how to stop my site to "extract" html5 canvas image metadata?

this is not question about whonix but in any case, maybe you can find the right answer, I tried to google it and I could not find it: how to stop my site to fingerprint visitors. I use wordpress, I suppose javascript is responsible for this problem.

I used tor to visit my own site and I got the warning:
This website … attempted to extract HTML5 canvas image data, which may be used to uniquely identify your computer.
Should Tor browser allow this website to extract HTML5 canvas image data?

tor developers explain to block it, but I am the owner of website and I want to stop such fingerprinting of my visitors. I don’t have any idea how to stop it.

Good day,

first of all, moved this.

Second, so your question is actually how to remove canvas image based fingerprinting from your wordpress page, have I understood that right? In that case, this forum is the wrong place to ask, I’d recommend a wordpress focused forum for this, as I can only guess, if you haven’t placed this form of tracking consciously, that it simply is a part of the standard WP configuration…

Have a nice day,


You are basically asking for best privacy practices for website owners. Interesting question. Some stuff coming to mind first…

Some stuff is rather doable:

  • figure out how to stop IP logging at the webserver [or cache server] level
  • do not install intrusive tracking scripts (analytics)
  • provide https
  • provide .onion
  • minimal or no logging
  • do not use a CDN
  • use a privacy respecting host provider
  • use Tor (Browser) yourself and see if your website is still usable

Other stuff not so much as no off the shelf web software exists

  • having full accessibility without javascript
  • cookies only when absolutely necessary

Also not very practical:

  • self hosting

I’d ask on the tor-talk mailing list, liberation tech mailing list and perhaps a few other pages for further advice.

Hi, thank you for your answer, I am afraid anywhere I ask, people will say: I don’t know. I suppose also it is wordpress or installed theme. I don’t think author of this theme is at the level of taking care about privacy, he is still beginner in making theme for wordpress, but I like it, it is responsive, and clean minimalist design. I can’t edit theme, I think design will be ruined if I remove javascript. I will have to leave it to the visitors to block this canvas fingerprinting…

I have my own VPS with web & email server, but iRedMail installed by default making statistics/analytics, I will check how to remove any IP logging. I use already forced ssl/https. I don’t use CDN, I don’t trust to any big company, every bigger business is connected with the Gov, businessmen don’t want to conflict with the NSA. I checked now and there are no stored cookies when I visit my website. I will check if design will be damaged if I disable javascript. but tor mailing list already just answered to block this fingerpriting, they didn’t offer any solution how to stop website to do it. they just close topic and that’s all, they think it is not hacking and some big problem than people should just block it.

Good day,

just setup a small WP installation to test, without any kind of theme, this seems to be par for the course with WP by default. The only thing I can recommend in that case, is to look for an alternative, or even better, code the page yourself. However I can understand why both might not be an option.

Have a nice day,