Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,231
- Points
- 113
1. Table of contents. A list of headings that doesn't hurt the eyes.
2. User agent - Information about the browser and OS
3. Screen dimensions - Screen dimensions
4. Browser language - Browser language
5. Time zone - Time zone
6. List of installed fonts - Installed fonts
7. WebGL renderer and vendor - Video card identifier
8. Available GPUs - Available video cards
9. Plugins - Installed plugins
10. Cookies enabled - Cookies are allowed
11. Local storage - Availability and size of local storage
12. Touch support - Multitouch support
13. Hybrid/tablet mode - PC and tablet operating mode
14. Canvas fingerprinting - Information via <canvas>
15. WebGL fingerprinting - Information via WebGL API
16. JavaScript enabled - JavaScript is allowed
17. AdBlock installed - AdBlock is installed
18. Information about audio and video codecs - Information about audio and video codecs
19. Battery status and level - Battery charge and level
20. Connection type and speed - Type and connection speed
21. System fonts - System fonts
22. Writing direction - Writing direction (SPAN or ARAB)
23. Do not track setting - Do not track setting
24. Information about bandwidth estimation - Information about bandwidth estimation
25. Network interface information - Information about the network interface
26. List of installed applications - List of installed applications
27. Hybrid app detection - Determines if the device is running in hybrid app mode.
28. Device memory - Amount of device RAM.
29. Permissions access - Access to permissions
30. Hardware concurrency - Number of processor cores
31. Device sensor information - data about sensors
32. User agent - Information about the browser and OS. The script receives information about the user's browser and its version through a special string - user agent. It is transmitted with each HTTP request to the server. Information about the operating system on which the browser is running is also obtained. This may include:
33. Screen dimensions - Screen dimensions. Using the window.screen API, the following screen characteristics are obtained:
34. Browser language - Browser languageThe script determines the language of the user's browser settings. For this, the target language of HTTP requests is used.
35. Time zone - Time zoneThe script determines the time zone set on the client device. To do this, it analyzes the timestamp of HTTP requests.
The time zone includes:
36. List of installed fonts - Installed fonts. The script gets a list of all fonts available on the client's device. To do this, it uses the CSS @font-face API.
The result is:
37. WebGL renderer and vendor - Video card identifier. Using WebGL and OpenGL API, the script obtains information about the device's video adapters:
38. Available GPUs - Available video cards. The script gets a list of all graphics processors available on the client's device. WebGL and OpenGL API are used for this.
As a result, it becomes known:
39. Plugins - Installed Plugins. The script gets a list of all plugins installed in the user's browser. JavaScript API navigator.plugins is used for this.
It returns:
40. Cookies enabled - Cookies are allowed The script checks whether the use of HTTP cookies is allowed on the client's device. To do this, it tries to set a temporary cookie and checks whether it was successfully saved.
41. Local storage - Availability and volume of local storage. The script checks for the presence of the localStorage and sessionStorage APIs on the client's device. This means that it is possible to use the browser's local storage.
42. Touch support - Multi-touch support. The script checks whether the client's device supports input from a multi-touch screen.
43. Hybrid/tablet mode - PC and tablet mode. The script checks whether the client's device can operate in both horizontal and vertical modes.
44. Canvas fingerprinting - Information via <canvas> The script obtains information about the device by drawing graphics and text on a <canvas> element.
It then analyzes the resulting image and extracts the following data:
45. WebGL fingerprinting - Information via WebGL APIThe script obtains information about the device using WebGL - API for 3D graphics in the browser.
It analyzes the characteristics of the received 3D objects, including:
46. JavaScript enabled - JavaScript is allowedThe script checks whether JavaScript is allowed on the page.
47. AdBlock installed - AdBlock installedThe script checks whether an ad blocker such as AdBlock, uBlock Origin and others is installed on the device.
Various tests are used for this:
48. Information about audio and video codecs - Information about audio and video codecs. The script gets information about codecs supported by the client device. It uses the API for this:
49. Battery status and level - Battery charge and level. Using the Navigator.battery API, the script gets the following information about the device's battery:
50. Connection type and speed - Connection type and speed. Using the navigator.connection API, the script gets the following connection information:
51. System fonts - The script gets a list of all system fonts available on the client's device. It uses the @font-face API for this.
This includes:
52. Writing direction - Writing direction (SPAN or ARAB) The script determines whether the text is directed from left to right or from right to left. To do this, it analyzes HTML or CSS attributes.
This is necessary to distinguish:
53. Do not track setting - The "Do not track" setting. The script checks whether the "Do not track" setting is enabled on the device, which is designed to block user tracking.
54. Information about bandwidth estimation - Information about bandwidth estimation. The script estimates the bandwidth of the client device's communication channel. It uses several methods for this:
55. Network interface information - Information about the network interface. Using the navigator.connection API, the script obtains the following information about the device's network interface:
56. List of installed applications - List of installed applications. The script gets a list of all applications installed on the client's device.
57. Hybrid app detection - Determines whether the device is running in hybrid app mode. Hybrid apps allow you to run both in a web browser and as a native app on the device.
The script can determine whether the client's device is running in hybrid app mode. The following features are used for this:
58. Device memory - The amount of RAM installed on the device. The script can determine the amount of RAM installed on the client's device. There are various methods for this:
59. Permissions access - The script can determine what permissions have been granted to this application on the client's device. This concerns permissions:
60. Hardware concurrency - Number of processor cores. The script can determine the number of processor cores on the client device. This allows you to draw conclusions about its performance. Various methods are used for this:
61. Device sensor information
• Accelerometer - measures the acceleration of the device. Can be used to detect motion or orientation of the device.
• Gyroscope - measures the angular velocity of the device. Can be used to determine the orientation of the device.
• Magnetometer - measures the magnetic field around the device. Can be used like a compass to determine the azimuth of the device.
• Barometer - measures the atmospheric pressure. Can be used to determine the altitude of the device above sea level.
• Light sensor - measures the ambient light. Can be used to automatically adjust the brightness of the screen.
• Proximity sensor - detects the presence of objects by emitting ultrasound and then receiving echo signals. Used to automatically turn off the screen during a call.
2. User agent - Information about the browser and OS
3. Screen dimensions - Screen dimensions
4. Browser language - Browser language
5. Time zone - Time zone
6. List of installed fonts - Installed fonts
7. WebGL renderer and vendor - Video card identifier
8. Available GPUs - Available video cards
9. Plugins - Installed plugins
10. Cookies enabled - Cookies are allowed
11. Local storage - Availability and size of local storage
12. Touch support - Multitouch support
13. Hybrid/tablet mode - PC and tablet operating mode
14. Canvas fingerprinting - Information via <canvas>
15. WebGL fingerprinting - Information via WebGL API
16. JavaScript enabled - JavaScript is allowed
17. AdBlock installed - AdBlock is installed
18. Information about audio and video codecs - Information about audio and video codecs
19. Battery status and level - Battery charge and level
20. Connection type and speed - Type and connection speed
21. System fonts - System fonts
22. Writing direction - Writing direction (SPAN or ARAB)
23. Do not track setting - Do not track setting
24. Information about bandwidth estimation - Information about bandwidth estimation
25. Network interface information - Information about the network interface
26. List of installed applications - List of installed applications
27. Hybrid app detection - Determines if the device is running in hybrid app mode.
28. Device memory - Amount of device RAM.
29. Permissions access - Access to permissions
30. Hardware concurrency - Number of processor cores
31. Device sensor information - data about sensors
32. User agent - Information about the browser and OS. The script receives information about the user's browser and its version through a special string - user agent. It is transmitted with each HTTP request to the server. Information about the operating system on which the browser is running is also obtained. This may include:
- OS name (Windows, macOS, iOS, Android, etc.)
- OS version
- OS language code (en-US etc.)
- The browser and its version can differ significantly among different people. This allows, first of all, to distinguish one user from another.
- Operating systems can also be different. This is further clarified by the fingerprint.
- All this information is used to create a unique fingerprint of the device and its owner.
33. Screen dimensions - Screen dimensions. Using the window.screen API, the following screen characteristics are obtained:
- Width and height in pixels
- Aspect ratio (eg 16:9)
- Number of available colors
- Availability of sRGB color gamut
- Dots per inch (DPI)
- These settings are unique to most devices.
- The screen size and pixel density indicate the type of device - smartphone, tablet or PC.
- Many people use the same device for a long time, so these characteristics remain stable.
- All screen parameters are taken into account when creating a unique fingerprint. They help to determine the type of device and distinguish one user from another.
34. Browser language - Browser languageThe script determines the language of the user's browser settings. For this, the target language of HTTP requests is used.
- Browser language settings include:
- Browser interface language
- The language in which web content is displayed
- Keyboard layout
- The settings language often corresponds to the user's native language. Therefore, this provides additional information for identification.
- Even if users have the same browsers and OS, their language settings may differ.
- The browser settings language is unique to most people.
- The entire set of factors collected by the script, including the browser settings language, is used to create a unique fingerprint for a specific device and its owner.
35. Time zone - Time zoneThe script determines the time zone set on the client device. To do this, it analyzes the timestamp of HTTP requests.
The time zone includes:
- Offset from GMT (for example +05:00 for Moscow)
- Time zone name (Moscow, London, etc.)
- The time zone often corresponds to the user's physical location. This allows for better identification of a specific person.
- Even if users have the same devices and settings, their time zones may differ. This is another unique feature.
- A time zone can also indicate a person's habits and lifestyle, such as average sleep time.
- All information received by the script, including the time zone, is used to create a unique fingerprint of the device and its owner.
36. List of installed fonts - Installed fonts. The script gets a list of all fonts available on the client's device. To do this, it uses the CSS @font-face API.
The result is:
- Names of installed fonts
- Their style (normal, italic, etc.)
- Font families
- The list of available fonts is often unique to a particular device.
- Even if people have the same OS and settings, the fonts installed may differ. This is further clarified by the fingerprint.
- The presence of rare or little-known fonts can also indicate the characteristics of the device and its owner.
- The entire set of factors collected by the script, including the list of installed fonts, is used to create a unique fingerprint.
37. WebGL renderer and vendor - Video card identifier. Using WebGL and OpenGL API, the script obtains information about the device's video adapters:
- The name of the video chip (for example, Nvidia GeForce or AMD Radeon)
- RAM manufacturer name
- Driver version
- This information is unique to most computers and mobile devices.
- Even if users have the same OS, video cards and chipsets may differ.
- The presence of rare or old video chips may also indicate the features of the device.
- The entire set of factors obtained by the script, including information about the video adapter, is used to create a unique fingerprint.
38. Available GPUs - Available video cards. The script gets a list of all graphics processors available on the client's device. WebGL and OpenGL API are used for this.
As a result, it becomes known:
- Number of VP
- Video card names (e.g. GeForce or Radeon)
- Characteristics of each card: model, video memory size, frequencies, etc.
- The list and characteristics of available video cards are often unique to each device.
- Even if people have the same OS, the number and models of their video cards can differ significantly.
- The presence of a non-standard configuration of the VP may also indicate the features of the device.
- The entire set of factors obtained by the script, including the list of video cards, is used to create a unique fingerprint of the device and its owner.
39. Plugins - Installed Plugins. The script gets a list of all plugins installed in the user's browser. JavaScript API navigator.plugins is used for this.
It returns:
- Name of each plugin
- Its version and supplier
- Plugin type (Shockwave Flash, Netscape, etc.)
- The complete list of installed plugins is often unique to most users.
- Even if people have the same browsers, the plugins they install can differ significantly.
- The presence of rare or outdated plugins may also indicate device specifics.
- The entire set of factors obtained by the script, including the list of plugins, is used to create a unique fingerprint.
40. Cookies enabled - Cookies are allowed The script checks whether the use of HTTP cookies is allowed on the client's device. To do this, it tries to set a temporary cookie and checks whether it was successfully saved.
- If a cookie has been set, then its use is permitted. This is recorded as part of the unique fingerprint.
- The presence or absence of cookies is an important detail.
- Disabling cookies is a rare practice and is typical only for a certain category of users concerned about privacy.
- Different browsers have different default cookie settings. This may indicate specific user preferences.
- All information collected by the script, including the presence of cookies, is used to create a unique fingerprint of the device and its owner.
41. Local storage - Availability and volume of local storage. The script checks for the presence of the localStorage and sessionStorage APIs on the client's device. This means that it is possible to use the browser's local storage.
- It is used to temporarily store data on the user's device outside of the HTTP cookie.
- The amount of available memory is also determined, which depends on the specific browser and device.
- The presence of local storage is an important detail. Some older browsers do not support it.
- The amount of available memory also varies from device to device, which is another distinguishing feature.
- All information collected by the script, including the presence and volume of local storage, is used to create a unique fingerprint of the device and its owner.
42. Touch support - Multi-touch support. The script checks whether the client's device supports input from a multi-touch screen.
- To do this, the presence of the touch API and touchstart/touchend events is checked.
- If such support exists, it is recorded as part of the device's unique fingerprint.
- The presence of a multi-touch screen is an important detail.
- Multi-touch support is only available on mobile devices (smartphones and tablets).
- This may indicate the type of device and its capabilities.
- The presence of a multi-touch screen is one of the distinguishing features when creating a fingerprint.
43. Hybrid/tablet mode - PC and tablet mode. The script checks whether the client's device can operate in both horizontal and vertical modes.
- To do this, the screen orientation (landscape/portrait), the display of web pages and the presence of special modes are analyzed.
- If such hybrid work is possible, it is recorded as part of the fingerprint.
- The presence of a hybrid mode is an important detail.
- This functionality is typical for tablets and foldable devices.
- This may indicate the type of device and its capabilities.
- Hybrid/tablet mode is one of the distinguishing features when creating a fingerprint.
44. Canvas fingerprinting - Information via <canvas> The script obtains information about the device by drawing graphics and text on a <canvas> element.
It then analyzes the resulting image and extracts the following data:
- Image dimensions and its pixel density
- Text drawn on canvas (it often contains a hash from the device)
- Colors used in the painting
- Noise inherent in the image
- All this data is unique to a specific device.
- Even if people have the same OS and browsers, the result of drawing on <canvas> will be different.
- All information obtained using <canvas> is used as part of the device fingerprint.
45. WebGL fingerprinting - Information via WebGL APIThe script obtains information about the device using WebGL - API for 3D graphics in the browser.
It analyzes the characteristics of the received 3D objects, including:
- Models drawn with WebGL
- Textures
- Programs executed by shaders
- All this allows us to extract unique information:
- Hash from devices
- Name and version of 3D accelerator
- Параметры рендеринга и т.д.
- Even if people have the same browsers and OS, the result of rendering 3D objects using WebGL will differ.
- All information received is used as part of the device fingerprint.
46. JavaScript enabled - JavaScript is allowedThe script checks whether JavaScript is allowed on the page.
- To do this, a simple JavaScript code is executed.
- If the code runs without errors, then JavaScript is allowed. This is recorded as part of the fingerprint.
- Permission to use JavaScript is an important detail.
- Disabling JavaScript is a rare practice and is typical only for the less technically savvy category of users.
- Different browsers have different default settings for JavaScript.
- All information received, including permission to use JavaScript, is used to create a unique fingerprint of the device and its owner.
47. AdBlock installed - AdBlock installedThe script checks whether an ad blocker such as AdBlock, uBlock Origin and others is installed on the device.
Various tests are used for this:
- Checking the display of certain elements that should be blocked
- Measuring page load time with and without ads
- And special APIs for detecting ad blockers (in some browsers)
- If the presence of a blocker is detected, it is recorded as part of the fingerprint.
- Having an ad blocker is an important detail.
- It may indicate a heightened concern for privacy and security on the part of the user.
- All collected information, including the presence of an ad blocker, is used to create a unique fingerprint of the device and its owner.
48. Information about audio and video codecs - Information about audio and video codecs. The script gets information about codecs supported by the client device. It uses the API for this:
- navigator.mediaDevices.getSupportedConstraints()
- MediaRecorder.isTypeSupported()
- HTMLMediaElement.canPlayType()
- This allows you to find out:
- List of supported audio and video formats
- Specific codecs available on the device
- Their parameters (sampling frequency, resolution, etc.)
- Supported codecs are often unique to each device.
- All received information, including information about codecs, is used to create a unique fingerprint of the device and its owner.
49. Battery status and level - Battery charge and level. Using the Navigator.battery API, the script gets the following information about the device's battery:
- Current charge percentage
- Charge status (charging, discharging or fully charged)
- Availability of connection to a power source
- This information is unique to each mobile device.
- Users may have different habits of using the device: some charge the battery often, others rarely.
- Even if people have the same devices, their battery levels will usually differ.
- All information received, including status and charge level, is used to create a unique fingerprint of the device.
50. Connection type and speed - Connection type and speed. Using the navigator.connection API, the script gets the following connection information:
- Connection type: mobile Internet, WiFi, Ethernet, corporate network, etc.
- The connection speed is measured by downloading test content. This allows you to determine whether the connection is slow, medium or high speed.
- The presence or absence of mobile data is determined.
- The stability of the connection is analyzed by checking for fluctuations in download speed.
- This information is unique to each device and connection.
- All information received, including connection type, speed and stability, is used to create a unique fingerprint.
51. System fonts - The script gets a list of all system fonts available on the client's device. It uses the @font-face API for this.
This includes:
- Names of all system fonts
- Their style (normal, italic, etc.)
- Font families
- The list of system fonts is often unique to a particular device.
- Even if people have the same OS and settings, their list of system fonts may differ.
- All received information, including the list of system fonts, is used to create a unique fingerprint.
52. Writing direction - Writing direction (SPAN or ARAB) The script determines whether the text is directed from left to right or from right to left. To do this, it analyzes HTML or CSS attributes.
This is necessary to distinguish:
- Devices using the Latin alphabet (from left to right)
- Devices with Arabic or Hebrew alphabet (right to left)
- The direction of the letter is an important detail.
- This indicates the language settings of the device and its owner.
- Even if people have the same OS and settings, the writing direction on their devices may differ.
- All information received, including the direction of writing, is used to create a unique fingerprint.
53. Do not track setting - The "Do not track" setting. The script checks whether the "Do not track" setting is enabled on the device, which is designed to block user tracking.
- This is done using the DNT HTTP request header property. If it is set to 1, then the Do Not Track setting is enabled.
- When such a setting is detected, it is recorded as part of the device's unique fingerprint.
- Enabling the Do Not Track setting indicates a heightened concern for privacy and security on the part of the user.
- Different browsers have different default settings for this option. This may indicate a particular person's browsing habits.
- All information collected, including the Do Not Track setting, is used to create a unique fingerprint.
54. Information about bandwidth estimation - Information about bandwidth estimation. The script estimates the bandwidth of the client device's communication channel. It uses several methods for this:
- Measures the loading speed of various types of content (HTML, CSS, JS, images)
- Determines the response time for requests to the server
- Analyzes download speed fluctuations
- Measures the size of the network buffer
- Uses dedicated servers for more accurate measurements under real-world load conditions
- The data received is unique for each device and connection.
- All information received, including the bandwidth assessment, is used to create a unique fingerprint.
55. Network interface information - Information about the network interface. Using the navigator.connection API, the script obtains the following information about the device's network interface:
- IP address
- MAC address
- Network name
- Connection type (WiFi, mobile internet, Ethernet)
- WiFi network ID (when connected to WiFi)
- This information is unique to each device and connection.
- Even if people have the same devices, their IP and MAC addresses, as well as WiFi network IDs, will usually be different.
- All information received, including IP address, MAC address and connection type, is used to create a unique fingerprint.
56. List of installed applications - List of installed applications. The script gets a list of all applications installed on the client's device.
- For mobile devices, access to local APIs is used, which returns a list of all applications.
- For PC the following are analyzed:
- Open program windows
- Running processes
- Windows registers
- The result is:
- Application names and versions
- Type of programs (games, social networks, etc.)
- Application makers
- The list of installed programs is often unique to a particular device.
- All information received, including the list of applications, is used to create a unique fingerprint.
57. Hybrid app detection - Determines whether the device is running in hybrid app mode. Hybrid apps allow you to run both in a web browser and as a native app on the device.
The script can determine whether the client's device is running in hybrid app mode. The following features are used for this:
- The presence of special headers and metadata indicating a hybrid application.
- Determine if a page was launched as a PWA (Progressive Web App).
- Page behavior analysis - search for signs of native application activity.
- Access to local APIs is restricted to hybrid apps.
58. Device memory - The amount of RAM installed on the device. The script can determine the amount of RAM installed on the client's device. There are various methods for this:
- Directly request RAM amount via local APIs (mobile devices only).
- Determine the amount of RAM indirectly by measuring the execution time of operations that depend on the amount of RAM.
- Use information about the device model and hardware characteristics.
- Once the amount of RAM is determined, this parameter is registered as part of the unique fingerprint.
- The amount of RAM often varies significantly between devices, making it an important distinguishing feature for identification.
- The presence of a large or small amount of RAM may indicate the characteristics of a particular device and its owner.
59. Permissions access - The script can determine what permissions have been granted to this application on the client's device. This concerns permissions:
- To access the camera
- To access the microphone
- To access location
- And other important permissions
- This is done using local APIs that provide information about privacy settings.
- Once the list of granted permissions has been determined, this information is recorded as part of a unique fingerprint.
- The permissions granted often vary from user to user, making them an important differentiator.
- The presence or absence of certain permissions can indicate the characteristics and habits of a particular user.
60. Hardware concurrency - Number of processor cores. The script can determine the number of processor cores on the client device. This allows you to draw conclusions about its performance. Various methods are used for this:
- Request data directly via local APIs (mobile devices only).
- Measure the execution time of CPU-intensive tasks and then calculate the number of cores.
- Use information about the device model and its characteristics.
- Once the number of computing cores is determined, this information is recorded as part of the fingerprint.
- The number of CPU cores often varies from device to device, making it an important differentiator.
- The presence of a greater or lesser number of processor cores may indicate the characteristics of a particular device and its owner.
61. Device sensor information
• Accelerometer - measures the acceleration of the device. Can be used to detect motion or orientation of the device.
• Gyroscope - measures the angular velocity of the device. Can be used to determine the orientation of the device.
• Magnetometer - measures the magnetic field around the device. Can be used like a compass to determine the azimuth of the device.
• Barometer - measures the atmospheric pressure. Can be used to determine the altitude of the device above sea level.
• Light sensor - measures the ambient light. Can be used to automatically adjust the brightness of the screen.
• Proximity sensor - detects the presence of objects by emitting ultrasound and then receiving echo signals. Used to automatically turn off the screen during a call.
