How anti-fraud systems understand that you are changing your real digital fingerprint

Blog » How anti-fraud systems understand that you are changing your real digital fingerprint

On the web, you can meet users’ reports that various scanners detect the use of anti-detect browsers.

The reason for this can be not only in the browser, but also in the actions of the user himself. We’ve collected all the basic parameters that show that a user is trying to hide his real digital fingerprints and suggested ways to reduce the risk of detection🤏.

Why do anti-detect browsers have problems with emulation 😐

Every anti-detect browser has two key functions:

  1. Changing the real digital fingerprint.
  2. Emulation. Make you look like an ordinary user.

The truth is that so far, there is not a single publicly available anti-detect browser that can completely make an ordinary user out of you. 

This is due to the fact that each anti-fraud system has its own unique mechanisms: they analyze a different amount of data, in a different order, and draw conclusions from this data in different ways. Because of this, it happens that one anti-detect tool is better suited for Twitter and another one is better for Zuckerberg’s social network.

At the same time, there are some recommendations, following which you can significantly improve the quality of emulation. 

The main reasons why anti-fraud systems can see the changing of the real digital fingerprint

Below are the main parameters by which anti-fraud systems see the differences:

1️⃣ IP

This is one of the most popular parameters with which problems arise.

What’s the problem

  • The real IP is not hidden. Some users think that anti-detection software automatically changes their real IP address. In reality, anti-detects have the functionality to change the data, but first you need to get this new IP address. To do this, you need to buy a proxy. Some browsers have the option of buying proxies from their partners. 
  • They use proxies of the wrong geo. For example, the user plans to work with Brazilian users and creates a Brazilian account, but buys Russian proxies. As a result, his data is detected as Russian, which can cause problems on the website. 
  • Buying inappropriate proxies. In order to save money, users buy cheap proxies or even use free ones. In this case, there is a risk that the IP has already been used in many places and is blocked by most popular sites. Moreover, such proxies can be dangerous since they can be used by intruders. 

What to do

  • Use proxies when working with the anti-detect browser, otherwise your real IP address will not be masked. 
  • Buy proxies only from trusted stores
  • Make sure your IP address matches the geo of your account.
  • Choose proxies depending on your tasks. The most secure proxies are HTTPS and SOCKS5. However, if you need many IP addresses for different profiles, it’s better to choose mobile proxies. They are more expensive, but due to the ability to update IP, they can be much cheaper.

2️⃣ Fonts

One of the main parameters that gives out the fact that you are changing your real fingerprint.

What’s the problem

Every operating system has a set of fonts to use: standard and system fonts. The standard fonts are the well known ones: Arial, Times New Roman, etc. The thing about them is that they can be found in any operating system. 

But the system fonts may be unique to each particular system. 

Let’s imagine that the user has a Windows laptop, but in the digital print it specifies macOS. Because of the differences in system fonts, anti-fraud systems will realize that you are masking your real digital print. Moreover, the difference will be visible not only in the font set itself, but also in its design: macOS and Windows can differently display even the same font.

What to do

If possible, select in the digital print the same operating system(OS) as from which you are planning to work from. If you have a powerful PC and laptop, install Linux as a second operating system, then install the system fonts of the operating system you want on it. Linux acts as an intermediate system between Windows and macOS, so it can smooth out the differences in fonts.

3️⃣ Browser

All anti-detects work on the basis of some standard browser. Typically, it is Chrome, Chromium, or Firefox. Chrome is the same as Chromium, but with Google services enabled and some changes in the browser’s internal functionality. 

What’s the problem

Each browser has its own unique parameters and features that distinguish it from others. Normal users won’t notice these features, but anti-fraud systems will. This way, they will understand that the user has tampered with the fingerprint.

What to do

Make sure that the data of your masked digital fingerprint matches the browser, on which the anti-detect browser is based. This is shown in the Useragent. All anti-detect developers make it clear on which browsers their anti-detect is made. For example, Dolphin{anty} is based on Chromium. 

4️⃣ The characteristics of the device 

Some users, in an attempt to convince anti-fraud systems of the reality of their fingerprints, change the parameter data of the device itself: Audio, Canvas 2d(usual Canvas), Canvas 3d, etc. 

What’s the problem

The fingerprint can become:

  • Unrealistic. Since the parameters in the device fingerprints are related to each other, manually changing the parameters can be a combination of data that does not exist.
  • Too unique, which will also attract the attention of anti-fraud systems.

What to do

Do not change the fingerprint parameters that relate to the device itself: Canvas, Audio, WebGL. 

5️⃣ WebRTC

WebRTC describes parameters for transferring audio, video and content between browsers and applications. It is used as a replacement for Flash. 

What’s the problem

It often happens that this parameter shows your real IP, even if you use a proxy. 

What to do

If you see your real IP leaked by WebRTC, the best solution is to ask the anti-detects team what to do about it. This is due to the fact that some anti-fraud systems see that a person is changing IP, but take no action against the user. This is especially true currently, when many sources and sites are blocked in Russia. 

6️⃣ Mobile device on the web 

Some users try to emulate a mobile device from the web versions of the anti-detect programs.

What’s the problem

Mobile devices differ from the web versions in hundreds of ways, including screen resolution, network performance, data transmission methods, device type, etc. Given that anti-detects do not give 100% emulation even on the web version, it will be even lower when trying to emulate a mobile version.

What to do

Even if your anti-detect browser has the functionality to emulate a web version for mobile, it is better to use it with caution and not to test it on accounts that are important to you. Otherwise, there is a risk that they may be sent for verification or even blocked.

And lastly👌🏼

Before you start working in a particular anti-detect:

  1. Test the anti-detect thoroughly. It is better not to use your best accounts right away: if the anti-detect does not work well, you can lower your account’s trust rate or even get banned. Even better, if anti-detect has a free plan: then you will have more time to test. For example, Dolphin{anty} has a completely free rate for 10 browser profiles.
  2. Check the quality of protection through scanners. It is better to check through several scanners to get a more complete picture. However, it is important that scanners give a general idea of what data can potentially be seen by site security systems. In fact, each anti-fraud system has its own algorithms: just because the scanner will show 100% authenticity does not mean that you will pass the anti-fraud check and vice versa. 
  3. If you have just started using anti-detection, read our article on ☝️ what mistakes users make when using anti-detect browsers.

✍️If you are using Dolphin{anty} anti-detection and have questions about configuring or working with the browser support or the user community