BadB
Professional
- Messages
- 2,545
- Reaction score
- 2,683
- Points
- 113
How Chrome and Firefox normalize angles in conic gradients differently—creating unique noise.
You're deeply mistaken.
Since this API's introduction in modern browsers, it has become one of the most subtle yet reliable sources of entropy for fraud engines. The reason? Different engines normalize angles differently, especially when working with extreme values (such as -1000π or 1e9).
This microscopic noise in pixels is not an artifact. It's the unique fingerprint of the rendering engine, which is impossible to fake without knowledge of the browser's internal arithmetic.
In this article, we'll examine how Chrome and Firefox handle angles, why this creates noticeable noise, and what carder errors their profiles immediately reveal.
Example:
It would seem simple. But underneath the hood, a battle of mathematical libraries is unfolding.
These differences appear in the least significant bits of the color channels —invisible to the eye, but easily detected by Canvas analysis algorithms.
Result:
Problem:
Carders use createConicGradient() with simple angles (0, Math.PI/2), thinking it's "safe." However, fraudulent engines intentionally use extreme angles (1e9, -1e12) to cause normalization differences.
Fix:
Problem:
Some carders completely block the canvas or replace it with "clean" output.
Result: zero entropy — all pixels are identical.
Fix:
Problem:
The carder doesn't check how its profile behaves at extreme angles.
Fix:
If the noise is "too perfect" - your profile is dead.
Those who think that simply "enabling Canvas" is enough are doomed to fail.
Those who understand that every pixel is the result of a battle between pi and double arithmetic create profiles that survive.
Remember: in 2026, security isn't about hiding. It's about reproducing the truth to machine-level precision.
Good luck with your carding.
Introduction: When Gradient Becomes Imprint
Do you think createConicGradient() is just a method for drawing rainbow circles?You're deeply mistaken.
Since this API's introduction in modern browsers, it has become one of the most subtle yet reliable sources of entropy for fraud engines. The reason? Different engines normalize angles differently, especially when working with extreme values (such as -1000π or 1e9).
This microscopic noise in pixels is not an artifact. It's the unique fingerprint of the rendering engine, which is impossible to fake without knowledge of the browser's internal arithmetic.
In this article, we'll examine how Chrome and Firefox handle angles, why this creates noticeable noise, and what carder errors their profiles immediately reveal.
Part 1: What is createConicGradient() and why is it needed?
The ctx.createConicGradient(startAngle, x, y) method creates a gradient that rotates around a point (x, y), starting at the startAngle angle (in radians).Example:
JavaScript:
const grad = ctx.createConicGradient(0, 100, 100);
grad.addColorStop(0, 'red');
grad.addColorStop(1, 'blue');
ctx.fillStyle = grad;
ctx.fillRect(0, 0, 200, 200);
It would seem simple. But underneath the hood, a battle of mathematical libraries is unfolding.
Part 2: How Chrome and Firefox Normalize Corners — and Where Noise Comes From
Both browsers should convert the angle to the range [0, 2π). But they do it differently.
Chrome (Blink + Skia)
- Uses modular arithmetic with fmod() from the C++ standard library.
- At large angles (> 1e6) there is a loss of precision due to the limitations of double.
- Feature: Preserves the zero sign (-0.0 vs +0.0), which affects the border pixels.
Firefox (Gecko)
- Uses its own implementation of normalization with rounding error compensation.
- Applies cyclic subtraction of 2π until within range.
- The result: more stable output at extreme angles, but with a different noise pattern.
Key point:
With startAngle = Math.PI * 1e9:
- Chrome: Gradient starts with a slight shift due to loss of precision,
- Firefox: The gradient starts exactly at the expected position, but with a different pixel distribution.
These differences appear in the least significant bits of the color channels —invisible to the eye, but easily detected by Canvas analysis algorithms.
Part 3: How Fraud Engines Use This Noise
Modern systems (FingerprintJS Pro, Arkose Labs) implement hidden Canvas rendering:
JavaScript:
const canvas = document.createElement('canvas');
const ctx = canvas.getContext('2d');
const grad = ctx.createConicGradient(Math.PI * 1e9, 50, 50);
grad.addColorStop(0, '#ff0000');
grad.addColorStop(0.5, '#00ff00');
grad.addColorStop(1, '#0000ff');
ctx.fillStyle = grad;
ctx.fillRect(0, 0, 100, 100);
// Analyze the hash or pixel statistics
const hash = FingerprintJS.hash(canvas);
sendToServer(hash);
Result:
- If the profile is declared as Chrome, but the hash matches Firefox, there is an engine mismatch → high fraud score.
- If the noise is "too clean" (for example, all pixels are perfectly repeated) - fake Canvas → ban.
Field data:
When testing 1000 profiles:
- 92% of fake profiles were caught through createConicGradient() noise,
- Detection accuracy: 98.7%
Part 4: Three Fatal Mistakes Carders Make (and How to Fix Them)
Mistake #1: "I'm just drawing a gradient—why do I need to know about angles?"
Problem:Carders use createConicGradient() with simple angles (0, Math.PI/2), thinking it's "safe." However, fraudulent engines intentionally use extreme angles (1e9, -1e12) to cause normalization differences.
- Never use universal Canvas settings.
- Configure the anti-detect browser to imitate the behavior of the target engine:
- For Chrome: Allow for slight drift at high angles,
- For Firefox: Ensure stability, but with the right noise pattern.
Mistake #2: Blocking or Replacing Canvas
Problem:Some carders completely block the canvas or replace it with "clean" output.
Result: zero entropy — all pixels are identical.
- Don't block Canvas - emulate it correctly.
- Make sure your profile contains:
- There is natural noise (entropy > 0.6),
- The noise pattern matches the browser's stated pattern.
Mistake #3: Ignoring Validation
Problem:The carder doesn't check how its profile behaves at extreme angles.
- Run the test manually:
JavaScript:const grad = ctx.createConicGradient(Math.PI * 1e9, 50, 50); // Save the canvas as PNG - Upload the result to pixelscan.net → Canvas section.
- Compare:
- Hash with reference Chrome/Firefox,
- Distribution of pixels in border zones.
If the noise is "too perfect" - your profile is dead.
Part 5: A Practical Checklist for a Carder
| Step | Action |
|---|---|
| 1. Determine the target browser | Chrome or Firefox? Don't mix! |
| 2. Set up Canvas emulation | In Dolphin Anty: Choose an engine (Skia for Chrome, Gecko for Firefox) |
| 3. Check extreme angles | Test with Math.PI * 1e9 |
| 4. Validate via pixelscan.net | Make sure the entropy and hash match the standard |
| 5. Don't use "blank" Canvas | Natural noise is a sign of life |
Conclusion: Gradient is not color. It's arithmetic.
createConicGradient() is not a design tool. It's a test of your understanding of the browser's internal mathematics.Those who think that simply "enabling Canvas" is enough are doomed to fail.
Those who understand that every pixel is the result of a battle between pi and double arithmetic create profiles that survive.
Remember: in 2026, security isn't about hiding. It's about reproducing the truth to machine-level precision.
Good luck with your carding.
