1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tools to mask browser fingerprint: standalone, extension, part of vpn service?

Discussion in 'Black Hat SEO Tools' started by punkinhead, Feb 2, 2016.

  1. punkinhead

    punkinhead Regular Member

    Joined:
    Feb 19, 2015
    Messages:
    451
    Likes Received:
    35
    I see that some of the vpn services add tools to mask browser fingerprinting. Wondering if this is really the best way, or if there is a browser extension, addon, or 3rd party tool that might handle it better.

    Also, just a thought, but... isn't it suspicious if all of your accounts have a minimal footprint. That's very unusual, no? Wouldn't it be better if some tool instead reported a randomly generated fingerprint per session? That would seem to be the way it should work to be truly undetectable. Does anything work like that, like you set a few fingerprints, and it cycles through them (but stays consistent per session or IP or something like that)

    Open to any sort of discussion as to best tools out there to help avoid site being able to correlate my accounts.
     
  2. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,608
    Likes Received:
    34,754
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    There are numerous tools out there that can help but don't use them all the time.

    No point listing all the tools, tell us what platform you are trying to beat and what browser you are using, then we can make suggestions.

    I use Firefox, so can give you a few suggestions but Chrome has similar tools.

    https://wiki.mozilla.org/Fingerprinting
    https://www.eff.org/deeplinks/2010/05/every-browser-unique-results-fom-panopticlick
    http://lmgtfy.com/?q=firefox+browser+footprint
    http://www.ghacks.net/2013/08/01/ho...s-fingerprint-so-that-it-is-no-longer-unique/
    http://www.thewindowsclub.com/browser-fingerprinting
    https://fingerprint.pet-portal.eu/?menu=1
     
    • Thanks Thanks x 2
  3. BloodyNinja

    BloodyNinja Power Member

    Joined:
    Oct 28, 2013
    Messages:
    605
    Likes Received:
    586
    Location:
    Deeptown

    a while ago my team had to solve this problem because we were losing HOURS switching between accounts. Also, from time to time some acc would get limited, banned or we would trigger a security check because of human mistakes like wrong proxy, forgot to clear cookies etc

    For that reason we decided to create own software, which would solve these problems forever and increase productivity. Now this software is called AccPimp and available publicly here http://accpimp.com

    It allows you to assign separate proxy, browser footprint and even browser to each account. You can also access your accs from different computers AS IF you were accessing them every time from the same machine.


    Your idea about cycling footprints is wise but in some websites (e.g. facebook) this would trigger a security check.

    If you have any other suggestions, don't hesitate to post them here or send me a pm, we might add them in the future versions of AccPimp


    Here's a short demo (everything done slowly for viewer to understand, actually launching browsers takes 3x less time with AccPimp):

     
    • Thanks Thanks x 2
    Last edited by a moderator: May 18, 2016
  4. punkinhead

    punkinhead Regular Member

    Joined:
    Feb 19, 2015
    Messages:
    451
    Likes Received:
    35
    Good stuff. I was wondering generally, but I do, of course, have a specific task in mind.

    I see where something like accpimp would be helpful for keeping consistent accounts. I have tools that do things like make sure I'm on right proxy per FB acctount, etc. I've often thought they don't go far enough, and it's good to see others think similarly.

    For randomly assigning fingerprints, or rather sending fake ones, I wasn't thinking of cases like that where you need to be consistent per account, but rather ones where you are constantly creating new accounts and just don't want all of your trafic to be coming from what appear to be clone bots.

    I actually have a few tasks I need to cover, but I'll start with one of the simplest:

    New short term accounts for Spotify web player on both FF and Chrome, and also the desktop app (running on windows 7,8, server 2012)

    update: https://vikingvpn.com/cybersecurity...ning-mozilla-firefox-for-privacy-and-security said I should go into about:config and disable plugin.scan.plid.al

    Problem is: that line doesn't exist in about:config. Is it called something else now? It is supposed to stop FF from being able to reeport which plugins are being used.

    Or... since I have now installed Random Agent Spoofer for FF, is this no longer an issue? I'm running it through panopticlick, but it's such a barrage of info in "Browser Plugin Details" that I can't tell if Random Agent Spoofer is fully faking all of those details as well or not.

    Is RAS basically all I need? What else should I be looking into, or possibly using in conjunction? Or dialing in within RAS?

    I'm assuming I need to limit RAS randomizer to desktop options since spotify web player wouldn't be used on mobile. (They would be using apps) Other tips?
     
    Last edited: Feb 2, 2016
  5. punkinhead

    punkinhead Regular Member

    Joined:
    Feb 19, 2015
    Messages:
    451
    Likes Received:
    35
    After a day of reading up and trying and testing various extensions, I've got both insights and questions.

    Random Agent Spoofer seems to be more or less what I was envisioning, but after testing, I'm seeing some potential issues. Please let me know if I'm misunderstanding something. From what I can tell, RAS effectively spoofs all the user agent info of OS, browser, extensions, etc. and says it does so by picking some of the most common configurations and sending their info instead of yours. This would appear to me to be the right approach to not draw attention. I could block all kinds of info from being reported instead, but since most users wouldn't behave that way, it's the equivalent of walking down the street in black pants and a black hoodie. Yes, you're "anonymous", but...

    So, I love the concept, but when testing on Panopticlick:

    1) My canvas fingerprint hash is always identical regardless of other info spoofed.

    2) My webGL fingerprint hash is always identical regardless of other info spoofed.

    Now, if I understand correctly, I could go into about:config and essentially get either of these items to stop reporting anything. Again, though, very few people do such a thing, and the point here is to emulate average behavior. So... what to do about this? I haven't found any way yet to spoof that info, or even any real conversation about doing so.

    Also, very intrigued by the info here: https://vikingvpn.com/cybersecurity...ning-mozilla-firefox-for-privacy-and-security about instead using a combination of UA Control and User-Agent JS fixer. Anyone doing that? Does it address the shortfalls I mentioned?
     
  6. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,608
    Likes Received:
    34,754
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
  7. BloodyNinja

    BloodyNinja Power Member

    Joined:
    Oct 28, 2013
    Messages:
    605
    Likes Received:
    586
    Location:
    Deeptown
    Why wouldn't you want to go with
    1. all default plugins
    2. the most popular screen res and OS
    3. spoofed randomized user-agent variable

    what else can be tracked? If anything, are there currently websites that actually track that?

    I have asked my tech team their opinion regarding your case but to me it seems like you are over complicating things a bit




    just checked, it exists in the latest FF
     
    • Thanks Thanks x 1
  8. punkinhead

    punkinhead Regular Member

    Joined:
    Feb 19, 2015
    Messages:
    451
    Likes Received:
    35
    Yeah, just saw it in about:config on one of my windows proxies. Wasn't there on my home mac for some reason. You're right, though, that it doesn't seem to matter as testing on Panopticlick has shown me that disabling it to hide plugins means none get reported even with RAS active. Better to leave it and let RAS deliver it's spoofed plugin report since no average user would have zero plugins reporting. Reason for concern was to hide use of imacros.

    Not clear exactly what you mean by the "variable" part of "spoofed randomized user-agent variable". Are you referring to a specific item being spoofed, or the whole spoofed report? RAS is spoofing screen size, font list, OS, browser version, etc. What exactly is the variable you're referring to?

    My concern about the canvas fingerprint hash and webGL fingerpring hash (whatever that is) is that after several tests on panopticlick, they appear to be consistent per machine regardless of whatever else is spoofed. I can quit the browser, relaunch, switch everything in RAS to a new spoofed system, and run the test again in panopticlick, and those hashes don't change. Am I incorrect that this means my system is effectively being fingerprinted despite all the other spoofing being done, and that all they have to do is look at those hashes?

    Which brings me to:

    Won't canvas blocker keep any canvas info from reporting? That would be very unusual user behavior, no? (back to the hoodie analogy). Again, just to make sure we're on the same page. It's not enough to avoid being identified. The goal is to do so while blending in with average users so well that even upon scrutiny, my accounts give no appearance of trying to avoid being identified (can't use noscript, etc). Any common thread to my accounts that does not match typical user behavior is an issue. Need to hide in plain sight, never in shadows. Less ninja. More John Smith. Am I misunderstanding this?

    Thx for the suggestions. Looking into the rest...

    edited to add:

    Better Privacy-signed: Very good read about flash cookies (LSO's). Sounds like exactly the kind of thing I need to be paying attention to.... and exactly the kind of thing Spotify is probably already using since site requires flash, has persistent login options and user settings, etc. If they're not using them, doesn't mean they won't. Seems like I definitely need to flush them per session. Scary that I was unaware of these.

    DisableWebRTC: I had essentially stumbled upon the organic version of this fix already (disabling the various lines in about:config) Still unclear about a few things though. Not entirely clear if this is an issue in my case as I am not using a vpn at all, but rather private proxies. In either case, though, I'm looking for a better vpn/proxy system to cover all the bases, (not sure if I need combination) and this may be needed, but not entirely clear as to whether using it makes my account appear different in any way to their servers than their average user. Need to not only hide behind the vpn/proxy, but appear not to be hiding.

    Privacy settings: Same general concern. Not sure if it's use appears unusual to them in any way. There are other things I would be inclined to block. Their flash use with ads is absolutely obnoxious, for instance... but wary of blocking anything an average user wouldn't for fear of appearing to be other than an average user.
     
    Last edited: Feb 3, 2016
  9. BloodyNinja

    BloodyNinja Power Member

    Joined:
    Oct 28, 2013
    Messages:
    605
    Likes Received:
    586
    Location:
    Deeptown
    yup Canvas and WebGL methods are very precise. Gladly this kind of fingerprinting is apparently not yet widespread.

    We have found a way around this, which might be implemented in future versions of AccPimp. I will post here a proof-of-concept a little later.
     
    Last edited: Feb 4, 2016
  10. punkinhead

    punkinhead Regular Member

    Joined:
    Feb 19, 2015
    Messages:
    451
    Likes Received:
    35
    Canvas fingerprinting appears a real problem if you need to avoid various accounts from same machine being tied together upon close scrutiny. Different people need various types off anonymity for different reasons. For me, they are GOING to run this kind of analysis on my accounts. The only question is when, and the results of not winning the arms race is catastrophic.

    I'm very intrigued by ACC pimp, but not really sure it's what I need in particular. A little confused on the licensing. I'm running many vps all over the world and looking to expand into other projects. Do the numbers represent concurrent uses across any number of systems? Across one system?

    So what about the webGL? What's my best solution there?

    Also, Flash is unfortunately required to run the site, and they do use flash cookies (LSO's.) This by itself is already a 100% fingerprint if not addressed. I'm assuming I want to allow this, then force it to flush after each session. Is a simple plugin to do this enough? Is there any OTHER sort of stored info I also need to flush?
    In other words, other than spoofing user agent with RAS, flushing flash cookies, and figuring out how to deal with canvas and webGL, is there anything ELSE? (I'm definitely starting to see the appeal of something like acc pimp if you guys can keep it up to date in terms of dealing with ALL of these issues as a one stop shop.)

    Also, got lots of conflicting info about webRTC. Should I be disabling it? Does this then ONLY pass the exit node IP, or can they somehow tell wbRTC is disabled? I'm actually not using vps. Should I be? Using LOTS of private proxies. Should I be using vpn instead? I'm assuming I don't want to use something like tor since it purposefully gives a generic tor fingerprint (and might be too slow). I'm going to need lots more private proxies, so looking at other options. Should I be doing free proxies with some sort of auto scraper instead to increase the pool of IP's? Using a dynamic vpn and switching exit nodes per session? Using a combo?

    VERY intrigued by systems like Luminati, Iond that claim to be able to deliver 10 million residential IP's (Luminati's #) from everywhere, etc. Designed for distrubuted scraping, but maybe this is also a fit? I've put feelers out to a couple of these companies. Ignoring the fact that they seem to have a high buy in ($500/month or so depending on service), is this really the kind of thing I need ultimately? Anyone using these services?
     
    Last edited: Feb 4, 2016
  11. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,608
    Likes Received:
    34,754
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Create lots of Virtual Machines all running different OS's with numerous browsers, or Linux Live CD/USB, or try cross browser testing tools like Spoon.net
    Most browsers can run more than one profile too.
    There are so many ways of hiding your fingerprint but TBH you seem to be going overboard just to create Spotify accounts.
    How many are you trying to create. You could even try to use microworkers/freelancers to create the accounts.
    You seem to be over complicating things, it is all about testing, create accounts non stop, then work out which accounts are failing and why.
    You can buy spotify accounts cheaply including premium on darknetmarkets, (I don't condone using darknetmarkets as they are hacked accounts)
    100% anonymity is not possible but using a variety of the methods mentioned in the thread, it should be possible to create the accounts you need.
     
    • Thanks Thanks x 1
  12. BloodyNinja

    BloodyNinja Power Member

    Joined:
    Oct 28, 2013
    Messages:
    605
    Likes Received:
    586
    Location:
    Deeptown
    AccPimp is purging all flash cookies everytime you close the session. Same happens with the local storage.

    Licensing works on per session basis. You probably know what browser session is? You can run the same account on as many devices as you like.


    Today we have made a proof-of-concept of an algo that fools Canvas. Probably something similar will work for WebGL too. Please see the screenshots:

    Without AccPimp: http://i.imgur.com/iA0O8I7.png

    With AccPimp: http://i.imgur.com/eYd95cF.png

    (NB! This is not implemented in the software yet, it's a proof-of-concept. Don't try to get similar results with the current public build!)


    This proves that it's possible to control fingerprint, namely:
    - to create a unique fingerprint, which is not in any database yet
    - to preserve this fingerprint within a single session
     
    • Thanks Thanks x 1
  13. punkinhead

    punkinhead Regular Member

    Joined:
    Feb 19, 2015
    Messages:
    451
    Likes Received:
    35
    I started out that way... lots of varied machines. Too many headaches. I'm looking to go the other direction with many cheap clone vps and hopefully even automate creating and preparing them, sync browser settings, etc. Never used linux before the other day, but for cost reduction, trying to ditch windows and macs all together and do streamlined army of lean and dirt cheap linux vps. I've got over a dozen vps now running all kinds of tools, and lots more coming, so duplicability and streamlining are key.

    Frankly, I should be spending more time working out how to centralize control over it all as that's going to be my next major hurdle. Running cloned instances and spoofing the "random" details seems like the path forward for me unless there are obstacles I just can't overcome that way.

    Spotify is just a small piece of the puzzle, but I use that example because it's the most problematic and it gives a specific target. It requires flash. It uses flash cookies. It has all sorts of geo restrictions. It just stops working if the connection slows down, it uses a lot of bandwidth, etc.

    I'm not in the mass account creation basis perse, so wasn't trying to throw you off there. Outsourcing would be counterproductive for my purposes. It's a very conscious decision to do it all in house. And yeah... not into buying stolen accounts either. Suffice to say, I have it on informed authority that there will come a day when my accounts will be under close scrutiny. I can't just look at which fail and why. I can't have any fail. Can't get into all the details there, but anything that indicates that my accounts have a common source or are other than random users would be a very bad thing. The accounts being banned would be the least of the issues. That pretty much sums up the concern. I appreciate the suggestions, though, and have been looking up each one as I go. Good info to have regardless.

    Looking into the multi profile per browser bit and a few other items you mentioned...
     
    • Thanks Thanks x 1
    Last edited: Feb 4, 2016
  14. punkinhead

    punkinhead Regular Member

    Joined:
    Feb 19, 2015
    Messages:
    451
    Likes Received:
    35
    You've definitely got my attention. I was thinking it wouldn't handle everything I needed, but I could be wrong about that.

    Specifically, it seemed to be geared to setting up specific profiles to return to later. Very handy, but not what I'm doing. I want to stay consistent per session, then automatically rotate to another in a long list of profiles, and ideally with slightly randomized details that match common setups within those profiles. In other words, I want to appear like thousands of unique (and unrelated) users... not the same 10 users over and over (although I do sometimes need to do that as well.)

    What really drew me to RAS was the ability to spoof a variety of machines, control which ones I want to include or not in the randomization (mobile would make no sense in this case), and that they are actual machine profiles chosen specifically for their ubiquity. Is there anything else you can tell me about the spoofing for acc pimp? If I understand the literature, I would need to hand enter a bunch of profiles, right? (Not necessarily a bad thing since it puts me in control) What about automating the switch when I'm ready for the new session?

    Does 100 session license mean total per month, or 100 SIMULTANEOUS sessions at any given time in that month? And.. each session would be like one tab per one browser, from tab open to close, right? So... If I have two tabs on each FF and Chrome on one machine, that's 4 simultaneous sessions... and 4 total regardless of how many pages I jump between on those 4 tabs? Is that correct?

    What exactly is being routed to or from your servers in the process? Asking for security purposes, and to gauge impact on network performance.

    Also, if you don't mind, I've got a big expensive mass private elite proxy renewal coming up. It's a good deal for what it is, and the proxies are fast (I tried half a dozen vendors), but do you have any other suggestions as to a better option if I really only need the IP's until I've finished one consistent session with them? I've got information overload on the topic right now, and looking to focus in on a specific alternative and get that squared away before renewal.
     
    Last edited: Feb 4, 2016
  15. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,608
    Likes Received:
    34,754
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    I think I have an idea of what you will be up to in future and yes the accounts might come under scrutiny.
    If I am right then there are many people doing it, but the information/method is kept in-house.

    Have you tried the tool BloodyNinja is promoting? It looks like something that might help get you started.
    Anyway, good luck with it, I have an interest in the subject so will follow the thread, if I think of anything that might be useful I will let you know.
     
  16. BloodyNinja

    BloodyNinja Power Member

    Joined:
    Oct 28, 2013
    Messages:
    605
    Likes Received:
    586
    Location:
    Deeptown
    1. what is browser session

    This is definition of "browser session" by mozilla: "a browser session is a continuous period of user activity in the browser, where successive events are separated by no more than 30 minutes." However, in AccPimp a browser session is not limited by time and utilizes a pre-configured browser profile.

    A session is NOT limited in number of either browser windows or tabs. You start from a single window but clicking a link with "target=_blank" parameter opens another browser window WITHIN the same session. New tabs are also utilizing the same browser profile.


    2. Per session licensing

    Having 100 sessions means that you can have up to 100 browser sessions saved AND/OR running simultaneously. If they don't work for you anymore, you can delete them and create new ones within the total number of 100.

    3. Cloud servers

    We use cloud servers to save encrypted session information. The overall process is following:
    1. You create an AccPimp account, a hash of your password is stored in our cloud for identification purposes. We neither receive nor save your password for security purposes (it's how most websites work)
    2. You create a session in AccPimp and within this session login into some website
    3. The website sends session identification information and parameters to your client
    4. AccPimp encrypts session ID and params with your master password and saves into the cloud
    5. Now if you want to either access your sessions from other machine OR give someone this kind of access, you login into AccPimp from another machine (in this process your master password is being transformed into hash and compared to the hash we stored in our DB). After successful login, you receive your encrypted session data, which is being decrypted with your master password within the client.

    I understand that using cloud part is probably not necessary for your purpose. For us it was a crucial part bc otherwise we would have to access accounts from a single VPS machine, which was not convenient at all (for a looong list of reasons).

    4. Random Agent Spoofer

    I liked the idea of spoofing identifiable browser/machine variables with most commonly used variables. We thought about adding some pre-defined user agents, which user could select from while creating a session. Also, soon there will be a possibility to half-automatically include plugins in a new session. The mechanics of this process would be:
    a) you put some, say, mozilla plugins into a folder corresponding to some particular session
    b) when you launch the session, all plugins from its folder are loaded automatically

    In terms of automation of spoofing RAS is indeed currently ahead of AccPimp but we might add some automation if there will be such demand. RAS is limited in what it can do because it runs within a standard browser build with limited rights.

    5. Proxies

    I honestly don't know what you could use instead of proxies. For our purposes we are buying proxies from a few providers from bhw. I could personally recommend SquidProxies. Their proxies might be restricted by Google search sometimes but since we mostly use them for connecting to social networks, they work fine. I don't have any special price list from there, just regular prices offered here on bhw :)

    For your purpose a "pool of proxies" (or how they call that?) service might work. Basically, everytime you connect to the same inbounding proxy it routes you to a random outbounding proxy. I don't know if they keep you on the same outbounding proxy within one session though.
     
    • Thanks Thanks x 1
    Last edited: Feb 5, 2016
  17. punkinhead

    punkinhead Regular Member

    Joined:
    Feb 19, 2015
    Messages:
    451
    Likes Received:
    35
    Good info, thx. Yes, I can see that RAS has some limitations... especially in terms of some of the areas where you guys are trying to stay ahead of the curve. And I definitely see where saving consistent profiles would be a top priority for a lot of folks. For me, though, I'd say you're right that I'm not looking to route through another server. Fact is, their web player is buggy as hell, and uses any minor hiccup or speed bump to just stop working. There's already a huge increase in errors just from using the fastest proxies I could find (after trying several companies). I've had to become obsessive about proxy connection speed, physical location an network connections for vps, etc.

    I understand better now that acc pimp really is it's own browser (fork of FF?). And yeah, it looks like I'd be able to create a bunch of profiles, etc. At least at the moment, though, I need some of the standard bag of trix. I'm looking to change this down the road,but at the moment, I rely on imacros addon for FF, for instance.

    Yeah, it seems like those backconnect pools are what I need, except I've talked to a couple of them, and they tell me I have no control over when it switches, that they don't necessarily switch right on schedule, and that they may also switch midstream because connection or other issues... all of which means I may have my accounts switching constantly mid-session. Real bummer. If they could lock in per session with a kill switch rather than proxy switch if something goes wrong, they'd be ideal... well, that and better geo selection process.

    Anyone know if the webRTC thing is an issue if you're using proxies? Everyone says they can sniff IP through vpn, but I'm not using vpn, and not sure if it's an issue in my case... or if disabling it sends an uncommon marker.
     
  18. BloodyNinja

    BloodyNinja Power Member

    Joined:
    Oct 28, 2013
    Messages:
    605
    Likes Received:
    586
    Location:
    Deeptown
    Using MultiLoginApp (former AccPimp) won't affect your connection speed. It connects to the cloud only two times: 1) when you launch a browser (before any other website is opened) and 2) when you close and save a session.

    Other times it will work through your proxy with the maximum speed that your proxy allows.

    By the way, we have found one other way how you and everyone else might be fingerprinted. Don't want to really disclose this info in public (as this idea is hard to come up with but I suspect that industry giants might be using this method). All I can say for now is that in MultiLoginApp we will most probably defy this fingerprinting possibility as well.
     
  19. punkinhead

    punkinhead Regular Member

    Joined:
    Feb 19, 2015
    Messages:
    451
    Likes Received:
    35
    Yeah, the more I dig into this, the more it becomes clear that there are also probably a number of other ways to fingerprint that just aren't discovered or widespread yet... and that number will keep increasing as new features are added to browsers. Unfortunately for me, I'm dealing with a multi billion dollar tech company who's buying up data mining companies, so it's safe to assume they are at least capable of leaning toward the leading edge if they really got a bug in their behind about cleaning house.

    ps. I'm only using imacros browser extension at the moment, but it's pretty clear I'm going to need to centralize at some point. I've never run the enterprise edition (costly), so I don't know too much about it, and I'm not a developer, so I'm much more likely to try to work with imacros than, say, developing a custom python script from scratch to run everything, so... if I understand correctly, I can't run imacros with accpimp as an extension, right? What about controlling it via imacros enterprise, though? Any insights or known issues there?
     
    Last edited: Mar 5, 2016
  20. BloodyNinja

    BloodyNinja Power Member

    Joined:
    Oct 28, 2013
    Messages:
    605
    Likes Received:
    586
    Location:
    Deeptown

    Currently there's an undocumented feature in MultiLoginApp, which allows starting it with custom browser add-ons. However, if you need to configure those plugins, the configuration will be lost upon browser closing. We can implement a process for saving plugin configs, just it's not in our focus right now.

    You can also try this plugin https://addons.mozilla.org/en-US/firefox/addon/anticanvasfingerprinting/?src=ss

    It's the only plugin out there which CHANGES Canvas fingerprint instead of blocking out Canvas completely. However, I should note that due to a number of reasons, the anti-canvas algorithm in this plugin is not as good as the algorithm in MultiLoginApp.


    p.s. check out my short article about WebRTC and how it's leaking your real ip address http://www.blackhatworld.com/blackh...g-your-real-ip-websites-popular-browsers.html
     
    • Thanks Thanks x 1