Privacy Tools
Canvas Fingerprint Test
See the exact image your browser draws behind the scenes — and the hash that makes you trackable without cookies. Every GPU renders it slightly differently.
Click Run Test to draw
What your browser actually draws (320×120 px)
SHA-256 canvas hash
Click Run Test to generate…
This signal's entropy value is documented in our open-source methodology. View methodology
Nothing leaves your browser
Why the same site sees the same you — every time
Your browser, same device
Identical hash
Canvas render A
7f4a2c9e1b8d3f60a5e2…
Reload the page, clear cookies, go incognito — the hash never changes. Your GPU renders the same pixels every time.
Same browser, different device
Different hash
Canvas render B
3b8e1f4a7c9d2e605f1b…
Chrome on a MacBook vs Chrome on a Windows PC produce different hashes — the GPU and driver combination is what changes.
Brave browser (protected)
Randomised
Noise-injected render
a9c2f7e3d1b8049e6c3d… (changes each load)
Brave adds invisible pixel noise before hashing — making your hash useless for cross-site tracking.
How a canvas fingerprint is built in 5 steps
JS draws on canvas
The site's script calls the HTML5 Canvas API — drawing text, shapes, and gradients off-screen without any visible output.
GPU renders pixels
Your GPU processes anti-aliasing and sub-pixel rendering, producing slightly unique output per device and driver version.
PNG data extracted
toDataURL() converts the canvas to a base64 PNG string, capturing every pixel value exactly as your GPU produced it.
Hash is computed
SHA-256 is applied to the PNG string, producing a short, stable fingerprint of your GPU's exact render output.
Hash sent to tracker
The hash is matched against a database, linking you to your previous visits, browsing profile, and inferred identity.
Invisible to you
No popup, no permission request. The canvas is drawn off-screen — you never see it happen and no browser warning is triggered.
Survives everything
Clear cookies, use private browsing, switch VPN, change browser profiles — none of it changes your GPU hash. It is stable for months.
Cross-site tracking
The same hash works on every website that runs the script, allowing your journey across unrelated sites to be stitched together.
Canvas fingerprinting — browser protection status
| Browser | Canvas FP works? | Default protection | Opt-in protection | Verdict |
|---|---|---|---|---|
| Brave | Randomised | On by default | — | Best |
| Firefox | Works | Strict mode only | RFP mode | Good |
| Chrome | Works | None | Extension needed | Exposed |
| Safari | Partial | ITP blocks some | — | Partial |
| Edge | Works | None | Extension needed | Exposed |
How to block canvas fingerprinting
Switch to Brave browser
Brave injects random noise into every canvas render, breaking the hash without visually changing anything you see. No setup required — it is on by default.
Best — zero effort
Enable Firefox RFP mode
Set privacy.resistFingerprinting = true in about:config. This makes all Firefox users share the same canvas output — your hash becomes identical to millions of others.
Strong — manual setup
CanvasBlocker extension
Available for Firefox and Chrome. Intercepts toDataURL() calls and returns randomised pixel data before the script can hash it, breaking the fingerprint silently.
Good — adds an extension
Use Tor browser
All Tor users share an identical canvas output by design — making individual identification impossible. The trade-off is noticeably slower browsing speed.
Maximum anonymity