Hacker News new | past | comments | ask | show | jobs | submit login

Don't bother. It's hard to do it correctly. If you look through the snippets (or the MDN docs[1]), the value is retrieved using the getParameter() function. You might be tempted to override the function by doing something like

    gl.getParameter = () => "test"
but that's easily detectable. If you run

    gl.getParameter.toString()
You get back

    "() => "test""
whereas the original function you get back

    "function getParameter() { [native code] }"
In general, don't try to fix fingerprinting via content scripts[2]. It's very much detectable. Your best bet is a browser that handles it natively.

[1] https://developer.mozilla.org/en-US/docs/Web/API/WEBGL_debug...

[2] https://palant.info/2020/12/10/how-anti-fingerprinting-exten...




You can easily hide it by hijacking Function.prototype.toString to see if `this == fake gl.getParemeter or this == fake toString`. Then the js code needs to find a real Function.prototype.toString by creating an iframe, but then you can detect that. Then I'm out of ideas on how to rescue the original toString


So the issue is that the fingerprinting code can detect the anti-fingerprinting code? Doesn't that mean the best solution is for everyone to override the same functions with the same dummy information?


This can be fixed by overriding valueOf() and toString() on the prototype. Just return another native function, like JSON.stringify ;)


Sadly there are still things you cant programmatically override/proxy, like storagemanager

    await navigator.storage.estimate()


gl.getParameter.toString() = () => 'function getParameter() { [native code] }'


    -> gl.getParameter.toString.toString()
    <- "() => 'function getParameter() { [native code] }'"
Not to mention the iframe trick mentioned in palant's article.


is that Firefox? in Chrome I get

    gl.getParameter.toString() = () => 'function getParameter() { [native code] }'
    gl.getParameter.toString()
    "function getParameter() { [native code] }"
    gl.getParameter.toString().toString()
    "function getParameter() { [native code] }"
    gl.getParameter.toString().toString().toString()
    "function getParameter() { [native code] }"
iframes, worker, sharedworker, serviceWorker are all covered. Good luck timing the difference.


You're running

  gl.getParameter.toString().toString()
what the comment you're replying to is trying to tell you to run is:

  gl.getParameter.toString.toString()
Call toString on the toString fuction, not on its result.


Good point. Rewriting according to https://adtechmadness.wordpress.com/2019/03/23/javascript-ta... now




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: