canvas fingerprint — invisible layer

experiment 27 · canvas 2d · no permissions

your GPU just
signed its name.

When a browser draws text, gradients, and shapes onto a canvas, tiny rendering differences emerge from your GPU driver, font rasterizer, and antialiasing engine. The result is a pixel-level signature — invisible to the eye, but mathematically unique.

This fingerprint does not change when you clear cookies, switch VPNs, or use private browsing. It is your GPU's rendering signature — permanent until you change hardware. Browser vendors have tried to add noise to defeat it; tracking companies have adapted.

—canvas pixels

—hash

—uniqueness

live render

canvas fingerprint

rendering...

▶ why does canvas rendering differ between devices?

The HTML Canvas 2D API calls your operating system's graphics stack: font rendering (FreeType, CoreText, DirectWrite), GPU compositing, and antialiasing algorithms. Each combination of OS, GPU, driver version, and installed fonts produces slightly different pixel values for the same drawing instructions.

The test scene above is deliberately rich: a gradient (GPU blend), text in multiple fonts (font rasterizer), curved arcs (path approximation), bezier curves (sub-pixel rendering), and emoji (color font rendering). Each element stresses a different part of the pipeline.

The resulting fingerprint has been measured at ~90% uniqueness on desktop browsers. In practice, tracking systems combine canvas with WebGL, audio, and navigator data to achieve near-perfect identification.

Some browsers (Brave, Firefox with resistFingerprinting) add random noise to canvas output. You can check if yours does — reload this page and see if the hash changes.