Choose: Simple Style

Canvas Font Fingerprinting



  • $ fingerprint@info:~ echo $CANVAS-FONT
  • Name:

    Canvas Font Fingerprinting

    Original feature purpose:

    The Canvas API provides a means for drawing graphics via JavaScript and the HTML <canvas> element. Among other things, it can be used for animation, game graphics, data visualization, photo manipulation, and real-time video processing. For more details see e.g. MDN web docs


    Many different fonts exists to enrich the web typography. Web browsers only support a portion of the available fonts - but each browser, version or system supports a different portion. A font support test with an extensive font collection is known as "Font Detection" and can be made with JavaScript, CSS or Flash.
    But Font Detection can also be made with Canvas:
    The TextMetrics interface can be used to evaluate if a specified font is available on the client's browser, because this object contains the width of a measured text.
    First, the Canvas API method measureText is called on an oversized (80px) fake font (a font that does not exist for sure) with the full ASCII-Set, which is the string of which the Canvas element will measure the width, to trigger the default fallback-font on error (font not available).
    The width is calculated with an accuracy of 12 decimal places (but with font size 80px only 1 decimal place would still be fine). This width of the oversized fake font is saved and utilized as baseline for later comparisons. Now TextMetrics of more than 1400 distinct fonts are calculated and each compared with the baseline. If the baseline width (fake font) and the test font width are equal, then the font is not supported. Otherwise the client supports this font. The Canvas font fingerprint is a hash of all detected fonts supported by the client's browser, which varies across browser, browser versions and systems.

    The Canvas font fingerprint resembles the Canvas fingerprint, but is more stealthy: It does not actually extract canvas generated data (no use of the methods toDataURL, toBlob or getImageData). This means, Canvas blockers, which block or spoof these methods, will fail to block Canvas font fingerprinting. Canvas font fingerprinting can only be stopped, if the Canvas API is blocked completely or the measureText method is altered.

    As a side-effect, installed software on the target system can be detected: This is done by checking fonts, which are only installed by specific software. For example, OpenOffice installs the font OpenSymbol.
    Depending on the software, it is even possible to differentiate the version. For instance, TeamViewer releases a new font with each major update.
    (... TeamViewer11, TeamViewer12, TeamViewer13, ... )




    js, html5, hardware-dependent, software-dependent, unchanged-consistent


    Canvas elements can only be blocked on browser-level - either by an browser-specific Canvas-Blocker Addon or by browser vendor features.

    • From Firefox 58: Canvas data extraction needs user permission or is automatically spoofed
      Explanation: A website cannot use Canvas elements for fingerprinting any more
      Explanation: (blocked or spoofed Canvas API)
      Info: Only if the setting 'privacy.resitFingerprinting' is set to 'true'
      Problem: The latest Anti-Canvas-Fingerprinting (FF Version 64) does NOT stop Canvas Font Fingerprinting

    • Installing/Uninstalling software/fonts
      Explanation: This will lead to a different set of detected fonts, hence another fingerprint
      Info: There are multiple consistent tracking techniques
      Problem: Consistent tracking techniques can sync and update/restore each other


  • $ fingerprint@info:~ run canvas-font-demo
  • Demo:

    >> Jump to Canvas Font Fingerprinting Demo <<

Copied link!

Copy the link above, close the browser and visit this site again to check your Canvas Font Fingerprint.
Click on the trash icon in the info box to clear your tracking stats for this demonstration.

If this is your first visit, but the info box says you already visited this website x times,
then someone else has generated the same Canvas Font fingerprint which your browser did.

Canvas Font Fingerprinting: Results

Website visits: Test is running...
Your last visit: Test is running...
Fonts detected: Test is running...
Total fonts tested: Test is running...
Your canvas font fingerprint: Test is running...

Clear stats Refresh page.

Canvas Font Fingerprinting Test:

Rerun test with only 500 fonts
Rerun test with 3 times as many fonts (1500)
Rerun test with more fonts (4800+)
(depending on your browser the visual output may become buggy)

Example software detected on your system:

  • Microsoft Office is not installed or suppressed by browser
  • Open Office is not installed or suppressed by browser
  • TeamViewer is not installed or suppressed by browser
  • Adobe Creative Studio (Pro) is not installed or suppressed by browser
  • Adobe Creative Suite (CS6) is not installed or suppressed by browser
  • Adobe InDesign (CS6) is not installed or suppressed by browser
  • Adobe Illustrator (CS5) is not installed or suppressed by browser
  • Ubuntu Fonts are not installed or suppressed by browser
  • Droid Fonts are not installed or suppressed by browser
  • Android Fonts are not installed or suppressed by browser
  • Apple Fonts are not installed or suppressed by browser

Your Canvas Font Fingerprint () was derived from canvas data generated by your browser.
Detected fonts with canvas: 0/713