canvas fingerprint is different for different zoom levels on Firefox

[Valve]

When I zoom the page in FF, I get different FPs, because the canvas.toDataURL returns different results for different zoom levels.

[RobertBorg]

I'm working on this.

In addition to toDataURL, both getScreenResolution and getAvailableScreenResolution is changing.
diff after toDataURL fix: https://www.diffchecker.com/8nunklnj
as can be seen here it is the first text that is causing the change for the image generated on canvas.

by using a 12pt font instead of 11pt for that text this issue goes away as far as i can tell. the other issues still remain.

both getScreenResolution and getAvailableScreenResolution are returning vaules in virtual pixels as if it was lowering my screens dpi. I need some input on how to work around this. how much entropy will we loose by simply disabling getScreenResolution and getAvailableScreenResolution on firefox?

[Valve]

Thanks! You may be interested in some of the work I had been doing in this area too here:
https://github.com/Valve/fingerprintjs2/commits/dev

As for skipping the resolution keys on FF - it's a step I'm reluctant to make, we should try to solve this ideally :)

[RobertBorg]

Awesome! Unfortunetly I was wrong about the 12pt fix. But setting transform: scale(1); on it does work. Now for the resolution thing. I don't think we can actually calculate it, as it is throwing away information when it rounds it. Had that been the only issue we could've brute forced it similar to how hashed passwords are cracked. But as we have multiple widths mapping to the same virtual width.
I propose we use a lookup table for common resolutions, what do you think? Also, is the problem in IE same as in FF? i don't have IE readily available.

[Valve]

IE is similar conceptually but different in JavaScript API and rounding precision
I don't have IE too, unfortunately.

I propose we use a lookup table for common resolutions, what do you think?

I don't entirely understand your idea. Please explain in more detail

[RobertBorg]

list common resolutions
like

var commonWidth = [640,768,800,800];
var commonHeigth = [480,480,480,600];

var lower = Math.round((virtualWidth-0.5)*zoom);
var upper = Math.round((virtualHeigth+0.5)*zoom); 

//find indcies matching [lower, upper] in commonWidth
//do same for heigth
//find indicies in both widthIndicies and heigthIndicies, there will probably just be 1, otherwise use virtualScreenRatio to make an educated guess.

PS. i was wrong about the toDataURL again -.-

[jesantana]

I have been doing tests on this and I guess these are separated issues.

• On one side, the getDataUrl returns different values in firefox 45.0.1 almost everytime you generate a new fingerprint.
• On the other, when you zoom in or out in the same browser the available resolution changes as described by @RobertBorg

So maybe it is worth to address them separately, in my team, we think we have a solution for the first issue, so maybe we soon we will send a pull request.

[kevindice]

Would zoom variability not be a problem if the fingerprinting was done inside of a hidden iframe with

<meta name="viewport" content="initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,width=device-width,user-scalable=no" />

in its <head>?

[eisman]

@kevindice It does not work.

[sgarciafer]

I've noticed that when enabling the inspector on mobile mode the fingerprint is also different. This is probably related to the same zoom issue.

Somehow the script on this demo site (minified, cutted in pieces and loaded through ajax) has a very good behaviour: https://browserleaks.com/canvas

I would strongly encourage to beautify it and replace the one char variables and function names to make it readable and correct the behaviour based on what they do.

[sgarciafer]

Here you have it: https://github.com/sgarciafer/canvasfingerprint

[markogresak]

Question: Is this a duplicate of #98? Given that it's set for V3 milestone, where IE support is dropped.

[Valve]

Yes, it duplicates the same issue: zoom changes the resolution and by extension, the fingerprint.

[Finesse]

The canvas image difference is mitigated in d3e359c by extracting the text into a separate canvas image (the text changes with the zoom level while the geometry stays the same). The image with text is still used to calculate the hash, but it can be removed in a custom components hash function.

The image before:

The images after:

+