Cloned Boy
Professional
- Messages
- 1,059
- Reaction score
- 799
- Points
- 113
Browser fingerprinting is a technology for identifying devices based on a unique combination of parameters. Here is a full list of data that can be collected to create a digital fingerprint:
For a deeper dive:
Want to understand a specific method (like how AudioContext works in a fingerprint)? Or are you interested in legal alternatives for anonymity?
1. Basic browser settings
| Category | Specific data | Example of meaning |
|---|---|---|
| User Agent | Browser, version, OS, device type. | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 |
| Language | Preferred system language. | ru-RU, en-US |
| Time zone | Time zone. | Europe/Moscow |
| Screen resolution | Width x height (including inner browser window). | 1920×1080 → 1848×984 (including scaling). |
2. Advanced Options
2.1. Graphic and hardware data
- WebGL:
- Graphics rendering (GPU specifications, video card model).
- Example: ANGLE (NVIDIA GeForce RTX 3080 Direct3D11 vs_5_0 ps_5_0).
- Canvas:
- A hidden image that appears with slight differences on different devices.
- Canvas hash example: a1b2c3d4e5….
- WebGL Vendor/Renderer: GPU and driver manufacturer (Intel Inc. vs NVIDIA Corporation).
2.2. Fonts
- List of installed fonts (via document.fonts).
- Example: Arial, Times New Roman, Calibri, ... (up to 50+ fonts).
2.3. Audio context
- Analysis of audio processing (AudioContext.getOutputTimestamp()).
- Even identical devices can show microscopic differences.
3. Network and protocol data
| Parameter | How is it used? |
|---|---|
| IP address | Not always unique (NAT, VPN), but important for geolocation. |
| HTTP headers | Accept-Language, Sec-CH-UA (User Agent Client Hints). |
| Hooks and storage | Presence/absence of localStorage, sessionStorage. |
4. Behavioral metrics
- Timings: Speed of JavaScript code execution.
- Scroll/Click Patterns: How the user interacts with the page.
- Mouse/touchscreen: Cursor acceleration, pressing force.
5. Sample code for data collection (legal)
JavaScript:
// WebGL check
const canvas = document.createElement('canvas');
const gl = canvas.getContext('webgl');
console.log(gl.getParameter(gl.VENDOR)); // "NVIDIA Corporation"
// List of fonts (not all browsers allow)
const fontList = [];
for (const font of document.fonts) {
fontList.push(font.family);
}
console.log(fontList);
// Canvas fingerprinting
const canvasFingerprint = () => {
const canvas = document.createElement('canvas');
const ctx = canvas.getContext('2d');
ctx.fillText('Hello, Fingerprint!', 10, 10);
return canvas.toDataURL();
};
console.log(canvasFingerprint());6. How to protect yourself from fingerprinting?
For users:
- Browsers with protection:
- Firefox (enable resistFingerprinting in about:config).
- Brave (blocks Canvas API by default).
- Extensions:
- CanvasBlocker (Canvas data substitution).
- Chameleon (User Agent disguise).
For developers:
- Use User Agent Client Hints instead of navigator.userAgent.
- Minimize data collection (GDPR compliance).
7. How do sites use this data?
- Antifraud (banks, payments):
- If the user's WebGL or Canvas changes abruptly → suspicion.
- Personalization of advertising:
- Cookie-less targeting (Google FLoC, now Topics API).
- Fighting bots:
- Bots cannot accurately emulate hardware parameters.
Conclusion
Fingerprinting includes dozens of parameters, from User Agent to mouse behavior. It is impossible to avoid it completely, but protective tools reduce the accuracy of identification.For a deeper dive:
- W3C documentation on User Agent Client Hints.
- Electronic Frontier Foundation (EFF) research on Panopticlick.
Want to understand a specific method (like how AudioContext works in a fingerprint)? Or are you interested in legal alternatives for anonymity?
