The creepjs's discuss from abrahamjuliot

Fingerprint SVGGeometryElement.getTotalLength()

https://developer.mozilla.org/en-US/docs/Web/API/SVGGeometryElement/getTotalLength

<svg width="200" height="200">
  <path id="path" d="M 10 80 C 50 10, 75 10, 95 80 S 150 110, 150 110 S 80 190, 40 140 Z"/>
</svg>

const path = document.getElementById('path')
console.log(path.getTotalLength())

Get headers

https://developers.google.com/apps-script/reference/url-fetch/url-fetch-app
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers

Fingerprint webgl specs lie if paramLie or extLie

compare and match webgl and webgl 2 shared specs

SpreadsheetApp needs to flush

SpreadsheetApp.flush()
https://developers.google.com/apps-script/reference/lock/lock

mobile first layout (grid or flex)

Maths

Should include custom functions

Tie # of unique fingerprints associated with pure fingerprint

Get total number of child fingerprints tied to pure parent fingerprint
If it exceeds a certain amount (say 100), then identify the parent fingerprint as suspcious

Provide links to API resources

place at the bottom of section
use light underline with a color hover style

Fingerprint SVG

concept

https://jsfiddle.net/8m3ptf9u/4/

compute first visit hours ago

First Visit: 7/27/2020, 8:37:55 AM (10 hours ago)

Identify Tor Browser

TB/FF differ in window and nav props in both desktop and Android

Fingerprint HTMLMediaElement.canPlayType and MediaSource.isTypeSupported

Inspiration: https://privacycheck.sec.lrz.de/active/fp_cpt/fp_can_play_type.html

Visitor data: add "bot activity" [trash, lies, errors]

Fingerprint OffscreenCanvas

https://developer.mozilla.org/en-US/docs/Web/API/OffscreenCanvas

Store vistor data in session storage

Read HTMLCanvasElement.toBlob()

CSS todo

Read WorkerGlobalScope.navigator

https://developer.mozilla.org/en-US/docs/Web/API/WorkerGlobalScope/navigator

destructure user agent header

https://developer.mozilla.org/en-US/docs/Web/HTTP/Browser_detection_using_the_user_agent
https://developers.whatismybrowser.com/useragents/explore/software_name/chrome
https://stackoverflow.com/questions/19877924/what-is-the-list-of-possible-values-for-navigator-platform-as-of-today

https://es6console.com/kd8cshue/

const getOS = () => {
  const userAgent = 'Mozilla/5.0 (X11; CrOS armv7l 13099.48.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.64 Safari/537.36'
  const os = (
    // order is important
    /windows phone/ig.test(userAgent) ? 'Windows Phone' :
    /win(dows|16|32|64|95|98|nt)|wow64/ig.test(userAgent) ? 'Windows' :
    /android/ig.test(userAgent) ? 'Android' :
    /cros/ig.test(userAgent) ? 'Chrome OS' :
    /linux/ig.test(userAgent) ? 'Linux' :
    /ipad/ig.test(userAgent) ? 'iPad' :
    /iphone/ig.test(userAgent) ? 'iPhone' :
    /ipod/ig.test(userAgent) ? 'iPod' :
    /ios/ig.test(userAgent) ? 'iOS' :
    /mac/ig.test(userAgent) ? 'Mac' :
    'Other'
  )
  return os
}

console.log(getOS())

Attempt everything (try/catch)

Detect lies on high entropy

capture webgl parameters

https://developer.mozilla.org/en-US/docs/Web/API/WebGLRenderingContext/getParameter

Detect AdBlock filters

Expand math fingerprinting

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math

Include more static methods and properties
Show unique results separate from Chrome V8

tests: https://es6console.com/kcvb8uvr/

Diff Tester:
https://jsfiddle.net/w3cqtsj1/ (consumes memory)

Polyfills:
https://jsfiddle.net/gz48qutr/14/

If a lie is detected, values not tested should be [untrusted]

API lie detection should render other values as [untrusted] to prevent randomization.

Does not apply to:
Maths
Errors

Detect Brave fingerprint farbling

Tracking:
v2 https://github.com/brave/brave-browser/issues/8787
v3 https://github.com/brave/brave-browser/issues/11770

Testing at https://dev-pages.bravesoftware.com

Show unique/uncommon navigator props

create a list of common navigator props
compare each navigator prop present to the common list

Go live on github page

Known Tor Browser matches Firefox

Fingerprint storage settings

webgl2 support

https://developer.mozilla.org/en-US/docs/Web/API/WebGL2RenderingContext

Detect support
If supported, get vendor and renderer
Renderer must be credible
webgl2/webgl vendors and renderers must match - this is currently not the case in Brave Browser and Privacy Possom

const canvas = document.createElement('canvas')
const webgl2 = canvas.getContext('webgl2')

if (webgl2) {
  const debugRendererExtension = webgl2.getExtension('WEBGL_debug_renderer_info')
  const vendor = webgl2.getParameter(debugRendererExtension.UNMASKED_VENDOR_WEBGL)
  const renderer = webgl2.getParameter(debugRendererExtension.UNMASKED_RENDERER_WEBGL)
}

CSS Font Loader

detect session randomization

Store the initial pure and basic fingerprint hashes in session storage
If either mutates, inform the user: session randomization detected

Support custom error messages

optional: define certain known errors

Test errors in multi browsers

new APIs

new UA platform version on Windows
UA Client Hints (flag support)
WebGPU (flag support) https://web.dev/gpu/
WebHID
Sensor API (😵 loose metric)
Temporal (no support)
Media Capabilities (generates excessive invalid warnings in Chrome)

Fingerprint getComputedStyle() keys

https://developer.mozilla.org/en-US/docs/Web/API/Window/getComputedStyle

visitor data loader

Collect audio property values

Place Canvas result in the trash if Firefox and resistFingerprinting

Server communication should occur only via opt-in

if yes, then set session storage opt-in true
if no, then end server communication

Font yields 0 in Android Firefox and Tor Browser

webgl, webgl2, and 2d canvas dataURI should not match

If one matches another, send both to trash.

Fingerprint ImageBitmapRenderingContext

https://developer.mozilla.org/en-US/docs/Web/API/ImageBitmapRenderingContext
https://html.spec.whatwg.org/multipage/canvas.html#imagebitmaprenderingcontext

CSSStyleDeclaration

https://developer.mozilla.org/en-US/docs/Web/API/Window/getComputedStyle

test for breakage by injecting style to the body via inline styles, stylesheet, and style tag
-- results not affected/no breakage:
[1] removed the stylesheet
[2] appended stylesheet (bootstrap cdn)
[3] added style tag with color: blue !important
[4] added inline style with color: blue !important

Fingerprint SVGRect

https://developer.mozilla.org/en-US/docs/Web/API/SVGGraphicsElement/getBBox

<svg viewBox="0 0 200 200" xmlns="http://www.w3.org/2000/svg"> 
    <g id="svgRect">
        <text x="8" y="32" transform="translate(0 20) scale(1.9999)">
            citrus coastline oxygen cultivate tilt hush ensure unrelated astute passivism tried underwear
        </text> 
    </g>  
</svg>

const groupElement = document.getElementById('svgRect')
console.log(groupElement.getBBox())

Server data should delete every 7 days

policy and code should be transparent

Animate

visitor load (flash then step fade in)
initial load (fade in)
trash, lies, errors (wobble or bounce)
no lies, trash, errors (shadow effect)
hover (light green)

Maximize Canvas Entropy via drawImage

const getDateURI = async img => {
  const canvas = document.createElement('canvas')
  const context = canvas.getContext('2d')
  const image = new Image()
  image.crossOrigin = ''
  image.src = img
  return new Promise(resolve => {
  	image.onload = () => {
      context.drawImage(image, 0, 0)
      resolve(canvas.toDataURL())
    }
  })
}
const img = '[high quality img]'
const data = await getDateURI(img)

abrahamjuliot / creepjs Goto Github PK

creepjs's Issues

Recommend Projects

Recommend Topics

Recommend Org