Content
1. The concept of absolute antidetect.
2. Facts – Connections – Actions
2.1. Everything RELATED TO THE PROFILE is called facts:
2.2. The connections are also those RELATED TO THE PROFILE:
2.3. Actions will be considered all sequential activity of devices ASSOCIATED WITH THE PROFILE,
3. Introduction
4. Canvas
5. WebGL
6. WebRTC
6.1. Fonts
6.2. Modernizr
From Zuck’s own words, Carding antifraud systems are designed to inflict maximum damage on the creators of fake profiles. Sometimes the exchange deliberately does not block an already discovered fake in order to, using big data recognition and analysis systems, reveal the entire network of profiles (already working and not yet created) that violate the rules of the network.
In one of my speeches, I talked about how carding relies more on behavioral analysis than on device fingerprint recognition technology (the well-known fingerprinting). The entire trust limit of an individual account is determined from three groups of components: Facts - Connections - Actions. And here's a little more detail.
Carding collects all three sets of data. They are interconnected and regulate each other. Based on the analysis of the received data over time, each user is assigned a quality indicator, which is called USER_TRUST in Carding, and Quality Score in Google .
Against the background of all the preludes described above, two questions critically arise :
As mentioned above, 99% of all sneaky deeds committed on Carding are carried out from fake profiles. Spam, credit card fraud, Black-hat arbitrage, social engineering, evil Russian Carders and even the ubiquitous “Kremlinbots” (accounts of bots and live trolls designed to discredit all political and social phenomena that are objectionable to the Russian Government) - everything is carried out under fake profiles. And you have to be a super idiot to enter a stolen credit card on Carding using your real first and last name.
It is logical to assume that a giant like Carding uses the most advanced user identification technologies. The platform begins to follow you even before you even decide to create an account on social media. networks. Modern methods of profile pharming take into account multi-day collection of cookies and “flickering” of the device on sites where there are carding pixels, otherwise a successful launch is not guaranteed.
Modern device identification systems are based on fingerprintjs technology, developed by Valentin Vasiliev 5 years ago. Comprehensive Carding Antifraud also includes collecting data about the user through the direct procedure of fingerprinting, and obtaining information from other services, which in turn also collect fingerprints. The entire data array is collected according to the Facts-Connections-Actions principle and processed by the vaunted Carding AI, which already ranks accounts according to the expression USER_TRUST.
The most effective ways to determine a user are js calls to the Canvas, WebGL and WebRTC interfaces. The received data is converted into hashes, which make up the combined fingerprint of use. We will take a closer look at the mechanics of replacing these interfaces in order to better understand the operation of various antidetect applications. We will talk about this in the next part of our study.
Source: https://vk.com/@adcombo-koncepciya-absolutnogo-antidetekta-chast-1
Until recently, anti-detect services dealt with Canvas fingerprinting by replacing the color of pixels. Adding even small changes is enough to change the fingerprint hash. However, this method has some disadvantages. Yes, the hash changes and Carding will not be able to link your device with other blocked profiles. But at the same time, your uniqueness will be 100% (or very close to this value). At best, the fingerprint will match the fingerprints of other users of the same anti-detect service (and we all know who mainly uses them).
All this under no circumstances will make your stay on Carding more comfortable. The same thing is to put on a Batman mask and walk around the city in it. Yes, no one will see your real face. But everyone will pay attention and look like an idiot: “Look, this is the same guy in the Batman mask!”
In addition, Carding can compare the given rendering parameters and the rendering process of different images in the browser and thus determine whether the fingerprint hash has been tampered with. Thus, Carding will accurately identify you as a user of the anti-detect service. And this does not bode well.
Interestingly, tests show that through JS Carding receives only those parameters that are needed to correctly generate an image on a specific device. There is no full WebGL fingerprinting procedure. However, this does not mean that other services ( from which Carding acquires user data free of charge or commercially) do not do this.
Fingerprint substitution in this case also occurs by changing the transparency of colors. Unfortunately, today there are no public databases for comparing WebGL fingerprints. Based on indirect evidence, it can be assumed that the uniqueness of such a modified fingerprint is also close to 100%. Moreover, when paired, WebGL and Canvas can literally check each other, because complex 3D images are, in turn, 2D images. The difference in rendering between Canvas and WebGL images gives Carding 100% confidence that someone is wearing a Batman mask.
However, device data providers supply devices with hashed identifiers. That is, in fact, Carding recognizes not only the presence of the filling, but also the device ID. In addition, the standard involves determining your local and public IP addresses, bypassing VPN connections .
In a good way, a conscious user should generally disable WebRTC in the browser once and for all. However, for anti-fraud systems, disabled WebRTC is a sure signal that you are a suspicious type, because 99% of ordinary people have it enabled, hence disabling this parameter only adds to your uniqueness.
Anti-detect systems can replace both local and public IP addresses in the WebRTC interface, but you won’t be able to make video and audio calls using a browser (and I didn’t really want to, lol). You can read more about WebRTC here.
Fortunately for us, anti-detection services try to be up to date. Update the contents of their browsers to the latest versions of Mozilla FireFox and Chrome.
Carding doesn't rely solely on data collection and analysis. Its strength is in dynamics, relying on the analysis of user behavior and optimization of algorithms. Therefore, the use of the same consumables and typical schemes always leads to tightening. Storing WebGL metadata and Modernizr content data from every fingerprint of two billion users are extremely data-intensive technologies. In turn, there are already global behavioral databases. This is how they are used in the anti-fraud service of the Carding version.
Competent and conscious use of identity protection services can become the basis for successful work. What’s the point of being able to launch black-hat campaigns and scale quickly if the advertising office cannot run lead ads.
That's all for today. In the next part of the study, we will tell you how antidetect services work.
Source: https://vk.com/@adcombo-koncepciya-absolutnogo-antidetekta-chast-2
1. The concept of absolute antidetect.
2. Facts – Connections – Actions
2.1. Everything RELATED TO THE PROFILE is called facts:
2.2. The connections are also those RELATED TO THE PROFILE:
2.3. Actions will be considered all sequential activity of devices ASSOCIATED WITH THE PROFILE,
3. Introduction
4. Canvas
5. WebGL
6. WebRTC
6.1. Fonts
6.2. Modernizr
The concept of absolute antidetect.
The first rule of Carding, which we all break without exception, is:Sometimes an account may not violate the policies or standards of a social network, but still receive blocking for creating a fake profile. The platform itself never directly indicates that you have created the second, third,... hundredth profile when it blocks your account.
From Zuck’s own words, Carding antifraud systems are designed to inflict maximum damage on the creators of fake profiles. Sometimes the exchange deliberately does not block an already discovered fake in order to, using big data recognition and analysis systems, reveal the entire network of profiles (already working and not yet created) that violate the rules of the network.
And in this he succeeded...
In one of my speeches, I talked about how carding relies more on behavioral analysis than on device fingerprint recognition technology (the well-known fingerprinting). The entire trust limit of an individual account is determined from three groups of components: Facts - Connections - Actions. And here's a little more detail.
Facts – Connections – Actions
Everything RELATED TO THE PROFILE is called facts:
- Device system configurations ( mobile and desktop ). All computers and phones from which you logged into the system are connected by the same network, or are visible within the same Wi-Fi;
- All Cookies, IP addresses, DNS used and other network components;
- Linked payment instruments;
- Contents of advertising accounts ( businesses, domains, applications, creatives, FP );
- Profile content ( friends, correspondence, groups, likes, etc. ) In short, all the information that is downloaded from the profile security panel.
The connections are also those RELATED TO THE PROFILE:
- All cases of coincidence of FACTS with other accounts;
- All the same or close to the same ACTIONS with other accounts;
Actions will be considered all sequential activity of devices ASSOCIATED WITH THE PROFILE,
during which FACTS are developed and CONNECTIONS are established.Carding collects all three sets of data. They are interconnected and regulate each other. Based on the analysis of the received data over time, each user is assigned a quality indicator, which is called USER_TRUST in Carding, and Quality Score in Google .
Against the background of all the preludes described above, two questions critically arise :
- How to properly organize ACTIONS within an account so that the behavioral model of an arbitrator has striking differences from the actions of other fakes on Carding;
- How to implement a sufficient degree of anonymity to prevent the establishment of CONNECTIONS based on FACTS of matches with other profiles (which, presumably, have already served their purpose and are blocked);
As mentioned above, 99% of all sneaky deeds committed on Carding are carried out from fake profiles. Spam, credit card fraud, Black-hat arbitrage, social engineering, evil Russian Carders and even the ubiquitous “Kremlinbots” (accounts of bots and live trolls designed to discredit all political and social phenomena that are objectionable to the Russian Government) - everything is carried out under fake profiles. And you have to be a super idiot to enter a stolen credit card on Carding using your real first and last name.
It is logical to assume that a giant like Carding uses the most advanced user identification technologies. The platform begins to follow you even before you even decide to create an account on social media. networks. Modern methods of profile pharming take into account multi-day collection of cookies and “flickering” of the device on sites where there are carding pixels, otherwise a successful launch is not guaranteed.
Modern device identification systems are based on fingerprintjs technology, developed by Valentin Vasiliev 5 years ago. Comprehensive Carding Antifraud also includes collecting data about the user through the direct procedure of fingerprinting, and obtaining information from other services, which in turn also collect fingerprints. The entire data array is collected according to the Facts-Connections-Actions principle and processed by the vaunted Carding AI, which already ranks accounts according to the expression USER_TRUST.
The most effective ways to determine a user are js calls to the Canvas, WebGL and WebRTC interfaces. The received data is converted into hashes, which make up the combined fingerprint of use. We will take a closer look at the mechanics of replacing these interfaces in order to better understand the operation of various antidetect applications. We will talk about this in the next part of our study.
Source: https://vk.com/@adcombo-koncepciya-absolutnogo-antidetekta-chast-1
Introduction
The most effective ways to determine a user are js calls to the Canvas, WebGL and WebRTC interfaces. The received data is converted into hashes, which make up the combined fingerprint of use. We will take a closer look at the mechanics of replacing these interfaces in order to better understand the operation of various antidetect applications.Canvas
This is an HTML5 API for rendering graphics. JS scripts give the browser parameters for rendering the desired image. The browser, using device resources, renders the image. The whole point is that different devices render the same image differently. This may depend on the operating system, browser version, installed libraries, video card driver, and the graphics adapter itself.The fingerprint data from Canvas alone is enough to determine the uniqueness of a user with a score above 95%. Users of Apple technology (MacBooks, iPads and iPhones) are doing slightly better. The latter are usually custom and their uniqueness is lower by default. It is for this reason that Google and Carding profile farmers love to use old MacBooks for their business.
Until recently, anti-detect services dealt with Canvas fingerprinting by replacing the color of pixels. Adding even small changes is enough to change the fingerprint hash. However, this method has some disadvantages. Yes, the hash changes and Carding will not be able to link your device with other blocked profiles. But at the same time, your uniqueness will be 100% (or very close to this value). At best, the fingerprint will match the fingerprints of other users of the same anti-detect service (and we all know who mainly uses them).
All this under no circumstances will make your stay on Carding more comfortable. The same thing is to put on a Batman mask and walk around the city in it. Yes, no one will see your real face. But everyone will pay attention and look like an idiot: “Look, this is the same guy in the Batman mask!”
In addition, Carding can compare the given rendering parameters and the rendering process of different images in the browser and thus determine whether the fingerprint hash has been tampered with. Thus, Carding will accurately identify you as a user of the anti-detect service. And this does not bode well.
WebGL
This is a JavaScript API for rendering more complex 3D images using the OpenGL library. Uses over 300 simple primitive functions to build complex 3D images. Depending on the installed video adapter or video chip, a different number of metadata parameters can be removed from the device.Interestingly, tests show that through JS Carding receives only those parameters that are needed to correctly generate an image on a specific device. There is no full WebGL fingerprinting procedure. However, this does not mean that other services ( from which Carding acquires user data free of charge or commercially) do not do this.
Fingerprint substitution in this case also occurs by changing the transparency of colors. Unfortunately, today there are no public databases for comparing WebGL fingerprints. Based on indirect evidence, it can be assumed that the uniqueness of such a modified fingerprint is also close to 100%. Moreover, when paired, WebGL and Canvas can literally check each other, because complex 3D images are, in turn, 2D images. The difference in rendering between Canvas and WebGL images gives Carding 100% confidence that someone is wearing a Batman mask.
WebRTC
This is a browser standard. It allows users to make video and audio calls directly in the browser without using third-party software. Very convenient, but unfortunately not very safe. Using the WebRTC interface, the site can obtain information about the audio adapter and all audio devices. Including video camera, microphone, speakers.However, device data providers supply devices with hashed identifiers. That is, in fact, Carding recognizes not only the presence of the filling, but also the device ID. In addition, the standard involves determining your local and public IP addresses, bypassing VPN connections .
In a good way, a conscious user should generally disable WebRTC in the browser once and for all. However, for anti-fraud systems, disabled WebRTC is a sure signal that you are a suspicious type, because 99% of ordinary people have it enabled, hence disabling this parameter only adds to your uniqueness.
Anti-detect systems can replace both local and public IP addresses in the WebRTC interface, but you won’t be able to make video and audio calls using a browser (and I didn’t really want to, lol). You can read more about WebRTC here.
Fonts
By measuring the size of text areas in HTML, overlaying texts on top of each other, and other techniques, anti-fraud systems can recognize the list of fonts installed on the system. Some techniques force the browser to access libraries installed on the system to display texts. Depending on the operating system ( GDI and DirectWrite for Windows, Core Text for MacOS and Pango for Linux ), the libraries behave differently. This creates additional opportunities to determine the user’s system even using emulators and anti-detect browsers.Modernizr
This is a JS library that allows you to immediately determine 290 browser features. The thing is that in different versions of the browser, the set of these features may change slightly. It is known that most people have auto-update browsers. Using earlier versions of Chrome and FireFox usually indicates anomalies and greatly increases your anonymity rating, which is not good.Fortunately for us, anti-detection services try to be up to date. Update the contents of their browsers to the latest versions of Mozilla FireFox and Chrome.
Carding doesn't rely solely on data collection and analysis. Its strength is in dynamics, relying on the analysis of user behavior and optimization of algorithms. Therefore, the use of the same consumables and typical schemes always leads to tightening. Storing WebGL metadata and Modernizr content data from every fingerprint of two billion users are extremely data-intensive technologies. In turn, there are already global behavioral databases. This is how they are used in the anti-fraud service of the Carding version.
Competent and conscious use of identity protection services can become the basis for successful work. What’s the point of being able to launch black-hat campaigns and scale quickly if the advertising office cannot run lead ads.
That's all for today. In the next part of the study, we will tell you how antidetect services work.
Source: https://vk.com/@adcombo-koncepciya-absolutnogo-antidetekta-chast-2
