Detecting Noise in Canvas Fingerprinting
18 comments
·February 25, 2025Etheryte
hugodellinger
To be honest, they are focusing here on detecting tweaks used by scrappers to bypass bot protection, not on building an unique and stable fingerprint of a browser.
batch12
The quote is throwaway nonsense. No argument is made.
I counter it with my own- Yes.
By what standard are bad companies or good people measured? Do you define that? Religion? The current popular opinion?
Etheryte
By your own moral compass of course. There is no such thing as objective good or objective bad, it's all in the eye of the beholder. Surely you would've covered this in literature class in your youth? Likewise, me thinking someone is a bad person doesn't mean it's some objective and universal truth. It's literally, like, my opinion, man.
jgalt212
Don't be so cynical. There are universal truths.
null
AndrewThrowaway
What is "a bad company"? Google? Amazon? Facebook? Tesla? Tinder? Boeing? Rheinmetall? Lockheed Martin? Pfizer?
a-french-anon
"Would the world be better without it (inb4 it'll be replaced in all but name)?"
Google? Amazon? Facebook? Tinder? Yes.
Boeing? Lockheed Martin? No.
Tesla? Pfizer? Unknown.
You're welcome.
internetter
Under what criterion were your answers decided?
To play the devil's advocate: Google has vastly improved access to information. Facebook has allowed hundreds of millions of people to remain in each other's lives even while separated by oceans. Amazon made it much easier to acquire very specific items. Tinder has helped people find love.
jgalt212
I've never heard of Castle before. Do any current Castle clients care to share opinions of their service as compared to Cloudflare Turnstile or Google ReCaptcha?
xnx
Fingerprinting is terrifying. That a device (and therefore a specific person) can be reliably identified across all sites and across time is a major failure of browser design.
Klaster_1
While I agree that browser vendors could potentially have handled this better, I am more incline to view this as a regulation failure - that fingerprinting is permitted in the first place. By acting in this manner, ad companies offload the cost of to browser vendors, general public and reduce overall societal trust. This is especially concerning when Google exploits its positions as an ad company and browser vendor, see the Menifest V3 situation for an example.
Tade0
> I am more incline to view this as a regulation failure - that fingerprinting is permitted in the first place.
In the EU it's not without explicit consent outside of a few, clearly defined cases.
Of course compliance is not 100%.
AndrewThrowaway
I feel conflicted about this. On one hand canvas being client side will always lead to cat and mouse game where fraudsters can always generate required "answer". On the other hand innocent users will always be fingerprinted by ad networks and similar.
jonatron
The purpose is important, if my fingerprint is used to detect fraud (eg my browser has just tried 100 other credit cards), I'm less bothered than if cloudflare are reading my fingerprint then blocking me viewing a web page for no good reason.
Ukv
Castle.io's customers seem to include marketing platforms, and their listed use-cases include preventing account sharing and alt accounts. Can understand why a company would want to be able to uniquely identify users, but also from a user/privacy perspective it's also something I'd very much like my browser/extensions to block.
hoseja
"fraudsters" and "bots"
Sure, Jan. Whatever lets you sleep at night.
nprateem
According to this post the only people who care about not being tracked are running bots and fraudsters.
While this field is always interesting to read about, I absolutely refuse to give any technical input on how to improve fingerprinting, even if it's to fight bots. If you work on tracking, my opinion of you as a person is well summarized by apenwarr [0]:
> Can I work for a bad company and still be a good person?
> No.
[0] https://apenwarr.ca/log/20201121