WebGPU technology in Antifraud systems and methods of user identification

09.11.24

WebGPU (Web Graphics Processing Unit) is the latest technology for rendering graphics in browsers and performing computations on GPUs, giving developers the ability to access hardware accelerations for both 3D graphics and high-performance computing. WebGPU is a significant step forward from previous technologies such as WebGL, as it opens up access to a low-level API that enables the creation of complex graphics scenes and the execution of intensive computations with high efficiency. With these capabilities, WebGPU has also found its place in anti-fraud systems, where it helps track unique features of devices to identify users.

##### Background and Purpose of WebGPU

WebGPU was developed by the W3C consortium as a response to the desire to improve access to GPU capabilities for web applications. The standard was presented as a more performant and modern alternative to WebGL and OpenGL, and allows the capabilities of modern graphics APIs such as Vulkan, Direct3D 12 and Metal to be utilized through the browser. WebGPU greatly simplifies integration with hardware accelerations for rendering and computation tasks, making it useful not only for visual effects, gaming and scientific computing, but also for anti-fraud systems where a device's digital fingerprint helps in identification.

##### WebGPU Technology Capabilities

WebGPU provides developers with the following key capabilities:
- **Low-level GPU access:** WebGPU allows you to work directly with the GPU's processing power, providing high performance and control over graphics computation.
- **Support for 3D and 2D graphics:** WebGPU is capable of creating both simple and complex 3D models and scenes, making it suitable for resource-intensive tasks.
- **Shaders and computational tasks:** WebGPU can utilize custom shaders to create unique textures and realistic visual effects, as well as perform complex computations directly on the GPU.

These features make WebGPU a powerful tool for web developers working on graphics-intensive and computationally intensive applications, as well as for professionals building anti-fraud systems.

##### WebGPU in anti-fraud systems: fraud protection

One of the applications of WebGPU in anti-fraud systems is the creation of a unique graphical fingerprint of the device. This fingerprint takes into account how the device's hardware and drivers handle graphics and computational tasks. Unlike Canvas and WebGL, WebGPU provides additional parameters to track, such as the number of available GPU compute cores, supported extensions, and precise shader processing characteristics, allowing anti-fraud systems to create unique digital signatures for each device.

##### How does WebGPU help identify the user?

Graphics rendering and compute execution using WebGPU may perform differently on different devices depending on hardware, GPU, and driver configurations. Differences can be seen in computation performance, rendering quality, support for different extensions and shaders. These differences are used to create a unique device fingerprint that is difficult to fake.

The key factors that influence the uniqueness of a WebGPU fingerprint are:
- **GPU model and architecture:** Different GPU models process computations at different speeds and accuracy.
- **Expansion and shader support:**The set of available extensions and shader execution specifications varies from device to device.
- **Browser and driver configuration:** The specifics of browser configuration and driver versions also affect the results of shader execution and computation.

These features allow anti-fraud systems to create accurate fingerprints to uniqueize devices and detect data spoofing attempts.

##### WebGPU Fingerprint Spoofing Techniques

Attackers also attempt to circumvent WebGPU fingerprints through a variety of spoofing methods. Some of the most common methods include:
- Altering shader results: To spoof fingerprints, attackers can interfere with shaders by adding noise or altering textures to change the final image and hide device characteristics.
- Pre-recorded data injection: This technique involves spoofing WebGPU results with pre-recorded fingerprints from other devices. Such data allows fraudsters to mimic the performance of other devices, bypassing anti-fraud systems.

##### How do antifraud systems detect WebGPU fingerprint spoofing?

Anti-fraud systems use several approaches to detect WebGPU fingerprint spoofing. The main ones include:
- Analyzing computational and graphical rendering results: Systems can generate multiple tests, the results of which are compared to identify outliers. For example, minor differences in performance and rendering details may indicate the use of spurious data.
- Dynamic Shader Performance Comparison: Using dynamic shaders, systems can force the device to perform unique tasks in real time. This makes it difficult to forge fingerprints because it is difficult for attackers to reproduce the behavior of a real device without significant latency.

Thus, by using WebGPU, anti-fraud systems can identify suspicious activity through deeper analysis of device characteristics and their rendering and computation behavior, making fingerprint forgery more challenging.

#### WebGPU fingerprint

Let's see some examples of what data can be retrieved from a browser using the WebGPU API. Let's go to the <a href="https://browserleaks.com/webgpu/" target="_blank">browserleaks.com/webgpu</a> page

Section One: Adapter Information
![](/media/mdeditor/1_20241109133438947953.png)

Section Two: Adapter Limit Information
![](/media/mdeditor/2_20241109133646511728.png)

Section Three: Features supported by the adapter
![](/media/mdeditor/3_20241109133714138455.png)

Section Four: Supported texture formats
![](/media/mdeditor/4_20241109133832262425.png)

Section Five: Supported WGSL (WebGPU Shading Language) language features.
![](/media/mdeditor/5_20241109133907503674.png)

Section Six: Additional adapter information (preferred bgra8unorm format, alpha channel mode, tone mapping mode).
![](/media/mdeditor/6_20241109133926755447.png)

Let's verify this information on our test page by opening <a href="https://test-webapi.tech/webgpufull" target="_blank">test-webapi.tech/webgpufull</a> in the Chrome browser on a computer
![](/media/mdeditor/7_20241109133951583518.png)

![](/media/mdeditor/8_20241109134016998096.png)

On this page we see the adapters that can be used by the system: high performance adapter, power efficient adapter, standby adapter.

The Format Support section is equally important, let's check which formats are supported by desktop devices and mobile devices

![](/media/mdeditor/9_20241109134117404337.png)

By simply checking the supported formats, you can determine with high accuracy whether a device is a cell phone and a desktop.
It is also important to realize that users often run anti-detect browsers on rented servers without a video adapter and try to present the anti-detect browser as a mobile device browser. In such cases, such tests can determine that the user does not have a GPU adapter, while a real mobile device will show the expected results:

![](/media/mdeditor/10_20241109134151058077.png)

GPU Features to a lesser extent, but helps identify users. The values depend on the video adapter and browser settings. You can see from the following example that Features have differences on different devices.

![](/media/mdeditor/11_20241109134229851752.png)

##### WebGPU Performance Footprint

Let's look at a simple example of how anti-fraud systems can identify users using the WebGPU performance fingerprint

Let's open our test page <a href="https://test-webapi.tech/webgpuperf" target="_blank">https://test-webapi.tech/webgpuperf</a> in the Chrome browser on a computer

![](/media/mdeditor/12_20241109134321122082.png)

This page provides information about the graphics card, obtained using two APIs: WebGL and WebGPU, and the results of two tests for GPU adapter performance. The first test shows the adapter initialization time and rendering time. The second test differs from the first one in that we add an additional load on the adapter at the same time.
Let's repeat this test on other devices:

![](/media/mdeditor/13_20241109134359038225.jpg)

![](/media/mdeditor/14_20241109134426790853.png)

![](/media/mdeditor/15_20241109134449122049.jpg)

Let's compare this performance footprint to the one from Anti-Detect Browser:

![](/media/mdeditor/16_20241109134516594211.png)

The anti-detect-browser test shows results at the level of a high performance video card, even though the device is claimed to use an Intel adapter. This is because the anti-detect browser is running on our computer with an Nvidia graphics card.

Let's check the performance on different mobile devices:

![](/media/mdeditor/17_20241109134546372841.png)

![](/media/mdeditor/18_20241109134629558054.png)

Based on the results of the tests I've done on various devices, some interesting observations can be made. On PCs with low-end GPUs, rendering is often faster than on modern mobile devices, which confirms the significant role of the hardware component in performance. At the same time, Radeon graphics cards perform differently than Nvidia cards on high-load tests, highlighting differences in driver architecture and optimization. However, it's worth noting that test results can depend significantly on the browser version as well as the concurrent load during the test.

A curious point is that the adapter initialization time on modern mobile devices in most cases turns out to be shorter than on PCs. In our test, we aimed to cover key performance characteristics to provide an unbiased comparison. To more accurately differentiate rendering times across different adapter types, we conducted additional tests later on, which allowed us to more clearly distinguish between results on high-performance and low-performance adapters, as well as mobile devices. This data plays an important role when customizing antifraud systems and helps to more accurately take into account the specifics of each platform.

##### Conclusion

In this article we have seen how anti-fraud systems using WebGPU technology can identify users and detect fraudulent traffic. In conclusion, the use of WebGPU technology in anti-fraud systems represents a significant step forward in the field of Internet fraud protection. Due to its high performance and accuracy, this technology can effectively identify users as well as accurately detect froid traffic. A comparison of WebGPU and WebGL data demonstrates its advantages in identifying device type, browser type and identifying spoofing attempts, making it an indispensable tool for online security. With cyber threats on the rise, further development of such solutions can significantly improve the effectiveness of combating online fraud.

In the next article we will continue the analysis of browser technologies used in anti-fraud systems.

_Bannykh M.V._

Not with us yet?

Antidetect

An example of using the Web Audio API for audio fingerprinting in anti-fraud systems.

Web Audio API technology in Anti-Fraud systems and methods of user identification

Web Audio API provides audio analysis and processing capabilities that have found application in anti-fraud systems for creating unique audio fingerprints of devices. This article discusses how to work with the technology and how to counter fingerprint sp

Bannykh M.V.

17.11.24

Antidetect

Canvas Technology in Anti-Fraud Systems and User Identification Methods.

The article examines Canvas technology in web development, its application in anti-fraud systems, methods of creating and spoofing fingerprints, and the impact of noise overlay on user identification.

Antidetect

26.10.24

WebGPU technology in Antifraud systems and methods of user identification

Related posts

Web Audio API technology in Anti-Fraud systems and methods of user identification

Canvas Technology in Anti-Fraud Systems and User Identification Methods.