Fingerprints

Virtual machines

You can use javascript to determine quite accurately whether a browser is running in a virtual machine or on real hardware.

We know of at least two techniques for detecting virtual machines using javascript from the browser. Although we tend to believe that there are many more such techniques.

At this stage, we do not see adequate methods to counteract such detection techniques. For this reason, if you want to achieve maximum masking, I recommend running the software on real hardware, not virtual machines. Although it is worth noting that it all depends on the target site. And in most cases, everything will work fine on virtual machines.

OS fingerprinting

We would like to point out that you can use javascript to determine which OS the browser is running on. Often this is done by analyzing the implementation of low-level functionality of the OS/system libraries used by the browser.

For example, this could be the specifics of floating point calculation.

At this stage, we do not see adequate methods to counteract such detection techniques. For this reason, if you want to achieve maximum masking, we recommend to run the software on the same OS whose profile you use in the antidetection.

What a perfect antidetect should be?

Quality browser fingerprinting often analyzes the low-level, platform-dependent, hardware-dependent functionality of the OS, system libraries, drivers, etc.

For this reason, it is technically impossible to implement an antidetect that would work equally well on all websites.

Here is a simple example of canvas-fingerprint. The essence of the method is simple. It involves drawing text and geometric shapes onto canvas in a way that makes use of a low-level system functionality.

An example of that functionality is rendering fonts when rendering text on canvas. Font rendering is very much dependent on the OS, video card drivers and system libraries.

Two images rendered on different computers (with different hardware) using the same javascript code will be different. Externally they will look almost identical, but if you compare them pixel by pixel, the differences will be obvious.

From this example, it is clear that it is impossible to emulate font rendering on a machine with one vendor’s graphics card the same way as on a machine with another vendor’s graphics card.

The data collected by canvas-fingerprint is sent to the backend, where it undergoes statistical analysis.

This analysis allows you to easily identify fake samples, such as:

  • samples with superimposed “noise” (samples that are too unique)
  • samples that were generated on the wrong OS/video card

Also keep in mind that the implementation of canvas-fingerprinting may vary from site to site. For example, on paypal.com, the text on canvas is: PayPal.com, <!@#$%>

Although it should also be said that thousands of sites use well-established public libraries for browser-based fingerprinting.

Based on the above, it was decided to develop the software using customizations. It is necessary to collect data samples from real browsers with the same code that websites do. At the moment the target website is visited, the previously collected data will be output. And the result is that websites get real data, not synthetically generated data.

Cookies. Track. Counters. Widgets.

Many of you already know this very well. Nevertheless, we think it is necessary to touch upon this topic, because probably for some part of users this information will be useful.

For a very long time there are different companies that collect information about visits to various sites by users.

Widgets and scripts, installed on many sites, set cookies (marking the user) and send them information about the user’s browser and actions.

This creates a user trail that can be used to track which sites/pages the user has been to, how much time he spent, what he read, where he clicked, etc.

In this way it is possible to determine:

  • the user’s interests
  • sex
  • age
  • presence of profiles in social networks.

And a bunch of other information. This information is actively sold and exchanged by these companies.

Not so long ago, the same facebook was caught in the act of selling such information. We would like to remind you that facebook has not only its own site, but also widgets installed on millions of websites. And facebook can track what you are interested in and what sites you visit even if you do not visit the facebook site.

This information helps to target ads in a good way. But I would like to point out that the antifraud systems analyze this kind of information and it helps to identify the fraud very well.

If you came to the target site without such an accumulated trail, it is very likely that your actions will be examined under a microscope and will get under the manual control of a moderator trained for this purpose.

The question regarding cookies and the trace of your fake identity remains open. It’s up to you how to approach it.

Some of the obvious methods of dealing with this issue are:

  • Buying cookies from special stores. It’s worth noting here that if you only buy cookies and import them into your browser, the browser information will not match. The information about the browser where the cookie came from and the information about the profile browser will be different. Fingerprints will also be different. Although, as practice shows, the presence of cookies with history and track solves a lot of problems.
  • To make the track and cookies by yourself. We are talking about trivial farming. That is, you can “grow” a profile yourself: visit different sites, search engines, services, as if you were a normal user. This process is not fast and for some services can take weeks.