Windows 11 - Recognised as Windows 10 ? #234
Comments
|
Thank you for your interest in the code and how it detects browser fingerprinting. The device section is derived from the The fingerprinting score is calculated based on several factors, such as how your browser renders emojis and unicodes, which are special characters that can be displayed on web pages. Different operating systems and browsers may render these characters differently, which can make them more or less unique. The code captures this difference and reflects it in the fingerprinting score. A more important indicator of the fingerprinting score is the crowd-blending score, which measures how well your browser blends in with other browsers in the same group. The group is defined by the device, timezone, and settings of your browser. The more you blend in with other browsers in your group, the higher your fingerprinting score. Windows 10 browsers have a higher crowd-blending score than Windows 11 browsers because there are more Windows 10 users than Windows 11 users. However, you can still improve your crowd-blending score by joining a smaller group with similar device, timezone, and browser settings as yours. Your current crowd-blending score of 71.5% is normal and can be improved with some tweaks. I hope this helps you understand how the code works and how to improve your fingerprinting score. |
|
Wow thanks a ton for clarifying everything! It's extremely helpful and it makes perfect sense now! Interestingly, without me doing anything else, just refreshing the creepjs tool a few hours later my Windows 11 score went up to 95.5%
I purposefully waited for 2 days, and kept refreshing creepsjs to see if it will go back down to %71.5 but it never did. So I assume that creepsjs needs a few tries to get the score right? Because as I said, I didn't change anything or make any modifications to the Win11 system. Literally just went outside, came back home a few hours later and opened creepsjs again to see a score of 95.5% Which is awesome! And the crowd-blending score below is 96%! Is this the maximum a Win11 system can get? Since as you mentioned, the global/collective sample size is much smaller than the Win10 systems. |
|
Nice. Yeah, it can take anywhere from a few minutes to a few days for the score to improve. The code provides greater confidence in fingerprints that return regularly. It might reach 100%. I have an ancient Chromebook that has an incredibly unique fingerprint. It gets close to 100%. |
|
|
|
Lol, I need to add a final boss level if you reach 100%. |
|
I indeed reached 100% on the same win11 machine today haha. I'm connecting through different IPs - sometimes a data center one, others a mobile, depending on whether I'm using my VPN or if I've tethered my phone's mobile network. So the "first visited date" changes.
The crowd blending score is still 96% as it was previously. I do have a Linux machine which is perpetually stuck at 71.5% no matter how many refreshes and revisits I do though haha. Thanks again for developing this world-class tool. It's a thing of beauty! Do you think big websites who specialize in fingerprinting, such as Facebook, use similar methods to assess the browser's trust score? |
|
You're welcome. Thank you for the kind words. A lot of what you see here is inspired by the work of others. The scoring is largely experimental and educational fun, and does not draw from real-world systems. However, some concepts such as anomaly detection and time series tracing are probably used on large websites. |
|
Sorry to resurrect this issue, but I've been banging my head against the wall for a while, trying to understand why does creepsjs ding me quite few points down. I'm running Windows 8.1 (for testing purposes) and after each fresh install, the first few times I open creepjs, i get about 67-68% which I'm totally fine with. But eventually, after the 6-7 time, all of a sudden i get this:
In the lies section it tells me: "Platform version is fake" Which I believe is due to the reason that creepjs thinks I'm on a Windows 10 device, but I'm spoofing my useragent to be Windows 8.1. Which isn't the case. I'm truly on a Win 8.1 device. I tired running 10 different chrome versions, the newest, a very old one and everything in between to see if that will make a difference, but no, the same issue persists.
But in Chrome's settings you can see that's not the case:
Also I searched this github to find out more about what "supervised" means but couldn't see anything related. Why does it ding me -10 points? I'm fascinated by this tool as I'm researching online fingerprints, and want to understand the reasoning behind it as much as I can. Thanks again for your great work! |
Good catch. It looks like a bug in the code here not considering the final UA reduction for Window 8.1 here. I will add a fix in the next release.
It's a bit discussed here, but I need to add more info to the documentation. It basically takes points for a highly anomalous WebGL/Canvas fingerprint in the last 7 days, with some exceptions. For example, if the anomaly can be traced back to a discernable pattern, such as a specific lie, no additional points are taken. |
Ah, I see, thanks a lot for clarifying! I found a workaround. Basically, I installed the latest possible version of Chrome on Win8.1 which is:
And then modified the 'Target' in the Chrome shortcut to force a Win8.1 useragent:
Then opened creepsjs again, and was greeted by the original result I was getting (before the bug):
And I also noticed that this "bug" isn't exclusive to creepjs, other sites like: https://whatsmyos.com/ were detecting me as Windows 10 before I changed the shortcut target, but after changing it are detecting me as Windows 8.1. |
I really appreciate the creepsjs tool. It's truly exceptional.
I have a win10 machine which passes creepsjs with a 100% trust score:
And I also have a win11 machine which is only able to score 71.5%:
I've compared both fingerprints in their entirety, and they are fully identical. The only difference is that in the win11 fingerprint, the user agent is recognised as win11, but the device is recognised as win10.
Which is most likely why the score is brought down to 71.5%. However, the machine is truly windows 11. I'm not masking the user agent, or anything like that.
Both the win10 and win11 creepsjs fingerprints are tested in the exact same environment, i.e. default chrome with no extensions.
I was wondering is this a problem with Microsoft making win11 essentially run win10 under-the-hood but having a new layout/GUI? And that's why creepjs recognises the device as win10 but the user agent as win11?
The text was updated successfully, but these errors were encountered: