You can’t hide.
I recently came across a website, http://webkay.robinlinus.com/, that uses multiple tricks to fingerprint the device you’re using to view it. It finds a lot of info, and I wanted to know how it works.
First things first, if you’re running a script blocker like NoScript or ScriptSafe none of these things are going to work without whitelisting the underlying scripts.
The first piece of info this site shows you is your location.

It uses the google GeoLocation API. You can fool it by using a proxy, but it uses some dastardly clever stuff to guess your location. It’s pretty much a given that google knows all.
The next section looks for your software.

There are different ways to get this info, but it looks like they are using the UAParser and some other built in functions.
You can try it for yourself in the Developer Tools Console.
>var parser = new UAParser();>console.log(parser.getOS())
Object {name: "Mac OS", version: "10.12.0"}>console.log(parser.getBrowser().name)
Chrome
Next it shows you detected hardware.

>console.log(navigator.platform)
MacIntel>console.log(navigator.hardwareConcurrency)
4
The next section shows connection speed and local IP address.

It downloads a file of known size and times the download, and uses WebRTC to find your local IP. I don’t fully understand all the ins and outs of the WebRTC portion, but it looks pretty sneaky.
Next up is the Social Media checker.

Looking at the scripts/social-media.js, it looks like it tries to download a favicon from various sites, and based on whether or not it loads it can tell if you are logged in.
It goes through a few more things, and you can see the scripts it uses in the Developer Tools.
I’ve found a few other things that you can see from the browser. The little javascriptlet below will make a popup appear with your current battery level.
navigator.getBattery().then(function(battery) {
function battInfo() {
updateLevelInfo();
}
battInfo();
battery.addEventListener('levelchange', function(){
updateLevelInfo();
});
function updateLevelInfo(){
alert("batt lev: " + battery.level * 100 + "%");
}
});The lesson is, everybody knows everything about you. Unless you really try to be incognito, and even then you’ll probably mess something up. Like these guys.
Thanks.
