Skip to content

Canvas Anti-Fingerprinting causes websites to break and can't be turned off #10000

New issue
New issue
Closed
Closed
Canvas Anti-Fingerprinting causes websites to break and can't be turned off#10000
Labels
QA Pass-LinuxQA Pass-Win64QA Pass-macOSQA/Yesfeature/shields/fingerprintThe fingerprinting (aka: "device recognition") protection provided in Shieldsrelease-notes/excludewebcompat/not-shields-relatedSites are breaking because of something other than Shields.
Milestone
1.11.x - Release #1
@rebane2001

Description

@rebane2001
rebane2001
opened on May 29, 2020

Description

Brave Canvas Anti-Fingerprinting causes websites to break if the website requires pixel-perfect color output, because Brave adds random noise to canvases when using the getImageData method. This CAN NOT be turned off even with shields down.

Steps to Reproduce

  1. Turn off shields
  2. (optional) Turn off all other tracking protection
  3. Press F12, open up the Console and run the following code:
// Create HTML5 canvas
let canvas = document.createElement('canvas');
canvas.width = 1024;
canvas.height = 1024;
let ctx = canvas.getContext('2d');
// Set the color to pure white and draw a rectangle filling the entire canvas
ctx.fillStyle = "rgba(255, 255, 255, 1)";
ctx.fillRect(0, 0, 1024, 1024);
// Get the image data from the canvas
let imageData = ctx.getImageData(0, 0, 1024, 1024);
// Go through every RGBA value of every pixel and log "oh no" if it is not pure white
imageData.data.forEach(e => {if(e != 255) console.log("oh no")});

Actual result:

The words "oh no" appear in the console, meaning that the pixel color is incorrect.

Expected result:

The words "oh no" DO NOT appear in the console.

Reproduces how often:

Easily reproduced

Brave version (brave://version info)

Brave 1.9.72 Chromium: 81.0.4044.138 (Official Build) (64-bit)
Revision 8c6c7ba89cc9453625af54f11fd83179e23450fa-refs/branch-heads/4044@{#999}
OS Windows 10 OS Version 1809 (Build 17763.1217)
JavaScript V8 8.1.307.32

Version/Channel Information:

  • Can you reproduce this issue with the current release?
    Yes
  • Can you reproduce this issue with the beta channel?
    Yes
  • Can you reproduce this issue with the dev channel?
    Yes
  • Can you reproduce this issue with the nightly channel?
    Yes

Other Additional Information:

  • Does the issue resolve itself when disabling Brave Shields?
    No
  • Does the issue resolve itself when disabling Brave Rewards?
    No
  • Is the issue reproducible on the latest version of Chrome?
    No

Miscellaneous Information:

In case you are wondering where this type of bug can break sites in practice, I run an open-source website called MapartCraft, which lets players convert images into art they can use in the game Minecraft. Since it chooses the blocks to place by comparing the colors on the canvas to the colors of the blocks in-game, having the canvas color values be off even by one causes the entire site to break.

Metadata

Metadata

Assignees

No one assigned

    Labels

    QA Pass-LinuxQA Pass-Win64QA Pass-macOSQA/Yesfeature/shields/fingerprintThe fingerprinting (aka: "device recognition") protection provided in Shieldsrelease-notes/excludewebcompat/not-shields-relatedSites are breaking because of something other than Shields.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions