What is Canvas Fingerprinting?

Canvas fingerprinting is a tracking technique where a website forces your browser to draw a hidden image. Because every computer (GPU/Driver combination) draws slightly differently, the resulting image creates a unique ID that can track you across the web.

Does a VPN hide my Canvas Fingerprint?

No. A VPN only hides your IP address. Canvas fingerprinting runs locally on your device's hardware. You can be on a VPN in Switzerland, but your Canvas ID will remain exactly the same.

Browser Forensics

Canvas Fingerprint Test

Websites can identify you by asking your browser to draw a picture. See the unique "Signature Hash" your graphics card produces.

Canvas is just one tracking vector. Audit your full device privacy on our homepage.

The "Zombie Cookie"

Standard cookies are easy to delete. You clear your browser history, and they are gone.Canvas Fingerprinting is different.

Because it is based on your physical hardware (your screen, your graphics card, your installed fonts), the fingerprint stays the same even if you:

Clear your cookies and cache.
Use "Incognito" or "Private" mode.
Switch to a VPN.

This persistence is why advertisers call it a "Supercookie" or "Zombie Cookie"—you cannot kill it easily.

The Entropy Recipe

🎨
GPU BlendingHow your card mixes semi-transparent colors.
🔠
Sub-pixel SmoothingWindows (ClearType) vs Mac (Quartz) render fonts differently.
🖥️
Screen ResolutionYour exact pixel density contributes to the hash.

The Code Behind The Attack

The scary part about Canvas Fingerprinting is how simple the code is. Any website can run this JavaScript silently in the background without asking for permission.

tracker.js

// 1. Create a hidden canvas

var canvas = document.createElement('canvas');

var ctx = canvas.getContext('2d');

// 2. Draw complex shapes (The "Fingerprint")

ctx.textBaseline = "top";

ctx.font = "14px 'Arial'";

ctx.fillText("Hello World 👋", 2, 2);

ctx.fillStyle = "rgba(0, 0, 255, 0.5)";

ctx.fillRect(10, 10, 50, 50);

// 3. Convert to Data URL (The Unique Hash)

var fingerprint = canvas.toDataURL();

// Result: "data:image/png;base64,iVBORw0KGgo..."

Developer Note: This technique is often combined with WebGL Fingerprinting to create a 99.9% accurate profile of your device.

Can you block it?

You cannot simply "turn off" the Canvas API because it powers the modern web. Google Maps, Figma, Netflix, and online games all rely on it.

However, you can poison the data.

The Strategy: Randomization

Privacy-focused browsers (like Brave) and extensions (like CanvasBlocker) use a technique called "Noise Injection."

When a website asks to draw a picture, the browser intentionally changes a few pixels at random. To the human eye, the image looks the same. But to the tracking algorithm, the Hash changes every time you visit the site.

Are you invisible yet?

Blocking Canvas is just step one. Your IP, WebRTC, and Headers can still betray you.

Go to Privacy Dashboard →

Comprehensive scan including IP, DNS, and Headers.