Browser fingerprinting is the most sophisticated tracking method used by modern websites. This deep-dive explains how it works and how KeLAAX Stealth defeats every known technique.
What is Browser Fingerprinting?
Browser fingerprinting collects dozens of browser and hardware characteristics to create a unique identifier—without cookies or login.
How Detection Works
| Data Category | Examples | Uniqueness Contribution |
|---|---|---|
| Canvas | Rendering hash | Very High |
| WebGL | GPU info, shaders | Very High |
| Audio | Processing signature | High |
| Fonts | Installed typefaces | High |
| Hardware | Screen, CPU, memory | Medium |
| Navigator | User agent, plugins | Medium |
| Timing | API response times | Low-Medium |
💡 The Challenge: Even with randomization, inconsistencies between these values reveal automation. KeLAAX solves this by maintaining perfect internal consistency.
Canvas Fingerprinting
How Websites Detect You
Websites draw invisible images and hash the pixel data:
// Detection script (simplified)
const canvas = document.createElement('canvas');
const ctx = canvas.getContext('2d');
ctx.fillText('fingerprint test', 10, 50);
const hash = canvas.toDataURL(); // Unique per GPU/driver
How KeLAAX Defeats It
| Technique | Implementation | Result |
|---|---|---|
| Noise Injection | Profile-specific pixel modifications | Unique but consistent hash |
| Deterministic Seed | Same profile = same noise | Passes consistency checks |
| Imperceptible Changes | Sub-pixel level modifications | No visual difference |
Real Browser: hash = "a1b2c3d4..."
KeLAAX Profile A: hash = "x9y8z7w6..." (unique, consistent)
KeLAAX Profile B: hash = "m4n5o6p7..." (different profile = different hash)
WebGL Fingerprinting
How Websites Detect You
WebGL reveals GPU and driver information:
// Detection script
const gl = canvas.getContext('webgl');
const renderer = gl.getParameter(gl.RENDERER); // "NVIDIA GeForce RTX 3080"
const vendor = gl.getParameter(gl.VENDOR); // "NVIDIA Corporation"
How KeLAAX Defeats It
| Attack Vector | KeLAAX Response |
|---|---|
| Renderer string | Spoofed to match profile |
| Vendor string | Consistent with renderer |
| Shader precision | Realistic values |
| Extension list | Profile-appropriate |
| GLSL hash | Matches expected output |
⚠️ Consistency Rule: A "MacBook Pro" profile shows "Intel Iris Plus" graphics, not "NVIDIA RTX 3080". KeLAAX ensures all components match.
Audio Context Fingerprinting
How Websites Detect You
Audio processing creates unique signatures:
// Detection script
const ctx = new AudioContext();
const oscillator = ctx.createOscillator();
const analyser = ctx.createAnalyser();
oscillator.connect(analyser);
// Resulting waveform is unique per device
How KeLAAX Defeats It
| Technique | What It Does |
|---|---|
| Output Modification | Subtle, imperceptible changes |
| Profile Binding | Same profile = same audio fingerprint |
| Timing Adjustment | Matches expected processing delays |
Font Enumeration
How Websites Detect You
Font availability reveals the operating system and installed software:
// Detection script
const fonts = ['Arial', 'Helvetica', 'Calibri', 'MS Gothic', 'Apple Symbols'];
fonts.forEach(font => {
if (document.fonts.check(`12px "${font}"`)) {
// Font is installed - add to fingerprint
}
});
How KeLAAX Defeats It
| OS Profile | Font Set |
|---|---|
| Windows 10 | Arial, Calibri, Segoe UI, etc. |
| Windows 11 | Windows 10 fonts + new additions |
| macOS | SF Pro, Helvetica Neue, etc. |
| Android | Roboto, Droid Sans, etc. |
| iOS | SF Pro, Apple Symbols, etc. |
💡 Realism: KeLAAX doesn't just list fonts—it respects installation order, version-specific availability, and regional font packs.
Advanced Fingerprinting Defenses
TLS/JA3 Fingerprinting
Beyond browser APIs, your TLS handshake reveals you:
| Element | What It Reveals | KeLAAX Solution |
|---|---|---|
| Cipher suites | Browser type | Matches real browser order |
| Extensions | Feature support | Profile-appropriate |
| ALPN protocols | HTTP version | Consistent with UA |
Client Hints
Modern browsers send device hints:
navigator.userAgentData.brands
// [{"brand":"Chromium","version":"120"}, ...]
| Hint | KeLAAX Handling |
|---|---|
| Sec-CH-UA | Matches user agent |
| Sec-CH-UA-Platform | Matches profile OS |
| Sec-CH-UA-Mobile | Matches device type |
Hardware Concurrency
navigator.hardwareConcurrency // CPU cores
| Profile | Value |
|---|---|
| Low-end laptop | 2-4 |
| Mid-range desktop | 6-8 |
| High-end workstation | 12-16 |
The Consistency Principle
Random is detectable. Consistent is natural.
❌ Wrong Approach (Detection Risk)
Session 1: 1920×1080, 8GB RAM, 4 cores, Windows fonts
Session 2: 1440×900, 16GB RAM, 2 cores, macOS fonts ← Same "profile"
Result: FLAGGED - Impossible configuration
✅ KeLAAX Approach (Undetectable)
Session 1: 1920×1080, 8GB RAM, 4 cores, Windows fonts
Session 2: 1920×1080, 8GB RAM, 4 cores, Windows fonts ← Same profile
Result: PASSED - Consistent, realistic identity
Verify Your Setup
Recommended Test Sites
| Site | What It Tests | Expected Result |
|---|---|---|
| BrowserLeaks.com | Comprehensive fingerprint | Unique hash, no bot flags |
| AmIUnique.org | Uniqueness score | "You are unique" (expected) |
| CreepJS | Advanced detection | Low/no detection score |
| PixelScan.net | Bot detection | No automation detected |
What to Check
✅ Unique fingerprint hash (not your real one) ✅ Consistent across page reloads ✅ No "headless browser" indicators ✅ Realistic hardware specifications ✅ Proper font enumeration for profile OS
Best Practices
✅ Do This
| Practice | Why It Matters |
|---|---|
| Enable all spoofing features | Partial spoofing is detectable |
| Match profile to proxy location | Geographic consistency |
| Test before campaigns | Verify fingerprint quality |
| Keep application updated | New detection methods emerge |
❌ Avoid This
| Practice | Risk |
|---|---|
| Mixing profiles mid-session | Inconsistency detection |
| Disabling individual spoofers | Partial fingerprint reveals real device |
| Ignoring test site warnings | Campaigns will fail |
| Using outdated version | New fingerprinting methods |
Troubleshooting
| Issue | Cause | Solution |
|---|---|---|
| Fingerprint flagged as bot | Missing behavior simulation | Enable human behavior features |
| Test site shows real GPU | WebGL spoofing disabled | Settings → Spoofing → Enable WebGL |
| Inconsistent between loads | Profile not locked | Use specific profile, not random per-page |
| Canvas hash matches real device | Canvas spoofing off | Settings → Spoofing → Enable Canvas |
Related Documentation
- Profile Management - Profile selection and rotation
- Traffic Generation - Using fingerprints in campaigns
- Troubleshooting - Detection issues