back to overview
More blogs What Are Canvas Hashes?
Web browsers use HTML canvas elements to render graphics and text. Each browser, operating system, and hardware configuration can render these canvas elements in slightly different ways. These subtle variations can be captured by websites to generate a unique identifier for your browser.
This identifier is created by instructing the browser to draw a specific image or text onto a hidden canvas element, then converting the resulting pixel data into a hash value. This value is known as a canvas hash.
The "images" rendered on these canvases for fingerprinting purposes typically include a combination of:
- Text with specific fonts and anti-aliasing
- Colors and gradients
- Geometric shapes
- Emojis
The rendering of each of these elements can have minute variations depending on factors like the browser version, operating system, installed fonts, and graphics hardware. This generated canvas hash can then be used as a component of a browser fingerprint to track users across different websites, potentially bypassing privacy measures like incognito mode or cookie deletion.
How Can I Protect Myself from Canvas Fingerprinting?
Fortunately, you can take steps to protect yourself from canvas hash fingerprinting using readily available tools and techniques. Here are several methods:
1. Use a Browser Extension
Browser extensions such as Privacy Badger and Ghostery can help mitigate canvas fingerprinting. These extensions often work by interfering with the JavaScript APIs used to read canvas data, for example, by adding noise to the image data or returning a consistent, fake value.
These extensions typically employ one of two main strategies: randomizing the canvas hash on each request or providing a consistent, but generic, hash. You can often determine which approach an extension uses by refreshing this page. If the canvas hash displayed (to the right on desktop, or potentially at the top on mobile) changes with each refresh, the extension is likely randomizing it. If it remains constant, it's likely providing a fixed hash.
Randomizing the hash aims to make your browser appear unique on every visit, which can disrupt tracking. However, some websites might detect this randomization and could limit functionality or flag it as suspicious. Using a fixed, generic hash makes your browser blend in with other users employing the same strategy. Many extensions that use this method also allow you to easily generate a new fixed hash if you wish to change your fingerprint.
2. Modify Browser Settings or Use Privacy-Focused Configurations
Some specialized browsers (like Incogniton) or advanced browser configurations allow you to modify or disable the APIs that enable canvas fingerprinting. This is typically managed through advanced privacy settings. Be aware that completely disabling canvas rendering capabilities might break websites that legitimately use canvas for graphics or other functionalities, not just for fingerprinting.
3. Use a Privacy-Focused Browser
Privacy-focused browsers are specifically designed with features to counter tracking techniques like canvas fingerprinting. Examples include Incogniton and Tor Browser. These browsers often incorporate multiple layers of privacy protection beyond just canvas fingerprinting defense.
For instance, Incogniton is designed for managing multiple browser profiles, each with a distinct and consistent canvas hash, allowing for isolated online identities. It also offers options to modify canvas readouts to further enhance privacy.
Conclusion
Canvas hashing is a sophisticated technique used for online tracking. However, by employing browser extensions, adjusting browser settings, or using privacy-centric browsers, you can significantly enhance your protection against this form of fingerprinting and maintain better control over your digital privacy.
