No-JS Fingerprinting

No-JS Fingerprinting is a POC that you can do fingerprinting — a way of uniquely identifying browsers — without the need for JavaScript. Fingerprinting is a way of identifying browsers without the use of cookies or data storage. Created using properties like language and installed fonts, your fingerprint stays the same even if your browser …

No-JS Fingerprinting is a POC that you can do fingerprinting — a way of uniquely identifying browsers — without the need for JavaScript.

Fingerprinting is a way of identifying browsers without the use of cookies or data storage. Created using properties like language and installed fonts, your fingerprint stays the same even if your browser is in incognito mode.

This demo further illustrates that fingerprinting is possible — even without JavaScript and cookies.

After clicking on “See more details” — or by taking a peek at the HTML source — you can see that the fingerprinting is done using:

When a certain aspect is supported, a request to a server-side script located at /signal/{sessionId}/{feature}/ is made to gather everything:

@supports(-webkit-app-region: inherit) { .css_probe_1 { background: url('/signal/123456789/cssBlink/') } }
@supports(-moz-appearance: inherit) { .css_probe_2 { background: url('/signal/123456789/cssGecko/') } }
@supports(-apple-pay-button-style: inherit) { .css_probe_3 { background: url('/signal/123456789/cssWebkit/') } }
@supports(-webkit-touch-callout: inherit) { .css_probe_4 { background: url('/signal/123456789/cssMobileWebkit/') } }
@supports(-moz-osx-font-smoothing: inherit) { .css_probe_5 { background: url('/signal/123456789/cssMacGecko/') } }
@supports(accent-color: inherit) { .css_probe_6 { background: url('/signal/123456789/cssTorGecko/') } }
…
@font-face { font-family: 'Roboto'; src: local('Roboto'), url('/signal/123456789/robotoFontAbsence/') format('truetype') }
@font-face { font-family: 'Ubuntu'; src: local('Ubuntu'), url('/signal/123456789/ubuntuFontAbsence/') format('truetype') }
@font-face { font-family: 'Calibri'; src: local('Calibri'), url('/signal/123456789/calibriFontAbsence/') format('truetype') }

No-JS Fingerprinting →
No-JS Fingerprinting Source (GitHub) →


Print Share Comment Cite Upload Translate
APA
Bramus! | Sciencx (2024-03-28T12:38:33+00:00) » No-JS Fingerprinting. Retrieved from https://www.scien.cx/2021/10/28/no-js-fingerprinting/.
MLA
" » No-JS Fingerprinting." Bramus! | Sciencx - Thursday October 28, 2021, https://www.scien.cx/2021/10/28/no-js-fingerprinting/
HARVARD
Bramus! | Sciencx Thursday October 28, 2021 » No-JS Fingerprinting., viewed 2024-03-28T12:38:33+00:00,<https://www.scien.cx/2021/10/28/no-js-fingerprinting/>
VANCOUVER
Bramus! | Sciencx - » No-JS Fingerprinting. [Internet]. [Accessed 2024-03-28T12:38:33+00:00]. Available from: https://www.scien.cx/2021/10/28/no-js-fingerprinting/
CHICAGO
" » No-JS Fingerprinting." Bramus! | Sciencx - Accessed 2024-03-28T12:38:33+00:00. https://www.scien.cx/2021/10/28/no-js-fingerprinting/
IEEE
" » No-JS Fingerprinting." Bramus! | Sciencx [Online]. Available: https://www.scien.cx/2021/10/28/no-js-fingerprinting/. [Accessed: 2024-03-28T12:38:33+00:00]
rf:citation
» No-JS Fingerprinting | Bramus! | Sciencx | https://www.scien.cx/2021/10/28/no-js-fingerprinting/ | 2024-03-28T12:38:33+00:00
https://github.com/addpipe/simple-recorderjs-demo