 | Detect ClientRects FingerprintDo I have a clientrects fingerprint spoofer installed in my browser |  |
| Detect ClientRects FingerprintDo I have a clientrects fingerprint spoofer installed in my browser | |
This page uses different techniques to recognize whether a browser extension is installed to spoof the clientrects fingerprint result or not. Sometimes to protect browser identity, a browser extension adds random noise to the getClinetRects function metrics (i.e. width, height, etc) to alter the fingerprint result (hash code). Although the actual identity might be protected, there are still methods to detect whether the clientrects result is manipulated or not. For instance, if manipulation is identified, the server may decide to ignore the clientrects identity and use a different approach to identify the browser session.
Fingerprint Spoofed | |
| Is browser clientrects fingerprint spoofed | Loading... |
Fingerprint Results | |
Fingerprint ID Method: red solid box | Loading... |
| Sample Elements | ClientRects Metrics Loading... |
Fingerprint ID When: before DOM load | Loading... |
Fingerprint ID When: after DOM load | Loading... |
| Is fingerprint spoofed by random noise | Loading... |
It is a technique used to identify a browser. This method can be used to distinguish a browser, for instance, display personalized advertisements or uniquely identify a browser on the next visit(s) even though a user has no login details available. This fingerprinting technique generates a unique identifier based on the dimensions and positions of elements on a webpage. The getClientRects() method is a part of the DOM (Document Object Model) API in JavaScript. It returns a collection of rectangles that represent the bounding positions of a particular element relative to the viewport or another element. By combining the dimensions and positions of multiple elements using getClientRects(), developers can create a unique fingerprint for a webpage or a specific section of it.
getClientRects() method itself is not as popular as some other fingerprinting techniques like canvas fingerprinting. However, it can still be used as part of a fingerprinting strategy, especially when combined with other methods. While getClientRects() provides information about the position and dimensions of elements on a webpage, it may not be as reliable for fingerprinting purposes alone. This is because the layout of a webpage can vary depending on factors like the browser window size, zoom level, or CSS styles. However, when combined with other fingerprinting techniques, getClientRects() can contribute to building a more robust and unique fingerprint of a user's browser. For example, it can provide additional data points that help to differentiate one user from another, especially when used in conjunction with other DOM-related properties and methods. Overall, while getClientRects() may not be as popular or as effective for fingerprinting as some other methods, it still has the potential to be used as part of a broader fingerprinting strategy. Therefore, it's important to consider it when implementing privacy protections and anti-fingerprinting measures in web browsers.
Some browsers have internal modules that the user can activate to protect against clientrects fingerprinting. Some others do not offer such a capability. In these browsers, you can install a browser extension to simulate the native behavior. A module needs to alter the clientrects function (getClientRects) so that the fingerprint data would be altered and not unique. There are two popular methods to achieve this. Some browsers or extensions add random noise (i.e. nearly invisible pixels) into the ClientRects calculations which would result in an invalid identification hash code. Some others insert pixels in random positions or (add noise to the current pixel positions) to make sure each fingerprint is different from the previous one. The former method generates a unique ID, but this ID is "new" and hence browser information is protected. According to our tests, the first method protects the user even more by generating random IDs on each visit.
The short answer is Yes, but, it is much harder to identify your browser comparing to when you don't have any protection method. Read below to get more info about browser identification.
There are many methods to identify a browser. The clientrects fingerprinting is a popular and old method. Note that even if you have the fingerprint protection enabled, still, most likely, it is possible to detect that there is a protection method active. In this page, there are two methods used for protection detection.
1. Detect fixed clientrects manipulation: in this technique, a fixed (and small) rectangle is added to the DOM and then the hash code is generated based on the clientrects metrics. If there is no protection in place, a determined value for the hash code is expected. If not, then the browser uses the first protection method.
2. In this method, the hash code is generated twice once before the DOM is ready and once after it is fully loaded on the same elements. If hash codes differ, then the fingerprinting is protected. Note that it is possible to identify protection and use an alternative method if the ID that is generated by this method is unreliable.