Site will be messed up for a bit as I work on things/break them.
DNL

A List of 20+ Fingerprinting Demos and Tests

Are you leaking potentially identifying information? Use these tools to find out. Many demonstrations are basically forms of entertainment (gimmicks - think of those sites that “locate” you based on your “unprotected” I.P. address).

Some of these are demonstrations of novel POCs. There are ecommerce sites that employ some of the novel techniques here, such as FingerprintJS.

A fair warning: some of these demonstrations will likely use your data. Perhaps for research. Perhaps to improve their corporate offerings. Tor Browser with the slider to the max will prevent many of these demos from working.

My Favorites

TorZillaPrint - arkenfox.github.io

TorZillaPrint (TZP) aims to provide a comprehensive, all-in-one, fingerprinting test suite, nicely broken into suitable sections with relevant information together. Long term, the goal is to collect Gecko only fingerprint data (no PII) for analysis to see how many classifications each metric or section provides.

No-JS fingerprinting - noscriptfingerprint.com, source: github.com/fingerprintjs

A common misconception is that disabling JavaScript can prevent fingerprinting. Since advertisers and bad actors use it for ad targeting and tracking your online activity, it’s a natural (albeit incorrect) assumption that disabling JavaScript will protect you against fingerprinting. In this article, we will demonstrate that fingerprinting can occur even in the absence of JavaScript.

CSS Fingerprint - csstracking.dev, source: github

CSS Fingerprinting is a technique of tracking and gathering information on site visitors. This method exploits the nature of CSS to collect various characteristics about the visitor’s browser and device, which can later be used to either identify or track said visitor.

A picture of CSS fingerprinting demo

CSS fingerprinting demo

CreepJS - abrahamjuliot.github.io

Creepy device and browser fingerprinting

A picture of Linux and TBB smh

Linux and TBB smh

Others

AudioContext Fingerprint - audiofingerprint.openwpm.com

This page tests browser-fingerprinting using the AudioContext and Canvas API. Using the AudioContext API to fingerprint does not collect sound played or recorded by your machine - an AudioContext fingerprint is a property of your machine’s audio stack itself.

Available Fonts - orleika.github.io, source: github

Getting available fonts on browser without flash

Browser Fingerprinting - niespodd.github.io

BrowserLeaks - browserleaks.com

BrowserLeaks is all about browsing privacy and web browser fingerprinting. Here you will find a gallery of web technologies security testing tools that will show you what kind of personal identity data can be leaked, and how to protect yourself from this.

Canvas Test - canvasblocker.kkapsner.de

CSS Exfil Vulnerability Tester - mike-gualtieri.com

This page tests to see if your browser is vulnerable to Cascading Style Sheets (CSS) data leakage.

Device Info - deviceinfo.me

Device Info is a web browser security testing, privacy testing, and troubleshooting tool.

DNS Cookie Demonstration - dnscookie.com

DNS cookies use DNS caches as a side-channel to identify related network flows.

EFF: Cover Your Tracks - coveryourtracks.eff.org

This is an EFF project that allows you to understand how easy it is to identify and track your browser based on how it appears to websites.

Epic Tracker - epictracker.vercel.app

A demo of how can I track you using fingerprinting and some automated lookups and stuff, using modern Javascript APIs

Extension Fingerprints - z0ccc.github.io

Chrome extensions can be detected by fetching their web accessible resources. These are files inside an extension that can be accessed by web pages. The detected extensions can be used to track you through browser fingerprinting.

This website scans over 1000 extensions and shows you the percentage of users that share the same extensions.

Firefox Addon Detector - thehackerblog.com

Tracking 400+ Firefox Addons through chrome:// URI trickery!

Iphey - iphey.com

Mouse Wheel Tracking - jcarlosnorte.com

Nothing Private - nothingprivate.ml

This project is a proof of concept that any website can identify and track you, even if you are using private browsing or incognito mode in your web browser. Many people think that they can hide their identity if they are using private browsing or incognito mode. This project will prove that they are wrong.

PicassAuth - plaperdr.github.io

Canvas fingerprinting

Pixelscan - pixelscan.net

Good, basically a bot check

Privacy Check - privacycheck.sec.lrz.de

This website aims to focus on each fingerprinting technique in detail. It also presents the information and demonstrations in a way that is easy to understand, rather than giving a broad undescribed overview.

“scheme flooding” - schemeflood.com, source: github, article

The vulnerability uses information about installed apps on your computer to assign you a permanent unique identifier even if you switch browsers, use incognito mode, or use a VPN.

SuperCookie - demo.supercookie.me

Supercookie uses favicons to assign a unique identifier to website visitors.

Unlike traditional tracking methods, this ID can be stored almost persistently and cannot be easily cleared by the user.

The tracking method works even in the browser’s incognito mode and is not cleared by flushing the cache, closing the browser or restarting the operating system, using a VPN or installing AdBlockers.

Webgl Fingerprinting - webbrowsertools.com

This page uses different techniques to recognize whether a browser extension is installed to spoof the webgl fingerprint result or not. Sometimes to protect browser identity, a browser extension adds random noise to the canvas image (which is rendered in the GPU) and this noise alters the fingerprint result (hash code). Although the actual identity might be protected, there are still methods to detect whether the webgl result is manipulated or not. For instance, if manipulation is identified, the server may decide to ignore the webgl identity and uses a different approach to identify the browser session.

Zardaxt.py - tcpip.incolumitas.com, github, article

TCP/IP Fingerprinting for VPN and Proxy Detection

14 Comments
It's Called We Engage In A Mild Amount of Tomfoolery
a1453674
35bc9ba0 Thu, Sep 29, 2022

Transferring somesones pgp to my leopatric pgp how do i import his key

d978767e
b0a52510 Fri, Sep 30, 2022

File > import

46b59b31
2f28bff0 Fri, Sep 30, 2022

Yeah fingerprinting can happen without JavaScript but you still better turn that shit off. The fuck?

a0178265
b524d440 Fri, Sep 30, 2022

Yes?

9c958360
eb838df0 Sat, Oct 1, 2022

with javascript turned off site can still tell e.g. how big is your Tor Browser window (it varies depending on the screen resolution)
with javascript turned on it says even more things what OS are you using, which fonts do you have, how fast you type or move cursor and more

06323986
57d99980 Fri, Sep 30, 2022

can fingerprinting happen to vpn + tor usage?

what about Qubes os?

680d9f9e
59a04b80 Sat, Oct 1, 2022

when you use Tor Browser you are protected not only because it hides your real IP address but also because all Tor Browser users have similar fingerprint (when javascript is turned on) and pretty much identical (when javascript is turned off)
Qubes OS with Whonix is very safe, I use Whonix on normal GNU/Linux and really recommend using it

2108939f
4aba9160 Fri, Sep 30, 2022

The internet is honeypot. Live and die young

ddce23b9
a6abed90 Sat, Oct 1, 2022

Did you fix the bug of comments being sent through the clearnet website?

95ca22d7
819aae50 Sat, Oct 1, 2022

They actually go through the .onion now, thanks DNL!

01914325
9a36c390 Sat, Oct 1, 2022

Test

4e29c48c
4f110180 Sat, Oct 1, 2022

why is the site messed up

fcedf659
537e43e0 Tue, Oct 4, 2022

All of these advanced detection methods and they still cant come up with a way to tell if someone is a nigger.

401b2f8b
43e04fe0 Wed, Oct 5, 2022

LOL.

Comment Submitted. Unless flagged for manual review, your comment should show up in about one minute.
If you have a spare dollar or two, please consider sending it to me. My Monero address is below.
48tpMZ6CSvwXozC4BCon98NLaCyE9DvPAdrzqP1XdQeDMLKvCJ5Btuz3AexhxrDGQN3J8HPKAbkfSSeXeQMtrgMA8fksEam (QR Code)

Close

Comment Error. If you filled the fields out correctly, feel free to shoot us an email.

Close