alt Hacker NewsNote that the bot detection script uses WebGL to obtain GPU name. I assume this (fingerprinting) is the most popular use of WebGL. Sad that independent browsers like Firefox do not supply fake values.
Replies
grishka • yesterday at 10:38 PM
IMO the use of <canvas> needs to be behind a permission prompt, the same as e.g. geolocation or WebRTC. Few websites actually need canvas/WebGL for legitimate purposes.
➕ show 1 reply
Sadly, spoofing GPU vendor & renderer can be an even larger flag since they can hash the resulting image of the canvas to compare it with a database of collected fingerprints[0]
[0]: https://research.google/pubs/picasso-lightweight-device-clas...