View your browser's TLS fingerprint(tlsfingerprint.io)
tlsfingerprint.io
View your browser's TLS fingerprint
https://tlsfingerprint.io/
26 comments
I had to disable uBlock for the site to see it.
Accidental advertisement for both?
The TLS fingerprint uri it's blocking doesn't collect any information from the browser, sites can still use it as a fingerprint on noscript-disabled browsers.
Similar: https://ja3er.com/ which is formed by taking a bunch of (stable) attributes from your TLS handshake, appending them into a string, and hashing it.
They've also done the correlation with User Agent and it's surprisingly accurate.
Original post by Salesforce security team: https://engineering.salesforce.com/tls-fingerprinting-with-j...
They've also done the correlation with User Agent and it's surprisingly accurate.
Original post by Salesforce security team: https://engineering.salesforce.com/tls-fingerprinting-with-j...
Nice tool. Reminds me a bit of amiunique.org, which provides similar browser diversity and fingerprinting details.
New to me, thanks.
https://amiunique.org
https://amiunique.org
[deleted]
Interestingly, fingerprint changes after you reload that page. It went from #2 most common upon opening to #5 after subsequent reload.
They say they're doing the clienthello message. That would change depending on if its your first visit to that domain or second because your second would use session resumption.
I get this with a new tab / window
Your browser generates the fingerprint 133e933dd1dfea90 (from Cluster #8), which is seen in 17.13% of connections, making it ranked #2 by popularity.
And this after a reload:
Your browser generates the fingerprint 833fb25fb38a093b (from Cluster #8), which is seen in 4.11% of connections, making it ranked #5 by popularity.
macOS safari
Your browser generates the fingerprint 133e933dd1dfea90 (from Cluster #8), which is seen in 17.13% of connections, making it ranked #2 by popularity.
And this after a reload:
Your browser generates the fingerprint 833fb25fb38a093b (from Cluster #8), which is seen in 4.11% of connections, making it ranked #5 by popularity.
macOS safari
[deleted]
It did that for me then changed back.
This seems... kind of pointless? You'd expect the fingerprint to be fully determined by the OS/browser combination, since TLS is implemented entirely in software. But you can already get both pieces of information through the user-agent, so what's the point?
> determined by the OS/browser combination
And by browser settings; at least Firefox has quite a few TLS related knobs in about:config (and settings like spdy disable affect TLS hello too).
And by browser settings; at least Firefox has quite a few TLS related knobs in about:config (and settings like spdy disable affect TLS hello too).
You can observe it without being the server.
The point is that there are many many ways to fingerprint even if people spoof their user agent.
It can be used to detect scrapers/bots that don't use a browser.
For those exposing a lot of fingerprintable data it doesn't help much but that's not really a problem since there is already plenty of fingerprintable data.
For those trying to hide/fake fingerprintable data the mismatch between spoofed user agent and detected browser/OS combo creates a strong fingerprint in itself.
This is the general premise of fingerprinting: if you throw enough data points at it trying to escape fingerprinting itself creates a unique fingerprint.
For those trying to hide/fake fingerprintable data the mismatch between spoofed user agent and detected browser/OS combo creates a strong fingerprint in itself.
This is the general premise of fingerprinting: if you throw enough data points at it trying to escape fingerprinting itself creates a unique fingerprint.
Oh, the irony of not being able to see one of your browser's fingerprints without opening up to all kinds of other js based data collection techniques
https://tlsfingerprint.io/static/fingerprint.js is only a few lines and readable if you don't want to enable javascript.
That JS just fetches the below, which seems to perform the interesting stuff serverside, and displays the data.
https://client.tlsfingerprint.io:8443/
https://client.tlsfingerprint.io:8443/
Update: Works - Brave users - you need to disable Shields for it to show your fingerprint.