What is browser fingerprinting or what do websites know about us and how to manage it?

[Carding Forum]

After a couple of visits to a large portal, marketplace, social network or reputable Internet service, it seems that the site knows everything about us. And even if you use the site without registration, or go to it from another browser, it still seems to recognize us. How does this happen?

Advanced sites really do learn a lot about us after just a couple of visits. To understand how this happens, it’s important to first understand what a browser fingerprint is. Below, we’ll look at the components of a fingerprint, the reasons why it’s tracked, and how to influence it to get everything you need from sites, even if we’ve inadvertently broken their rules.

What is a fingerprint and what does it consist of?​

A browser fingerprint is a unique set of information that websites collect about your browser and device when you visit them. It consists of many elements that together form a unique user profile.

Basic components of a fingerprint​

As part of tracking browser fingerprints, trackers read more than 50 user parameters. This number allows you to distinguish each user, even if their basic parameters are no different from others.

• User agent (Useragent or UA) - A string that identifies the browser and is passed to websites, which may include information about the browser, operating system, and device.
• Browser and device settings. This includes screen resolution and dimensions, browser language and language sets for translation, font and plugin settings. This also includes date and time settings.
• Browser graphics technologies. Primarily Canvas and WebGL. These are technologies for creating graphics and 3D images. But tracking systems use them to generate a unique fingerprint based on how the browser processes images.
• Websites also track WebRTC. This is a plugin for streaming audio and video. Through it, you can find out the real IP address of the user, even if he uses a VPN or proxy.
• JavaScript and HTML5. DOM (Document Object Model) properties are tracked — how the web page is interpreted by the browser. Site trackers also monitor LocalStorage and SessionStorage data storage mechanisms. The DNT (Do not track) parameter is also tracked, which means whether the user has tracking protection enabled.
• HTTP Headers: Provide the information needed to process requests and responses between a client, such as a web browser, and a server. For example, Accept-Language headers indicate which language you prefer.
• CSS: How the browser interprets and processes CSS queries adds detail to the fingerprint.
• IP address: While not technically part of a browser fingerprint, the IP address can be used in combination with other data to enhance tracking.

Behavioral factors such as typing speed, mouse movement patterns, search queries, and browsing history are also tracked.

The resulting browser fingerprint is a unique string of numbers and letters. It is a hash or other form of information collected from the user's configuration details and online behavior.

Example fingerprint: 3f1a1835d7b44e8fa834b3679b5d0c2bf0937e5c

This set of numbers includes information about the user agent, screen resolution, menu language, time zone, etc.

Why do websites collect browser fingerprints? ​

Websites collect browser fingerprints for a variety of reasons, from security and content optimization to monitoring and marketing purposes.

First of all, information is collected as part of anti-fraud. By recognizing a user by their browser fingerprint, it is easy to block them from creating new accounts. Such measures are taken against violators whose accounts have been blocked without the possibility of recovery.

The same measure is used to prohibit multiple and repeated account registrations. For example, some services give users a trial period. When it ends, the user simply registers a new account to continue using the service “for free”. The digital fingerprint gives away this user and he cannot open a new account for the trial.

Some sites, such as Facebook, use browser fingerprints to build trust in the user - the so-called trust. The higher it is, the more opportunities the site opens, the more loyal the verification of the user's actions.

Accordingly, everyone who works with multiple accounts and also achieves maximum opportunities from large services needs browser fingerprint substitution. These are arbitrageurs, marketers, targetologists, SMM specialists, cryptocurrency traders, forklifts, dropshippers and other specialists.

How to change your fingerprint?​

Some browser fingerprints can be simply blocked from being tracked, preventing websites from seeing your digital profile. But hiding your fingerprints raises suspicions in tracking systems. And if you create an account while hiding your fingerprint, your account may have limited functionality, such as on Facebook, Google Ads, Twitter Ads, and other advertising platforms.

Therefore, extensions and browsers that block the collection of digital fingerprints are not the best solution. In order to not only ensure anonymity, but also avoid bans, create and manage multiple accounts on any site, the fingerprint should be replaced. Moreover, after the replacement, it should look natural to blend in with regular users of the site.

Natural and unnatural browser fingerprint​

Many websites are equipped not only with digital fingerprint tracking trackers, but also with smart anti-fraud systems. In addition to collecting browser fingerprints, they analyze activity, compare with other users, and look for inconsistencies in parameters. If such is found and the fingerprint looks inappropriate, this will raise suspicion and will definitely lead to blocking the account or access to the site as a whole. The simplest example of such a discrepancy is the discrepancy between the proxy location and the system time. In more complex versions of the anti-fraud system, they see that useragent does not match the browser core and its version, the IP address does not match that of WebRTC, etc.

Therefore, in order not to arouse suspicion, the browser fingerprint should be as natural and human-like as possible. The latter means that many variables in the browser fingerprint are the same as those of most users. And only those parameters that are unique to other users differ.

Methods of replacing the digital fingerprint of the browser​

Now that we know what a fingerprint is, there is a desire to replace it. It is not difficult at all. You can change the language menu, fonts, change the time under a proxy or VPN. You can also disable Javascript, block Canvas. It is free and does not require third-party software, but it will only work against very primitive anti-fraud systems. Disabling graphic technologies will not allow you to play audio and video. Therefore, the manual method of changing the fingerprint is not suitable in most cases.

What is antidetect?​

The best option for replacing a fingerprint is anti-detect browsers. This is software that allows you to create multiple browser profiles, the data in which (cache, cookies, history, etc.) is completely isolated from each other. Each profile generates a unique browser fingerprint, so it is perceived as a separate user. Anti-fraud systems cannot understand that these profiles are used by one person from one device.

Browser profiles in Dolphin Anty antidetect

Anti-detects form a unique digital fingerprint, which is a new Internet identity. Anti-fraud systems see it. In the browser profile, it is enough to set up the fingerprint parameters once, which will be constantly shown to sites. And if this profile is banned, it is easy to immediately open another one and continue using it. Use as many profiles as you like in parallel, and in each anti-fraud will recognize a new unique user.

The quality of anti-detect is determined by three points:

• Level of concealment of real browser fingerprint;
• Correspondence of the components of the fingerprint to each other;
• Human-like browser profiles.

A good anti-detection tool not only performs its tasks efficiently, but is also easy to use. It is easy to sort profiles, add proxies, insert start pages, bookmarks, and extensions into profiles. The best anti-detection tools are adapted to the needs of specialists and have built-in bookmarks for the necessary Facebook pages, an option for teamwork, automated action scenarios, and other convenient options.

How to correctly replace fingerprint parameters in antidetect? ​

Even when using the best anti-detect, it is important to be able to correctly configure the parameters of substitutions so that anti-fraud systems do not find discrepancies. Let's consider the correct fingerprint configuration using Dolphin Anty as an example.

When creating a profile, we are offered to select many parameters. The information that the antique transmits to the site's trackers depends on this selection.

First, we set up the basic parameters: name, statuses, OS (it is better to leave it as is), site type and proxy. Here, everything is done at your discretion.

• Useragent. In the latest versions of browsers, user agents of different users are becoming more and more similar. They differ little from each other, so the most popular one is used by default. If you are not going to radically change other fingerprint parameters, it is better to leave the default UA. Otherwise, there is a high risk of weaving inconsistencies into the fingerprint.
• WebRTC. By default, the “Substitute” option is set in the settings. If you leave it, the anti-virus will transmit the IP values that your proxy is configured for through this plugin. Real — transmits your real IP, off — blocks tracking of your IP via WebRTC, and manually — transmits the address that you specify. It is best to leave “Substitute” so that there are no inconsistencies in the IP address. If you do not use a proxy, you can set “Real”.
• Canvas. This parameter is generated based on your OS and video card. Many users using your operating system have the same parameter. And in the antiquing it is pulled from the devices of real users. Therefore, it is better to leave the value “Real”. If you select the value “noise”, the antiquing will independently generate a Canvas hash, close to the average, but not 100% plausible. It makes sense to enable this if you have installed an OS in your profile that differs from your real one. If this parameter is unique and does not match the majority of users, antifraud systems may suspect something is wrong. “Off” blocks tracking and many large sites perceive this as fingerprint masking.
• WebGL. This parameter is also the same for most users, so if it deviates, tracking systems find it suspicious. And it is better to leave it real. If you enable noise, a unique, but as close to the average value of the JavaScript library hash will be generated. When disabled, WebGL tracking is blocked and anti-fraud systems perceive this as an attempt to hide the fingerprint.
• WebGL info. If you set the value to “Real”, the system will show the real manufacturer and model of your video card. By setting the parameter manually, you can set them yourself. It is best to set it manually and leave the parameters that the antique shows. But you can also click on the circular arrows in the fields and the antique will select new models and manufacturers that are in harmony with each other, with Canvas and WebGL.
• WebGPU. In many cases, this parameter can be turned off and site trackers will not find anything suspicious. But sometimes it is better to set a real value, for example, if you have a 114 processor core. If you turn it on, it will pull up values for WebGL. Accordingly, if it is replaced and set manually, then WebGPU will adjust to it.
• Client Rects. This is the adjustment of the position and size of the pixel of the DOM (Document Object Model) element. The parameter is quite unique for each user. If you leave the value “real”, it will use the values from the fingerprints of real Internet users. If you select “noise”, it will artificially generate the most realistic values.
• Time zone. “Auto” adjusts the time zone to the proxy settings, and by selecting “Manual”, you choose it yourself.
• Geolocation. When you select “Auto”, the latitude and longitude are adjusted to the proxy. And when you select manually, you set these values yourself.
• Processor and memory. If the value is “Real”, they are taken from your device, and if “Manual”, you choose these parameters yourself. If you have real WebGL info parameters set, then it is better to choose real ones here too. Otherwise, you need to select the processor and memory so that they correspond to the video card model.
• MAC address. This is a unique identifier of the device. By default it is disabled, but if desired, you can select it manually - click on this button and a field appears in which the anti-k randomly sets this parameter. You can update it using the circular arrow.
• Device name. The name of your computer, laptop, iPad, which is visible on the network. By default it is disabled, but if desired, you can show the tracking system. You can choose this and the previous item as desired.
• Screen and media. Here you select the screen resolution, number of microphones, speakers and webcams. If you select “Real”, then Antique will show sites the screen and media from your device. When selecting them manually, make sure that they are not inconsistent with the OS, video card, processor and memory.
• Ports. If you enable “Real”, websites will see which ports you exchange data through. Some ports are best blocked so that websites cannot obtain additional information from your device. Therefore, by default, the “block” checkbox is checked with the corresponding list. You can edit it if necessary.
• Do not track. This option blocks the collection of your digital fingerprint. It is better to leave it off, so as not to arouse suspicions from sites. If you need to anonymously access a site and there is no need to trust anti-fraud systems, you can turn on the bar.

Launch arguments. These are command line switches. Each has its own function. The list of arguments with a description of their actions is available at the link.

How to check the quality of the substitution? ​

Having set up the antidetect, you need to check it for the quality of the substitutions. It is enough to determine whether the browser fingerprint looks natural. This is easy to do with the help of popular checkers.

Let's use three checkers to get a fairly complete picture: browserleaks.com, amiunique.org and pixelscan.net

• Browserleaks
• Amiunique
• Pixelscan

The first two indicate that our fingerprint is unique, although it matches many users in certain criteria. And the third shows that the browser fingerprint is trustworthy. Thus, this browser fingerprint will be useful for creating an account and using an advertising network, trading cryptocurrency, making bets without raising suspicions from antifraud systems.

By the way, this fingerprint was created using Dolphin Anty. You can set up and check the browser profile yourself absolutely free. Dolphin Anty allows you to create and use up to 10 profiles at the same time on the free plan. It is just enough to evaluate the key features of the anti-detect.

Source