths mapping to the same virtual width. |
IE is similar conceptually but different in JavaScript API and rounding precision
I don't entirely understand your idea. Please explain in more detail |
list common resolutions
PS. i was wrong about the toDataURL again -.- |
I have been doing tests on this and I guess these are separated issues.
So maybe it is worth to address them separately, in my team, we think we have a solution for the first issue, so maybe we soon we will send a pull request. |
Would zoom variability not be a problem if the fingerprinting was done inside of a hidden iframe with
in its |
@kevindice It does not work. |
I've noticed that when enabling the inspector on mobile mode the fingerprint is also different. This is probably related to the same zoom issue. Somehow the script on this demo site (minified, cutted in pieces and loaded through ajax) has a very good behaviour: https://browserleaks.com/canvas I would strongly encourage to beautify it and replace the one char variables and function names to make it readable and correct the behaviour based on what they do. |
Here you have it: https://github.com/sgarciafer/canvasfingerprint |
Question: Is this a duplicate of #98? Given that it's set for V3 milestone, where IE support is dropped. |
Yes, it duplicates the same issue: zoom changes the resolution and by extension, the fingerprint. |
The canvas image difference is mitigated in d3e359c by extracting the text into a separate canvas image (the text changes with the zoom level while the geometry stays the same). The image with text is still used to calculate the hash, but it can be removed in a custom components hash function. The image before: The images after: |
When I zoom the page in FF, I get different FPs, because the
canvas.toDataURL
returns different results for different zoom levels.The text was updated successfully, but these errors were encountered: