• AntiDETECTED. Part 2
    25.2.2019

    So, last time we talked about Quality Score and everything that this involves. You can read it here. Now let’s consider the way of deceiving the interfaces more closely to better understand how antidetect apps work.

    Canvas is an HTML5 API which is used to draw graphics and animations on a web page via scripting in JavaScript. JS-scripts gives the parameters of an image and browser, using resources of a device, renders the image. The point is that the same canvas image may be rendered differently in different computers. It may depend on the operating systems, version of a browser, installed libraries, video cards’ drivers, graphical adapters, etc.

    This is the moment when you should meet such a thing as uniqueness score. This rating shows how many devices have the same hash print as yours. The more devices have the same print, the lower your uniqueness score. For example, if 5000 devices have the same hash print per every 100.000 devices then they are unique by 95%.  The lower this figure, the better. Is it clear? Good, moving on.

    Canvas print data are enough to determine the user’s uniqueness with a figure higher than 95%. “Apple” users are doing better. Apple devices are usually custom and their uniqueness is lower by default. That is why Google and Facebook farmers tend to use their old MacBook for their dirty practices.

    Until recently, antidetect services have been dealing with Canvas fingerprinting by changing the pixel color attributes. Even small changes are enough to change the hash print. However, this method has its shortcomings. Of course, hash changes and Facebook can’t find a connection between your device and other blocked profiles. But your uniqueness score will be 100% (or almost so). At best, your print will coincide with the prints of other users of the same antidetect service. But this will not help much. It’s like wear a Batman mask and walk around town. Of course, no one will see your real face but everyone will look at you like you are an idiot.

    Moreover, Facebook can match the specified rendering parameters and the process of rendering different images in the browser and, thus, can find a forgery of hash print. So Facebook will understand that you are a user of an antidetect service. And it won’t bode well.

    WebGL is JavaScript API, it uses more than 300 simple primitive functions for rendering more complex 3D images with the OpenGL library. You can get a different number of the metadata parameters depending on the video card. The tests say that because of JS, Facebook receives only those parameters that are needed to render an image correctly on a device. There is no complete WebGL fingerprinting process. But it doesn’t mean that other services (that Facebook uses) do not as well.

    Changing print is performed by changing the transparency of colors. Unfortunately, you can find any public WebGL print data for comparison. But we can assume that the uniqueness of such modified print will be almost 100% as well. Moreover, WebGL and Canvas can literally check one another because complex 3D images consist of more simple 2D images. The difference between Canvas and WebGL rendering makes Facebook 100% sure that somebody wears a Batman mask.

    WebRTC is a browser standard which allows users to make audio and video calls right in the browser, without using another software. Very useful but not so safe. A website can get the information about an audio adapter and all the audio devices like webcam, microphone, speakers. However, the devices’  producers supply them with hash identification. So, Facebook knows not just about the existence of a device but it knows their ID as well. Also, the browser leaks your local and public IP-addresses (bypassing VPN, of course).

    Seems like every person in the right mind should turn WebRTC off once and forever. But! Disabled WebRTC is a wake-up call for every antifraud system because normal users don’t turn it off so this may add you a few percents of uniqueness.

    Antidetect of the system can change both local and public IP-addresses in the WebRTC interface but you can’t make audio and video calls anymore (using your browser, of course). You can find more info about WebRTC here: https://browserleaks.com/webrtc#webrtc-device-id.

    Fonts. By measuring the size of the text in HTML, overlaying texts on each other and other techniques, the antifraud systems can recognize the list of the installed fonts in the system. Some techniques force the browser to use the installed libraries to display texts. Depending on the operating system (GDI and DirectWrite for Windows, Core Text for MacOS and Pango for Linux), the libraries behave differently and it creates some further opportunities to determine the user’s system even using the emulators and anti-detect programs.

    Modernizr – is a js-library that allows you to identify 290 features of a browser in a moment. The thing is that the set of these features may vary in different versions of a browser. Most people have an auto-update browser. So, using the early versions of Chrome and FireFox increases your uniqueness score, which is not good.

    Fortunately (for us), anti-detect services always update the content of their browsers to the current versions of Mozilla Firefox and Chrome.

    Facebook doesn’t rely only on collecting and analyzing the data. Its primary strength is in dynamics, focus on analyzing the behavior of users and optimizing algorithms. That is why using identical consumables and typical schemes always lead to tighter control. WebGL metadata and Modernizr content (every print of two billion users) storage is extremely powerful technology. In turn, there is a global behavioral data-base already. They are used in the anti-fraud service of Facebook

    Correct and careful use of identity protection services can be the basis for successful work. So what’s the deal if you can run black-hat campaigns and scale up if you can’t even launch lead type ads?

    That’s it for today. Next time we will talk about antidetect services and how do they work. Stay tuned 😉

     

0 Comment

    Leave your comment