I think you're confused about the definitions. https://en.wikipedia.org/wiki/Canvas_fingerprinting
A canvas in this sense is an area defined by the webpage and rendered in the browser's web content display areas where the webpage can use Javascript for graphics, primarily drawing and coloring. The text you cited describes the ability of a webpage to tell the browser's Javascript engine to draw in a canvas area and then extract the image it drew. The abilities and metadata provided by the engine for manipulating a canvas depend on many factors, some of which are listed in your quote. The adversary webpage can tell the browser to draw and extract a canvas image that exposes the limits of the metadata and abilities that are highly unique to each browser+system settings combination. It can be compared to a unique session cookie but circumvents all cookie safeguards. Websites such as panopticlick let you test your browser fingerprint entropy.
Image editing is different. It is usually done in offline image editors and goes through different processes versus rendering or uploading that file in a web browser. Some image file types are saved with metadata inside them that you can read with an EXIF viewer or hex editor. As far as I know, the canvas is not designed to read those. It's possible for editors to save the name of the graphics card model or the model of the camera that took a photo as EXIF data. Uploaded files in general could be traced by time, IP, and file hash. Uploaded images could be analyzed for what they visibly depict. But none of those are how canvas fingerprinting works. File uploads are generally not intended to be processed by canvas Javascript that the webpage may try to run in the browser tab, and I would expect that any attempts to extract the canvas image would trigger the warning regardless of what was drawn. Interfaces for uploading wouldn't really help the goals of canvas fingerprinting. They are generally not silent and hidden every time the page loads and require the user to actively click buttons to begin.
I think you're confusedā¦
I think you're confused about the definitions.
https://en.wikipedia.org/wiki/Canvas_fingerprinting
A canvas in this sense is an area defined by the webpage and rendered in the browser's web content display areas where the webpage can use Javascript for graphics, primarily drawing and coloring. The text you cited describes the ability of a webpage to tell the browser's Javascript engine to draw in a canvas area and then extract the image it drew. The abilities and metadata provided by the engine for manipulating a canvas depend on many factors, some of which are listed in your quote. The adversary webpage can tell the browser to draw and extract a canvas image that exposes the limits of the metadata and abilities that are highly unique to each browser+system settings combination. It can be compared to a unique session cookie but circumvents all cookie safeguards. Websites such as panopticlick let you test your browser fingerprint entropy.
Image editing is different. It is usually done in offline image editors and goes through different processes versus rendering or uploading that file in a web browser. Some image file types are saved with metadata inside them that you can read with an EXIF viewer or hex editor. As far as I know, the canvas is not designed to read those. It's possible for editors to save the name of the graphics card model or the model of the camera that took a photo as EXIF data. Uploaded files in general could be traced by time, IP, and file hash. Uploaded images could be analyzed for what they visibly depict. But none of those are how canvas fingerprinting works. File uploads are generally not intended to be processed by canvas Javascript that the webpage may try to run in the browser tab, and I would expect that any attempts to extract the canvas image would trigger the warning regardless of what was drawn. Interfaces for uploading wouldn't really help the goals of canvas fingerprinting. They are generally not silent and hidden every time the page loads and require the user to actively click buttons to begin.