Browser Privacy & Canvas Fingerprint Analyzer
Client-side fingerprint collection, uniqueness scoring, bot detection, and leak analysis.
The Browser Fingerprint Analyzer collects browser attributes from your current session, including canvas fingerprint, WebGL renderer, audio context hash, installed fonts, screen metrics, and WebRTC IP data. It calculates a uniqueness score and checks for spoofing indicators and bot signatures.
Browser Privacy Test
How to Use
Work through these steps in order. Use this tool for educational and ethical purposes only.
| 1 | Select Browser Fingerprint Analyzer/Browser Privacy Test from the tool navigation. |
| 2 | Click Run Fingerprint Collection. No input is needed; the tool gathers data from your current browser. |
| 3 | Wait for the JavaScript collection phase to finish. Canvas, WebGL, and AudioContext each require a short rendering pass. |
| 4 | Review the Browser Properties panel: User-Agent, platform, language, cookie and JavaScript status, and the Do Not Track flag. |
| 5 | Check the Screen and Display panel: resolution, color depth, device pixel ratio, and viewport dimensions. |
| 6 | Review the Canvas Fingerprint hash, which is derived from rendering a test string and varies by GPU and OS font rendering. |
| 7 | Check the WebGL Fingerprint showing the GPU vendor and renderer string from UNMASKED\_VENDOR\_WEBGL. |
| 8 | Review the WebRTC IP Leak Detection panel. If a real IP address appears while a VPN is active, the leak is confirmed. Review the Uniqueness Score and Bot Detection result to see how rare your fingerprint combination is. |
What Is Browser Fingerprinting?
Browser fingerprinting is a passive tracking technique that identifies users by collecting attributes exposed by their browser, without storing anything on their device.
Passive vs. Active Tracking
Traditional tracking relies on cookies: small files written to your device that a server reads on your next visit. Block the cookie and the tracking breaks. Browser fingerprinting works differently. It reads characteristics the browser must expose to render pages correctly: screen resolution, installed fonts, graphics card behavior, timezone, and more. No write operation occurs, so there is nothing to block or delete.
Passive fingerprinting harvests signals automatically as a page loads. Your User Agent string, platform OS, and screen dimensions are transmitted with every HTTP request. Active fingerprinting goes further: JavaScript probes your hardware by rendering a hidden canvas element and hashing the pixel output. Because GPUs render graphics slightly differently depending on driver version and hardware model, this Canvas Hash acts as a near-unique device identifier, rated Critical (Unique ID) by this tool.
Why Cookies Aren’t Required
A browser fingerprint persists across sessions, incognito modes, and VPNs because it describes the browser and hardware, not a stored identifier. Clear your cookies and open a private window and your screen resolution, OS, and Canvas Hash remain identical. Trackers combine multiple signals into a probabilistic fingerprint. The more unique each signal, the higher your Uniqueness Score and the easier you are to re-identify.
This tool measures six core data points: User Agent, Platform (OS), Screen Size, Timezone, CPU Cores, and Canvas Hash. Each carries a different entropy weight, from Low (CPU core count) to Critical (Canvas Hash), giving you a clear breakdown of where your exposure is highest.
Real-World Use Cases
Browser fingerprinting is not inherently malicious. It solves real problems in fraud detection and security, but the same technique enables privacy-invasive tracking at scale.
Fraud Detection
Banks and payment processors use fingerprinting to catch account takeovers. If your account was last accessed from a Windows 10 device at 1920×1080 and a new login appears from a Linux x86_64 machine at 3072×1728, the mismatch triggers a fraud alert even if the attacker has the correct password. Fingerprinting adds a hardware-level signal that stolen credentials alone cannot fake.
Anti-Bot Systems
Anti-bot platforms like Cloudflare and PerimeterX fingerprint traffic to distinguish humans from automated scripts. A Puppeteer or Selenium bot typically exposes telltale signals: a User Agent claiming to be Chrome but running on Linux, a viewport of exactly 800×600, and a missing or generic Canvas Hash. The Defense Recommendations for Bot Developers section addresses this directly. Matching your User Agent to your actual platform and setting realistic viewport dimensions (e.g., 1920×1080) reduces bot detection rates.
Privacy-Invasive Tracking
Ad networks and data brokers use fingerprinting to build persistent user profiles across websites without consent or cookie banners. A user in the Asia/Karachi timezone running Firefox 140 on Linux x86_64 with a 3072×1728 display is a statistically rare combination. Even if each signal alone isn’t unique, the combination produces a high-entropy fingerprint. The Identifying Signals panel shows exactly which traits contribute most to your trackability.
Regulation and Ethics
GDPR Implications
Under GDPR, browser fingerprinting qualifies as personal data processing when used to identify individuals. Article 4(1) defines personal data broadly: any information that can identify a person directly or indirectly falls within scope. Organizations deploying fingerprinting scripts must have a lawful basis.
The most common basis claimed is legitimate interest (Article 6(1)(f)), typically for fraud prevention. Using fingerprinting for behavioral advertising without explicit consent violates the regulation. The Planet49 ruling by the Court of Justice of the EU (2019) clarified that pre-ticked consent boxes and bundled consent are invalid; each tracking purpose requires a separate, informed, affirmative action.
Consent Requirements
The ePrivacy Directive applies to any technology that stores or accesses information on a user’s terminal device. While fingerprinting doesn’t write data to the device, regulators in France (CNIL), Germany (DSK), and the Netherlands (AP) have ruled that reading device characteristics for tracking falls within the Directive’s scope. Websites using fingerprinting for advertising must disclose this clearly and obtain opt-in consent before the script fires.
Security-related fingerprinting for fraud detection or bot traffic generally qualifies under legitimate interest, provided organizations conduct and document a balancing test, and the fingerprint is not used beyond its declared security purpose.
Responsible Research
Running this tool against your own browser or one you have permission to test is appropriate. Using fingerprinting against third-party users, scraping fingerprint data from production systems without authorization, or re-identifying anonymized datasets without consent crosses legal and ethical lines in most jurisdictions. If you find a site deploying fingerprinting in violation of GDPR, report it to the relevant supervisory authority rather than exposing the data publicly.
Technical Details & Use Cases
Browser fingerprinting identifies users without cookies by combining browser and hardware attributes that are each common individually but collectively unique. The tool collects four high-entropy vectors.
Canvas fingerprinting renders a fixed text string and set of shapes on an HTML5 Canvas element, then hashes the pixel output. GPU rendering pipelines, OS font hinting, and anti-aliasing settings produce different results even between machines running the same browser version.
WebGL fingerprinting reads UNMASKED_VENDOR_WEBGL and UNMASKED_RENDERER_WEBGL via the debug renderer info extension. This exposes the actual GPU model and driver version, which standard WebGL queries hide for privacy reasons.
AudioContext fingerprinting generates an oscillator signal, passes it through a dynamics compressor, and hashes the resulting float array. Differences in audio hardware and driver implementations produce consistent per-device variation.
WebRTC leak detection creates a peer connection offer without a TURN server. Where WebRTC is active, the STUN binding request exposes the local network interface IP. VPNs typically route application traffic but do not intercept browser-level WebRTC connections, which is why leaks occur.
Typical use cases: privacy self-assessment, VPN leak verification, bot detection research, and web security testing.
Pros & Cons
| Pros | Cons |
| ✓ WebRTC leak detection confirms real IP exposure even when a VPN is running | ✗ Privacy-hardened browsers (Brave, Firefox with resistFingerprinting) return generic values by design, limiting what can be collected |
| ✓ Canvas and WebGL fingerprints expose hardware-level uniqueness that browser settings alone cannot mask | ✗ Canvas fingerprints can shift after GPU driver updates, so they are not stable as long-term identifiers |
| ✓ Bot detection checks for headless browser signatures and automation framework indicators | ✗ AudioContext collection may require a user gesture in certain browser security policies before it runs |
Related Web Security & Privacy Modules
Frequently Asked Questions
What is a browser fingerprint?
A profile built from attributes your browser automatically exposes: User Agent string, OS, screen resolution, timezone, CPU core count, and Canvas Hash. Unlike cookies, no data is written to your device. Websites can reconstruct it on every visit.
Does incognito mode prevent browser fingerprinting?
No. Incognito hides browsing history and deletes cookies when the session ends, but it doesn’t change your hardware or browser attributes. Your screen resolution, OS, User Agent, and Canvas Hash are identical in both normal and incognito mode.
What is a Canvas Hash and why is it rated "Critical"?
It’s a fingerprint derived from rendering a hidden HTML5 canvas element. Your GPU and graphics drivers produce slightly different pixel-level output than other hardware combinations. The tool hashes this into a stable identifier unique to your device. It’s rated Critical because it’s hardware-bound, highly stable, and difficult to spoof without a dedicated extension like Canvas Blocker.
How do I lower my Uniqueness Score?
Switch to Firefox with privacy.resistFingerprinting enabled, or use Brave which randomizes canvas output by default. Block canvas reading with Fingerprint Defender or CanvasBlocker. Normalize your User Agent string and use a common resolution like 1920×1080. Each change reduces individual signal entropy and lowers your overall score.
Is browser fingerprinting legal?
It depends on jurisdiction and purpose. In the EU, using fingerprinting for advertising or tracking without user consent violates GDPR and the ePrivacy Directive. For fraud prevention it may qualify under legitimate interest, but organizations must document a balancing test. In the US, no single federal law prohibits fingerprinting, though state regulations like the CCPA may apply when fingerprints are treated as personal identifiers.
Recosint Intelligence Suite
For Business Inquiries, Sponsorship's & Partnerships
(Response Within 24 hours)
