Canvas fingerprinting

As described by Acar et al. in:[6] When a user visits a page, the fingerprinting script first draws text with the font and size of its choice and adds background colors (1).

[4] A software developer writing in Forbes stated that device fingerprinting has been utilized for the purpose of preventing unauthorized access to systems long before it was used for tracking users without their consent.

[8] Tor Project reference documentation states, "After plugins and plugin-provided information, we believe that the HTML5 Canvas is the single largest fingerprinting threat browsers face today.

"[12] Tor Browser notifies the user of canvas read attempts and provides the option to return blank image data to prevent fingerprinting.

[6] However, Tor Browser is currently unable to distinguish between legitimate uses of the canvas element and fingerprinting efforts, so its warning cannot be taken as proof of a website's intent to identify and track its visitors.

[15] The LibreWolf browser project includes technology to block access to the HTML5 canvas by default, only allowing it in specific instances green-lit by the user.

Typical Tor Browser notification of a website attempting a canvas read.