Locked Modding Canvas Fingerprint or WebGL Hash of Windows 10

[Karthi18h]

Hello there,
I would like to know whether any of the Modders here can modify the Canvas Fingerprint or Hash of a system. From my previous post to other members of this forum , i think most of the poeple don't have much idea regarding this parameter of Users getting tracked by websites and ads even after we change our ip or use VPN. I am pasting the link of what it is to get a basic idea before going further.

[Link] Canvas Hash
[Link] Parameters which decide the Hash of Canvas
I thought of asking this question here since when i used some modified ISO from this forum i came to see that all have different hashes, but still users which uses that ISO will have same across their devices.
You can check the hashes from these websites - browserleaks(.)com/ip OR pixelscan(.net)

So my question is , Any of the modders here can make modified version of windows so that on each install the unique ID changes ?

 

[Karthi18h]

edit the link for checking hash is
browserleaks(.)com/canvas

 

[Light_Eater]

Canvas Fingerprinting asks your browser to draw a standard picture, and then takes a hash of the results. Different operating systems, browsers, hardware, etc... will result in slightly different images. As a result the hope is that one particular user will always have the same hash (even if, for instance, switching to an incognito window) while different users will have slightly different hashes, allowing the website to continue to track users even if they clear all their cookies.

The solution here would be a browser plugin that recognizes this attempts and returns random strings.
Here you have some solutions for FireFox

Spoiler: Picture

You must be registered for see links

You must be registered for see links

 

[Karthi18h]

Canvas Fingerprinting asks your browser to draw a standard picture, and then takes a hash of the results. Different operating systems, browsers, hardware, etc... will result in slightly different images. As a result the hope is that one particular user will always have the same hash (even if, for instance, switching to an incognito window) while different users will have slightly different hashes, allowing the website to continue to track users even if they clear all their cookies.

The solution here would be a browser plugin that recognizes this attempts and returns random strings.
Here you have some solutions for FireFox

Spoiler: Picture

You must be registered for see links

You must be registered for see links

But these extensions will make even messier , i mean we cant do transaction with this , all sites will mark them as fraud and cancel the orders , so thats why i was chkng whether it can be done in os level

 

[Light_Eater]

But these extensions will make even messier , i mean we cant do transaction with this , all sites will mark them as fraud and cancel the orders , so thats why i was chkng whether it can be done in os level

Modifying an operating system to deal with a piece of silly JS has as much sense as bringing an atomic warhead to fist fight of disabled infants, buried to their necks in mud. Especially that solutions exist and are at your finger tips.
You get that you can switch off any plugin/extention in your browser and later switch it back on, that's 3clicks operation + most
plugins that block some content have exclude lists/ pause buttons.

 

[Karthi18h]

Modifying an operating system to deal with a piece of silly JS has as much sense as bringing an atomic warhead to fist fight of disabled infants, buried to their necks in mud. Especially that solutions exist and are at your finger tips.
You get that you can switch off any plugin/extention in your browser and later switch it back on, that's 3clicks operation + most
plugins that block some content have exclude lists/ pause buttons.

But as i told those extension , change hashes temporarily. If we disable it it will revert back to original. And those are identified as bad by websites.
Do you think someone from the modders here can help me with this custom version if i Pay or become VIP ?

 

[Cyler]

To be honest, I wanted to have a nice chat about the difference between using fancy words and actually understanding the underlying issues when it comes to security and such because I will be honest, with the way you are using words like hash, fingerprint, user tracking, and try to connect them to the OS it shows that you have a superficial knowledge, tho I may be wrong.

So.. instead, I will focus on your main question.

So my question is , Any of the modders here can make modified version of windows so that on each install the unique ID changes ?

To my knowledge, there is no browser API or even extension that can expose either the windows UUID or Windows Product ID, or Autopilot hash which by the way is the only hash windows uses. The others are not called hashes, they are called unique IDs. (I bet a few of you will already start looking about the windows 4k hash and Autopilot ). Even if you could, those are semi or fully hardware IDs which means they are generated from polling motherboard and other hardware serial numbers, and not windows directly. The product ID of course can be the same for the simple reasons that a lot of modders, use volume licenses to activate windows and so, same license, same product ID. Since the browser can't directly get those IDs, and those IDs are generated from your own hardware and not from windows directly, I hope you can see why the OS itself has little or nothing to do with canvas fingerprinting and a modder can't really do anything about it. I do welcome tho any specific suggestions (and proofs if possible) from your side as to what can a modder change to the OS to alter and affect the behavior you described above.


However, I can provide you with a quick solution that I advise my clients when they are in need of the highest anonymity. It's called Virtual Machines. I won't go into details but I'm sure since you seem like a computer knowledgeable person you can fill the gaps.

Step 1 make a Virtual machine and install windows, browsers, VPN as well as add-ons that can switch user agents.
Step 2 save the windows as a VHD
Step 3 Every so often (you decide) change the number of cores, resolution, ram size, fonts, disk, etc ( and reload content from VHD).
Step 4 Enjoy. Every time you switch and/or spawn a new VM, you will be a new person as far as the internet goes and generate a different fingerprint hash

I understand that doing the above manually, will cause a bit of delay... but you need to remember, no pain, no gain. Few clicks and anonymity is yours. Of course, you can automate those tasks above, so with one click, you can spawn, even concurrently, dissimilar virtual PCs which will render fingerprinting close to useless if you choose so. I made such a solution and it does wonders.

If there isn't anything else to add, I think it's good to close this thread.

 

[Light_Eater]

@Karthis18h, I have assumed that you will be able to depend on you original hash value whenever you would need consistency. There is quite a few of this browser extensions to deal with canvas and WevGL fingerprinting, I would go through all of them to check whether one of devs hasn't predicted and implemented a feature, where a hash is generated for a website and feed whenever it ask to repeat test.
If not, you could suggest it to a dev or check is one of this projects open source and add this feature if you can code.

What @Cyler has suggested could also be a valid option, you could make a few VMs with different systems (plenty of those) and check whether they will generate different hashes on the test websites you mentioned. You could have your fake but consistent prints you are after, if you don't need more then few of them, maybe it would work for you.

Another funny thing is that browser also affects how images are rendered in them, here you have firefox on left and opera on right running in the same system

You must be registered for see links

as you can see the they generated different hashes, a wee selection of browsers could also provide a solution, if just depends from your needs. You could also noticed 'Uniqueness' value in this screenshot, hashes generated based on this values are not that unique, the test based on WebGL could be harder to trick, but support for it can be disabled in your browser, you would need to check yourself as the sites will behave then.

If you will find solution that will work for you please let us know.

 

[Gorstak]

to my knowledge there are several chrome extensions that offer fingerprint protection, but I think they just use random user agent. I find "justblock security" to be a decent extension for chrome, with some additional goodies for free, but there are others, that do fingerprint protection only. Spybot Search and destroy can detect and delete existing user agents on your Wnidows.

 

[Karthi18h]

To be honest, I wanted to have a nice chat about the difference between using fancy words and actually understanding the underlying issues when it comes to security and such because I will be honest, with the way you are using words like hash, fingerprint, user tracking, and try to connect them to the OS it shows that you have a superficial knowledge, tho I may be wrong.

So.. instead, I will focus on your main question.



To my knowledge, there is no browser API or even extension that can expose either the windows UUID or Windows Product ID, or Autopilot hash which by the way is the only hash windows uses. The others are not called hashes, they are called unique IDs. (I bet a few of you will already start looking about the windows 4k hash and Autopilot ). Even if you could, those are semi or fully hardware IDs which means they are generated from polling motherboard and other hardware serial numbers, and not windows directly. The product ID of course can be the same for the simple reasons that a lot of modders, use volume licenses to activate windows and so, same license, same product ID. Since the browser can't directly get those IDs, and those IDs are generated from your own hardware and not from windows directly, I hope you can see why the OS itself has little or nothing to do with canvas fingerprinting and a modder can't really do anything about it. I do welcome tho any specific suggestions (and proofs if possible) from your side as to what can a modder change to the OS to alter and affect the behavior you described above.


However, I can provide you with a quick solution that I advise my clients when they are in need of the highest anonymity. It's called Virtual Machines. I won't go into details but I'm sure since you seem like a computer knowledgeable person you can fill the gaps.

Step 1 make a Virtual machine and install windows, browsers, VPN as well as add-ons that can switch user agents.
Step 2 save the windows as a VHD
Step 3 Every so often (you decide) change the number of cores, resolution, ram size, fonts, disk, etc ( and reload content from VHD).
Step 4 Enjoy. Every time you switch and/or spawn a new VM, you will be a new person as far as the internet goes and generate a different fingerprint hash

I understand that doing the above manually, will cause a bit of delay... but you need to remember, no pain, no gain. Few clicks and anonymity is yours. Of course, you can automate those tasks above, so with one click, you can spawn, even concurrently, dissimilar virtual PCs which will render fingerprinting close to useless if you choose so. I made such a solution and it does wonders.

If there isn't anything else to add, I think it's good to close this thread.

I was asking about the automation since i was working with many profile inside the VMs, anyways yeah i will try your tip.
and yeah its correct browser can't take out the hwids and uids.
Thanks for your time
and is there any chatroom btw here to discuss among rather than post ?

 

[Karthi18h]

@Karthis18h, I have assumed that you will be able to depend on you original hash value whenever you would need consistency. There is quite a few of this browser extensions to deal with canvas and WevGL fingerprinting, I would go through all of them to check whether one of devs hasn't predicted and implemented a feature, where a hash is generated for a website and feed whenever it ask to repeat test.
If not, you could suggest it to a dev or check is one of this projects open source and add this feature if you can code.

What @Cyler has suggested could also be a valid option, you could make a few VMs with different systems (plenty of those) and check whether they will generate different hashes on the test websites you mentioned. You could have your fake but consistent prints you are after, if you don't need more then few of them, maybe it would work for you.

Another funny thing is that browser also affects how images are rendered in them, here you have firefox on left and opera on right running in the same system

You must be registered for see links

as you can see the they generated different hashes, a wee selection of browsers could also provide a solution, if just depends from your needs. You could also noticed 'Uniqueness' value in this screenshot, hashes generated based on this values are not that unique, the test based on WebGL could be harder to trick, but support for it can be disabled in your browser, you would need to check yourself as the sites will behave then.

If you will find solution that will work for you please let us know.

The funny thing you noticed is coz of they take the browser detail also to generate the hash, and about the WebGL hash its tricky and its not necessary to be changed coz for example every Nvidia RTX 3070 users will have same hash , so it wont matter much.

About different VMs, every VM has same hash i tried

 

[Light_Eater]

@Karthi18h, this technique is funny because it doesn't really collect any information about you system to identify you.
No details of browser, system, drivers etc aren't collected to generate the hash.
It simply ask your browser to render a picture (apparently more things then I though adds to how this picture ends up to look like) then a hash of the picture is generated, that is all. Really funny technique. Apparently more then just color space affects how the picture will look at the end.

As to VM, it is great that you check this, I am honestly surprised by your results, there needs to be something that I don't understand about this technique if different VMs, with different operating systems generate the same hash.
Any way thanks for the talk, it was really interesting to read about it.