Canvas fingerprints identical across different PCs running Whonix?

HulaHoop · 2016-12-19 01:47:23 UTC

I remember @Mirimir confirming that canvas fingerprints between host and guest differ. That makes sense because one can access the real hardware while the other cannot.

What I want to find out is whether all users of a given hypervisor have the same virtual GPU fingerprint. This is important for users who use VMs for regular clearnet browsing and also use Whonix. Its important to know if an adversary can compare data once a clearnet vm is fingerprinted, with what they collect inside a compromised Whonix workstation to confirm its the same person.

https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-2

See section:

OS Diversity is Crucial for Compartmentalization Safety

To test this you need:

To run plain Iceweasel in Whonix and visit https://browserleaks.com/canvas. Repeat the same with Iceweasel in Whonix on another physical machine and compare values.

A good result is if you see the same numbers for both machines. That means the virtual environment is uniform for all Whonix users.

mirimir · 2016-12-19 02:12:32 UTC

In my experience, VMs with the same or related OS have the same canvas fingerprint. So Firefox in all Debian, Ubuntu etc VMs have the same fingerprint. Tor browser blocks fingerprinting, but Iceweasel doesn’t. But if some bug allowed canvas fingerprinting in Whonix Tor browser, it would be the same as Firefox in another Debian-related VM.

Fedora, PCBSD, OSX and Windows VMs on the same host have different canvas fingerprints. Debian-related VMs on different hosts also have different canvas fingerprints.

I haven’t experimented with using different graphics drivers in Debian-related VMs. Or with host GPU pass-through

HulaHoop · 2016-12-19 03:41:50 UTC

Awesome. Thanks for sharing. Also if you ever get a chance please test if this holds under scenarios like VBox with 3D acceleration.