Graphical Canvas fingerprinting (demo sites & planning)

[daijro]

This discussion is dedicated to researching & implementing a safe, undetectable way to spoof the HTML Canvas pixel data in Camoufox without causing leaks.

Testing

Here is a test site I put together demonstrating the issue:

https://camoufox.com/tests/canvas

End Goals:

• Randomization should not be detectable
• Hashes should change in new sessions
• Hashes should not change between retests/regenerations of the same image

Randomization

Firefox currently has built-in functionality to spoof the canvas fingerprint by randomizing the image buffer before it is returned:

https://searchfox.org/mozilla-central/source/dom/canvas/CanvasRenderingContext2D.cpp#2078

However, WAFs easily detect this by creating a random canvas with known results, reading it back, and checking the differences (see this paper, the demo website here by the Arkenfox team).

Strategy

A more subtle and less detectable approach could involve introducing randomization earlier in the rendering pipeline, specifically at the operation level.

By randomizing individual rendering steps such as anti-aliasing, sub-pixel rendering, or the algorithms used for drawing shapes and text (for example, by randomly offsetting the position similar to how Camoufox already handles font fingerprinting), we can make it harder for websites to create reliable canvas fingerprints without introducing detectable artifacts.