Documentation
PART 2 — Cryptography, Infrastructure & Metadata
Module 4 —
4.2 Browser-Level Identity Leaks: Fingerprinting Anatomy

4.2 Browser-Level Identity Leaks: Fingerprinting Anatomy

In many real-world deanonymization cases, Tor worked correctly and the network layer was intact—yet users were still identified.
The common failure point was the browser layer.

Browser fingerprinting exploits the fact that modern browsers expose a large amount of observable, semi-stable metadata. When combined, this metadata can uniquely identify a user or link sessions over time—even across anonymous networks.

This chapter explains what browser fingerprinting is, why it works, and how it undermines hidden-network anonymity, without providing exploitation steps.

A. What Is Browser Fingerprinting?

Browser fingerprinting is the practice of identifying or linking a browser instance by observing attributes it reveals during normal operation.

Unlike cookies:

  • fingerprinting does not require storage on the user’s device

  • it often works even when cookies are disabled

  • it can persist across sessions and network changes

Fingerprinting relies on passive observation, not active compromise.

B. Why Browsers Leak Identity Information

Browsers are designed to:

  • optimize user experience

  • support diverse hardware and software

  • expose capabilities to websites

These goals conflict with anonymity.

Every exposed feature increases the entropy of a browser’s observable profile.

C. Core Components of a Browser Fingerprint

Fingerprinting is combinatorial: individual signals may be common, but their combination becomes unique.

1. User-Agent and Platform Information

Includes:

  • browser name and version

  • operating system

  • CPU architecture

Even coarse differences can split anonymity sets.

2. Screen and Display Characteristics

Examples:

  • screen resolution

  • color depth

  • device pixel ratio

These are influenced by hardware and OS settings and tend to remain stable.

3. Fonts and Rendering Behavior

Browsers differ in:

  • installed fonts

  • font fallback order

  • text rendering quirks

Font metrics and rendering outputs have been shown to be highly identifying.

4. JavaScript-Exposed APIs

APIs can reveal:

  • timezone

  • locale

  • system preferences

  • hardware concurrency

  • memory estimates

Even when values are rounded, patterns remain.

5. Canvas and WebGL Fingerprinting

Graphics APIs can leak:

  • GPU model

  • driver behavior

  • floating-point precision quirks

The same drawing code can produce slightly different outputs on different systems.

6. Audio and Media Stack Behavior

Audio APIs may reveal:

  • audio hardware characteristics

  • sample rate handling

  • processing differences

This creates another entropy source.

D. Why Fingerprinting Is Especially Dangerous on Tor

Tor hides:

  • IP address

  • network location

  • routing paths

But Tor does not change how the browser renders content by default.

If a Tor user’s browser is:

  • unique

  • customized

  • inconsistent with the majority

Then:

  • sessions can be linked

  • activity can be correlated

  • anonymity sets shrink dramatically

This is why Tor Browser exists.

E. The Role of Tor Browser: Standardization, Not Invisibility

Tor Browser does not aim to make users invisible.
It aims to make users indistinguishable from each other.

Key Strategy: Uniformity

  • same user-agent for all users

  • same window sizes (letterboxing)

  • same fonts

  • same extensions

  • same configuration

Anonymity comes from blending in, not standing out.

F. How Customization Causes Self-Deanonymization

Research consistently shows that:

  • browser customization increases fingerprintability

Examples of risky customization:

  • installing extra extensions

  • resizing windows freely

  • changing default settings

  • enabling experimental features

Each deviation reduces the anonymity set.

G. Browser Fingerprinting vs Hidden Services

Fingerprinting affects:

  • visitors to onion services

  • administrators accessing their own services

  • developers testing hidden services

If the same browser is used:

  • on clearnet and Tor

  • or across different onion services

Linkability becomes possible without breaking Tor.

H. Documented Research Findings

1. High Uniqueness of Browser Fingerprints

Large-scale studies show that:

  • most browsers are uniquely fingerprintable

  • uniqueness increases over time

2. Stability Over Time

Fingerprints:

  • change slowly

  • persist across sessions

  • survive IP changes

This makes them ideal for long-term tracking.

3. Difficulty of Complete Mitigation

Blocking one signal (e.g., canvas) is insufficient.
Fingerprinting relies on many weak signals combined.

I. Why Fingerprinting Is Hard to Defend Against

Defending against fingerprinting requires:

  • redesigning browser APIs

  • sacrificing performance or features

  • enforcing uniform behavior

This is why:

  • fingerprinting remains an active research area

  • defenses evolve slowly

  • mistakes reappear in real cases

J. Lessons Learned from Browser-Level Failures

From past incidents and research, several lessons emerged:

  1. Anonymity is collective
    You are only as anonymous as the group you blend into.

  2. Customization is dangerous
    Personalization increases identifiability.

  3. Network anonymity ≠ application anonymity
    Tor protects traffic, not behavior.

  4. Standardization beats concealment
    Uniformity reduces entropy more effectively than blocking APIs.

docs