abrahamjuliot / Creepjs
Creepy device and browser fingerprinting
Stars: ✭ 85
Programming Languages
javascript
184084 projects - #8 most used programming language
Projects that are alternatives of or similar to Creepjs
waycup
A minimal tool that hides your online assets from online security scanners, researchers and hackers.
Stars: ✭ 100 (+17.65%)
Mutual labels: fingerprinting, privacy-protection
Flutter device preview
Approximate how your app looks and performs on another device.
Stars: ✭ 1,191 (+1301.18%)
Mutual labels: device
Meething Ml Camera
Machine-Learning powered Virtual Camera with SVG Animation (alpha)
Stars: ✭ 36 (-57.65%)
Mutual labels: privacy-protection
Jekyll Minibundle
A minimalistic asset bundling plugin for Jekyll
Stars: ✭ 65 (-23.53%)
Mutual labels: fingerprinting
Cleanlinks
Converts obfuscated/nested links to genuine clean links.
Stars: ✭ 42 (-50.59%)
Mutual labels: privacy-protection
React Device Detect
Detect device, and render view according to detected device type.
Stars: ✭ 1,145 (+1247.06%)
Mutual labels: device
Plugins
Plugins for SmartHomeNG - The device integration platform for your smart home
Stars: ✭ 32 (-62.35%)
Mutual labels: device
Digital Privacy
一个关于数字隐私搜集、保护、清理集一体的方案,外加开源信息收集(OSINT)对抗
Stars: ✭ 1,231 (+1348.24%)
Mutual labels: privacy-protection
Vpn At Home
1-click, self-hosted deployment of OpenVPN with DNS ad blocking sinkhole
Stars: ✭ 1,106 (+1201.18%)
Mutual labels: privacy-protection
Ir Station
Infrared Remote Controller with ESP8266 WiFi-module. You can control your home appliances with your smartphone or laptop.
Stars: ✭ 45 (-47.06%)
Mutual labels: device
Commercialdetection
GSOC 2015 project for Red Hen Labs
Stars: ✭ 69 (-18.82%)
Mutual labels: fingerprinting
Metalperformanceshadersproxy
A proxy for MetalPerformanceShaders which takes to a stub on a simulator and to the real implementation on iOS devices.
Stars: ✭ 41 (-51.76%)
Mutual labels: device
Sizes
View your app on different device and font sizes
Stars: ✭ 1,213 (+1327.06%)
Mutual labels: device
Weidentity
基于区块链的符合W3C DID和Verifiable Credential规范的分布式身份解决方案
Stars: ✭ 972 (+1043.53%)
Mutual labels: privacy-protection
Responsivedevices.css
Responsive CSS Device frames for your landing pages
Stars: ✭ 59 (-30.59%)
Mutual labels: device
Parser Javascript
Browser sniffing gone too far — A useragent parser library for JavaScript
Stars: ✭ 66 (-22.35%)
Mutual labels: device
Xprivacylua
Really simple to use privacy manager for Android 6.0 Marshmallow and later
Stars: ✭ 1,222 (+1337.65%)
Mutual labels: privacy-protection
CreepJS
https://abrahamjuliot.github.io/creepjs
The purpose of this project is to shed light on weaknesses and privacy leaks among modern anti-fingerprinting extensions and browsers.
- Detect and ignore API tampering (API lies)
- Fingerprint lie types
- Fingerprint extension code
- Fingerprint browser privacy settings
- Employ large-scale validation, but allow possible inconsistencies
- Feature detect and fingerprint new APIs that reveal high entropy
- Rely only on APIs that are the most difficult to spoof when generating a pure fingerprint
Tests are focused on:
- Tor Browser (SL 1 & 2)
- Firefox (RFP)
- ungoogled-chromium (fingerprint deception)
- Brave Browser (Standard/Strict)
- puppeteer-extra
- uBlock Origin (aopr)
- NoScript
- DuckDuckGo Privacy Essentials
- Privacy Badger
- Privacy Possom
- Random User-Agent
- User Agent Switcher and Manager
- CanvasBlocker
- Trace
- CyDec
- Chameleon
- ScriptSafe
- Windscribe
Rules
Data
- data collected: user agent string, encrypted fingerprints and booleans
- data retention: auto deletes 30 days after last visit
- visit tracking: limited to data retention and new feature scaling
Signatures
- you may optionally sign your fingerprint with 4-64 characters
- signatures can be memorable descriptors
- in low entropy browsers, a signature can signal to others that the fingerprint is shared
New feature scaling
- scaling should occur no more than once per week
- new weekly features may render fingerprints anew
- view deploy history
Formulas
Trust Score
A failing trust score is unique and can be used to connect fingerprints.
- start at
100%
- less than 2 loose fingerprints: subtract
0
- less than 11 loose fingerprints: subtract
total*0.1
- *11+ loose fingerprints: subtract
total*0.2
- trash: subtract
total*15.5
- lies: subtract
total*31
- errors: subtract
total*5.2
Bot Detection
Bots leak unusual behavior and can be denied service.
- 10 loose fingerprints within 48 hours
- Headless rating > 0
- Stealth rating > 0
Version Detection
- a guess attempt is made to decrypt the browser vendor, version, renderer, engine, and platform
- this guess does not affect the fingerprint
- system is collected from
WorkerNavigator.userAgent
and auto matched to fingerprint ids - decoded samples are auto computed and manually reviewed if new
- if the worker scope is blocked and the fingerprint ids exist in the database, the version can still be detected
Tests
- js Math implementation
- js engine via console errors
- HTMLElement version
- system styles
- CSS style version
- contentWindow version
Supported
- layout rendering engines: Gecko, Goanna, Blink, WebKit
- JS runtime engines: SpiderMonkey, JavaScriptCore, V8
Definitions
Trash
- unusual results
- forgivable lies
- failed calculations that may reasonably occur at random (loose fingerprint metrics)
Lies
- prototype tampering
- mismatch in worker scope or iframe
- failed math calculations
Errors
- ungracefully blocked features that break the web
- failed executions
Loose Fingerprint
- collects as much entropy as possible
Fingerprint
- adapts to browsers and distrusts known noise vectors
- aims to ignore entropy unique to a browser version release
- gathers compressed and static entropy
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].