Canvas fingerprinting
A fingerprinting technique that draws hidden graphics with the HTML5 canvas API and hashes the pixel output, which varies subtly between devices.
Canvas fingerprinting uses the HTML5 canvas element to identify devices. A script draws text and shapes to an invisible canvas, reads the pixels back, and hashes the result. The output differs slightly between machines because rendering depends on the GPU, graphics drivers, operating system, installed fonts, and anti-aliasing settings. Those differences are invisible to the eye but consistent on a given device, which makes the hash a useful identifying signal that survives cookie clearing.
Canvas hashes are a staple of commercial fingerprinting because they are cheap to compute and carry meaningful entropy. For privacy-minded users, the technique is hard to defeat: blocking canvas reads entirely is itself a distinctive signal, and naive randomization produces a different hash on every page load, which is also unusual. The credible middle ground is output that is stable for one identity but different between identities, the way two genuinely different machines would differ.
Oculr takes that approach: the engine applies seeded, deterministic per-profile noise to canvas output. The noise derives from the profile's fingerprint seed, so the same profile produces the same canvas hash across launches and reloads, while different profiles produce different hashes. The modification happens at the engine level rather than through injected JavaScript, keeping it consistent with the rest of the profile's identity.
