Doesn't work about creepjs HOT 14 CLOSED

I used chrome with Jshelter https://jshelter.org/ which is an anti-fingerprinting extension
I used Recommended preset but set Web Worker API to "Remove" (normally it is set to "Strict")

Looks like the anti-fingerprinting extension has defeated the fingerprinting, sucesss for jshelter

from creepjs.

sometimes more unique and traceable

@abrahamjuliot Can you elaborate on this? If the test can't run in the first place (or even if it were modified to work without WebWorker for example, but leaving JShelter on), would there really be enough bits to uniquely identify most people across the world that way?

More like it identifies it as an unusual JS environment indicating it's likely a modified environment. This usually indicates a bot or an antidetect browser (e.g. you're likely to just get blocked right off the bat by security services like Cloudflare).

from creepjs.

Are you encountering the error on a clean installation of the latest Chrome or Firefox?

from creepjs.

Worker is a standard API and required to run.

from creepjs.

Ah, yes. It's a nice extension. It defeats the test, but a blocked fingerprint is also a fingerprint, and it is sometimes more unique and traceable than had the browser provided all hardware specifications if that were possible.

from creepjs.

Closing for now, but please have no hesitation to re-open if you encounter any issues preventing the test from running.

from creepjs.

sometimes more unique and traceable

@abrahamjuliot Can you elaborate on this? If the test can't run in the first place (or even if it were modified to work without WebWorker for example, but leaving JShelter on), would there really be enough bits to uniquely identify most people across the world that way?

from creepjs.

Yeah, take hardware for example and say blocked hardware is hardware X. How and in what way it is blocked will determine its class A-Z. Given all the different ways of blocking and how uncommon it is to block hardware, hardware XA is a better fingerprint than a valid or unique hardware shared by normal browsers.

from creepjs.

But how is it a better fingerprint if you're not able to gather as much information with things being blocked in JavaScript? Wouldn't that reduce the number of available bits of info down to where it's not unique enough? I get that you say it's uncommon, but if the fingerprinting isn't based on knowing anything about other users' data (unlike say panopticlick maybe), I'm skeptical as to just how unique it can really be. Is there any more evidence on this available?

from creepjs.

But how is it a better fingerprint if you're not able to gather as much information with things being blocked in JavaScript? Wouldn't that reduce the number of available bits of info down to where it's not unique enough? I get that you say it's uncommon, but if the fingerprinting isn't based on knowing anything about other users' data (unlike say panopticlick maybe), I'm skeptical as to just how unique it can really be. Is there any more evidence on this available?

Not supporting a widely supported feature that every modern browser has is inherently weird and therefor makes you stand out. You don't need to quantify bits of information just as you don't need to quantify bits of information to know a flying pig is unique because pigs don't fly.

from creepjs.

You don't need to quantify bits of information

Why not? More than one person uses JShelter, so I think there is more than one flying pig in that sense. I thought that was the whole point of needing at least as many bits that can add up to as many people/devices there are in the world to really be able to call it "unique" when you don't know how many of such users there might be.

from creepjs.

I'm skeptical as to just how unique it can really be. Is there any more evidence on this available?

How unique depends on the site and volume. Below is a visual snapshot of the resistance/engine hash stats on CreepJS. I can't find all variations of JShelter visually, but I can put all the unknowns into one bucket. That is already incredibly unique. If we wanted to, we can map out all possible configurations of JShelter and label them. This helps and simplifies tracing a specific browser/machine.

from creepjs.

How unique depends on the site and volume

Ok, I was under the impression that "unique" meant there is quantifiably no other browser/device on the planet with this same fingerprint (or least you would be 1 in however many bits of info are available), regardless of the site that was visited. Perhaps I should ask for clarification on what your definition of unique is.

And if WebWorker isn't available (as with the default settings for JShelter), or for example if JS was disabled entirely, wouldn't that significantly reduce the number of bits available to where it's not possible to globally and uniquely identify a single browser instance?

from creepjs.

...quantifiably no other browser/device on the planet with this same fingerprint

Web tracing is more confined to limited contexts or a specific set of domains. Quantifying at the planet level is unnecessary.

definition of unique

Rare for a given context. It can be shared with others and still be unique. Identifying individual actors is a different matter, not focused on here.

WebWorker/JS disabled

Blocked entropy is still entropy, but if a significant amount of normal traffic is blocking similarly, it becomes less unique. How unique will vary from domain to domain.

from creepjs.