4.3 WebGL
When we first started this project, we predicted that we
would need to try quite a few underhanded tricks in order
to see differences between graphics cards. Surprisingly, this
is not the case. Our experiments show that graphics cards
leave a detectable fingerprint while rendering even the sim-
plest scenes.
As described in Section 3.1.4, our WebGL test creates a
single surface, comprised of 200 polygons. It applies a sin-
gle black and white texture to this surface, and uses simple
ambient and directional lights. We also enable antialiasing.
Of the 300 users who participated in our study, 30 sub-
mitted no data for this test. In our framework, this absence
indicates either that WebGL is disabled or that an error
occurred during the test.
Under visual inspection, the 270 remaining images appear
identical. When examined at the level of individual pixels,
however, we discovered 50 distinct renders of the scene.
This level of heterogeneity is, frankly, quite surprising.
Our scene is rendered with basic matrix operations, and
we expected far more consistency among graphics cards.
One possible explanation suggests that graphics cards, in
the name of efficiency, cut corners with respect to graph-
ics processing. Perhaps renders are nondeterministic, but in
such minor ways as to be undetectable for humans.
Looking at the subset of our data in Table 1, we see that
this is not the case: most graphics cards produce pixel-
perfect output as compared to others of their model. There
is also a resemblance among the members of the same line
(note groups 1, 5, and 24), suggesting that graphics card
manufacturers perhaps share hardware or driver implemen-
tations between coexisting and evolving product lines.
The graphics cards, browsers, and operating systems present
in all 51 groups can be found in Appendix A.
4.3.1 Classification
Of course, simply knowing that two implementations differ
is useful, but understanding how might give clues as to why.
In Figure 10, we see the original image for group 24, our
largest, as well as its difference maps against several other
renders.
Examining these in detail, there are several different ways
in which these groups differ. In the group 1 and group 36 dif-
ference maps, we see that most of the difference is located at
the edges of color regions and polygons. This suggests that
these graphics cards are performing antialiasing slightly dif-
ferently, or perhaps simply linearly interpolating textures in
almost imperceptably different ways. In contast, we see that
the renderers in Group 20 produced slightly different colors
when lighting the white portions of the texture, as compared
to group 24. However, group 23 differs at almost every single
non-background pixel. The two renders are visually indistin-
guishable, suggesting that the differences occur in the very
least significant bits of each color.
The most interesting difference, however, appears between
group 24 and group 25. These renders differ by only a
few pixels! Indeed, the hardware used to produce these
images is extremely similar: group 24 consists mainly of
Intel G41 (device ID 0x2e32), Intel HD Graphics (device
IDs 0x0042, 0x0046, 0x0df1), and Mobile Intel 4 Series (de-
vice ID 0x2a42), while group 25 consists solely of Intel HD
Graphics systems (device IDs 0x0102 and 0x0116). If we
assume that distinct device ID numbers indicate distinct
products, these few pixels strongly suggest that even ex-
tremely similar graphics systems can be differentiated sim-
ply through rendering the right images!
Also, it is worth noting that out of 50 total groups, 49 con-
tain samples from a single operating system family. Group
42 (in 1 is the only exception, containing both Linux and
OS X. However, given the relative lack of samples from
Linux and OS X, we cannot determine whether this delin-
eation is due to significant differences in each operating sys-
tem’s graphics handling, or whether we simply do not have
enough samples comparing identical graphics cards across
diverse software stacks.
4.3.2 Entropy
Due to the large number of unique graphics cards and
their consistent effects, webgl gives a distribution entropy of
4.30 bits, over 300 samples in 51 groups. Again, the actual
entropy revealed by this test depends upon the frequency of
each graphics card as deployed in the wild, which we can not
extrapolate from our data. Therefore, this entropy should
be considered a rough estimate, at best.
4.4 Comprehensive Fingerprinting
Given the relative success of each individual test, we shall
now examine their efficacy when combined. If their predic-
tive power lies solely in browser and operating system family,
we will expect a relatively similar number of distinct groups
once all fingerprints are combined. With this approach, each
group consists of samples for which all six tests are identical.
Among the 294 samples which successfully completed all
six tests, there are 116 distinct groups. The largest of these
contains 51 samples, and consists almost solely of Chrome
17.0.963.56 on Windows 7, with a single Windows Vista
mixed in. As for graphics cards, it contains Intel G41 Ex-
press Chipsets (DID 0x2e32), Intel Graphics Media Acceler-
ator HD 0x0046), Intel HD Graphics (DID 0x0042, 0x0046,
0x0df1), Intel 4 Series (DID 0x2a42), and Intel 45 Express
(DID 0x2a42). As mentioned in Section 4.3.1, further and
more sophisticated WebGL fingerprints may be able to dif-
ferentiate these graphics systems.
4.4.1 Entropy
Overall, our fingerprints do combine beneficially: among
the 116 groups, our five extremely simple tests show a dis-
tribution entropy of 5.73 bits. We believe that more spe-
cialized and targeted tests could reveal even more, perhaps
down to the exact installed graphics card, operating system,
and browser family.
5. DEFENSES
In this section, we propose several methods of preventing
<canvas>-based fingerprinting and consider their impact.
First, browser vendors could completely disable canvas
pixel extraction. While obviously preventing any poten-
tial <canvas>-based fingerprinting, this fix removes a use-
ful capability of the platform — imagine building a webapp
for photo editing or drawing. Therefore, let us only con-
sider defends that do not overly undermine the potential of
<canvas>.
One might imagine a defense whereby the browser adds
random pixel noise whenever pixels are extracted. Under
this regime, directly comparing image results becomes far
more difficult. However, slight noise can be easily circum-
8