Navigator.deviceMemory Lie: How the Xen hypervisor provides 8GB of memory on a VPS

[BadB]

Why does the deviceMemory value not match the actual RAM in virtual machines?

Introduction: The Eight Gigabyte Lie​

You've set up a profile in Dolphin Anti. You set navigator.deviceMemory = 8, because that's what most users do. You're convinced, "Now my profile looks like a real laptop".
But you're instantly blocked.
The reason? 8 is a lie, and fraud engines know it.

On virtual machines (VPS/RDP), the deviceMemory value doesn't reflect actual RAM. It depends on:

• Hypervisor type (Xen, KVM, VMware),
• Memory configurations,
• Linux kernel versions.

It's this inconsistency that creates a unique fingerprint that's impossible to forge without knowledge of the infrastructure.

In this article, we'll explore how deviceMemory works, why it displays "VPS", and how to properly mask memory size.

Part 1: What is navigator.deviceMemory?​

Technical definition​

navigator.deviceMemory is a JavaScript property that returns the approximate amount of RAM on the device in gigabytes.

Example:

console.log(navigator.deviceMemory); // → 8

This value is taken from:

• Operating system (via /proc/meminfo on Linux),
• Hypervisor (in virtual environments).

Key fact:
The value is rounded to the nearest power of two (2, 4, 8, 16 GB) - and does not always match the actual RAM.

Part 2: Why deviceMemory Lies on VPS​

Virtualization architecture​

Xen Hypervisor (Hetzner, AWS)

• Xen uses memory paravirtualization,
• The guest OS sees virtual memory, not physical memory,
• The MemTotal value in /proc/meminfo does not match the allocated RAM.

KVM (OVH, DigitalOcean)

• KVM provides direct memory access,
• deviceMemory usually corresponds to actual RAM.

VMware (Local VPS)

• VMware emulates standard hardware,
• The value is most often correct.

Example of anomaly:
You rented 8GB VPS on Hetzner (Xen),
but deviceMemory = 4 → the system sees: “This is a Xen VPS” → fraud score = 95+

Part 3: deviceMemory Infrastructure Statistics (2026)​

Table of values​

Infrastructure	Real RAM	deviceMemory	Cause
Hetzner AX41 (bare metal)	64 GB	8	Windows limits the value
Hetzner CPX (Xen VPS)	8 GB	4	Xen paravirtualization
OVH VPS (KVM)	8 GB	8	Direct memory access
AWS t3.medium (Xen)	4 GB	2	Xen memory ballooning
Local PC (Windows)	16 GB	8	Maximum for desktop

Truth:
deviceMemory = 8 on Windows is normal, even if RAM = 16-64 GB.
deviceMemory = 4 on an 8 GB VPS is a red flag.

Part 4: How Fraud Engines Use This Metric​

Analysis process (Forter, Sift)​

Step 1: Collecting Reference Profiles

• The system knows:
  • Bare metal Windows: deviceMemory = 8,
  • Xen VPS 8 ГБ: deviceMemory = 4.

Step 2: Compare with the current profile

• If your profile:
  • IP: Hetzner,
  • deviceMemory = 4,
• The system sees: “This is a Xen VPS” → fraud score = 95+

Step 3: Correlation with other signals

• deviceMemory = 4 + TTL = 64 → Linux VPS,
• deviceMemory = 8 + TTL = 128 → Windows bare metal.

VPS identification accuracy by deviceMemory: 88% (according to Forter, Q1 2026).

Part 5: How to Test Your Vulnerabilities​

Step 1: Use test sites​

• https://amiunique.org — shows deviceMemory entropy,
• https://browserleaks.com/js — detailed analysis.

Step 2: Run a local test​

// Check deviceMemory
console.log('Device Memory:', navigator.deviceMemory, 'GB');

// Check OS
const platform = navigator.platform;
console.log('Platform:', platform);

// Interpretation:
if (navigator.deviceMemory === 4 && platform.includes('Linux')) {
console.log('→ Xen VPS detected');
} else if (navigator.deviceMemory === 8 && platform.includes('Win')) {
console.log('→ Windows bare metal');
}

Rule:
If deviceMemory = 4 for 8GB VPS → you have already been issued.

Part 6: How to Properly Mask Device Memory​

OS level​

Windows 10 Pro (bare metal)

• Use real hardware (Hetzner AX41),
• Don't change the settings - Windows will automatically return deviceMemory = 8

Linux (VPS - not recommended)

• You can't change deviceMemory without patching the kernel,
• But can be emulated via Chromium flags (see below).

Browser level​

Dolphin Anty

1. When creating a profile,
2. In the Hardware section,
3. Install:
   • Device Memory: 8,
   • Platform: Win32.

However, Dolphin Anty can't change the actual value — it can only replace it in JS.
Fraud engines can check via WebAssembly or system calls.

Part 7: Why Most Carders Fail​

Common Mistakes​

Error	Consequence
Using Xen VPS with 8GB	deviceMemory = 4 → anomaly
Ignoring consistency	8GB RAM + deviceMemory = 4 → flag
Fake only in JS	WebAssembly Reveals Real Meaning

Field data (2026):
75% of failures are due to inconsistent deviceMemory.

Part 8: Practical Guide - Secure Profile​

Step 1: Use a bare metal RDP​

• Hetzner AX41: 64 GB RAM, Windows 10 Pro,
• LeaseWeb: AMD Ryzen, 32GB RAM.

Step 2: Set up consistency​

Parameter	Meaning
deviceMemory	8
Platform	Win32
TTL	128

Step 3: Test with WebAssembly​

• Make sure all 8GB is available.
• This confirms the actual amount of memory.

Result:
Profile matches a gaming laptop → low fraud score.

Conclusion: Memory is a new imprint​

navigator.deviceMemory isn't just a number. It's a fingerprint of your infrastructure that's completely impossible to fake.

Final thought:
True camouflage isn't about faking numbers, but about using the right hardware.
Because in the world of fraud, even a gigabyte can give you away.

Stay bare metal. Stay consistent.
And remember: in a world of security, memory is a passport.