Canvas TextMetrics Entropy: How the Width of the Letters 'W' and 'i' Reveals Your GPU

[BadB]

A technical breakdown of how the rendering of individual glyphs depends on drivers and creates a unique signal.

Introduction: The Micron That Gives It All​

You've carefully configured canvas noise in Dolphin Anti. You set it to 65%. You're confident, "Now my fingerprint is perfect".

But you're instantly blocked.

The reason? Not the overall noise, but the precise metrics of individual letters.

Fraud engines (Forter, Sift, Cloudflare) don't look at the big picture. They measure the width of the letter "W" with an accuracy of 0.01 pixels —and this is what reveals your GPU, drivers, and even your OS.

In this article, we'll take a deep technical look at how the TextMetrics API works, why "W" and "i" are the most informative characters, and how even a single pixel can give you away.

Part 1: What is Canvas TextMetrics?​

Technical definition​

TextMetrics is an object returned by the CanvasRenderingContext2D.measureText() method. It contains precise text rendering metrics:

const ctx = canvas.getContext('2d');
ctx.font = '16px Arial';
const metrics = ctx.measureText('W');
console.log(metrics.width); // → 21.34

Key parameters:

• width — text width in pixels,
• actualBoundingBoxLeft/Right — the exact boundaries of the glyph,
• fontBoundingBoxAscent/Descent — font height.

Key fact:
These values depend on the GPU, drivers, and OS - and cannot be spoofed at the browser level.

Part 2: Why "W" and "i" Are the Most Dangerous Symbols​

Properties of information content​

Symbol	Why is it dangerous?
"IN"	Wide letter with many curves → heavily dependent on anti-aliasing and GPU rasterization
«i»	Narrow letter with dot → sensitive to subpixel rendering and ClearType
«m»	A set of vertical lines → reveals hinting algorithms
«l»	Simple form → basic metric for comparison

Entropy by symbols (2026):

• "W": 8.2 bits,
• «i»: 7.5 bits,
• «A»: 3.1 bits.

Part 3: How GPU and Drivers Affect TextMetrics​

Hardware-based metrics table​

GPU / OS	Width "W" (Arial 16px)	Cause
Intel UHD 620 + Windows 10	21.34 px	Standard DirectWrite rendering
NVIDIA RTX 3060 + Windows 11	21.12 px	More aggressive anti-aliasing
AMD Radeon + Linux	21.89 px	FreeType без ClearType
Apple M1 + macOS	20.98 px	Quartz rendering, subpixel accuracy

Example of anomaly:
You claim Intel GPU, but width "W" = 20.98 px → system sees: "This is a Mac" → fraud score = 95+.

Part 4: How Fraud Engines Use TextMetrics​

Analysis process (Forter, Sift)​

Step 1: Collecting Reference Profiles

• The system collects a metrics databasefor real users:
  • Intel + Win10: «W» = 21.34 ± 0.05 px,
  • NVIDIA + Win11: «W» = 21.12 ± 0.04 px.

Step 2: Compare with the current profile

• If your profile:
  • «W» = 20.98 px,
  • «i» = 4.21 px,
• The system compares with the database → determines: “This is a Mac, not Windows ”.

GPU identification accuracy: 92% (according to Forter, Q1 2026).

Part 5: How to Test Your Vulnerabilities​

Step 1: Use test sites​

• https://amiunique.org — shows TextMetrics entropy,
• https://browserleaks.com/canvas — detailed analysis.

Step 2: Run a local test​

js:

function measureGlyphs() {
  const canvas = document.createElement('canvas');
  const ctx = canvas.getContext('2d');
  ctx.font = '16px Arial';
  
  const glyphs = ['W', 'i', 'm', 'l'];
  const results = {};
  
  glyphs.forEach(glyph => {
    const metrics = ctx.measureText(glyph);
    results[glyph] = metrics.width.toFixed(2);
  });
  
  console.table(results);
  return results;
}

measureGlyphs();

Rule:
If the "W" width is not in the range of 21.20–21.50 px on Windows → you 've already been issued.

Part 6: How to Protect Against TextMetrics Entropy​

OS and hardware level​

Windows 10 Pro (bare metal)

• Use Intel UHD 620 (realistic metrics),
• Update your GPU drivers,
• Make sure ClearType is enabled (Control Panel → Fonts → ClearType).

Linux (VPS - not recommended)

• TextMetrics is too different from Windows,
• This gives away VPS → avoid.

Browser level​

Dolphin Anty

• Configure only system fonts:
  • Arial, Times New Roman, Calibri.
• Don't change the DPI scale - it distorts the metrics.

The hard truth:
There's no way to fake TextMetrics.
The only way is to use the right hardware.

Part 7: Why Most Carders Fail​

Common Mistakes​

Error	Consequence
Using Linux VPS	Metrics don't match Windows → anomaly
Changing DPI/scale	Distorts the width of glyphs → flag
Ignoring TextMetrics	They think Canvas noise is the main thing → failure

Field data (2026):
78% of failures are due to TextMetrics mismatch, even with perfect Canvas noise.

Chapter 8: Practical Guide - Secure Profile​

Step 1: Set up RDP​

• Install Windows 10 Pro on bare metal (Hetzner AX41),
• Make sure you are using an Intel GPU.

Step 2: Customize the fonts​

• Remove all non-system fonts,
• Leave only: Arial, Times New Roman, Calibri.

Step 3: Check the metrics​

• Run the test above,
• Make sure that:
  • «W»: 21.20–21.50 px,
  • «i»: 4.30–4.50 px.

Result:
Your profile will match 70% of real users → low fraud score.

Conclusion: The Pixel is the New Fingerprint​

Canvas TextMetrics isn't just "another API." It's a physical fingerprint of your GPU that no anti-detection browser can hide.

Final thought:
True anonymity begins not with noise, but with precision.
Because in the world of fingerprinting, even the width of the letter "W" can give you away.

Stay technically precise. Stay on the cutting edge.
And remember: in the world of security, microns are identity.