Single-signal test
Canvas fingerprint test
Below is the exact scene SysLeak just asked your browser to draw — visible here, invisible on tracking sites — and the hash your hardware produced.
The scene your browser just rendered
Its fingerprint hash
Hashing…
Why a drawing identifies your machine
Ask a thousand computers to draw the same picture and you will get a thousand subtly different results. The text above is rasterized by your OS font engine using your installed fonts; the curves are antialiased by your GPU through your driver version; the color blending runs through your graphics stack's floating-point quirks. None of these differences are visible to your eye — but they are perfectly visible to code that reads the pixel values back, and hashing the pixels collapses all of them into one short, stable identifier.
That is what makes canvas fingerprinting attractive to trackers: it is fast (a few milliseconds), silent (the canvas is never attached to the page), permissionless, and the resulting hash survives cookie clearing, private browsing and VPNs. The hash only changes when something deep in your system changes — a driver update, an OS upgrade, new fonts. SysLeak renders the scene visibly because transparency is the point: you should get to see exactly what a tracker would draw on your machine.
What your hash means
The hash alone says little; its power is in combination. Trackers join it with your user agent, screen, fonts and timezone to build a fingerprint that is usually unique — the full fingerprint test shows that combination with an entropy estimate, and the dashboard folds it into your overall Exposure Score. If two devices you own show the same canvas hash, they are likely the same hardware generation with the same driver — and if your hash changes after an update, you have just watched your fingerprint shift in real time.
Frequently asked questions
- How does canvas fingerprinting work?
- A script draws text and shapes into an invisible canvas element and reads the pixels back. Hardware acceleration, GPU drivers, font rendering and antialiasing all leave subtle device-specific differences in those pixels, so hashing them produces a stable identifier for your machine.
- Why is the canvas hash so identifying?
- Because it reflects a deep stack of your machine: GPU model, driver version, operating system, font library, even browser rendering choices. Research (AmIUnique, 2016) measured canvas at roughly 8.5 bits of entropy — among the strongest single signals a tracker can read.
- Do trackers really use this?
- Yes — large-scale crawls have repeatedly found canvas fingerprinting scripts on thousands of popular sites, usually inside third-party tracking libraries. It runs silently; there is no permission prompt and nothing visible on the page.
- Can I block canvas fingerprinting?
- Firefox (with privacy.resistFingerprinting) and Tor Browser prompt or return blank data when scripts read canvas pixels. Safari restricts the API. Some extensions add per-session noise to the output — note that noise makes your hash unstable rather than common, which defeats tracking differently.
This is one signal of many. The SysLeak exposure dashboard combines your IP, fingerprint and WebRTC results into a single Exposure Score.