Besides Canvas, what other rendering and hardware APIs are abused for stateless fingerprinting?
WebGL/GPU rendering and the Web Audio (AudioContext) API — same trick as Canvas: make the device render something, then hash the tiny hardware-specific differences in the result.
Canvas fingerprinting is just one instance of a broader family. All of these exploit the fact that identical code produces subtly different output on different hardware/driver/OS combinations, and that difference is stable enough to identify a device — with no cookie or stored state:
- WebGL fingerprinting — asks the GPU to render a 3D scene; the exact pixels, plus reported GPU vendor/renderer strings, vary by graphics hardware and driver.
- AudioContext fingerprinting — generates an audio waveform through the Web Audio API and reads it back; tiny floating-point differences in the audio stack produce a device-specific value.
Because they're stateless, clearing cookies does nothing — the fingerprint is recomputed identically on the next visit. Combined (Canvas + WebGL + Audio + fonts + screen + user-agent), they yield an entropy-rich identifier that can re-link a "fresh" browser to its prior profile.
Tip: Cookies are something stored on you; fingerprints are something measured about you. Deleting state doesn't change your hardware.
Go deeper:
Device fingerprint (Wikipedia) — Canvas, WebGL, and audio fingerprinting as stateless tracking vectors.