Detect ClientRects Fingerprint

Do I have a clientrects fingerprint spoofer installed in my browser



This page uses different techniques to recognize whether a browser extension is installed to spoof the clientrects fingerprint result or not. Sometimes to protect browser identity, a browser extension adds random noise to the getClinetRects function metrics (i.e. width, height, etc) to alter the fingerprint result (hash code). Although the actual identity might be protected, there are still methods to detect whether the clientrects result is manipulated or not. For instance, if manipulation is identified, the server may decide to ignore the clientrects identity and use a different approach to identify the browser session.

Fingerprint Spoofed

Is browser clientrects fingerprint spoofedLoading...

Fingerprint Results

Fingerprint ID
Method: red solid box
Sample Elements
ClientRects Metrics
Fingerprint ID
When: before DOM load
Fingerprint ID
When: after DOM load
Is fingerprint spoofed by random noiseLoading...

What is clientrects fingerprinting?

It is a technique used to identify a browser. This method can be used to distinguish a browser, for instance, display personalized advertisements or uniquely identify a browser on the next visit(s) even though a user has no login details available. This fingerprinting technique generates a unique identifier based on the dimensions and positions of elements on a webpage. The getClientRects() method is a part of the DOM (Document Object Model) API in JavaScript. It returns a collection of rectangles that represent the bounding positions of a particular element relative to the viewport or another element. By combining the dimensions and positions of multiple elements using getClientRects(), developers can create a unique fingerprint for a webpage or a specific section of it.

Is getClientRects a popular method for fingerprinting?

getClientRects() method itself is not as popular as some other fingerprinting techniques like canvas fingerprinting. However, it can still be used as part of a fingerprinting strategy, especially when combined with other methods. While getClientRects() provides information about the position and dimensions of elements on a webpage, it may not be as reliable for fingerprinting purposes alone. This is because the layout of a webpage can vary depending on factors like the browser window size, zoom level, or CSS styles. However, when combined with other fingerprinting techniques, getClientRects() can contribute to building a more robust and unique fingerprint of a user's browser. For example, it can provide additional data points that help to differentiate one user from another, especially when used in conjunction with other DOM-related properties and methods. Overall, while getClientRects() may not be as popular or as effective for fingerprinting as some other methods, it still has the potential to be used as part of a broader fingerprinting strategy. Therefore, it's important to consider it when implementing privacy protections and anti-fingerprinting measures in web browsers.

How can I protect my browser to prevent clientrects fingerprinting

Some browsers have internal modules that the user can activate to protect against clientrects fingerprinting. Some others do not offer such a capability. In these browsers, you can install a browser extension to simulate the native behavior. A module needs to alter the clientrects function (getClientRects) so that the fingerprint data would be altered and not unique. There are two popular methods to achieve this. Some browsers or extensions add random noise (i.e. nearly invisible pixels) into the ClientRects calculations which would result in an invalid identification hash code. Some others insert pixels in random positions or (add noise to the current pixel positions) to make sure each fingerprint is different from the previous one. The former method generates a unique ID, but this ID is "new" and hence browser information is protected. According to our tests, the first method protects the user even more by generating random IDs on each visit.

If I have clientrects fingerprint protection enabled, is it still possible to identify my browser?

The short answer is Yes, but, it is much harder to identify your browser comparing to when you don't have any protection method. Read below to get more info about browser identification.

There are many methods to identify a browser. The clientrects fingerprinting is a popular and old method. Note that even if you have the fingerprint protection enabled, still, most likely, it is possible to detect that there is a protection method active. In this page, there are two methods used for protection detection.

1. Detect fixed clientrects manipulation: in this technique, a fixed (and small) rectangle is added to the DOM and then the hash code is generated based on the clientrects metrics. If there is no protection in place, a determined value for the hash code is expected. If not, then the browser uses the first protection method.

2. In this method, the hash code is generated twice once before the DOM is ready and once after it is fully loaded on the same elements. If hash codes differ, then the fingerprinting is protected. Note that it is possible to identify protection and use an alternative method if the ID that is generated by this method is unreliable.

Related Blog Posts

  1. Privacy Concerns in Browsers: With some extensions spying on people and Firefox getting ads, is there a better browser than others for privacy? Should one use something such as...
  2. The Best Privacy and Security-Focused Web Browsers: The truth is that the web browser which one uses knows a lot about them. For example, it knows which sites one visits. However, the question is which are the best browsers for privacy...
Comments and feedback