Nifty Tool for Analyzing Fingerprinting on Website

[morpheus93]

The fingerprinting techniques on the websites we are working with become more and more complex and harder to circumvent nowaydays. So I did a research and found a quite sophisticated tool for analyzing what methods of fingerprinting are used on a specific site (also on what time, page and event), how dangerous they are and on what position of the source code!

I was able on a website where I had massive problems with ZP to post to see exactly what fingerprinting they use and what triggered their anti-bot system (in this case some comples Canvas and WebGL tracking). So I was able to focus on this points to work around.

Attached some screenshots to explain in detail what I mean and how it looks. In my opinion this is a must have addition for one of the next Zenno Releases, especially for the brandnew V7.

 

[VladZen]

And what is this tool? Where to get it?

 

[morpheus93]

sent you a PM

 

[VladZen]

Our developers are working on similar feature. Hope it will be ready quite soon.

 

[morpheus93]

Our developers are working on similar feature. Hope it will be ready quite soon.

Any news on this? Is such a tool/feature already included in the latest version of ZP?

 

[VladZen]

Any news on this? Is such a tool/feature already included in the latest version of ZP?

It's planned, but not ready yet. I hope it will be included into version 7 soon...

 

[morpheus93]

It's planned, but not ready yet. I hope it will be included into version 7 soon...

Any news on this?

 

[aleksa77]

I think in future is good additional option to zenno connect with real browser on PC, on market exist similar solutions, and this developers for sure have less skills then zenno team, and it means, Zenno team can add this feature too, current can stay and chromium custom browser, but real browser can be big feature for advanced websites, and in this case we need mouse simulation- what allready we have and all be fine .

 

[Yann]

Hello @morpheus93, could you share this tool ?
I am also working on a script where the browser fingerprinting is very difficult to work around and it would be really helpful to have more ideas about which techniques are being used.

I am currently trying to do font spoofing, I noticed here that you were also working on this (https://zennolab.com/discussion/threads/zennoposter-7-grandiose-update-beta-testing.64365/page-2#post-503804). Did you find any way to render different system fonts ?
The automatic profile generated by zenno does not manage to fonts and by default my computer's fonts are partially being listed in Javascript which makes it easy to detect the script as a bot.
I started to play with those functions ( https://zennolab.com/discussion/threads/system-fonts.58052/post-427998 ) but the issue is in rendering the fonts.
It is especially problematic for emojis, which is a well known way of detecting platform and mobile manufacturer since they all did their own design (eg with panda : https://emojipedia.org/panda/), full official list here: http://unicode.org/emoji/charts/full-emoji-list.html.

Here are some ressources I found useful and that could maybe help others about browser fingerprinting:

• http://virpo.sk/browser-fingerprinting-hraska-diploma-thesis.pdf
• https://panopticlick.eff.org/static/browser-uniqueness.pdf
• https://hovav.net/ucsd/dist/canvas.pdf
• https://hal.inria.fr/hal-01285470/file/beauty-sp16.pdf
• https://digitalworks.union.edu/cgi/viewcontent.cgi?article=3374&context=theses
• https://medium.com/slido-dev-blog/we-collected-500-000-browser-fingerprints-here-is-what-we-found-82c319464dc9

Here are some tools / projects:

• https://amiunique.org/fp
• https://clientjs.org/ (https://github.com/jackspirou/clientjs)
• https://github.com/Valve/fingerprintjs
• https://www.darkwavetech.com/index.php/device-fingerprint-blog
• http://fp.virpo.sk/

Thank you for your help

 

[Yann]

I also found a free chrome extension: https://chrome.google.com/webstore/detail/dont-fingerprint-me/nhbedikkbkakbjipijipejfojanppbfg

Another interesting tool to check your browser fingerprints: https://www.deviceinfo.me/

 

[treyallover2]

I also found a free chrome extension: https://chrome.google.com/webstore/detail/dont-fingerprint-me/nhbedikkbkakbjipijipejfojanppbfg

Thank you for this!

 

[morpheus93]

I also found a free chrome extension: https://chrome.google.com/webstore/detail/dont-fingerprint-me/nhbedikkbkakbjipijipejfojanppbfg

Another interesting tool to check your browser fingerprints: https://www.deviceinfo.me/

@Yann
Ah you already found the tool (Fingerprint Detector/Switcher). I was just writing you a message with the link... The downside of the tool is that it can only be used together with Browser Automation Studio and not as a standalone tool, afaik...

 

[Yann]

@morpheus93 Yep that's a bit annoying, don't really want to have to use/pay for all that, I wish zenno would have this feature included !

 

[Swiss Montreux]

Hi all,

I have previously worked with a tool called Kameleo (https://kameleo.io) that is precisely for preserving fingerprints or creating completly new at the time of the site visit. It works well but is completely lacking in what ZP offers, they have a v2.0 coming out soon that will allow for everything to be controlled via an API but it still wont deliver a fraction of the ZP functions. If the Zeenolab team are working on the fingerprinting and are some time away from delivery, then would integrating Kameleo as an additional browser been an option? This wont be to everyones liking though as you would need to pay for two services.

Cheers.

 

[morpheus93]

Hi all,

I have previously worked with a tool called Kameleo (https://kameleo.io) that is precisely for preserving fingerprints or creating completly new at the time of the site visit. It works well but is completely lacking in what ZP offers, they have a v2.0 coming out soon that will allow for everything to be controlled via an API but it still wont deliver a fraction of the ZP functions. If the Zeenolab team are working on the fingerprinting and are some time away from delivery, then would integrating Kameleo as an additional browser been an option? This wont be to everyones liking though as you would need to pay for two services.

Cheers.

Yes, I know Kameleo as a quite sophisticated piece of software for generating and emulating fingerprints and related traces and even famous "anti-fraud"-systems can't track it down. But as you said it lacks of automation possibilities and the pricing is just shameless.

Maybe an approach for us, the Zenno users here, could be that the Zenno developers look into it and analyze Kameleo to be able to integrate some of the more advanced anti fingerprinting features (e.g. the complex font emulation, or simulating of specific hardware) into future releases of Zenno Poster...

Generating and re-using genuine browser-/user profiles will become more and more the crossroad that separates successful IM from failure. Zenno with it's automation possibilities combined with genuine and not traceable profiles, just Wow

 

[Swiss Montreux]

Wow indeed and probably the icing on the cake.

 

[Swiss Montreux]

Just to add on to this and not to to hijack the fonts thread you have ongoing, but web fingerprinting is more than just fonts I believe.. eg:-

 

[Yann]

Thank you @Swiss Montreux, here are 2 old russian posts that are still very interesting and worth reading (google translate...) about fingerprinting if you are interested:

1. https://zennolab.com/discussion/threads/anonimnost-v-kazhdyj-zennoposter-ot-useragenta-do-shriftov-chast-1.37703/
2. https://zennolab.com/discussion/threads/anonimnost-v-kazhdyj-zennoposter-ot-useragenta-do-shriftov-chast-2.44575/

 

[Swiss Montreux]

I'll take a look and cheers

 

[morpheus93]

Thank you @Swiss Montreux, here are 2 old russian posts that are still very interesting and worth reading (google translate...) about fingerprinting if you are interested:

1. https://zennolab.com/discussion/threads/anonimnost-v-kazhdyj-zennoposter-ot-useragenta-do-shriftov-chast-1.37703/
2. https://zennolab.com/discussion/threads/anonimnost-v-kazhdyj-zennoposter-ot-useragenta-do-shriftov-chast-2.44575/

Yes, those 2 threads from ibred are amazing, helped me much to get around anti-bot systems already in the past : Is:

 

[aleksa77]

It will be nice update to zenno allow us to change browser or extension, and can upload by choice, like in visual studio and their extensions. And Kameleo, or Selenium or any other can be reproduce

 

[seolover]

Just to add on to this and not to to hijack the fonts thread you have ongoing, but web fingerprinting is more than just fonts I believe.. eg:-

Посмотреть вложение 53389

Hi,

Can you tell me in which software you took this screenshot?

--

Telegram: Contact @seolo80

t.me

 

[morpheus93]

Our developers are working on similar feature. Hope it will be ready quite soon.

@VladZen any news on this? Can we expect alike feature in one of the next releases of ZP?

 

[VladZen]

@VladZen any news on this? Can we expect alike feature in one of the next releases of ZP?

No certain news yet...
Developers have made new canvas emulation recently.
I hope they'll come to fingerprint analyzing tool soon.

 

[PHaRTnONu]

No certain news yet...
Developers have made new canvas emulation recently.
I hope they'll come to fingerprint analyzing tool soon.

i always come back to this hoping for implantation or news.... for years

 

[morpheus93]

i always come back to this hoping for implantation or news.... for years

same too

 

[morpheus93]

Forgot to mention: FPMon is an interesting FP analyzing extension for Chrome I'm using occasionally: https://fpmon.github.io/fingerprinting-monitor/

 

[morpheus93]

As we are waiting for years now hopefully we will finally get a solution for analyzing fingerprints like described in this thread with the upcoming version of ZennoPoster 8!

 

[dzair]

"Ninhidrina" Chrome extension to detect canvas fingerprinting.

GitHub - t-ex-tools/ninhidrina: Canvas fingerprints are generated by websites to track unaware users. Ninhidrina uncovers canvas fingerprints to enhance transparency.

Canvas fingerprints are generated by websites to track unaware users. Ninhidrina uncovers canvas fingerprints to enhance transparency. - t-ex-tools/ninhidrina

github.com