Fingerprint - ClonBrowser

Posts

Browser Fingerprint? The Best Way to Prevent It!

12/10/2021/in All Articles, Browser Basics /by Jolian

If you happen to meet a salesman who recommends a product that you really need or really like, you will feel lucky today and will be happy to buy it.

But would you still be happy to look back and see him behind you with a camera filming your every move, then recording and analyzing your actions in a notebook? The original he recommended in line with your mind’s products are all tracking you to come!

That’s the case now. A shadow is following you. As you walk and trade on the Internet, it follows you everywhere. That is Browser Fingerprinting.

What is a Browser Fingerprint?

Browser fingerprints are a way of tracking a Web browser through configuration and setting information (such as system fonts, screen resolution, browser plug-ins, and so on) that the browser makes visible to the website.

Browser fingerprints, like those on our hands, are highly identifiable. The fingerprint on the human hand is unique because of the unique pattern on each finger. The pattern of each person’s fingerprint makes it unique.

The same goes for browser fingerprints, which also have some identifiable information. If you can take that browser information, do some math and come up with a value, that value is a browser fingerprint. Recognizable information can be UA, time zone, geographic location, or the language you use, etc. The information you choose to calculate determines the accuracy of the browser fingerprint.

A browser fingerprint can locate a user almost absolutely, even when using the browser’s private window mode. This is a passive way of identifying. That is to say, if you visit a website, the website can recognize you, although you don’t know who you are, you have a unique fingerprint. It will be very convenient for advertising, precise push, and other things about privacy in the future.

Browser fingerprinting and cookies

“Browser Fingerprinting is tracking identifiable information, but cookies seem to be invading my privacy as well? Every time I open my browser, he opens the page I want or suggests what I want. So are they the same thing? What’s the connection?”

Yes, you’re smart. They do matter.

Having said that Browser Fingerprinting takes a number of steps to differentiate your identity and preferences, cookies can definitely help it do that, so they’re good friends. Cookies are a means of Browser fingerprinting.

According to Wikipedia, browser cookies (also called HTTP cookies, web cookies, Internet cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user’s computer.

When the cookies are stored on your computer and you open your shopping cart (or a previously opened site), the data files are re-read and you can see previous browsing history and items already in your cart. And you don’t need to enter a password to log in again.

In fact, there are not only cookies in the cache file, the server will also request the page URL, request time, and so on in the file. By analyzing this data, others can know exactly which pages you’ve visited and for how long.

Tracking with cookies and other files is the first generation of browser fingerprint tracking technology, requiring users to log in to get valid information. The second generation introduced the concept of browser fingerprints, which allow users to be more differentiated by increasing the browser’s eigenvalues. Now the third generation has already focused on people. By collecting users’ behaviors and habits, they can establish eigenvalues or even models for users, which can realize real tracking technology.

Browser Fingerprinting and Canvas /WebGL

Do you know what Canvas and WebGL are? What’s the connection between them? What do they have to do with Browser Fingerprinting?

Canvas is a newly added element object of HTML5, which is literally a Canvas. Browser JS is equipped with a corresponding operation API, so it can draw directly without relying on other APIS or components, which is equivalent to 2D API. WebGL is a set of BROWSER 3D graphics API (HTML5) based on OpenGL ES 2.0.

Canvas and WebGL are both image rendering methods, and the rendering of different computers is different. The site tracks each device’s rendering mode to distinguish them. So Browser Fingerprinting is also happy to be friends with Canvas and WebGL.

Is browser fingerprint good or bad?

Browser Fingerprinting makes it easy for many websites to track our lives, but is it really no good at all? Why does something so harmful exist?

Since it is born, it must be in the interest of some people. But there’s no denying that he’s also troubling insecure people. See this article to learn more about the pros and cons of Browser Fingerprinting.

For example, establishing a connection between personal Internet behavior and browser fingerprint is actually a measure to protect accounts. However, for users, this connection may more or less violate user privacy, especially when your browser fingerprint is associated with real user information. Fortunately, this way is relatively limited privacy violations for users, abuse of user behavior will overdraw users to the good feelings of the website.

How do I Prevent Browser Fingerprinting?

When you look at the above analysis and decide that browser Fingerprinting’s benefits don’t outweigh its annoyings, take steps to stop Browser Fingerprinting.

Because Browser Fingerprinting uses a combination of technologies to track and analyze who you are and what you like. So you can interfere with browser Fingerprinting from an Angle.

1) Disable cookies

We already know that cookies are a helper of browser fingerprints, so it is critical that they are not created or stored.

If you want to disable cookies, you can just go to the files on your computer and hit Delete. But cleaning up cookies every time you use your browser is a hassle, so stop it at the source.

For example, you can browse in incognito mode. In this mode, cookies cannot be cached.

2) Disable JavaScript

Canvas is a newly added component of HTML5. It is like a screen on which you can draw various charts and animations with JavaScript. So you’re effectively disabling JavaScript. Note, however, that disabling JavaScript can cause pages to not display properly, so think twice before disabling it.

There are other ways to try it besides disabling JavaScript, and you can check it out here if you’re curious.

3) Use the Canvas Defender plugin

Canvas Defender is a browser extender that adds noise when a website tracks your fingerprint. Want to know if he’s useful? Check it out here.

4) Disable WebRTC

Webgl tracks you through the images displayed in the browser, just like Canvas, so disabling Webgl is a viable option. If you want to disable Webgl in Chrome, you need to add the –disable-WebGL flag to the command line of the shortcut, such as chrome.exe –disable-WebGL

5) Disable Geolocation

Why do I need to disable Geolocation? Does Browser Fingerprinting still track my Geolocation?

Yes. Browser fingerprinting is already moving into its third generation. Began to pay more and more attention to the user’s actions, more emphasis on the analysis of various data for the user portrait. You go online at different places every day, and getting your location allows you to connect your movements to your online trajectory for further analysis.

To disable geolocation, you can find them in your browser settings. Or reject geolocation requests when you open a web page.

6) Use Clonbrowser

Clonbrowser is an excellent anti-fingerprint browser.

First of all, your cookies and cache are stored independently and do not interfere with each other, which is very effective in preventing some websites from tracking you through caching and cookies.

However, Clonbrowser also has very powerful fingerprint jamming capabilities. When a website wants to track your fingerprint, Clonbrowser gives it a fake mask fingerprint. No one can read your privacy through fingerprints.

You can also configure countless configuration files on Clonbrowser and share them with your team. You can use Clonbrowser for secure account activities!

Start your 7-day free trial now! There is also very responsive customer service to help you use it.

Should You Worry About Browser Fingerprinting?

12/10/2021/in All Articles, Browser Basics /by Jolian

Is Browser Fingerprinting good or bad? This is really a controversial topic right now. According to Pew Research, 83% of consumers regularly or occasionally see ads based on their browsing history. For consumers, they would consider it an invasion of their privacy. For businesses, Browser Fingerprinting offers a great competitive advantage.

If you want to understand what Browser Fingerprinting is, what exactly browser Fingerprinting does to our lives. Then this article is perfect for you.

What is Browser Fingerprinting

Browser fingerprint refers to the ability to locate a user almost absolutely through various information of the browser, such as system font, screen resolution, and browser plug-in, without the need for cookies and other technologies. Even if the browser’s private window mode is used, it cannot be anonymous. This is a passive way of identifying.

That is to say, if you visit a website, the website can recognize you, although you don’t know who you are, you have a unique fingerprint. It will be very convenient for advertising, precise push, and other things about privacy in the future. Also, don’t be superstitious about cloaking mode. The Chrome and Firefox extensions continuously record your browser fingerprint, allowing you to observe changes.

Browser Fingerprinting technologies

We already know that Browser Fingerprinting is a technology for locating a user using multiple technologies. So which technologies are giving us away? In fact, there are so many kinds of these technologies, which have laid a wide net for us. Generally speaking, it includes hardware fingerprint, Canvas fingerprint, AudioContext fingerprint, etc.

A fingerprint is a hallmark of any browser, Hardware type (Apple), operating system (Mac OS), User-Agent, system font, language, screen resolution, browser plug-ins (Flash, Silverlight, Java, Etc), Browser extensions, Browser Settings (do-not-track, etc), time zone Offset (Browser GMT Offset) and much other information.

Hardware fingerprints obtain information by detecting hardware modules, which supplement software-based fingerprints. Hardware modules include GPU, camera, speaker/microphone, motion sensor, GPS, battery, CPU, network adapter, Bluetooth, and BOIS.

The fingerprint information is like a person’s physical characteristics, which can be distinguished by gender, height, and weight. Human height, age, etc., have a great probability of conflict. However, these characteristics can not uniquely identify a person, and only using a basic fingerprint can not uniquely determine the client, but can only serve as an auxiliary identification.

So how do they make that distinction? Many advanced fingerprints based on HTML5 provide new ideas for this.

Canvas prints

Many websites and tracking software use HTML Canvas fingerprints. Because each browser generates a different pattern.

Basically, every kind of browser will use a different image processing engine, different export option, different compression levels, so that every computer draw pictures will be slightly different, these patterns can be used to assign user equipment a specific number of fingerprints, also can be used to identify the different users.

AudioContext fingerprint

If a Canvas fingerprint is a pattern fingerprint, an AudioContext is a sound fingerprint.

The Audio API gives developers the ability to manipulate raw Audio stream data directly in code, generating, manipulating, and reproducing it in any way they want, such as improving tone, changing pitch, and splitting Audio.

The AudioContext generates the audio flow (triangular wave), performs FFT transformation on it, calculates the SHA value as a fingerprint, and cleans the audio before it is output to the audio device without the user noticing.

Slight differences in the hardware or software of the host or browser lead to differences in the processing of audio signals. The same browser on the same device produces the same audio output, while the audio output generated by different machines or browsers may vary. This can then be used as a tracking technology for Browser Fingerprinting.

Is browser Fingerprinting legal?

Similar to human appearance and fingerprint, the Web client of the browser also has a variety of “appearance” and “fingerprint” information. After comprehensive analysis and calculation of these information, the client can be uniquely identified, and then lock, track, and understand the behavior and privacy data of Internet users. It is used for advertisement delivery, user interest analysis, and so on, and then as the basis of decision making. It is one of the important means to collect and track user behavior by using Web client.

But generally speaking, Browser Fingerprinting is legal and secure if no one uses it maliciously.

Browser Fingerprinting protects your rights

What? Isn’t Browser Fingerprinting violating my rights?

Every coin has its two sides, and Browser Fingerprinting is no exception. Now network technology is more and more developed, a lot of things can be done on the network. Such as receiving and paying. Now you don’t need to drive to the bank to access your account on your phone or computer.

And then the thieves upgraded their methods. Instead of stealing bank cards from the crowds on the shopping street, they are delving into computer technology and trying to steal your savings online. When they get access to your account and password, they are blocked from logging in. This is where Browser Fingerprinting comes into play.

The computer used by the thief is not the same as the computer used by you to log in to the online bank, and even the network is different. When he logs in from that computer, Browser Fingerprinting technology recognizes the device’s fingerprint. The network then realizes that it’s an unfamiliar fingerprint and discreetly sends you a reminder inviting you to verify your account. Thieves who don’t receive verification information can’t get their hands on your money.

Should I worry about browser fingerprinting?

As stated above, Browser Fingerprinting is safe as long as no one uses it maliciously, but the reality is that in addition to the benefits, it does cause us some problems.

In the past, your stolen privacy might have been something concrete. Say your name, your bank card number. But for now, your Browser fingerprinting is also a very important piece of data. Criminals can use it to defraud you, and some businesses want to make money from your actions. Summary, Browser Fingerprinting

You may have the following effects:

1) It made you look awkward in front of everyone

Getting a browser fingerprint has no real value to a website, but what is really valuable is the user information that the browser fingerprint corresponds to. As a webmaster, collecting a user’s browser fingerprint and recording the user’s actions is a valuable activity, especially for scenarios where there is no user identity.

For example, if you like to read about anime, the browser fingerprint will record that interest. The next time you visit this site, you don’t need to log in to get pushed animation information. This is a very generic way to distribute content. Also, your shopping preferences are monitored by Browser Fingerprinting.

The result is that Browser Fingerprinting knows exactly what you like. When someone else is using your computer to access the Internet, the network only recognizes the machine, not the person using it, so it’s easy for someone else to pass for you and get pushed some of your preferences.

Especially if you’re using a computer in a public place, it’s like a diary is out in the open, and your privacy is out there for all to see. It was undoubtedly a very awkward situation.

2) Let you always be punished by the platform

What? I’ve been banned again? When was the last time you were banned by Amazon?

Browser Fingerprinting is an important tool for checking account associations on commercial platforms. As we all know, some e-commerce platforms attach great importance to the market order. I believe you have seen many products with the same picture when opening the product page, which may be malicious competition. Maybe someone opened many stores to buy the same product in order to occupy the market.

In order to prevent such cases, e-commerce platforms use Browser Fingerprint to determine which stores belong to the same merchant. If detected, the platforms will impose penalties.

But maybe your good credit is being penalized, too? This is also a question of probability. Browser fingerprinting is not always accurate and you may be implicated.

Browser Fingerprinting has pros and cons, so how can you avoid this risk? Click here to see how to block Browser Fingerprinting.

canvas fingerprints expose your information

Canvas Fingerprinting | How to hide it?

12/03/2021/in All Articles, Browser Basics /by Jolian

In this article you will learn:

What is browser fingerprinting?
Classification of browser fingerprinting
What is Canvas fingerprinting?
How does Canvas Fingerprintingtrack your information?
What is Canvas fingerprinting used for?
How to hide your Canvas fingerprint?

About Browser fingerprinting

What is browser fingerprinting?

Browser fingerprinting is a powerful monitoring tool that collects parameters about browser version and type, operating system, language, time zone, screen resolution, browser plug-ins, and more. Websites rely on these parameters to identify users and track their specific behavior.

Classification of browser fingerprinting

1) Equipment related information

The fingerprint associated with the device is mainly the exposure of some hardware condition. Your online actions are combined with device information to accurately judge your information. The equipment information mainly includes:

Hardware type, OPERATING system, user agent, system font, language, screen resolution, and Canvas fingerprint, AudioContext fingerprint, WebGL fingerprint, media device fingerprint, GPU plug-in, Pepper 3D rendering, etc.

2) Browser-related information

Including Cookie, Session, Evercookie, Flash Cookies, Browser extensions, Browser Settings (do-not-track, etc.), time zone Offset (Browser GMT Offset), Browser plug-in (Flash), and much other information.

Canvas fingerprinting technology

What is Canvas fingerprinting?

With the development of the Internet, users have higher requirements for the vision and interaction of pages, and traditional Web front-end development cannot be satisfied. Therefore, the powerful drawing ability of Canvas can make the content displayed on web pages more colorful, and Canvas can bring users a better visual and interactive experience.

Generally speaking, each browser uses a different image processing engine, different export options, and different compression levels, so each computer will produce slightly different graphics that can be used to assign specific numbers to the user’s device, meaning that they can be used to identify different users. This is Canvas fingerprinting.

How does Canvas Fingerprinting track your information?

Canvas fingerprinting begins when a Web site provides the browser with the task of drawing a canvas object. Canvas objects are tools that websites use to create simple and complex graphics.

The site uses Javascript to enable browsers to draw images in canvas objects using predefined scripts. This image can contain complex elements such as lines, colors, geometric shapes, with different backgrounds, or distorted in different ways.

What you need to know is that different computers will draw the image in slightly different ways. Even if the resulting image looks the same as the human eye, with slight variations, they can be distinguished.

It’s worth mentioning hash functions at this point.

A Hash algorithm, also known as a Hash algorithm, converts a piece of data into a flag that has a very tight relationship to each byte of the source data.

A remarkable feature of Hash algorithms is the difficulty of finding reverse patterns. It is a generalized algorithm, which can also be regarded as an idea. The Hash algorithm can improve the utilization of storage space, improve the query efficiency of data, and ensure the security of data transmission by digital signature. Therefore, the Hash algorithm is widely used in Internet applications.

One reason Hash algorithms are used for canvas fingerprints is that they always produce the same result if the input remains constant. Two pieces of information that look exactly the same to the naked eye can be completely different if they change slightly. Even the tiniest, tiniest differences can make a big difference.

What is Canvas fingerprinting used for?

Personalized advertising may not sound like a terrible thing, but it is not. Browser fingerprinting is often a threat to online privacy. Canvas fingerprints are also an accomplice.

Almost every website that implements browser fingerprinting does so without asking users’ consent, or in a very misleading way.

You may not remember a site that asked for permission to track your information. There is any notice, usually hidden in the site’s terms of service, in the smallest font you can imagine. Usually, it goes something like this: “By using our website, you agree that we will save your machine’s digital signature.”

Don’t worry, most users have no idea what this means any more than you do. Because it doesn’t offer any real explanation of what might happen, few people manage to see it.

Canvas fingerprint leaks can expose you to a lot of information, and then you can be hacked or harassed by targeted ads on a regular basis, as well as some not-so-obvious downsides.

How to detect Canvas fingerprint?

On-line inspection address: https://browserleaks.com/canvas

How to hide your Canvas fingerprint?

Canvas fingerprint is a new intrusion technology. Before Canvas fingerprint, cookies and cache are a big hidden danger to the security of personal privacy information. But as time went by, many computer literate users tried to prevent the intrusion by deleting files on their local computers where cookies had been found to reside.

Compared to this amount of work, avoiding canvas fingerprints may require more time and effort. Here are a few possible solutions.

1) Close ads

Will closing ads solve the canvas fingerprint problem?

Of course not. But it doesn’t really cost you anything, does it?

You know, when your computer pops up some targeted AD, and you do something to let the web detect that you’re interested in it, then it keeps popping up. If you choose to turn off those ads and deny access to any of them, you’re shutting off a channel for the Internet to spy on your mind.

While this isn’t a complete solution to the Canvas fingerprint problem, it’s safer than not doing it at all.

2) Use stealth mode

As you probably know, using incognito mode prevents some cookies from being generated. Does it also work with canvas fingerprints?

This only works if some browsers have incognito modes that block website tracking. Normal browsers can only block caching and cookies, but canvas fingerprints are useless.

Browsers that can defend against canvas fingerprints use proxy networks to encrypt data. When you send a browsing request to the agent, the agent acts as a middleman to submit the request to the site for you. The website sees the proxy network. Just like when we go to an agent to buy something, the buyer and the seller don’t meet directly.

The website doesn’t know who made the request, so it can’t do anything with your Canvas fingerprint.

3) Use plug-ins

As canvas fingerprints become more and more of a concern for users, some browser-compatible plugins are coming out.

Do you know Canvas Defender? It chooses to use interference to influence the website’s judgment of canvas fingerprint. There are plenty of canvas Defender plugins out there, check them out in stores!

Check the reviews to see if they work before you download them.

4) Use ClonBrowser

Don’t you know ClonBrowser yet? If you don’t already know the browser, that’s a shame.

ClonBrowser is a versatile virtual browser.

First of all, it will help you solve the problem of Canvas fingerprinting because it is a browser that takes your privacy very seriously. Both your cookies and your cache are kept separately. None of your fingerprints are available to the outside world because ClonBrowser provides a fake mask fingerprint when the outside world wants to invade your privacy.

Of course, ClonBrowser also integrates with a number of well-known agents, such as 911, which you can fully enjoy here.

Second, ClonBrowser is also a virtual browser that lets you configure multiple profiles. With virtual technology, ClonBrowser can simulate countless unique computers for you! When you want to manage them, you can also manage them cooperatively with powerful team-sharing capabilities.

Finally, ClonBrowser has an excellent free trial program and is always available to your customer service team. These resources can provide the most powerful support for your social marketing and business journey!

What are you waiting for? Try it and you won’t regret it!

Does Canvas Defender Work? The Alternative is?

12/03/2021/in All Articles, Browser Basics /by Jolian

In some services, it is necessary to obtain basic information of anonymous users to analyze user behaviors and then make targeted recommendations for certain user groups. This is where the Canvas fingerprint comes in.

Looking for a way to block canvas fingerprints? Trying to learn more about Canvas Defender? Then this article is for you.

In this article you will see:

What is canvas fingerprint
Why are Canvas fingerprints here
What harm can canvas fingerprints do to me
What is Canvas Defender? Does it work?
The best alternative to Canvas Defender!

What is a Canvas fingerprint?

Every kind of browser use different image processing engine, different export option, different compression levels so that every computer draw graphics will be slightly different, these patterns can be used to assign user equipment a specific number (fingerprint), that is to say, can be used to identify different users, users won’t generally to replace hardware.

Therefore, Canvas can well specify the browser of the current user, but it is especially easy to generate the same fingerprint when multiple users have the same hardware device and browser. Therefore, canvas fingerprint cannot completely replace cookies as user identity authentication but can be used as auxiliary authentication information.

Why need to use canvas fingerprint?

In general, websites or advertising alliances want a technical way to accurately target each individual on the network. In this way, they can collect the data of these individuals and push advertisements (precision marketing) or other targeted activities more accurately through analysis. Cookie technology is a very popular one.

When a user visits a website, the site can permanently plant a unique identifier (UUID) in the user’s current browser Cookie and use this information to associate all of the user’s actions. These behaviors can be:

What pages did you browse?
What keywords are searched?
What are you interested in?
Which buttons were pressed?
What features are used?
What products did you see?
What goes into the shopping cart

And so on.

As Internet users attach more importance to personal privacy, cookies are becoming less and less popular. Many security tools and even browsers are starting to allow or instruct users to turn cookies off. For example, many major browsers have a “private browsing mode” feature. This makes it harder for websites to track user behavior. However, there are still some ways for websites to track the behavior of each visitor, for example, flash cookies can also achieve the purpose of unique identification and tracking.

As HTML5 matures, identifying a unique browser via Canvas Fingerprinting is becoming more accepted. The feature of it is that users can hardly block it without cookies.

This tracking technology can track the unique feature code of the device through dynamic drawing parameters in HTML 5 and JavaScript without the permission of the user. It does not need to carry any token or accept cookies, and it can be tracked even if the IP address is changed. Therefore, it is considered to be unable to completely resist the tracking technology at the present stage.

How can Canvas fingerprints harm you?

1) Disclosure of personal privacy

Your washing machine is broken and you bought a new one online yesterday, right?

Did you play tower defense last night? Staying late?

Don’t look around, I’m not lurking, but I am. As soon as you log into the network using your device, I can see what you’re doing with that device.

Yes, I am a browser fingerprint. Canvas prints.

As mentioned before, some advertisers need the help of Canvas fingerprint to accurately find the best potential consumer groups. Your browsing behavior will be unique under Canvas fingerprint technology. While this may make ads and feeds more refined and easier for some, it also leaves users with no privacy at all.

2) Induce fraud

This point is based on the user privacy exposure caused by criminal acts.

When your browsing tendencies and browsing history are exposed to criminals, they can easily use these characteristics to determine your preferences and send you highly matched false messages. When this information gets your attention, fraud is easy to occur.

3) Impeding business activities

Why would Canvas fingerprints get in the way of business? Isn’t it just a threat to our privacy?

Yes, when Canvas fingerprints can tell you who you are, your business will be hindered a lot. Because it’s probably associated with the account.

What is account association? This rule generally applies to platforms that limit multiple accounts. Some platforms pay attention to the browsing environment and user experience and are very opposed to a user to achieve their own business marketing purposes to create and manage multiple accounts. In order to control this phenomenon, the platform tries to determine whether an account is connected or not.

When many different accounts have very similar operation behaviors, the platform will judge that there is a connection, leading to the closure of the account.

Canvas fingerprints can distinguish individual characteristics, thus playing an irreplaceable role.

What is Canvas Defender

Canvas Defender is a free add-on for Firefox and Chrome that manipulates Canvas fingerprints to prevent Canvas fingerprints.

Canvas fingerprints use the HTML5 Canvas element. The Canvas element is used to draw graphics on Web pages and is supported by all major Web browsers.

Fingerprints take advantage of the fact that the output of a canvas is often different when rendered in different browsers. This is not always the case, which is why Canvas fingerprinting is often used in conjunction with other tracing methods.

In general, the more unique the browser and operating system, the more unique the fingerprint.

Canvas Defender is available on all browsers and platforms (Windows, Linux, and Mac).

How does Canvas Defender work?

Internet users have two options when it comes to blocking fingerprinting. Add-ons may block the Canvas element in the browser entirely or provide whitelisting/blacklisting methods. Since Canvas requires JavaScript, turning it off will also block it, but this is usually not feasible.

Canvas Defender changes its “real” Canvas fingerprint by adding interference to the browser.

Unlike other add-ins created for this purpose, the browser extension does not completely block the Canvas element in the browser. Canvas is also used on legitimate sites, and blocking Canvas entirely may disable some or all of those sites’ functionality.

This extension adds ICONS to the browser’s main toolbar that you can interact with. Clicking will display the interference hash, along with the option to generate a new interference. You can also disable creation at any time using the menu.

Does Canvas Defender work?

What’s the response to Canvas Defender’s launch? Does Canvas Defender work? Does it really deliver what it promises?

Some users highly recommend using this product:

5 star! Works perfectly, tested using https://www.deviceinfo.me and it does in fact show “spoofed” instead of “blocked”.

Works as expected, easy to use: install and forget. Been using it for months, don’t plan to stop using it..

However, some users say Canvas Defender still has some problems.

Some websites just don’t work with this addon enabled. The notification is annoying and the reasons dev gives for keeping it that way are not justified.

While the idea is nice theoretically, practically this addon isn’t all that useful. Apps using canvas for legitimate reasons (i.e. WhatsApp web file upload, draw.io file export) will often have coloured tint (or sometimes it will just break the app completely) on them, which not only affects the web experience, but will also make you trackable. The addon does have a white-list function, but I haven’t been able to get it to work. There’s also an annoying notification that pops up on every webpage that tries to read your canvas hash and you can’t actually disable it.

The best alternative to Canvas Defender!

There are alternatives to using Canvas Defender for fingerprint protection, such as a plugin or a browser with special features.

Canvas Blocker for Google Chrome and CanvasFingerprintBlock are designed to block web pages from tracking fingerprints, so if you’re not too security-sensitive, you can try them out.

If you use a privacy-protected browser, your canvas fingerprint problem can be solved easily.

ClonBrowser is a virtual browser with high privacy protection. In ClonBrowser, your real browser fingerprints are not retrieved, they are retrieved as a fake mask fingerprint. With measures like Canvas Spoofing, you don’t have to worry about fingerprints anymore!

In addition, your personal data, such as cookies, will also be kept independently.

Come and try it for free!

WebGL vs Canvas | How do they relate to Fingerprints?

11/26/2021/in All Articles, Browser Basics /by Jolian

Do you know what is WebGL? What is canvas? What do they have to do with browser fingerprints? If you don’t know about them, read on!

What is a canvas?

Canvas is a label of HTML5. Canvas can use JavaScript to draw images on web pages and manipulate image content.

It’s basically a bitmap that can be manipulated in JavaScript.

Canvas object represents an HTML Canvas element -< Canvas >. It does not have its own behavior but defines an API to support scripted client-side drawing operations.

What is HTML?

HTML, called hypertext Markup Language (HTML), is an identifier language. It includes a series of tags. These tags unify the format of documents on the network and connect scattered Internet resources into a logical whole. HTML text is a descriptive text composed of HTML commands that describe text, graphics, animations, sounds, tables, links, etc. The web pages we browse are written in HTML.

The history of the Canvas

This HTML element is designed for client-side vector graphics. It has no behavior of its own, but it presents a drawing API to the client JavaScript so that the script can draw whatever it wants to draw onto a canvas.

The reason for this radical extension to HTML is that HTML’s drawing capabilities in Safari are also used by the Dashboard component on the Mac OS X desktop, and Apple wanted a way to support scripted graphics in Dashboard.

Firefox 1.5 and Opera 9 have followed Safari’s lead. Both browsers support the

We can even use the < Canvas > tag in IE and build compatible canvases with open-source JavaScript code (initiated by Google) based on IE’s VML support.

Efforts to standardize < Canvas > are being advanced by an informal association of Web browser vendors, and < Canvas > has become an official tag in the HTML 5 draft.

Canvas and browser fingerprints

What does Canvas have to do with browser fingerprints?

Using the same HTML Canvas element for drawing operations, Canvas will produce different picture contents on different operating systems and browsers, which can be used to identify and distinguish users. This may be because:

1) In the image format, different Web browsers use different graphics processing engines, different image export options, different default compression levels, etc.

2) At the pixel level, each operating system uses different Settings and algorithms for anti-aliasing and sub-pixel rendering operations.

3) Even if the same drawing operation, the CRC test of the resulting picture data is not the same.

What is a WebGL?

Webgl is used to draw and render complex three-dimensional graphics (3D graphics) on web pages and allow users to interact with them.

WebGL (Full Write Web Graphics Library) is a 3D Graphics protocol that allows JavaScript to be combined with OpenGL ES 2.0. By adding a JavaScript binding to OpenGL ES 2.0, WebGL can provide hardware 3D accelerated rendering for HTML5 Canvas so that Web developers can use the system graphics card to display 3D scenes and models more smoothly in the browser. You can also create complex navigation and data visualizations. Obviously, the WebGL technology standard eliminates the need to develop web-specific rendering plugins that can be used to create web pages with complex 3D structures, even to design 3D web games, and so on.

Traditionally, to display three-dimensional graphics, developers have developed a stand-alone application using C or C ++ with a dedicated computer graphics library, such as OpenGL or Direct3D. Now with WebGL, we just need to add some extra 3D graphics code to our already familiar HTML and javascript to display 3D graphics on a web page.

Webgl is embedded in the browser, you don’t have to install plug-ins and libraries to use it, and it’s browser-based, so you can run WebGL applications on multiple platforms.

What is the OpenGL?

OpenGL (Open Graphics Library) is a cross-language, cross-platform application programming interface (API) for rendering 2D and 3D vector graphics. This interface consists of nearly 350 different function calls to draw everything from simple graphics bits to complex 3d scenes.

The other programming interface system is Direct3D for Microsoft Windows only. OpenGL is commonly used in CAD, virtual reality, scientific visualization programs, and video game development.

The origin of the Webgl

The two most widely used 3d graphics rendering technologies on personal computers are Direct3D and OpenGL. Direct3D is part of Microsoft’s DirectX technology, which is a set of programming interfaces controlled by Microsoft and mainly used on the Windows platform. OpenGL is widely used on many platforms because of its openness and free.

Webgl is rooted in OpenGL, but it is actually derived from a special version of OpenGL, OpenGL ES.

OpenGL is the underlying driver-level graphics interface (which is directly related to the graphics card) similar to DirectX. But this kind of low-level OpenGL is beyond the reach of JavaScript that parasitized the browser. But in order to make the Web more graphics powerful, WebGL was introduced in 2010.

WebGL and browser fingerprints

Webgl has a similar relationship to the browser fingerprint as Canvas. Webgl is also a way to track browser fingerprints. Webgl surveys your device through images displayed by the browser.

WebGL vs Canvas

There is a conceptual difference

Canvas element is an HTML element, introduced in ITS HTML5. This allows its users to use JavaScript to draw on the screen and, therefore, dynamically generate graphics and animations on the client-side. You can think of it as a carrier, simply a blank sheet of paper.

In canvas, once the graph has been drawn, it doesn’t continue to get attention from the browser. If its position changes, the entire scene also needs to be redrawn, including any objects that may have been covered by the graph.

Canvas uses JavaScript to draw 2D graphics. Canvas is rendered pixel by pixel.

Canvas is a feature provided by HTML5, and Canvas 2D is equivalent to acquiring the built-in 2D graphic interface, namely 2D brush. Canvas 3D is a graphical interface based on WebGL, which is equivalent to a 3D brush. You can choose different brushes to paint on it.

WebGL is a non-standardized API and a 3D drawing protocol. Simply put, WebGL is a canvas-based rendering framework that can draw 2D and 3D images on Canvas. Allows you to use JavaScript for OpenGL functionality. 3D can be rendered using a browser.

Browser applicability differences

Canvas supports fewer browsers than WebGL.

Canvas is supported by Microsoft Edge, Chrome, IE, Safari, Konqueror, Opera, and Mozilla. WebGL, however, supports more types of browsers. In addition to the above browsers that support Canvas running, many mobile browsers also support WebGL running. For example, BlackBerry 10, Playbox, IE, Firefox Mobile, Firefox OS, Chrome, Maemo, Meego, MS Edge, Opera Mobile, Ubuntu, WebOS, iOS.

The same point

Both Canvas and WebGL can be used to identify browser fingerprints. By hashing the image data, a computer program can recognize subtle differences in the results rendered by different hardware devices.

However, if the user’s device, operating system, and browser are all the same, the calculated fingerprint will be the same. Therefore, it needs to be combined with other browser fingerprints to further compute a more differentiated fingerprint identifier.

How can browser fingerprints hurt you? It tells the Internet who you are. You think that no one knows what you do on the Internet, that everything is gone. Browser fingerprints have already given you away.

To prevent Canvas and WebGL fingerprints, I think you need ClonBrowser!

ClonBrowser is an excellent virtual privacy browser. It gives you control over your own parameters. These include UserAgent, HTTP Headers, Plugins, MymeTypes, WebGL, and Geopositio. Make your fingerprints completely independent with these Settings. Also, if a website tries to capture your fingerprint, ClonBrowser will use the mask fingerprint to prevent that from happening. You can trust it when it comes to preventing fingerprints from being taken!

In addition, ClonBrowser allows you to create and share countless configuration files, making multi-account management less of a hassle for you! Want that efficiency and safety? Start your free trial now!

Javascript | Browser fingerprinting technique

10/17/2021/in All Articles, Browser Basics /by Jolian

What is a fingerprint?

Fingerprint, or fingerprint recognition, is identified using the texture on the front of the finger. Fingerprints are a reliable way of identifying people because the texture arrangement on each finger varies from person to person and does not change with development or age. On the Internet, it becomes a string that uniquely identifies the current browser.

As soon as you pass, you leave a trail. The same goes for our online lives. As long as you visit certain websites, you are sure to leave a trail, even if you have been “smart” enough to browse without a trace.

That’s because most sites embed tracking codes in their pages to retrieve user data, such as user accounts and browser and computer configuration information.

For website platforms, big data analysis is a must, only in this way can we better seize the market and survive. And the user’s data to them is the most valuable and most direct data. Without an embedded tracking feature, there is no way to get first-hand data, and no way to recommend personalized services.

What information does a fingerprint contain?

A browser fingerprint is a combination of many browser characteristics, including but not limited to:

User agent string for each browser
HTTP ACCEPT header sent by the browser
Screen resolution and color depth
System Settings
The browser plug-ins installed, and the versions of those plug-ins
Fonts installed on your computer
Whether the browser executes JavaScript scripts
Can browsers plant cookies and “super cookies”
The hash of the image generated by the Canvas fingerprint
Hash generated by WebGL fingerprint
Is the browser set to “Do Not Track”?
System platforms (e.g. Win32, Linux x86)
System languages (e.g. Cn, en-us)
Whether the browser supports touch screen

Browser fingerprints and Javascript

Every browser’s fingerprint is unique, so browser fingerprint tracking is something every website has to do. Fingerprint tracking is the use of some means to obtain the user’s fingerprint information.

Methods for obtaining browser fingerprints include HTTP, FLASH, and Javascript. Through the HTTP request information submitted by the user, the characteristics of the browser can be obtained, including the browser type version (userAgent) and the accepted type of information (http_accept). Through the embedded Javascript code in the page, the user’s plug-in information can be obtained when the user executes ( Plugins) display Settings (vdeo), timezone information such as fingerprint (timezone), cookie receive Settings. At the same time, you can use FLASH to get the user’s installed fonts.

The fingerprint of the current browser can be obtained through Javascript. Screen size, color depth, browser plug-ins, time zone, language, system font, platform, and touch support are detected through JavaScript.

With Javascript, you can collect a lot of data about the user’s browser and device. When stitched together, they display a unique combination of information that forms each user’s own “digital fingerprint.”

It is calculated by the following parameters:

User_agent: Including the browser version
Language: Current language of the browser setting
Color_depth: Screen color depth
Device_memory: Whether device memory debugging is supported (presumably for mobile testing)
Pixel_ratio: Whether pixel ratio adjustment is supported
Hardware_concurrency: Whether hardware concurrency is supported
Resolution:Screen resolution
Available_resolution:Available screen resolution
Timezone_offset:Time difference between the Greenwich Mean Time and the local time, expressed in minutes
Session_storage:Whether session_storage is supported, which is a standard feature of HTML5
Local_storage:Whether local_storage is supported, which is a standard feature of HTML5
Indexed_db:Whether browser-side databases is supported, which is one of the new html5 features
Navigator_platform:Specifies the operating system platform, for example, Win32
Do_not_track:Privacy Settings, whether users allow websites to track their preferences
Regular_plugins:installed plugins (e.g. installed PDF plugins)
Canvas: Draw a rectangle using the Canvas API and convert it to a Base64 string
Webgl:WEB 3D drawing protocol. Information that aggregates support for WebGL
Webgl_vendor:Indicates the webGL provider and graphics card
Adblock:Whether to support AD blocking
Has_lied_languages:Indicates whether the browser language is the first language
Has_lied_resolution:Resolution comparison screen.width < screen.availWidth
Has_lied_os:Determines whether the system platform is true and reliable (lied)
Has_lied_browser:Check whether the browser checks for authenticity
Touch_support:Whether touch is supported
Js_fonts:checks for font support

What is a JavaScript

JavaScript (” JS “for short) is a function-first, lightweight, interpreted, or just-in-time compiled programming language. Although it is best known as a scripting language for developing Web pages.

JavaScript was born in 1995 on the Netscape Navigator browser. It was created by Brendan Eich of Netscape. Because Brendan Eich’s company was working with Sun, it got the name JavaScript. But in fact, its syntactic style is closer to Self and Scheme. The standard for JavaScript is ECMAScript.

Main functions:

Embed dynamic text in HTML pages.
Respond to browser events.
Read and write HTML elements.
Validate data before it is submitted to the server.
Check the browser information of the visitor. Control cookies, including creation and modification.
Server-side programming based on Node.js technology.

What are the fingerprint tracking technologies

1) Cookie (first generation)

The first generation of fingerprint tracking was cookie, a tracking technology that servers set flags on clients. Evercookie is an enhanced version of cookie. Cookies are currently the most commonly used method on web pages. This is done primarily through small pieces of data placed by web servers in the user’s browser.

To put it simply, when we click on a website we have never visited, the website randomly plants a cookie file on our computer that is unique to the same user. And the next time we visit the site, the site will identify you through the cookie. This explains why, at the beginning of our article, even if you start “Non-trace mode,” it’s not really traceless.

2) Device fingerprint technology (second generation)

The second generation of fingerprint tracking is to find the device behind the IP. Obtain a series of information such as operating system, resolution, pixel ratio, and so on through JS, transmit it to background calculation, and then merge the device.

Uniqueness can be guaranteed, but accuracy is difficult to guarantee completely. The main reason is in browser fingerprinting. After the browser, canvas fingerprint and browser plug-in fingerprint, which are important in the second generation technology, have changed, making it difficult to merge browser fingerprint on the same device.

Because the device has the same fingerprint, there is a high probability that it is the same device; However, devices with different fingerprints may not be the same device.

3) Beacons (Internet bugs)

Network beacons are often used in DEM. They are usually extremely small images (the size of a single pixel) and can also be embedded in a page with names like “tag”, “metag tag”, “trac error”, “piex.gif “, etc., without being noticed by the average person.

Beacons are hidden in web pages and can be hidden in emails. When we open a web page and start loading, they download it as an image and send a message to the image’s remote server. The server script tells your company when and where someone opened one of their web pages. The same goes for emails.

Testing browser fingerprints

There are various tools available to test your browser identity. You can use “Am I Unique”, “PANOPTICLICK”, or “Unique Machine” to test the identity of your device.

Anti-fingerprint browser

ClonBrowser protects your privacy, solves your fingerprint problem, and adds security to your online life! ClonBrowser deals with browser fingerprints in a clever way, by putting a mask on you and making the fingerprint read by a website look like a “mask fingerprint” that is different from your real fingerprint. In this way, any attempt to gain access to your private information can be effectively blocked.

In addition, ClonBrowser has many amazing features, such as the ability to manage multiple accounts and run multiple stores!

Learn about it now!

Browser fingerprint and Anti-fingerprint Browsers

09/09/2021/in All Articles, Browser Basics /by Jolian

What is a browser fingerprint?

Nowadays, we can’t live without the network, but users’ browsing behavior will leave your fingerprints on the network, which may pose a threat to your privacy, so we need to pay attention to the browser fingerprints.

What is a fingerprint?

When the word “fingerprint” is mentioned, what everyone thinks about is the specific “authentication code” that we have on our fingers. We all know that everyone’s fingerprints are not the same, even each of our fingers, so fingerprints can be used to identify individuals. It represents us and carries a lot of information.

The fingerprint we are talking about here is the Internet domain vocabulary. This vocabulary explains its function vividly.

The Internet is a big abstract world. When a website needs to know the characteristics of users such as types and preferences, it can obtain the characteristics of users through technology when it cannot meet them, and then deduce the orientation of users according to the characteristics. The results, calculated from the information obtained through technology, are the fingerprints each user leaves on the Internet.

What information does the browser fingerprint contain?

Fingerprints contain a lot of information to identify individual users, such as:

User-Agent: Referred to as UA. It enables a server to identify the customer’s operating system, CPU type, browser version, browser rendering engine, browser language, and so on, allowing websites to provide different page services to different systems and browsers according to the results of identification.
The plug-in, font, and emoticon: The Internet uses a fingerprint to tell it what kind of plugins a user has downloaded. It also gives a chance to see what language and font they’re using, if the browser has a Flash or Java plugin installed.
Screen resolution and graphics card model: Screen resolution is a setting that determines how much information is displayed on a computer screen, measured by horizontal and vertical pixels. The Internet needs to know the screen resolution of a user’s device in order to provide different levels of service to different devices.
Other information: The user’s time zone, geographic location, and HTTP ACCEPT information is also exposed to the Internet along with the fingerprint.

what does anti-fingerprint mean?

Before we talk about reverse fingerprints, let’s correct a misconception first.

Because fingerprints hide a lot of users’ personal information, many people think that fingerprints only bring us a privacy crisis. However, this is a wrong idea under the influence of crisis awareness, because fingerprints sometimes bring benefits to users.

For example, sometimes it prevents financial fraud.

Internet banking is becoming more and more popular nowadays, almost everyone has an online bank account. If your login information (account and password information) is stolen by criminals, when they login to your account, the bank will be alerted and ask the person who logged in to the account to verify the information because the geographical location and device information does not correspond to the fingerprint information you left in the bank.

This way, your account can’t be accessed by others, and you can receive a warning message in the first place.

In addition, there are some convenient life services that can be provided to you through fingerprint screening, so as to enrich your life.

However, everything has two sides. The presence of browser fingerprints does bring some harm to users.

Browser fingerprints and cookies

The convenience of the Internet makes it more and more integrated into society, becoming an inseparable part of life. Cookies were originally created to improve the user experience.

A cookie is a simple text file stored in a client that records a user’s personal information. This file is associated with a specific Web document and is used to store information when the user’s device accesses the Web document.

When these people use the device to access the Web document again, the information stored is available for the user. It avoids the trouble of typing again, which improves browsing speed and user experience.

However, cookies hold users’ personal information, so the malicious application of cookies also comes into being, because that information may bring value to some people.

For example, some advertisers will use cookies to track and read your needs and user information. When you browse the service website, you may suddenly receive relevant advertising information from a third party.

Here’s another example, after using the browser to browse a product, the next time you will receive a lot of various advertisements of the same kind of goods when use this computer to surf the Internet again…

After being annoyed, some computer users try to find cookies and delete the data to protect their personal information, others simply disable cookies in their browsers, or even use other plug-ins to block tracking.

When advertisers realized that cookies were being understood and mastered by most people, they turned their attention to browser fingerprints.

Why need anti-fingerprints?

The fingerprint is more subtle and harder to detect than Cookies, and the information produced is more accurate. Cookies need to store information in the browser, so they can be found by the user, and also can be cleared by the user.

Browser Fingerprints don’t save anything on the client, so they can’t be detected and can’t be erased (you can’t even tell if a browser fingerprint is being collected when you visit a site).

Each person’s browser has a very unique fingerprint. When you first visit a website, the website records your browser fingerprint on the server-side, and it also records your behavior on the site. The next time you visit, the webserver reads the browser fingerprint again and compares it to the stored fingerprint to know if you have been there before and what you did during your last visit.

Fingerprints are hard to hide. Some sites use fingerprint tracking to detect multiple user accounts because fingerprints are unique. So it can be used to infer whether two accounts belong to the same user or not, even if the accounts are different.
The method of obtaining fingerprints can be even more dangerous. Fingerprint information can also be obtained through typical ways, such as Trojan horse implantation, virus software, etc.

Anti-fingerprint browsers

Check the browser fingerprint

To protect people’s fingerprints, the Electronic Frontier Foundation, a nonprofit international legal organization founded in 1990 to defend people’s rights on the Internet, created Panopticlick, a site dedicated to testing browser fingerprints.

Panopticlick is designed to make users more alert to fingerprint threats.

It will check the user’s browser and related plug-ins, and audit the fingerprint of the browser. It will assess the existing safeguards and fill in the gaps to create a secure browsing environment for you.

At the end of 2005, the latest version of Panopticlick also added an AD whitelist to allow ads that meet the format standards to pass through, making the experience more advanced.

MultiLogin

Multilogin is an anti-fingerprint browser with many users in the current market.

It mainly has the function of controlling the browser fingerprint and can carry out team cooperation and assign permissions to employees. Business cooperation can also be built to achieve cooperation between different teams.

However, it may be impossible to log in during the use, because there are too many users. And the price is expensive.

Kameleo

Kameleo stores information on the user’s computer, which allows you to customize the profile and share it with the team. It’s cheaper than Multilogin, but the pages are relatively simple.

ClonBrowser

ClonBrowser is a fast-rising privacy browser that can manage thousands of computers simultaneously in the browser. It creates a completely separate virtual browsing environment for each profile. The fingerprint information of users is completely protected. The cookies, local files, and caches are completely isolated and will not be exposed.

The share and transfer capabilities of ClonBrowser make your team’s business process easier. At the same time, the browser also provides you with the most complete setup service. You can easily configure user agents, plug-ins, HTTP headers, geographic location, and other parameters to make each of your sessions fast and efficient.

Everything You Can Know About Browser Fingerprints

08/11/2021/in All Articles, Browser Basics /by Jolian

What is a Browser Fingerprint?

Browser fingerprinting is a method of tracking the web browser through the configuration and setting information that the browser can see on the website.

Browser fingerprints are like fingerprints on our hands, with individual recognition.

Formally because of the folds of the human skin, a unique human fingerprint is formed that is different for everyone.

The same is true for the browser fingerprint. Obtain the recognizable information of the browser and perform some calculations to get a value. Then this value is the browser fingerprint.

Recognizable information includes language, time zone, user agent, geographic location, etc. The information you select determines the accuracy of the browser fingerprint.

Obtaining fingerprints has no real meaning for the website, and more importantly, the user information corresponding to the fingerprints.

As a website, collecting user browser fingerprints and recording user operations is a valuable behavior, especially for scenarios where there is no user identity.

For example, on a content distribution website, user A likes to browse military content, and the browser fingerprint can record this interest. Then the user can push military information to user The next time without logging in to the website.

At the moment when personal PCs are so popular, this is also a way of content distribution.

For users, establishing a connection between personal surfing behavior and browser fingerprints more or less infringes on user privacy.

Fortunately, this method has limited infringement on users’ privacy, and abusive user behavior will also overdraft the user’s favor on the site.

The development of browser fingerprinting

First generation: stateful

The main focus is on the user’s cookie, which requires the user to log in to obtain effective information.

Second generation: browser fingerprint

Make users more distinguishable by continuously increasing the feature value of the browser.

For example UA, a browser plug-in, Canvas, AudioContext information, etc.

Third generation: user behavior big data

By collecting user behaviors and habits to build feature values and even models for users, real tracking technology can be realized. This part of the current implementation is relatively complicated and is still being explored.

How to get the browser fingerprint

Get browser fingerprint from HTTP

Entropy is the average amount of information contained in each message received. The higher the entropy, the more information can be transmitted, and the lower the entropy, the less information is transmitted.

Browser fingerprints are synthesized from the feature information of many browsers, and the information entropy of feature values is also different.

You can check your browser fingerprint ID and basic information here.

Browser fingerprints can also be simply divided into ordinary fingerprints and advanced fingerprints.

Ordinary fingerprints can be understood as parts that are easy to find and easy to modify.

For example, HTTP header

{

“headers”: {

“Accept”: “text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9”,

“Accept-Encoding”: “gzip, deflate, br”,

“Accept-Language”: “zh-CN,zh;q=0.9”,

“Host”: “httpbin.org“,

“Sec-Ch-Ua”: “\” Not A;Brand\”;v=\”99\”, \”Chromium\”;v=\”90\””,

“Sec-Ch-Ua-Mobile”: “?0”,

“Sec-Fetch-Dest”: “document”,

“Sec-Fetch-Mode”: “navigate”,

“Sec-Fetch-Site”: “none”,

“Sec-Fetch-User”: “?1”,

“Upgrade-Insecure-Requests”: “1”,

“User-Agent”: “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36”,

“X-Amzn-Trace-Id”: “Root=1-6103c0a2-2deb3a391be2e99a38b1f813”

}

}

Use the tool to query.

In the above, we can see the browser’s Accept-Language and User-Agent, through which the language information of the browser can be obtained.

This HTTP header entity information may be generated by your current operating system language or the language information set by the browser.

This header is not necessarily accurate. Some websites will ignore this header and use ip to determine the language of the user’s region.

User-Agent contains information about the browser and operating system.

For example, I am currently using MacOS and I am using version 77 of Chrome.

If the UA is deliberately faked in the header, the webpage can also get the real UA through navigator.userAgent.

Other basic information, such as IP, physical address, geographic location, etc. can also be obtained.

Use the tool to query.

Other ways to get browser fingerprints

In addition to fingerprints obtained from HTTP, browser characteristic information can also be obtained in other ways.

1. User-agent string for each browser

2. HTTP ACCEPT header sent by the browser

3. Screen resolution and color depth

4. System setting time zone

5. Browser extensions/plugins installed in the browser

For example, Quicktime, Flash, Java or Acrobat, and the versions of these plug-ins

6. Fonts installed on the computer, font fingerprint technology

7. Whether the browser executes JavaScript scripts

8. Browser cookie

9. Hash of the image generated by Canvas fingerprint

10. Hash of the image generated by the WebGL fingerprint

11. Whether the browser is set to “Do Not Track”

12. the system platform

For example Win32, Linux x86

13. System language

For example, cn,en-US

14. Does the browser support touch screen

15. Hardware concurrency

16. TLS/SSL

After getting these values, you can perform some calculations to get the specific information entropy of the browser fingerprint and the UUID of the browser.

The integrated fingerprint information can greatly reduce the collision rate and improve the accuracy of the client UUID.

Fingerprints also have rank. Some feature values with larger information entropy will have larger ranks.

The information described by ordinary fingerprints is still not unique enough, after all, there are still very many people using MacOS in the United States.

Advanced fingerprints can further narrow this range, and can almost directly determine a unique browser identity.

Types of browser fingerprints

Canvas fingerprint

Canvas is a dynamic drawing tag in HTML5, and it can also be used to generate pictures or process pictures.

The same HTMLCanvasElement element drawing operation, on different operating systems and different browsers, the content of the pictures produced is not exactly the same.

In terms of image format, different browsers use different graphics processing engines, different image export options, and different default compression levels.

At the pixel level, the operating systems each use different settings and algorithms for anti-aliasing and sub-pixel rendering operations.

Even with the same drawing operation, the CRC check of the generated picture data is different.

Canvas has been supported by almost all major browsers and can be accessed through most PCs, tablets, and smart phones.

Use the tool to query.

WebGL fingerprint

The WebGL object (canvas.getContext(“WebGL”)) can be obtained through the HTMLCanvasElement element, and the user’s hardware information can be obtained through this object.

Graphics card name, Graphics card model, Graphics card manufacturer, etc.

For example: ANGLE (NVIDIA GeForce GTX 1050 Ti Direct3D11 vs_5_0 ps_5_0), Google Inc.

Since the hardware is generally not replaced at will, some computers have not been replaced when they are scrapped.

There are also many types of computer hardware. Although the collision rate is very large, it can still be used as part of the user’s fingerprint.

The more information collected from a user, the more it can represent the user’s unique fingerprint, which cannot be ignored.

Use the tool to query.

AudioContex fingerprint

The Audio API provided by HTML5 for JavaScript programming allows developers to directly manipulate the original audio stream data in the code.

Be randomly generated, processing, recycling, such as raising the tone, pitch change, audio division, and even can be called Web version of Adobe Audition.

AudioContext fingerprint principle is as follows:

Method 1: Generate an audio information stream (triangular wave), perform FFT transformation on it, and calculate the SHA value as a fingerprint.

Method 2: generating an audio stream (sine wave), the dynamic compression processing, MD5 value is calculated.

Both methods are cleared before the audio output to the audio device, the user simply unaware it was acquired fingerprint.

AudioContext fingerprint basic principles:

The subtle differences in the hardware or software of the host or browser cause differences in the processing of audio signals.

The same type of the browser on the same device produces the same audio output.

Different machines or different browsers generate audio output will be different.

It can be seen from the above that AudioContext and Canvas fingerprint principles are very similar.

Both use the difference in hardware or software. The former generates audio, the latter generates pictures, and then calculates different hash values as identification.

Use the tool to query.

WebRTC fingerprint

WebRTC (Web Real-Time Communication) is the ability for the browser to have real-time audio and video communication.

It provides three main APIs to allow JS to obtain and exchange audio and video data in real-time, MediaStream, RTCPeerConnection, and RTCDataChannel.

Of course, if you want to use WebRTC to obtain communication capabilities, the user’s real IP must be exposed (NAT penetration), so RTCPeerConnection provides such an API.

You can get the user’s IP address directly by using JS.

Cross-browser fingerprint

The browser fingerprints mentioned above are all obtained from the same browser.

However, many feature values are unstable. For example, UA and canvas fingerprints will be completely different when opened in different browsers on the same device.

The same set of browser fingerprint algorithms is not available on different browsers.

Cross-browser fingerprinting is a stable browser feature that can obtain the same or similar value even on different browsers.

How to protect the browser fingerprint

If you do not have enough professional knowledge or change browser information very frequently, almost 100% of your browser fingerprints will be leaked. Of course, this is not necessarily a bad thing.

The leaked privacy is very one-sided, and it can only be said that it has leaked part of the user’s behavior when browsing the web.

Insufficient value, user behavior does not correspond to actual accounts or specific people, and the value generated is limited.

Beneficial use, use browser fingerprinting can produce user isolation part black, part to prevent brush votes or malicious behavior.

But even so, browser fingerprints have some preventive measures.

Do Not Track

In the HTTP header, you can declare such a flag “DNT” means “Do Not Track”, if the value is 1, it means not to track my webpage behavior, and 0 means it can be tracked.

Even if there is no cookie, you can tell the server that I don’t want to be tracked and don’t record my behavior through this flag.

The bad news is that most websites currently do not abide by this agreement and completely ignore the “Do Not Track” signal.

ClonBrowser

Through the above-mentioned understanding of browser fingerprints, it is not difficult to find that the more features your browser has, the easier it is to be traced.

On the contrary, if you want to deliberately hide certain browser features or make magic changes, then congratulations, your browser may have a unique browser fingerprint, and you don’t need to deliberately calculate it, you can directly communicate with other people distinguish.

Therefore, an effective method is to popularize the feature values as much as possible.

For example, the most widely available combination on the market is Window 10 + Chrome.

Then you change the UA to this combination is an effective method, and at the same time try to avoid the website from acquiring feature values with very high information entropy, such as canvas fingerprints.

ClonBrowser browsers do a lot of work on this to prevent them from being used to track ClonBrowser users.

In response to Panopticlick and other fingerprinting experiments, the ClonBrowser browser now includes some patches.

To prevent font fingerprints, by restricting the fonts that can be used by the website and Canvas fingerprints, it is prevented by detecting the reading of HTML5 Canvas objects and requiring user approval.

For example, the code for obtaining Canvas fingerprints above, in ClonBrowser, you can choose to close, noise, block and other settings to adapt to your business scenarios.

In summary, these measures make the ClonBrowser browser a powerful defense tool against fingerprints to protect your privacy.

Canvas Fingerprint Knowledge, Leak, Block and Change

08/05/2021/in All Articles, Browser Basics /by Jolian

There are many ways to track visitor information on the Internet, such as the more traditional cookie technology. Nowadays, the most widely used technology is Canvas Fingerprint. Many websites and tracking software are using Canvas Fingerprint.

What is a canvas fingerprint?

Canvas fingerprinting is a technique for tracking visitor information. The browser will use a variety of image processing engines, export options and compression levels. Therefore, the graphics drawn by different browsers are also different. These graphics are specific fingerprints for the user’s device, which can be used to distinguish and identify different users. Users don’t often change hardware devices in their daily lives. Canvas fingerprints can well identify the user’s browser. However, canvas fingerprints also have some problems. When the user’s hardware devices and browsers are exactly the same, the canvas fingerprints are also very easy to be the same. At this time, some auxiliary verification information is needed.

What factors can support canvas fingerprinting improvements:

UserAgent
Language
ColorDepth
height screen.width
SessionStorage
LocalStorage
IndexedDB
OpenDataBase
CupClass
Platform
DoNotTrack

Use of Canvas Fingerprint

Online advertising companies need to track user behavior so as to understand each user’s browsing preferences and establish user interest tags.

The all-around tracking information makes it easy for advertisers to understand the consumer preferences of users, so that they can recommend more suitable advertisements according to different users, making it easier to close the deal.

This is a good thing as well as a bad thing. When users enjoy more accurate recommendations, they also lose most of the right to choose freely.

The development status of canvas fingerprints

Today, canvas fingerprints have become the most important visitor tracking technology. HTML5 canvas technology can not only process pictures but also monitor the user’s keyboard, mouse, touchpad and other input events. The HTML5 canvas technology has been supported by most mainstream browsers, and it is difficult to stop. As long as the Internet is accessed through the browser, all behaviors will be tracked.

How to prevent canvas fingerprints from leaking

How to change the canvas fingerprint

Canvas fingerprints can be forged and tampered with. By intercepting the JavaScript function, the return result of the function is modified, and the returned fixed data becomes unfixed data. Canvas fingerprints are mainly obtained through JavaScript. If the important functions of JavaScript can be controlled, the forgery and tampering of canvas fingerprints can be realized.

Canvas fingerprint Defender

Canvas fingerprint defender is a browser plug-in, applicable to Chrome and Firefox, which can change canvas fingerprint by adding noise in the browser. Canvas fingerprint defender will not completely block the canvas element of the browser. Blocking the canvas completely will cause some website functionality loss.

After installing Canvas fingerprint defender, it will do the following:

var inject = function (){

const toBlob = HTMLCanvasElement.prototype.toBlob;

const toDataURL = HTMLCanvasElement.prototype.toDataURL;

const getImageData = CanvasRenderingContext2D.prototype.getImageData;

// var noisify = function (canvas, context) { const shift = { ‘r’: Math.floor(Math.random() * 10) – 5, ‘g’: Math.floor(Math.random() * 10) – 5, ‘b’: Math.floor(Math.random() * 10) – 5, ‘a’: Math.floor(Math.random() * 10) – 5 };

// const width = canvas.width, height = canvas.height; const imageData = getImageData.apply(context, [0, 0, width, height]); for (let i = 0; i < height; i++) { for (let j = 0; j < width; j++) { const n = ((i * (width * 4)) + (j * 4)); imageData.data[n + 0] = imageData.data[n + 0] + shift.r; imageData.data[n + 1] = imageData.data[n + 1] + shift.g; imageData.data[n + 2] = imageData.data[n + 2] + shift.b; imageData.data[n + 3] = imageData.data[n + 3] + shift.a; } }

// window.top.postMessage(“canvas-fingerprint-defender-alert”, ‘*’); context.putImageData(imageData, 0, 0); };

// Object.defineProperty(HTMLCanvasElement.prototype, “toBlob”, { “value”: function () { noisify(this, this.getContext(“2d”)); return toBlob.apply(this, arguments); } });

// Object.defineProperty(HTMLCanvasElement.prototype, “toDataURL”, { “value”: function () { noisify(this, this.getContext(“2d”)); return toDataURL.apply(this, arguments); } });

// Object.defineProperty(CanvasRenderingContext2D.prototype, “getImageData”, { “value”: function () { noisify(this.canvas, this); return getImageData.apply(this, arguments); } });

// document.documentElement.dataset.cbscriptallow = true;};

The three functions toBlob, toDataURL, and getImageData are redefined in the code. When the canvas drawing pattern calls these three functions through JavaScript, it will be interfered with randomly generated data, so that the canvas fingerprint is no longer unique.

How to block canvas fingerprints

Use Clonbrowser. Clonbrowser is a virtual browser that realizes the complete independence of canvas fingerprints by setting UserAgent, HTTP headers, Plugins, MymeTypes, WebGL and Geopositio and other parameters. Although the canvas fingerprint is not completely shielded, it allows you to have one or more separate browser environments, and it is very safe.

Use Adblock Plus. Adblock Plus is a browser plug-in that can block advertisements and pop-up windows, as well as prevent the enablement of canvas fingerprint scripts.

But Adblock Plus is best used with the EasyPrivacy list.

Disable JavaScript. Canvas fingerprints are obtained through JavaScript, and cannot be formed without JavaScript canvas fingerprints. However, most websites rely on JavaScript to load important content. If JavaScript is disabled, you will not be able to access the website normally.

Use Tor Browser. Tor Browser can help you effectively block canvas fingerprints through a complex proxy and encryption technology.

Summarize

The development of HTML5 is ever-changing, and canvas fingerprint technology is widely used because of its convenient and easy-to-use characteristics. For industries such as e-commerce and social media, canvas fingerprints have indeed brought a lot of convenience to users. But at the same time, the security of personal information has also become a problem. As people’s awareness of safety increases, more and more solutions are proposed. I believe there will be more balanced security solutions in the future.

What are cookies on a website

07/19/2021/in All Articles, Browser Basics /by Jolian

The definition of cookie, what is cookie

Cookie is a plain text file saved in the client, used to record the status of the user’s access to the server. When a user uses a browser on a computer to access a web page, the server will record the user’s current state value, and generate a certificate to the browser, which is recorded in the local computer.

This certificate is a cookie.

Cookies have a validity period. During the validity period of the cookie, when the user visits the same server again, the browser will send the cookie to the server. The server will identify the cookie to determine the user’s identity, and then provide the user with the corresponding resources and content.

The birth of cookies

With the development of the Internet, people are no longer satisfied with basic web services and have greater demands for the convenience and ease of use of web services. At the same time, it is hoped that the server can record the activity status of different users, even in complex Internet interactions, Can also accurately provide users with resources and content.

As we all know, the transmission of Internet information relies on the HTTP protocol, but the HTTP protocol is stateless. The server cannot determine the user’s identity through the http protocol, nor can it record the user’s status, which causes the user to be unable to obtain the previous information each time they visit. If you want to continue the previous information, you must retransmit it, which is very troublesome and inefficient.

For example, You have carefully selected 10 items on Amazon and put them into the shopping cart. At this time, you accidentally closed Amazon. When you open Amazon again, you definitely hope that the 10 items are still in the shopping cart.

The HTTP protocol cannot help you. But cookies can.

When the demand for dynamic interaction between the client and the server is increasing, technical means to save the state of web services have emerged. The most familiar one is the cookie, and there is another technology called session.

Cookie attributes

A cookie is composed of several attributes, and they respectively record some information, such as the effective time, which domain name is sent to, which path is stored in, and so on. Cookie attributes include Name/Value, Expires, Path, Domain, Secure, Httponly.

The attributes are separated by semicolons and spaces. Each attribute can be set If not set, use the default value.

Detailed introduction of cookie attributes:

Name/Value attribute: Set the name of the cookie and the corresponding value, name it with letters and numbers, and cannot use special characters.

Expires attribute: Set the expiration time of the cookie. During this time, the cookie is valid. The browser will clear the cookie after the time expires. The expires attribute must be a time in GMT format. If the expires attribute is not set, the cookie will be cleared immediately after closing the browser.

Path attribute: Set the path where cookies can be accessed on the website, usually set to “/”, which means that all pages on the site can access cookies.

Domain attribute: Set which websites can access cookies, the domain attribute and path attribute are used together to set which URLs can access cookies.

Secure attribute: The cookie can only be sent under the secure protocol. By default, the cookie does not have the secure attribute. Both the HTTP protocol and the HTTPS protocol can access the cookie. After the secure attribute is set, only the HTTPS protocol can access the cookie.

Httponly attribute: Setting cookies cannot be accessed through forms other than the HTTP protocol. Under normal circumstances, the client can read, modify, and delete cookie information through JavaScript code. After setting the Httponly attribute, JavaScript can no longer access the cookie, which helps to protect the cookie. Will not be maliciously stolen and tampered with.

How cookies work

When a user visits a website, the cookie generation will go through the following steps:

Step 1: The client sends a request to the server.

Step 2: After the server receives the client’s request, it will generate a set-cookie head based on the client’s information, and send it back to the client to establish a session.

Step 3: The client receives the information and if it is determined to establish a session, it will store the cookie file on the local hard disk.

Step 4: When the client sends a request to the server again, the browser will look for the corresponding cookie file according to the website domain name, and if found, it will send the cookie content to the server.

Step 5: After the server receives the request containing the cookie, it will generate a page that meets the needs of the client and send it to the client based on the relevant user information stored in the cookie.

The basic operation of cookies

Set cookies on the client

On the client-side, the cookie can be set through JavaScript, and the value of the cookie can be set by executing the code.

E.g: document.cookie=”expires=Thu, 26 Feb 2116 11:50:25 GMT; domain=www.clonbrowser.com; path=/”;

When we check the cookie panel of the browser, we can see that the expires, domain, path, and other attributes have been set successfully.

Note: The client can set attributes including expires, domain, path, secure, but cannot set Httponly attributes.

Set cookies on the server

Through the above, we have learned that when the client sends a request to the server, the server will send a set-cookie, which is used by the server to set the cookie.

Note: The server can set all cookie attributes

Set multiple cookies at the same time

If you want to set the attributes of multiple cookies, you can implement it by repeatedly executing JavaScript code in multiple lines.

Modify cookie

If you want to modify an attribute of the cookie, you only need to modify the attribute value of the cookie, and the new attribute value will overwrite the old attribute value.

Note: When modifying the cookie, the domain and path attributes must be consistent, otherwise a new cookie will be generated.

Delete cookie

If you want to delete the cookie, you need to reset the expires attribute of the cookie and set a time in the past, so that the cookie will naturally become invalid.

Security issues with cookies

Why cookies are not secure

Cookies are stored in the user’s local computer. Personal computers are often less secure and can easily be intercepted and stolen by other hackers.

What are the security risks of cookies

Cookie spoofing

Cookie spoofing is caused by cookie leakage. Cookies are easily discovered and intercepted during network transmission, especially the transmission of HTTP protocol. When hackers get the cookie, they can log in to the corresponding website as a fake user and obtain the user’s privacy information.

cookie injection

Cookie injection is the opposite of cookie spoofing. Cookie injection allows users to log in to cookies that have been tampered with without their knowledge. Cookie injection requires high technical means. Experts can often achieve precise attacks, which are extremely concealed and difficult to be discovered.

Malicious cookie code

The cookie itself is an ordinary text file. If you use a special markup language to embed executable code in the cookie, you may further steal user identity information.

How to protect cookie security

Cookies are stored as plain text files on the computer. In theory, attacking cookies will not cause great harm to the user’s computer. However, there are still many hidden dangers in the leakage of cookies. If it is leaked, the user’s web access information will no longer be safe, private Data can be easily stolen.

It is also essential to protect the safety of cookies. Introduce some methods to make your cookies more secure.

Cookie expiration period becomes shorter

Setting the validity period of the cookie shorter is a simple and effective method, which makes the security of the cookie controllable.

Set Httponly attribute

The Httponly attribute can prevent the cookie from being accessed by JavaScript, which can improve the security of the cookie.

Set the secure attribute

The Secure attribute allows cookies to be accessed only by the HTTPS transmission protocol, which is more secure than the HTTP protocol.

Set complex cookie

Randomly generate the key value of the cookie
Use complex cookie naming
Increase the difficulty of cookie decryption as much as possible, and protect cookie information

Strengthen the security protection of the database

If the database is sufficiently secure, even if a cookie is leaked, the loss caused will be greatly reduced

Use session and cookie at the same time

Session and cookie are both methods used to store user web information. The difference is that the cookie is stored on the client-side and the session is stored on the server. While using the cookie to record the information, it can be verified on the server-side through the session, which can be extra insurance.