Canvas pixel hash differs between the main thread and a Worker OffscreenCanvas
br.canvas_worker_vs_main · convicts
What it catches
The canvas analog of webgl_worker_vs_main. A JS canvas-noise / farbling spoof (puppeteer-extra-stealth, fakebrowser, etc.) patches the main realm's 2D context (toDataURL/getImageData) but cannot reach Worker scope, so a Worker OffscreenCanvas renders the same draw ops cleanly while the main canvas is perturbed — identical pixels in two realms is impossible for one rasterizer. Catches a main-realm canvas spoof that forgets the Worker. Grounded headless: a real (SwiftShader) browser hashes identically in both realms (no fire); a main-only getImageData farble diverges. EXPERIMENTAL: grounded only on software rendering — a real-GPU browser whose Worker OffscreenCanvas takes a different render path could diverge legitimately, so it stays corroborating until validated against a Tier-3 real-GPU device. v0.74.26 PRIVACY-BROWSER N/A (GROUNDED on a real Mullvad Browser 15.0.16, corpus/calibration/privacy/mullvad.json): resistFingerprinting applies PER-CALL canvas randomization, so a real Tor/Mullvad's main canvas and its Worker OffscreenCanvas get DIFFERENT noise and legitimately diverge — a real Mullvad trips this (stock non-RFP Firefox does NOT). Same by-design farbling footprint as canvas_noise, so it joins detector.applicability._PRIVACY_FARBLING (dropped for is_brave / rfp_browser+gecko). A non-privacy main-only canvas spoof still diverges and convicts.
Signals it reads
browser.canvas_worker_divergence
How it fires
present
Evaders it caught 1
Bypassed by 10
Frontier evaders that reach the detector uncaught (scored only suspicious, defeating every convicting tell) — this check is not one that stops them. The red-team frontier this detection still has to convict.