https://abrahamjuliot.github.io/creepjs
The purpose of this project is to shed light on weaknesses and privacy leaks among modern anti-fingerprinting extensions and browsers.
- Detect and ignore JavaScript tampering (prototype lies)
- Fingerprint lie patterns
- Fingerprint extension code
- Fingerprint browser privacy settings
- Use large-scale validation and collect inconsistencies
- Feature detect and fingerprint new APIs that contain high entropy
- For fingerprinting, use APIs that are the most difficult to fake
Tests are focused on:
- Tor Browser (SL 1 & 2)
- Firefox (RFP)
- ungoogled-chromium (fingerprint deception)
- Brave Browser (Standard/Strict)
- puppeteer-extra
- FakeBrowser
- Bromite
- uBlock Origin (aopr)
- NoScript
- DuckDuckGo Privacy Essentials
- JShelter (JavaScript Restrictor)
- Privacy Badger
- Privacy Possum
- Random User-Agent
- User Agent Switcher and Manager
- CanvasBlocker
- Trace
- CyDec
- Chameleon
- ScriptSafe
- Windscribe
- contentWindow (Self) object
- CSS System Styles
- CSS Computed Styles
- HTMLElement
- JS Runtime (Math)
- JS Engine (Console Errors)
- Emojis (DomRect)
- DomRect
- SVG
- Audio
- MimeTypes
- Canvas (Image, Blob, Paint, Text, Emoji)
- TextMetrics
- WebGL
- GPU Params (WebGL Parameters)
- GPU Model (WebGL Renderer)
- Fonts
- Voices
- Screen
- Resistance (Known Patterns)
- Device of Timezone
- layout rendering engines:
Gecko,Goanna,Blink,WebKit - JS runtime engines:
SpiderMonkey,JavaScriptCore,V8
window.Fingerprintwindow.Creep
Contributions are welcome.
🟫 install yarn install
🟩 build yarn build:dev
🟪 watch yarn watch:dev
🟦 release to GitHub pages yarn build
If you would like to test on a secure connection, GitHub Codespaces is supported. It is discouraged to host a copy of this repo on a personal site. The goal of this project is to conduct research and provide education, not to create a fingerprinting library.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
