It’s likely that everyone is already familiar with browser fingerprint, but man people are is still confused about “what it is” and “why websites use them as “fingerprints.” In this series, Genlogin will try my best to explain the browser fingerprinting that we have learned about in the process of developing GenBrowser to TitanBrowser in the easiest way.
WebGL (Web Graphics Library) is a web graphics library used in browsers. It is used to render 2D and 3D graphics. Browsers use the WebGL API to send processing information to the GPU, which then returns the display data to the browser. Today, WebGL is also a library used to render the graphics of web games, replacing Flash Player.
WebGL Fingerprint is the result of a hash function (an image is hashed into a string similar to calculating the MD5 of a file) when drawing a given pattern (an image) (this pattern has a large difference, meaning that the output image is very different between different GPUs). At this point, we can ask why the output image of the same pattern is very different when running on different GPUs? I will take the example of drawing a gradient-colored triangle using WebGL (This is also a pattern with a large difference that fingerprint systems often use).
To draw the image above using the WebGL API, in short, the browser only needs to send information to the GPU of 3 x, y, z vertices and the color at 3 vertices, after which the GPU will process to interpolate the color of the inside of the triangle. This interpolation process on different GPUs can result in different colors at the same coordinate (pixel) within the triangle, so when calculating the hash of the triangle image, it will result in a different hash.
Antidetect browsers will change the color of this triangle to create a hash that is different from the default browser. The following image is an example of the WebGL image of TitanBrowser and another antidetect browser.
WebGL Image Hash:
It can be seen that the Titan Browser of Genlogin has a color range that is visually similar to the normal browser, but the WebGL Hash is still different. The other antidetect can be seen that the color is very different from the normal browser in some parts of the image, so the hash is also different.
In addition, WebGL Fingeprint also uses some information about the graphics card such as “Unmasked Renderer” and “Unmasked Vendor”, “Max Vertex Attributes”, etc. However, not many systems use all of this information to calculate WebGL Hash.
WebGL fingerprinting is a powerful tool that can be used to identify users across different browsers and devices. However, it is important to note that WebGL fingerprinting is not perfect and can be circumvented by using antidetect browsers.