That’s why I am thinking that custom fonts in a browser game are nothing more than just pixels to draw for the browser.
I’m doing pretty much anything with Flutter now, even trying to build 2D games with it and unless I’m mistaken: it all renders on a canvas, which has its pros and cons, but in your case it would’ve been a non-issue, or did I misunderstand?
If the device has been powered on for a certain period of time (usually a few minutes), the voltage normalizes and you get a unique clock skew signature based on the defects of the silicon, for each enumerable device that may be available from various JS API calls, or potential zero days, adds another data point for uniqueness.
Passive listenings of local network traffic headers will provide a local network topology of metadata of local proximity devices that can often be cross referenced (since cable modems often collect this info as well as other embedded devices).
Its a strategy called building a bridge. You start from the device which has an associated profile, that profile only need to be unique and may only start off as an identifier (nothing else) and the endpoint and you meet somewhere in the middle, backfilling information as you go. No personal info needed upfront.
CSS previous visited link decorators is another avenue for fingerprinting. It violates same-domain policy, but there was a PoF back in 2021 where you could generate picture squares identical to a captcha asking for specific picture or puzzle that was generated to be tied to the CSS decorator (thus submitting your browser history beacons to that site in its entirety). Think it was varun.ch?
You can already ask the browser what OS, CPU, device and browser it is without fingerprinting the canvas. You can get the version of the browser, and OS as well.
I use the popular US-Parser-JS library, works like a charm: https://www.npmjs.com/package/ua-parser-js. (I use it for https://web3dsurvey.com.)
(Also the WebGL and WebGPU APIs will also tell you the GPU hardware you have.)
> You can already ask the browser what OS, CPU, device and browser it is without fingerprinting the canvas. You can get the version of the browser, and OS as well.
Fingerprinting is not about detecting your user agent, it is about detecting YOU in a sea of otherwise identical user agent strings.
And to my knowledge you can't ask the browser about the cpu, only the number of cores. The regular fingerprinting you described would be just an user agent string that can be trivially spoofed
I think it overlaps mostly with OS, CPU, Browser, GPU Type, GPU driver version. These can already be queried by UA string and WebGL/WebGPU. It is easier to query them explicitly for most users but I guess canvas fingerprinting is a fallback for when these APIs do not return some of the data.
> And to my knowledge you can't ask the browser about the cpu, only the number of cores.
Generally you can. Not all browsers give up all info, but most browsers give up most of the info. Here is a demo of what you get from ua parsing: https://uaparser.dev/#demo
The jitter had very little intended effect since accurate system timing can be derived from the instruction processing time of arbitrary javascript code in a mostly browser agnostic way, specifically iteration (i=i+1). It applied broadly to a large number of different types of instructions
Those certain math functions happen to be floating point operations that are ordered in a way to maximize the inaccuracy property off floating point types.
These inaccuracies are very correlatable.
It’s not. Do I win?
80% of my projects use canvas
Android guess is correct. But the browser is Edge, not Chrome.