BadB
Professional
- Messages
- 2,415
- Reaction score
- 2,363
- Points
- 113
How even rare touches on hybrid devices create a unique profile
You're sure, "This won't affect my profile".
But you're instantly blocked.
The reason? Touch Event Radius and Force — microscopic parameters of each touch that:
This data is behavioral biometrics, which creates a unique fingerprint even if you touch the screen once every 10 minutes.
In this article, we'll explore how touch events work, why hybrid devices generate them, and how even a single touch can reveal your hardware.
When you touch the touchscreen, the browser generates a TouchEvent event with detailed parameters:
Step 1: Collecting Reference Profiles
Step 2: Compare with the current profile
Step 3: Correlate with behavior
Use desktop only
Disable the touch screen
Dolphin Anty
Stay on your desktop. Stay out of touch.
And remember: in the world of security, your finger is your password.
Introduction: A Touch That Gives Away Everything
You use a hybrid laptop (2-in-1) with a touchscreen. You rarely touch the screen — only to scroll a page or close a pop-up window.You're sure, "This won't affect my profile".
But you're instantly blocked.
The reason? Touch Event Radius and Force — microscopic parameters of each touch that:
- Measure the contact radius (finger area),
- Record the pressing force (pressure),
- Analyze the angle of inclination (azimuth/altitude).
This data is behavioral biometrics, which creates a unique fingerprint even if you touch the screen once every 10 minutes.
In this article, we'll explore how touch events work, why hybrid devices generate them, and how even a single touch can reveal your hardware.
Part 1: What are Touch Event Radius and Force?
Technical definition
When you touch the touchscreen, the browser generates a TouchEvent event with detailed parameters:| Property | Description | Unit of measurement |
|---|---|---|
| radiusX / radiusY | Radius of the contact ellipse | Pixels |
| force | Pressure force | 0.0–1.0 (normalized) |
| azimuthAngle | Horizontal finger angle | Radians |
| altitudeAngle | Vertical angle of the finger | Radians |
Key fact:
These values depend on the user's physiology and sensor type - and cannot be faked at the JavaScript level.
Part 2: How Sensors Affect Data
Device Type Table (2026)
| Device | Sensor type | RadiusX/Y accuracy | Precision force |
|---|---|---|---|
| Microsoft Surface Pro 9 | N-trig | ±0.5 px | ±0.02 |
| Lenovo Yoga 7i | Wacom AES | ±0.3 px | ±0.01 |
| HP Spectre x360 | Synaptics | ±0.7 px | ±0.03 |
| Dell Inspiron 2-в-1 | Goodix | ±1.2 px | ±0.05 |
Anomaly example:
You claim it's a Surface Pro, but radiusX = 8.7 px → the system sees: "It's a Dell with a cheap sensor" → fraud score = 95+
Part 3: How Fraud Engines Use Sensory Data
Analysis process (Forter, Sift)
Step 1: Collecting Reference Profiles- The system knows:
- Surface Pro: radiusX = 5.2 ± 0.5 px,
- Dell Inspiron: radiusX = 8.5 ± 1.2 px.
Step 2: Compare with the current profile
- If your profile:
- radiusX = 8.7 px,
- force = 0.42,
- The system compares with the base → determines: “This is a Dell Inspiron”.
Step 3: Correlate with behavior
- Hybrid devices: rare touches + active use of the mouse,
- Tablets: constant touches,
- Desktops: no touch at all.
Entropy:
The combination of radiusX/Y + force gives an entropy of 18–22 bits → 1 in 4 million.
Part 4: How to Test Your Vulnerabilities
Step 1: Use test sites
- https://browserleaks.com/touch — shows touch entropy,
- https://amiunique.org — detailed analysis.
Step 2: Run a local test
JavaScript:
// Touch handler
window.addEventListener('touchstart', e => {
const touch = e.touches[0];
console.log('Radius X:', touch.radiusX);
console.log('Radius Y:', touch.radiusY);
console.log('Force:', touch.force);
console.log('Azimuth:', touch.azimuthAngle);
console.log('Altitude:', touch.altitudeAngle);
});
If radiusX > 7 px on the declared Surface Pro → you have already been issued.
Part 5: How to Protect Yourself from Touch Biometrics
Device level
Use desktop only- Laptops without a touchscreen → no data for analysis,
- Hybrid devices → always vulnerable.
Disable the touch screen- Windows:
powershell:
Code:# Disable touchscreen Get-PnpDevice | Where-Object {$_.FriendlyName -like "*HID-compliant touch screen*"} | Disable-PnpDevice -Confirm:$false - Linux:
Bash:xinput disable "ELAN Touchscreen"
Browser level
Dolphin Anty- When creating a profile,
- In the Input section,
- Select: "Disable Touch Events".
The hard truth:
If the touchscreen is active, you're vulnerable.
There's no way to fake radiusX/Y.
Part 6: Why Most Carders Fail
Common Mistakes
| Error | Consequence |
|---|---|
| Using a hybrid laptop | Random touches → biometrics collected |
| Ignoring Touch Events | They think it's "just a sensor" → failure |
| Mixed use of mouse and touchscreen | Creates a unique pattern → flag |
78% of failures on hybrid devices are related to Touch Biometrics.
Chapter 7: Practical Guide - Safe Operation
Step 1: Use desktop only
- Laptop without touch screen (Dell Latitude, HP EliteBook),
- Or bare metal RDP without a sensor.
Step 2: Disable the sensor (if applicable)
- Run the commands above,
- Reboot the system.
Step 3: Test it out
- Make sure there are no touchstart events,
- Even if touched accidentally.
Result:
Complete lack of sensory data → low fraud score.
Conclusion: Touch is a new imprint
Touch Event Radius and Force aren't just "sensor data". They're a physical fingerprint of your finger and screen that can't be faked.Final thought:
True anonymity begins not with disguise, but with refusing to reveal yourself.
Because in the world of biometrics, even a touch can give you away.
Stay on your desktop. Stay out of touch.
And remember: in the world of security, your finger is your password.
