A List of 20+ Fingerprinting Demos and Tests
~4 min read | Published on 2022-09-29, tagged General-News using 839 words.
Are you leaking potentially identifying information? Use these tools to find out. Many demonstrations are basically forms of entertainment (gimmicks - think of those sites that “locate” you based on your “unprotected” I.P. address).
Some of these are demonstrations of novel POCs. There are ecommerce sites that employ some of the novel techniques here, such as FingerprintJS.
A fair warning: some of these demonstrations will likely use your data. Perhaps for research. Perhaps to improve their corporate offerings. Tor Browser with the slider to the max will prevent many of these demos from working.My Favorites
TorZillaPrint - arkenfox.github.io
TorZillaPrint (TZP) aims to provide a comprehensive, all-in-one, fingerprinting test suite, nicely broken into suitable sections with relevant information together. Long term, the goal is to collect Gecko only fingerprint data (no PII) for analysis to see how many classifications each metric or section provides.
No-JS fingerprinting - noscriptfingerprint.com, source: github.com/fingerprintjs
A common misconception is that disabling JavaScript can prevent fingerprinting. Since advertisers and bad actors use it for ad targeting and tracking your online activity, it’s a natural (albeit incorrect) assumption that disabling JavaScript will protect you against fingerprinting. In this article, we will demonstrate that fingerprinting can occur even in the absence of JavaScript.
CSS Fingerprint - csstracking.dev, source: github
CSS Fingerprinting is a technique of tracking and gathering information on site visitors. This method exploits the nature of CSS to collect various characteristics about the visitor’s browser and device, which can later be used to either identify or track said visitor.
CreepJS - abrahamjuliot.github.io
Creepy device and browser fingerprinting
Others
AudioContext Fingerprint - audiofingerprint.openwpm.com
This page tests browser-fingerprinting using the AudioContext and Canvas API. Using the AudioContext API to fingerprint does not collect sound played or recorded by your machine - an AudioContext fingerprint is a property of your machine’s audio stack itself.
Available Fonts - orleika.github.io, source: github
Getting available fonts on browser without flash
Browser Fingerprinting - niespodd.github.io
BrowserLeaks - browserleaks.com
BrowserLeaks is all about browsing privacy and web browser fingerprinting. Here you will find a gallery of web technologies security testing tools that will show you what kind of personal identity data can be leaked, and how to protect yourself from this.
Canvas Test - canvasblocker.kkapsner.de
CSS Exfil Vulnerability Tester - mike-gualtieri.com
This page tests to see if your browser is vulnerable to Cascading Style Sheets (CSS) data leakage.
Device Info - deviceinfo.me
Device Info is a web browser security testing, privacy testing, and troubleshooting tool.
DNS Cookie Demonstration - dnscookie.com
DNS cookies use DNS caches as a side-channel to identify related network flows.
EFF: Cover Your Tracks - coveryourtracks.eff.org
This is an EFF project that allows you to understand how easy it is to identify and track your browser based on how it appears to websites.
Epic Tracker - epictracker.vercel.app
A demo of how can I track you using fingerprinting and some automated lookups and stuff, using modern Javascript APIs
Extension Fingerprints - z0ccc.github.io
Chrome extensions can be detected by fetching their web accessible resources. These are files inside an extension that can be accessed by web pages. The detected extensions can be used to track you through browser fingerprinting.
This website scans over 1000 extensions and shows you the percentage of users that share the same extensions.
Firefox Addon Detector - thehackerblog.com
Tracking 400+ Firefox Addons through chrome:// URI trickery!
Iphey - iphey.com
Mouse Wheel Tracking - jcarlosnorte.com
Nothing Private - nothingprivate.ml
This project is a proof of concept that any website can identify and track you, even if you are using private browsing or incognito mode in your web browser. Many people think that they can hide their identity if they are using private browsing or incognito mode. This project will prove that they are wrong.
PicassAuth - plaperdr.github.io
Canvas fingerprinting
Pixelscan - pixelscan.net
Good, basically a bot check
Privacy Check - privacycheck.sec.lrz.de
This website aims to focus on each fingerprinting technique in detail. It also presents the information and demonstrations in a way that is easy to understand, rather than giving a broad undescribed overview.
“scheme flooding” - schemeflood.com, source: github, article
The vulnerability uses information about installed apps on your computer to assign you a permanent unique identifier even if you switch browsers, use incognito mode, or use a VPN.
SuperCookie - demo.supercookie.me
Supercookie uses favicons to assign a unique identifier to website visitors.
Unlike traditional tracking methods, this ID can be stored almost persistently and cannot be easily cleared by the user.
The tracking method works even in the browser’s incognito mode and is not cleared by flushing the cache, closing the browser or restarting the operating system, using a VPN or installing AdBlockers.
Webgl Fingerprinting - webbrowsertools.com
This page uses different techniques to recognize whether a browser extension is installed to spoof the webgl fingerprint result or not. Sometimes to protect browser identity, a browser extension adds random noise to the canvas image (which is rendered in the GPU) and this noise alters the fingerprint result (hash code). Although the actual identity might be protected, there are still methods to detect whether the webgl result is manipulated or not. For instance, if manipulation is identified, the server may decide to ignore the webgl identity and uses a different approach to identify the browser session.
Zardaxt.py - tcpip.incolumitas.com, github, article
TCP/IP Fingerprinting for VPN and Proxy Detection
Some of these are demonstrations of novel POCs. There are ecommerce sites that employ some of the novel techniques here, such as FingerprintJS.
A fair warning: some of these demonstrations will likely use your data. Perhaps for research. Perhaps to improve their corporate offerings. Tor Browser with the slider to the max will prevent many of these demos from working.My Favorites
TorZillaPrint - arkenfox.github.io
TorZillaPrint (TZP) aims to provide a comprehensive, all-in-one, fingerprinting test suite, nicely broken into suitable sections with relevant information together. Long term, the goal is to collect Gecko only fingerprint data (no PII) for analysis to see how many classifications each metric or section provides.
No-JS fingerprinting - noscriptfingerprint.com, source: github.com/fingerprintjs
A common misconception is that disabling JavaScript can prevent fingerprinting. Since advertisers and bad actors use it for ad targeting and tracking your online activity, it’s a natural (albeit incorrect) assumption that disabling JavaScript will protect you against fingerprinting. In this article, we will demonstrate that fingerprinting can occur even in the absence of JavaScript.
CSS Fingerprint - csstracking.dev, source: github
CSS Fingerprinting is a technique of tracking and gathering information on site visitors. This method exploits the nature of CSS to collect various characteristics about the visitor’s browser and device, which can later be used to either identify or track said visitor.
CSS fingerprinting demo
CreepJS - abrahamjuliot.github.io
Creepy device and browser fingerprinting
Linux and TBB smh
Others
AudioContext Fingerprint - audiofingerprint.openwpm.com
This page tests browser-fingerprinting using the AudioContext and Canvas API. Using the AudioContext API to fingerprint does not collect sound played or recorded by your machine - an AudioContext fingerprint is a property of your machine’s audio stack itself.
Available Fonts - orleika.github.io, source: github
Getting available fonts on browser without flash
Browser Fingerprinting - niespodd.github.io
BrowserLeaks - browserleaks.com
BrowserLeaks is all about browsing privacy and web browser fingerprinting. Here you will find a gallery of web technologies security testing tools that will show you what kind of personal identity data can be leaked, and how to protect yourself from this.
Canvas Test - canvasblocker.kkapsner.de
CSS Exfil Vulnerability Tester - mike-gualtieri.com
This page tests to see if your browser is vulnerable to Cascading Style Sheets (CSS) data leakage.
Device Info - deviceinfo.me
Device Info is a web browser security testing, privacy testing, and troubleshooting tool.
DNS Cookie Demonstration - dnscookie.com
DNS cookies use DNS caches as a side-channel to identify related network flows.
EFF: Cover Your Tracks - coveryourtracks.eff.org
This is an EFF project that allows you to understand how easy it is to identify and track your browser based on how it appears to websites.
Epic Tracker - epictracker.vercel.app
A demo of how can I track you using fingerprinting and some automated lookups and stuff, using modern Javascript APIs
Extension Fingerprints - z0ccc.github.io
Chrome extensions can be detected by fetching their web accessible resources. These are files inside an extension that can be accessed by web pages. The detected extensions can be used to track you through browser fingerprinting.
This website scans over 1000 extensions and shows you the percentage of users that share the same extensions.
Firefox Addon Detector - thehackerblog.com
Tracking 400+ Firefox Addons through chrome:// URI trickery!
Iphey - iphey.com
Mouse Wheel Tracking - jcarlosnorte.com
Nothing Private - nothingprivate.ml
This project is a proof of concept that any website can identify and track you, even if you are using private browsing or incognito mode in your web browser. Many people think that they can hide their identity if they are using private browsing or incognito mode. This project will prove that they are wrong.
PicassAuth - plaperdr.github.io
Canvas fingerprinting
Pixelscan - pixelscan.net
Good, basically a bot check
Privacy Check - privacycheck.sec.lrz.de
This website aims to focus on each fingerprinting technique in detail. It also presents the information and demonstrations in a way that is easy to understand, rather than giving a broad undescribed overview.
“scheme flooding” - schemeflood.com, source: github, article
The vulnerability uses information about installed apps on your computer to assign you a permanent unique identifier even if you switch browsers, use incognito mode, or use a VPN.
SuperCookie - demo.supercookie.me
Supercookie uses favicons to assign a unique identifier to website visitors.
Unlike traditional tracking methods, this ID can be stored almost persistently and cannot be easily cleared by the user.
The tracking method works even in the browser’s incognito mode and is not cleared by flushing the cache, closing the browser or restarting the operating system, using a VPN or installing AdBlockers.
Webgl Fingerprinting - webbrowsertools.com
This page uses different techniques to recognize whether a browser extension is installed to spoof the webgl fingerprint result or not. Sometimes to protect browser identity, a browser extension adds random noise to the canvas image (which is rendered in the GPU) and this noise alters the fingerprint result (hash code). Although the actual identity might be protected, there are still methods to detect whether the webgl result is manipulated or not. For instance, if manipulation is identified, the server may decide to ignore the webgl identity and uses a different approach to identify the browser session.
Zardaxt.py - tcpip.incolumitas.com, github, article
TCP/IP Fingerprinting for VPN and Proxy Detection
Comments (18)
Jose Cuervo2022-05-10c0560ac0
Ya, they can snap a screen shot and run it through the system, that is why it is key to use a low resolution camera… have you ever seen a homeless person with a professional sign? - Some one told me DeSnake’s real name is Jose Cuervo…
uwu2022-10-05537e43e0
All of these advanced detection methods and they still cant come up with a way to tell if someone is a nigger.
Johnny Deep2022-05-114dc18110
Because only you, and your cackling gaggle of omniscient game hen brethren are privy to such quantum obfuscation application. Something tells me you are being honest about using no hands, however.
Whonixfanboy2022-10-0259a04b80
when you use Tor Browser you are protected not only because it hides your real IP address but also because all Tor Browser users have similar fingerprint (when javascript is turned on) and pretty much identical (when javascript is turned off) Qubes OS with Whonix is very safe, I use Whonix on normal GNU/Linux and really recommend using it
brah2022-05-11c821d810
Fingerprinting should not be grounds for conviction. I know a person with NO fingerprints...
Daisy2022-06-109c78d390
If some one wants to be updated with latest technologies therefore he must be visit this web page and be up to date every day. aid ukraine
fail2022-05-101f1d8110
Sweaty Palm strain indica or sativa dominate?