can audiocontext noise and font noise be detected as fake just like its easy to spot fake noise on webgl/canvas?

[shailangsa]

as the title, can audiocontext noise and font noise be detected as fake just like its easy to spot fake noise on webgl/canvas? because as we know https://coveryourtracks.eff.org/ detects fake webgl/canvas noise ( i.e noise created by undrawn rectangle areas)

[TheGP]

Noise should be easy to spot anywhere as it makes a very unique hash.

[shailangsa]

your answer is vague, noise is detected because for the majority of the users faking the noise, they're using a chrome extension , and the website's detection script will check whether the hash generated upon page load is different to the hash generated one the chrome extension runs on the page.

[TheGP]

What do you mean they will check the difference? It's always random noise. As far as I understand they check on how unique the hash is, normally your hash shouldn't be unique as other users use similar hardware. But noise simulates completely unique hardware.

I'm new to this topic, so I would be curious to see the opinions of more knowledgeable people.

[shailangsa]

sites like https://coveryourtracks.eff.org/ determine if your webgl canvas has noise/is faked by comparing the hash generated upon page load is different to the hash generated after the chrome extension runs on the page.

[TheGP]

An extension can be loaded before the website is loaded, they can't do such a comparison. Or if an extension is built incorrectly. Or maybe u can do it by using workers, not sure.

update: u cant use canvas or dom inside the worker

[shailangsa]

i dont extensive testing on using defender extensions on browser fingerprint websites and even though some extensions are set to be loaded before the website is loaded, i found that they werent, you are free to show me otherwise

[TheGP]

I have built an extension myself recently and ensured my code was executed before any code on websites. The only reason other extensions do it more slowly is that they trying to get data from their settings (extension storage). In this case, it will be slow.

Anyway changing methods of JS object is detectable by itself as I know, so they will know you are tinkering with those methods. Similar to if( Object.getOwnPropertyNames(navigator)[0] ) alert('fake parameters detected');

Btw because u are doing some research feel free to pull links / data to my document - https://github.com/TheGP/untidetect-tools/

[shailangsa]

i don't really have the time to keep trying to argue with you, becase you admitted you are new to this topic, and i told you already i have done my research as to how fake webgl/canvas is detected but i will just reply once more to you:

there are 2 ways that detection websites check that a webgl/canvas is faked

one way a website (specifically creep.js's detections cript) can detect if a webgl/canvas is fake, is to check if the webgl/canvas prototype/object already exists or is changed , by checking if setPrototypeOf can be called on the object. So if the defender extension has changed the webgl/canvas object the detection script on the website would be able to call setPrototypeOf , but if there is no defender extension which means the webgl/canvas object is unchanged, then the detection script on the website wouldnt be able to call setPrototypeOf on the object as it would cause a chain cycle error (in terms of the jaron of creep.js ) , because the javascript infrastructure won't allow you to assign object as a prototype of itself

another way a detection website (Such as https://coveryourtracks.eff.org/ )detects that a webgl/canvas is faked is again by checking the webgl/canvas objects generated by the defender extension. by comparing the first instance (or first run as they call it) of the object against the second instance (or second run as they call it) (which is usually generated after the page has finished loading), and if they are different it will just set determine_randomized to "randomized"

thus they dont analyze the fake noise itself or check how unique the hash is (As you suggested, although that might be used to calculate a "trust score" but is not the main way to detect that the webgl/canvas is faked), as creep.js does