What is the privacy/security concern with canvas in web browsers?

a new sad me@lemmy.world to Ask Lemmy@lemmy.world – 18 points –

I have installed librawolf and I see that canvas access is disabled by default in all webpages so I started activating them when they bother me (whatsapp, youtube, element.io etc.). But then I figure that it is disabled for a reason. What should I pay attention to?

4

According to wikipedia

Canvas fingerprinting is one of a number of browser fingerprinting techniques for tracking online users that allow websites to identify and track visitors using the HTML5 canvas element instead of browser cookies or other similar means. The technique received wide media coverage in 2014 after researchers from Princeton University and KU Leuven University described it in their paper The Web never forgets.

https://en.wikipedia.org/wiki/Canvas_fingerprinting

Also if you just google "librewolf canvas disabled", their FAQ shows up with the exact reason why https://librewolf.net/docs/faq/#should-i-allow-canvas-access-how-do-i-do-it

The FBI will literally storm ur house and kick your dog if you leave canvas enabled

Canvas rendering differs slightly depending on a lot of factors like operating system, browser, installed fonts, and many others. This information can be used to uniquely identify and track your machine across the web, even if you have stuff like cookies blocked and switch IPs. Just outright blocking canvas access attempts to prevent this. Keep in mind that while it can help prevent against canvas tracking, it can also be used as yet another variable to uniquely identify your browser, 'has canvas blocking enabled', just like blocking cookies, do not track requests, etc...

There are a number of websites that can tell you if your browser's fingerprint is unique and thus if you are trackable. Truth is, it always is because of the sheer number of variables involved, unless you're willing to disable a lot more than canvas, which breaks a lot more websites. Even Tor is more private despite having so many of their nodes ran by governments.