Detailed Guide on Browser Fingerprinting and Anti-Detect Browsers (Random Notes)

Seth Harris

Junior Member
Joined
Sep 14, 2017
Messages
128
Reaction score
57
This is a random notes from my trello which I made during my research on this topic a year ago. Few things might have upgraded since then but this will provide a good summary to all people trying to learn about this topic. Hope you enjoy this thread. :)
  • Websites can track user not just by the ip and cookie and local storage but also by extremely huge amount of parameters.
  • Parameters include: Operating system and its version, chrome version, user-agent, timezone, languages, geolocation, webrtc, architecture, screen size, video card, graphics driver, hardware concurrency, device memory, media devices and fonts
  • Websites can even track user based on Behaviour Analysis.

    One of the best sites to learn in detail - incolumnitas, palant.info, blogs of other good antidetect browsers.


    Where can you see you fingerprints and see what all things are tracked by a browser:




To spoof fingerprints by antidetect browsers, their are dozens of options available but not all of them are equal. Below are this list of various things I would see depending on the use case before selecting one:

  • No of Profiles
  • Fingerprint evasion success?
  • Pricing
  • Local Storage or Cloud Storage or Personal Cloud Storage
  • Ability to create Android/iOs profiles?
  • Ability to spoof parameters on detection sites when working on mobile profiles or MacOS profiles when working from Windows?
  • Cookie Robot (How Advance this can be too?) (Does it has Consent-o-matic?)
  • Automation availability (Using Playwright can be helpful as no-code is available)
  • Ability to categorize Browser Profiles with ease.
  • Bulk Profiles Management
  • Changelogs Section and recent updates.
  • Does it costs separately to buy fingerprint configs?
  • Android app
  • Ability to run on MacOS to avoid Hardware spoofing detection?
  • Ability to change 4g Proxy IP with API call?
  • Ability to Import and Export Cookies Easily?
  • Ability to Import and Export Profiles Easily if Local Storage?
  • If profiles are migrated to other device or opened from other device, will it change the Fingerprints due to change in IP?
  • Support Availability?
  • Speed of opening and closing profiles.
  • Security of Data in Cloud Storage? As they can see all data and also possibility of DDOS Attack on their servers hampers your work
  • Does it fetch Fingerprint automatically from its database or you need to manually change it?
  • RAM consumption on device?
  • Difference in Monthly and Yearly Pricing?
  • Profile sharing capability and permission settings and how advance it is?
  • Parallel cloud launches?
  • Ability to block a session if it is already opened elsewhere
  • Do you require specialty in FB and Google Ads Bulk Management with this? (Like Dolphin Provides?)
  • REST API availability and various API endpoints as per use?
  • Availability of Good Documentation and Troubleshoot Guide
  • Availability of Both Chrome, Firefox, Safari and Edge based Browsers
  • Ability to add plugins, bookmarks before creating profile.
  • Ability to have iOS based Mobile Profiles which can pass evasion test from above sites?
  • Human Typing Emulation while copy pasting data
  • Unlimited Profiles or not?
  • Battery and storage substitution
  • Proxy check on entering
  • Does it auto-fetch ISP details from Proxies so as to set right DNS?
  • Ability to Tile Browsers automatically at startup while randomly shuffling randomness (Like in identory)


    There might be other choices too but it all depends on the usecase.


Few Selected Antidetect browsers include​

  • Identory, Sessionbox, Kameleo seems to be the best with unlimited profiles. Identory has many more features and is cheaper. It is best to work with local profiles. While Identory is super feature rich , it doesn't yet have android profiles in it. Kameleo has android app and android profiles too. Kameleo lacks many features though like no autorefresh IP, no proper segregation, no warmup, no multiuser
  • Multilogin, Octobrowser, Adspower, Incogniton are good to work on cloud but has no local storage. It has only cloud storage. Multilogin is pretty costly. Incogniton has good free plan.
  • Undetected and Gologin is great and has both android and iOS profiles too. Gologin has android app too. They allow to work on tons of profiles on cloud. Undetectable has an issue that config needs to purchased separately at $1 each which makes it unreliable for bulk work. I found gologin has suffered from DDOS attack and can get slow at times. Undetected has open store of fingerprint config which can be copied and used on others like incogniton.
  • Dolphin Anty seems to be good tool specialising in FB and Google Ads with Bulk Accounts
  • Few cheap ones includes : logii, we1town browser
  • Others are : Vmlogin, Chebrowser, Linkensphere, Tenebris

Note, this is not comprehensive list plus few points might not even be correct at this point of time as the notes are almost a year old. Still copying here so that people might get a general idea.

The above part only consisted of browser and ip fingerprinting.




Extensions Fingerprinting​

  • Extension Fingerprinting and how to evade it is mentioned in the following links:
  • In Summary, Websites are able to access web accessible resources of the extension. If we change manifest file and hide all files, they can't access any file making them invisible to websites.
  • Google search "Security boulevard - How to detect Browser extension".
  • https://palant.info (Talks about security but majorly extensions)
  • It is required for all extensions to switch to Manifest V3 from V2. Suppsoedly all ad blockers and chromium based browsers will be affected
  • Few plugins required by me are invisible to sites - like nopecha and others
  • Also, to test any extensions visibility, just have it installed and check on pixelscan.net
  • If it is visible, download the plugin and edit it - Google search 'How to edit chrome extension by downloading it'



Few other pointers that can be done to maximize privacy is:

  • Change Default Port Number of RDP while working with VPS. They can call upon default ports and detect open ports. If they detect it being run on RDP, it may be a problem.
  • Change The MAC address of PC. Can use https://technitium.com/tmac/
  • Can use Net-Limiter to change proxies per application



This thread does not cover an important concept of Behavior Analysis (Because I am too lazy now to edit the complete notes on it). But it is more of a logical question than technical question and the way different sites analyze behavior can be very different). While Google and major sites can track your entire history of actions and many other things. They even have started the privacy sandbox for controlled analysis - https://privacysandbox.com/open-web/#the-privacy-sandbox-timeline

While a random site's account can track very less of it and would be very easy to bypass.



I'm sure their are many points missing from above and also their might be few pointers which are old or may not be valid. I take full responsibility of the mistake if any. My whole purpose was to give a general idea by sharing this random note of mine. :)

PS. A link which will always be handy for privacy enthusiasts - https://www.privacytools.io/private-browser
 
Last edited:
Man thank you for your valuable guide its useful for beginner and intermediated
 
Very good review, thank you
I would like to add that, as far as I know, Gologin has a workplace. It is not available in other browsers. A very cool function for teamwork and distribution of rights
 
Very good review, thank you
I would like to add that, as far as I know, Gologin has a workplace. It is not available in other browsers. A very cool function for teamwork and distribution of rights
You can share account in multiple browsers I guess including incogniton and others too... Btw, I have used Gologin too and I like their fingerprinting evasion too
 
You can share account in multiple browsers I guess including incogniton and others too... Btw, I have used Gologin too and I like their fingerprinting evasion too
Another bit of thanks for your post here!

I'm evaluating Anti-Detection solutions right now, and GoLogin seems to be at the top of my list, so I'm glad you endorse it and just chatted with them last night.

I'm looking for a good solution for not being detected by Google for YouTube purposes (had a channel terminated) and soon will setup a new one.

Are you using GoLogin in relation to Google or even better YouTube at all? Trying to come up with a solution that works, while also cost-effective of course.
 
Another bit of thanks for your post here!

I'm evaluating Anti-Detection solutions right now, and GoLogin seems to be at the top of my list, so I'm glad you endorse it and just chatted with them last night.

I'm looking for a good solution for not being detected by Google for YouTube purposes (had a channel terminated) and soon will setup a new one.

Are you using GoLogin in relation to Google or even better YouTube at all? Trying to come up with a solution that works, while also cost-effective of course.

When it comes to Google and Youtube, I feel Fingerprint evasion is a smaller part and Gologin or others are good too.

But the important aspect to take care of is Behaviour Profiling:

- How aged the accounts are?

- Do you use that particular browser for only Google/Youtube? Or do you warmup too?

(Identory has amazing profile warmer where it randomly opens and scrolls all random sites like human does. Gologin has it too)

- Are you using the gmail/drive/sheets and other products associated with that account.

- The quality and consistency of proxy.

- Depening on work you are planning to do, does it look automated with same patterns or more human-like (uneven patterns)

- Have 2FA enabled (with authenticator)

- Do random google searches and build a profile in regards to Google as to what interests you.

- Google needs atleast 14 days to classify topics related to your visits - https://developers.google.com/privacy-sandbox/relevance/topics

So try to warmup to let google assign topics to you too.

- Add Display Pic to your Google Account. Send and warmup emails.

Basically try to do all the activities a normal human generally does. Antidetect Browser have cookie bot feature to do much of it

I mean, these are just examples of what can be done. Now, it depends on the scope of your project on what is feasible.
 
When it comes to Google and Youtube, I feel Fingerprint evasion is a smaller part and Gologin or others are good too.

But the important aspect to take care of is Behaviour Profiling:

- How aged the accounts are?

- Do you use that particular browser for only Google/Youtube? Or do you warmup too?

(Identory has amazing profile warmer where it randomly opens and scrolls all random sites like human does. Gologin has it too)

- Are you using the gmail/drive/sheets and other products associated with that account.

- The quality and consistency of proxy.

- Depening on work you are planning to do, does it look automated with same patterns or more human-like (uneven patterns)

- Have 2FA enabled (with authenticator)

- Do random google searches and build a profile in regards to Google as to what interests you.

- Google needs atleast 14 days to classify topics related to your visits - https://developers.google.com/privacy-sandbox/relevance/topics

So try to warmup to let google assign topics to you too.

- Add Display Pic to your Google Account. Send and warmup emails.

Basically try to do all the activities a normal human generally does. Antidetect Browser have cookie bot feature to do much of it

I mean, these are just examples of what can be done. Now, it depends on the scope of your project on what is feasible.
I'm looking for Free Profiles and though Dolphin Anty does offer 10, they do not pass the Hardware in iphey.com(GoLogin does). I don't know if I should focus on the Hardware component or just work on my stuff? I want to manage YouTube profiles. Also, can you give me some suggestions also, if possible? Like Warmup, things to avoid, and what you'll tell yourself if you can go back in time.

Waiting :)
 
This is a random notes from my trello which I made during my research on this topic a year ago. Few things might have upgraded since then but this will provide a good summary to all people trying to learn about this topic. Hope you enjoy this thread. :)
  • Websites can track user not just by the ip and cookie and local storage but also by extremely huge amount of parameters.
  • Parameters include: Operating system and its version, chrome version, user-agent, timezone, languages, geolocation, webrtc, architecture, screen size, video card, graphics driver, hardware concurrency, device memory, media devices and fonts
  • Websites can even track user based on Behaviour Analysis.

    One of the best sites to learn in detail - incolumnitas, palant.info, blogs of other good antidetect browsers.


    Where can you see you fingerprints and see what all things are tracked by a browser:




To spoof fingerprints by antidetect browsers, their are dozens of options available but not all of them are equal. Below are this list of various things I would see depending on the use case before selecting one:

  • No of Profiles
  • Fingerprint evasion success?
  • Pricing
  • Local Storage or Cloud Storage or Personal Cloud Storage
  • Ability to create Android/iOs profiles?
  • Ability to spoof parameters on detection sites when working on mobile profiles or MacOS profiles when working from Windows?
  • Cookie Robot (How Advance this can be too?) (Does it has Consent-o-matic?)
  • Automation availability (Using Playwright can be helpful as no-code is available)
  • Ability to categorize Browser Profiles with ease.
  • Bulk Profiles Management
  • Changelogs Section and recent updates.
  • Does it costs separately to buy fingerprint configs?
  • Android app
  • Ability to run on MacOS to avoid Hardware spoofing detection?
  • Ability to change 4g Proxy IP with API call?
  • Ability to Import and Export Cookies Easily?
  • Ability to Import and Export Profiles Easily if Local Storage?
  • If profiles are migrated to other device or opened from other device, will it change the Fingerprints due to change in IP?
  • Support Availability?
  • Speed of opening and closing profiles.
  • Security of Data in Cloud Storage? As they can see all data and also possibility of DDOS Attack on their servers hampers your work
  • Does it fetch Fingerprint automatically from its database or you need to manually change it?
  • RAM consumption on device?
  • Difference in Monthly and Yearly Pricing?
  • Profile sharing capability and permission settings and how advance it is?
  • Parallel cloud launches?
  • Ability to block a session if it is already opened elsewhere
  • Do you require specialty in FB and Google Ads Bulk Management with this? (Like Dolphin Provides?)
  • REST API availability and various API endpoints as per use?
  • Availability of Good Documentation and Troubleshoot Guide
  • Availability of Both Chrome, Firefox, Safari and Edge based Browsers
  • Ability to add plugins, bookmarks before creating profile.
  • Ability to have iOS based Mobile Profiles which can pass evasion test from above sites?
  • Human Typing Emulation while copy pasting data
  • Unlimited Profiles or not?
  • Battery and storage substitution
  • Proxy check on entering
  • Does it auto-fetch ISP details from Proxies so as to set right DNS?
  • Ability to Tile Browsers automatically at startup while randomly shuffling randomness (Like in identory)


    There might be other choices too but it all depends on the usecase.


Few Selected Antidetect browsers include​

  • Identory, Sessionbox, Kameleo seems to be the best with unlimited profiles. Identory has many more features and is cheaper. It is best to work with local profiles. While Identory is super feature rich , it doesn't yet have android profiles in it. Kameleo has android app and android profiles too. Kameleo lacks many features though like no autorefresh IP, no proper segregation, no warmup, no multiuser
  • Multilogin, Octobrowser, Adspower, Incogniton are good to work on cloud but has no local storage. It has only cloud storage. Multilogin is pretty costly. Incogniton has good free plan.
  • Undetected and Gologin is great and has both android and iOS profiles too. Gologin has android app too. They allow to work on tons of profiles on cloud. Undetectable has an issue that config needs to purchased separately at $1 each which makes it unreliable for bulk work. I found gologin has suffered from DDOS attack and can get slow at times. Undetected has open store of fingerprint config which can be copied and used on others like incogniton.
  • Dolphin Anty seems to be good tool specialising in FB and Google Ads with Bulk Accounts
  • Few cheap ones includes : logii, we1town browser
  • Others are : Vmlogin, Chebrowser, Linkensphere, Tenebris

Note, this is not comprehensive list plus few points might not even be correct at this point of time as the notes are almost a year old. Still copying here so that people might get a general idea.

The above part only consisted of browser and ip fingerprinting.




Extensions Fingerprinting​

  • Extension Fingerprinting and how to evade it is mentioned in the following links:
  • In Summary, Websites are able to access web accessible resources of the extension. If we change manifest file and hide all files, they can't access any file making them invisible to websites.
  • Google search "Security boulevard - How to detect Browser extension".
  • https://palant.info (Talks about security but majorly extensions)
  • It is required for all extensions to switch to Manifest V3 from V2. Suppsoedly all ad blockers and chromium based browsers will be affected
  • Few plugins required by me are invisible to sites - like nopecha and others
  • Also, to test any extensions visibility, just have it installed and check on pixelscan.net
  • If it is visible, download the plugin and edit it - Google search 'How to edit chrome extension by downloading it'



Few other pointers that can be done to maximize privacy is:

  • Change Default Port Number of RDP while working with VPS. They can call upon default ports and detect open ports. If they detect it being run on RDP, it may be a problem.
  • Change The MAC address of PC. Can use https://technitium.com/tmac/
  • Can use Net-Limiter to change proxies per application



This thread does not cover an important concept of Behavior Analysis (Because I am too lazy now to edit the complete notes on it). But it is more of a logical question than technical question and the way different sites analyze behavior can be very different). While Google and major sites can track your entire history of actions and many other things. They even have started the privacy sandbox for controlled analysis - https://privacysandbox.com/open-web/#the-privacy-sandbox-timeline

While a random site's account can track very less of it and would be very easy to bypass.



I'm sure their are many points missing from above and also their might be few pointers which are old or may not be valid. I take full responsibility of the mistake if any. My whole purpose was to give a general idea by sharing this random note of mine. :)

PS. A link which will always be handy for privacy enthusiasts - https://www.privacytools.io/private-browser
Excellent share. I didn't know some of the things listed here.
 
I'm looking for Free Profiles and though Dolphin Anty does offer 10, they do not pass the Hardware in iphey.com(GoLogin does). I don't know if I should focus on the Hardware component or just work on my stuff? I want to manage YouTube profiles. Also, can you give me some suggestions also, if possible? Like Warmup, things to avoid, and what you'll tell yourself if you can go back in time.

Waiting :)

For selection of browser in free tier, I would go with Dolphin over gologin. Regarding iphey, I wouldn't stress much about it. I'm not sure but many people accuse it of not being correct.

Also in dolphin, you can try to tweak settings and see what works for you.

Some browsers like incogniton have a setting which is meant especially to pass iphey settings.

But if it passes pixelscan and incolumnitas test in general, I'm fine with it.

_______

Off note, if you are looking for paid solutiom someday, linkensphere is working great these days..

________

Regarding youtube management, I've never done it myself so I wouldn't be the right person to advise in regards of it.

Regarding warmup, be it anything related to google, you would need to do it. Many browser has cookie robot or cookie collector feature which is basically meant for warmup. That can be used for it
 
You guys have tryed Privacy manager from Ivanovation, this solve all kind if fingerprints problems!
 
If you can post GBP reviews that stick, you are going undetected. That's the best test there is. Most of those websites give false positives and negatives.
 
If you can post GBP reviews that stick, you are going undetected. That's the best test there is. Most of those websites give false positives and negatives.
No need to wait days for review testing — if Gmail account creation works without SMS, that’s already proof your environment is clean. Google is mostly Canvas + IP reputation based. I’ve been able to create multiple Gmail accounts, same day, no SMS, all accepted instantly. That’s a solid indicator you’re undetected.
 
Back
Top