WebGL renderer string is an anti-detect spoofing placeholder, not a real driver
br.webgl_renderer_artifact · convicts
What it catches
Kitsune: headful Camoufox reports 'Intel(R) HD Graphics 400, or similar'. v0.74.10: the ', or similar' suffix is NOT a fake-driver placeholder — it is Firefox's WebGL UNMASKED_RENDERER GENERALISATION, a fingerprinting-resistance feature ON BY DEFAULT in every Gecko browser (Firefox, Tor, Mullvad, Camoufox). GROUNDED on a live headful Firefox 137 (corpus/calibration/headful/firefox.json), which reports 'llvmpipe, or similar' and was the ONLY corpus session — evader or real — that tripped this rule (a pure-FP profile identical to the retired webgl_not_angle: zero evader catches, FPs a real browser). Since this is a convicting artifact rule, it convicted every real Firefox. Fix: detector.applicability drops it when ua_engine==firefox (the Gecko engine that legitimately produces the generalisation); the rule stays convicting for Chromium, which never emits that format, so naive placeholder/'generic renderer' spoofs on Blink are still caught. Camoufox detection is unaffected (caught by net.tcp_os_vs_ua / tls_grease / pointer_touch, not this rule). Mirrored in the live page's predict.notApplicable for the gecko engine.
Signals it reads
browser.webgl_renderer_artifact
How it fires
present
Evaders it caught 1
Bypassed by 10
Frontier evaders that reach the detector uncaught (scored only suspicious, defeating every convicting tell) — this check is not one that stops them. The red-team frontier this detection still has to convict.