Browser Fingerprint Detector
34 comments
·September 8, 2025everdrive
rsync
"... so the fact alone that you're unique might potentially not matter if you're _differently_ unique every time you visit the site. Is there a flaw in this line of thinking?"
No, you're thinking correctly and the odd discourse that you (and I) see is based on two implicit assumptions:
1) Your threat model is a global observer that notices - and tracks and exploits - your supposed perfect per-request uniqueness.
2) Our browsers do not give us fine grained control over every observable value so if only one variable is randomized per request, that can be discarded and you are still identifiable by (insert collection of resolution and fan speed or mouse jiggle or whatever).
Item (1) I don't care about. I'd prefer per-hit uniqueness to what I have now.
Item (2) is a valid concern and speaks to the blunt and user-hostile tools available to us (browsers, that is) which barely rise to the level of any definition of "user agent" we might imagine.
I repeat: I would much prefer fully randomized per-request variables and I don't care how unique they are relative to other traffic. I care about how unique they are relative to my other requests. Unfortunately, I am wary of browser plug-ins and have no good way to build a trust model with the 12 different plug-ins this behavior would require. This is the fault of firefox and the bad decisions they continue to make.
gruez
>- Firefox sends some dummy data when making use of privacy.resistFingerprinting, and so you should get a unique fingerprint _every time_ you visit a site, so the fact alone that you're unique might potentially not matter if you're _differently_ unique every time you visit the site. Is there a flaw in this line of thinking?
Yes, because those randomized results can be detected, and that can be incorporated into your fingerprint. Think of a site that asks you about your birthday. If you put in obviously false answers like "February 31, 1901", a smart implementation could just round those answers off to "lies about birthday" rather than taking them at face value.
>- My understanding is that the primary utility of browser fingerprinting is for advertising / tracking. In other words, the bulk of the population an advertiser would actually care about would be the huge middle of the bell curve on Chrome using Windows, not the privacy nuts on Linux with a custom browser config. In other words, if "blending in with the crowd" really worked I would think that tracking companies would fail against the most important and largest part of the user pool. If anything, it's more important to target grandma as she will actually click on ads and buy stuff online compulsively.
The problem is all this fingerprinting/profiling machinery ends up building a profile on privacy conscious people, even if they're impossible to sell to. That can later be exploited if the data gets leaked, or the government demands it. "I'm not a normie so nobody would want to show ads to me" doesn't address this.
throwawayqqq11
Advertisers try to reidentify and match you against their database, the less information you give them and the more randomized it is, the less certain they can be, its you again.
If i use my locked down firefox with a VPN where potentially a hand full other brills like me come out on the other end, i am not concerned about them building a profile of me.
avastel
I recently wrote about the limits of these kinds of fingerprinting tests. They tend to overly focus on uniqueness without taking into account stability. Moreover sample size is often really small which tends to artificially make a lot of users unique
https://blog.castle.io/what-browser-fingerprinting-tests-lik...
everdrive
This is great, and exactly the kind of nuance I almost never see when this topics come up. Thanks for posting this. Far too often, the pro-privacy crowd is much more _upset_ than they are precise, and to the point of your article are spending extra effort without really accomplishing much.
basilikum
> Fingerprint Collection Failed
> This can happen due to several reasons:
> [...] JavaScript Errors: When any of the 24+ fingerprint collection methods throws an error [...]
So when any of the browser APIs it exploits aren't available, it just fails instead of using that as a datapoint in itself. I'm unimpressed.
maelito
This is why privacy must be enforced by states, their laws and a powerful public enforcement agency.
You cannot expect people to technically protect themselves from tracking.
(you can invite them to not use abusing services though)
dylan604
> (you can invite them to not use abusing services though)
First, you'd have to define how one can determine what an abusive service is. Is Facebook an abusive service? Is some random website that happens to use FB's SDK an abusive service? How does a normie internet user find out the site they are using has abusive code? Some plugin/extension that has a moderated list that prevents a page from loading and instead loads a page dedicated to explain how that specific site is abusive?
NoboruWataya
Perhaps I'm missing it but does it explain what aspects of your setup contribute the most to your score or suggest remedial actions? I wasn't that surprised to find that my standard setup is highly fingerprintable (for one, I use Firefox which alone is enough to single me out in a crowd) but I also tried using a vanilla Chromium install via a popular commercial VPN and still got a rating of 100%.
abhaynayar
Looking at the JS, in the `calculateUniqueScore` function - it is just checking how many features it was able to detect (it gives a weight to each summing up to 100).
It is not checking how unique you are based off of some data-set it has.
This site also has plenty other such "issues"/"bugs" feels like it was quickly vibe-coded without much care.
zargon
Running Chrome will make you highly fingerprint-able since it has so many APIs that can identify your hardware and software configurations directly or indirectly. It doesn’t help you “blend in” at all.
seanw444
I'm curious as well. Ran a stock Vanadium config with Mullvad enabled, and got 100%. Maybe Vanadium isn't as focused on fingerprinting as I'd thought.
willhschmid
Fingerprint Collection Failed
Yay, I am safe. I use Brave. Everyone should use Brave.
null
AbraKdabra
So, what's the solution to all of this? Are there any settings I need to modify to Chrome to not allow certain info to be queried?
elenchev
yes but then you become a "suspicious user" and you have to fill 100 CPATCHAs every day
at this point browser fingerprinting is a feature, not a bug
ranger_danger
Still nowhere near as good as creepjs: https://abrahamjuliot.github.io/creepjs/
Doesn't even detect common browser extensions.
croemer
Wow, this blows it completely out of the water. Even detects battery level, free storage, fonts etc
Bilal_io
It depends on the browser you're using, Brave is obfuscating a lot of this info, for me using Brave on Android it shows 100% battery while my actual battery is 62%.
malfist
On Firefox on android almost everything except the basics you expect are "unsupported"
It has file system free space, but it's wrong.
xyzal
Here I'd like to point out the excellent CanvasBlocker extension for Firefox. It injects randomness in various API calls used for fingerprinting, and you can configure it in such a way that it gives stable results on same domain, but different across domains.
dmitrygr
The original is panopticlick from EFF: https://coveryourtracks.eff.org/
I do not see how this is better
kitsun3
Is there any library I could use for HW finger printing? I'd like to detect and ban evasions.
I'm deeply confused by a lot of the privacy discourse here. There seems to be opposing goals between preventing the fingerprinting mechanisms and just preventing uniqueness. Under the "preventing uniqueness" model, my Linux computer with custom Firefox and no fonts, and no js, etc. is the "most fingerprint-able" because it's the most unique. Whereas grandma on Windows and Chrome is "less unique," and therefore in some sense less fingerprint-able.
I think there are a few potential problems with this view that I never see discussed:
- Firefox sends some dummy data when making use of privacy.resistFingerprinting, and so you should get a unique fingerprint _every time_ you visit a site, so the fact alone that you're unique might potentially not matter if you're _differently_ unique every time you visit the site. Is there a flaw in this line of thinking?
- My understanding is that the primary utility of browser fingerprinting is for advertising / tracking. In other words, the bulk of the population an advertiser would actually care about would be the huge middle of the bell curve on Chrome using Windows, not the privacy nuts on Linux with a custom browser config. In other words, if "blending in with the crowd" really worked I would think that tracking companies would fail against the most important and largest part of the user pool. If anything, it's more important to target grandma as she will actually click on ads and buy stuff online compulsively.
Can anyone speak to these points? I often feel like the pro-privacy people are just crawling in the dark and not really aware of that real-world tracking is actually occurring vs. what might be possible in a research paper. Maybe I'm just the one that's confused?