DNS Leak
Secure DNS
| DNS Provider | IPv4 Addresses | IPv6 Addresses | DoH Endpoint | Key Features |
|---|---|---|---|---|
| Cloudflare DNS | 1.1.1.1<br/>1.0.0.1 | 2606:4700:4700::1111<br/>2606:4700:4700::1001 | https://dns.cloudflare.com/dns-query | Fast, strong privacy, no logs |
| Google Public DNS | 8.8.8.8<br/>8.8.4.4 | 2001:4860:4860::8888<br/>2001:4860:4860::8844 | https://dns.google/dns-query | Global coverage, fast, partial logging |
| Quad9 | 9.9.9.9<br/>149.112.112.112 | 2620:fe::fe<br/>2620:fe::9 | https://dns.quad9.net/dns-query | Strong privacy, malware protection |
| OpenDNS (Cisco) | 208.67.222.222<br/>208.67.220.220 | 2620:119:35::35<br/>2620:119:53::53 | https://doh.opendns.com/dns-query | Customizable filtering, good for families |
| AdGuard DNS | 94.140.14.14<br/>94.140.15.15 | 2a10:50c0::ad1:ff<br/>2a10:50c0::ad2:ff | https://dns.adguard.com/dns-query | Built-in ad and tracker blocking |
| NextDNS | 45.90.28.0<br/>45.90.30.0 | 2a07:a8c0::<br/>2a07:a8c1:: | https://dns.nextdns.io | Fully customizable, strong privacy |
| Comodo Secure DNS | 8.26.56.26<br/>8.20.247.20 | No official IPv6 support | https://doh.comodoca.com/dns-query | <br/>Enterprise-grade security, malware protection |
| Yandex DNS | 77.88.8.8<br/>77.88.8.1 | 2a02:6b8::feed:0ff<br/>2a02:6b8:0:1::feed:0ff | https://dns.yandex.net/dns-query | Suitable for Russian users, parental control mode |
| OpenNIC | 192.95.54.3<br/>13.239.157.177 | 2001:470:8f3b::1 | https://doh.opendns.org/dns-query | Decentralized, censorship-resistant |
DoH Mode
Set DoH service in browser and setting.
Disable IPv6
Windows
- Open Control Panel.
- Go to Network and Sharing Center.
- Click on Change adapter settings.
- Right-click on your active network connection (Wi-Fi or Ethernet) and select Properties.
- In the list of items, uncheck Internet Protocol Version 6 (TCP/IPv6).
- Click OK to apply the changes.
- Restart your computer.
MacOS
- Open System Preferences.
- Go to Network.
- Select your active network connection (Wi-Fi or Ethernet) from the left.
- Click on Advanced.
- Go to the TCP/IP tab.
- In the “Configure IPv6” drop-down menu, select Link-local only (or Off, depending on the macOS version).
- Click OK and then Apply.
Linux
- Open a terminal window.
- Run the following commands to disable IPv6 temporarily (for the current session):
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1To disable IPv6 permanently, you can add the following lines to your /etc/sysctl.conf file:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1After editing the file, run:
sudo sysctl -pFirefox
- Open
about:config - Search for
network.dns.disableIPv6. - Set the value to true to disable IPv6 in Firefox.
Chrome
- Open
chrome://flags - Search for “IPv6”.
- Disable “Experimental QUIC protocol” (QUIC uses IPv6 by default).
- Restart Chrome.
Windows
Flush DNS Cache
ipconfig /flushdnsMacOS
sudo killall -HUP mDNSResponderBrowser Tracking
| Category | Trackable Information | Risk | Example Data |
|---|---|---|---|
| User-Agent (UA) | Browser type & version | Helps identify browser and OS, making fingerprinting easier | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0 |
| Operating system (OS) | Used to detect device type and environment | Windows 10,Linux x86_64,MacOS | |
| Device architecture | Helps distinguish between x86, x64, and ARM devices | x86_64,ARM | |
| Navigator API | navigator.platform | Reveals OS, making device identification easier | Win32,Linux x86_64 |
navigator.oscpu | Provides detailed OS information, increasing tracking accuracy | Windows NT 10.0 | |
avigator.language | Exposes user’s preferred languages, allowing regional tracking | en-US,zh-CN | |
navigator.languages | Exposes user’s preferred languages, allowing regional tracking | ["en-US", "en", "zh-CN"] | |
navigator.hardwareConcurrency | CPU core count, useful for device fingerprinting | <br/>8,16(CPU cores) | |
navigator.deviceMemory | RAM size, helping with unique device identification | 8,16(GB RAM) | |
navigator.webdriver | Detects automation tools, flagging bots and scrapers | true / false(Detects automation) | |
| Screen & Display | Screen resolution | Helps track unique device setups | 1920x1080,2560x1440 |
| Color depth | Further refines fingerprinting accuracy | 24-bit,32-bit | |
| Device pixel ratio | Distinguishes high-resolution (Retina) displays | 1.0,2.0(Retina screens) | |
| WebGL Fingerprinting | Graphics card model | Creates a unique hardware fingerprint | NVIDIA GeForce GTX 1060,Intel UHD Graphics |
| WebGL vendor | Helps identify GPU manufacturer and browser type | Google Inc.,Mozilla Foundation | |
| Canvas Fingerprinting | Unique rendering output | Allows persistent tracking even with changing IPs | Hash from CanvasRenderingContext2D |
| Audio Fingerprinting | Unique audio processing | Can track devices through distinct audio processing differences | Hash from AudioContextAPI |
| Fonts & Plugins | Installed fonts | Helps identify OS and software configurations | Arial,Times New Roman,Roboto |
| Installed browser plugins | Exposes additional software details for tracking | PDF Viewer,Widevine Content Decryption | |
| Time & Region | Time zone | Allows geographic region tracking | UTC+8,America/New_York |
| System clock offset | Helps detect virtual machines and bots | 500msdeviation from server time | |
| WebRTC (IP Leakage) | Local IP address | Can reveal internal network structure | 192.168.1.2(Internal network) |
| Public IP address | Bypasses VPNs and proxies, exposing real location | 203.0.113.45 | |
| Battery API | Battery level & charge status | Can track device behavior over time | 85%,Charging |
| Performance API | performance.now()execution time | Helps detect virtual machines and emulated environments | Measures script execution delays |
| CPU performance metrics | Identifies device performance characteristics | Measures speed of different JS operations | |
| TLS Fingerprinting | SSL/TLS handshake fingerprint (JA3) | Can detect VPNs, proxies, and bot activity | Unique cipher suites & SSL config |
| Mouse & Keyboard Events | Typing speed & pattern | Differentiates between human users and bots | Detects human vs. bot behavior |
| Mouse movement behavior | Tracks user habits and unique interaction patterns | Tracks unique user interactions |
Fingerprint
Here’s a table summarizing the potential information that privacy.resistFingerprinting (RFP) may leak or modify, making it detectable by websites:
| Category | Effect of RFP | Detected |
|---|---|---|
CPU Cores(navigator.hardwareConcurrency) | Always returns 2, regardless of actual cores. | Websites can check if the value is always 2. |
Platform & OS(navigator.platform,navigator.oscpu) | Standardized to Win32(Windows) or MacIntel(Mac). | Websites may notice mismatched OS details. |
Languages(navigator.languages) | Always returns ["en-US"]. | Users with non-English systems may stand out. |
| Canvas Fingerprinting | Alters rendering to introduce noise. | Websites detecting altered output can infer RFP usage. |
Window Size(window.innerWidth,window.innerHeight) | May force standard window sizes. | Websites can check for unusual or fixed dimensions. |
| Fonts | Limits available fonts to a predefined set. | Websites may detect missing fonts compared to normal users. |
| User-Agent Spoofing | Returns a more generic User-Agent. | Websites can compare User-Agent with other APIs. |
Firefox
- Open
about:config - Search for
privacy.resistFingerprinting - Double click it set to true
- Then search for
dom.event.clipboardevents.enabled - Double-click Set to false
Brave Browser (with built-in anti-fingerprinting)
- Open
brave://settings/shields - Find the Fingerprinting option. Select Block all fingerprinting
Chrome (experimental feature)
- Open
chrome://flags - Search for Fingerprinting Protection
- Enable this feature and restart your browser
Random fingerprint everyday
- Open
about:config - Set
privacy.resistFingerprinting.randomization.daily_reset.enabledto true
CPU Cores
FIrefox
This setting takes effect without turning on privacy.resistFingerprinting
- Open
about:config - Search for
dom.maxHardwareConcurrency - Modify it to the fake cores
WebRTC
Firefox
- Open
about:config - Search for
media.peerconnection.enabled - Double-click it to set it to false
- Restart Firefox
Google Chrome (Chromium, Edge, Brave, Opera)
Chrome does not allow full disabling of WebRTC natively, you can restrict its behavior:
- Open
chrome://flags - Search for WebRTC. Disable the following content. Then restart Chrome.
WebRTC STUN origin header
Anonymize local IPs exposed by WebRTCIf the browser does not support this function, install the official google plugin WebRTC Network Limiter .
Linux-based Browsers (Brave, Chromium, Edge, etc.)
- Open chrome://settings/content/webrtc
- Set “WebRTC IP Handling Policy“ to “Disable non-proxied UDP“.
WebGL
Firefox
- Open
about:config - Search for
webgl.disabled - Double click it set to
true
Cross-Site Tracking
- Open about:config
- Search for
network.http.referer.XOriginPolicy - Modify the number to 2
UserAgent
==With current fingerprint recognition technology, most disguises will be recognized as machine.==
Modify the useragent manually.
- Open
about:config - Search for
general.useragent.override - Choose
Stringtype and set the appropriate useragent
Format:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0Explanation:
Mozilla/5.0→ Standard prefix for modern browsers.Windows NT 10.0; Win64; x64→ Represents Windows 10/11 (64-bit).rv:135.0→ Gecko rendering engine version 135.0 (matches Firefox version).Gecko/20100101→ A fixed identifier for Gecko-based browsers.Firefox/135.0→ Indicates the browser version.
Time Zone
The following can be recognized as time zones to determine whether or not they are forged.
ip time zone
Javascript time zone
Internationalization API time zone
time zone offset
local timeKeyboard Fingerprint
Protect keyboard Fingerprint by plugin.
Etag Tracking
Disable Browser Caching (Prevents ETags from being stored)
In Firefox, set:
about:config → browser.cache.disk.enable = false
about:config → browser.cache.memory.enable = falseIn Chrome, use the “Disable Cache” option in DevTools (F12 → Network Tab → Disable Cache).
Use a Privacy-Focused Browser
- Tor Browser & Brave automatically block ETag tracking.
Block ETags with Browser Extensions
- uBlock Origin: Add a custom rule to block ETag headers:
Clear Cache Regularly
- Use private browsing mode or manually clear the cache after each session.
Use a VPN / Proxy
- ETags may still track browser sessions, but changing IPs frequently makes tracking harder.
Modify Headers with Extensions
- Use Chameleon or Header Editor extensions to strip If-None-Match headers from requests.
Tor Browser
When you use Tor Browser, it standardizes or falsifies several types of information to protect your privacy. Here’s a more detailed list of the information Tor falsifies or standardizes:
Fake Canvas Fingerprints
Use the following plugin to fake Canvas fingerprint requests. Don’t disable canvasprint in your browser.
- CanvasBlocker (Firefox) – Blocks or modifies canvas fingerprinting.
- Trace (Chrome & Firefox) – Provides multiple fingerprinting protections.
CanvasBlocker
Ignored APIs Setting
- DO NOT ignore canvas (let CanvasBlocker spoof it).
- DO NOT ignore audio (audio fingerprinting is common).
- DO NOT ignore domRect (some sites use it for fingerprinting).
- DO NOT ignore navigator (spoofing prevents easy tracking).
- IGNORE history (not needed, Firefox already protects it).
- IGNORE window (not a major tracking method).
- IGNORE svg & textMetrics (less commonly used).
- IGNORE screen (not as critical if you’re already spoofing navigator).
Ignored APIS Settings (Recommandation)
- canvas (DO NOT IGNORE – let CanvasBlocker spoof it).
- audio (DO NOT IGNORE – prevents audio fingerprinting).
- history (IGNORE – Firefox blocks most tracking here).
- window (IGNORE – rarely used for tracking).
- domRect (DO NOT IGNORE – some fingerprint scripts use it).
- svg (IGNORE – minor impact).
- textMetrics (IGNORE – minor impact).
- navigator (DO NOT IGNORE – important for spoofing).
- screen (IGNORE – less critical than navigator).
CanvasBlocker configuration json
Bot Detection
Identification and Bot Detection
The combination of fingerprinting and bot detection gives you a powerful tool to protect against online fraud and produces the best results when used together.
WebDriver
WebDriver Advance
Selenium
NightmareJS
PhantomJS
Awesomium
Cef
CefSharp
Coaches
FMiner
Born
Phantomas
Rhino
Webdriverio
Headless ChromeChrome DevTools Protocol Detection
Detectable use of developer tools to simulate browsers or control them via related developer protocols.
CDPNative Navigator
Detect whether the Navigator is deceptive. Some browser plug-ins or robots will modify key attributes to achieve deception.
appVersion: 5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
deviceMemory: 8
hardwareConcurrency: 4
maxTouchPoints: 0
mimeTypes: "[object MimeTypeArray]"
plugins: "[object PluginArray]"
productSub: 20030107
userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
vendor: Google Inc.
language: en-US
languages: [ "en-US", "en" ]
javaEnabled: function javaEnabled() { [native code] }
getGamepads: function getGamepads() { [native code] }
requestMIDIAccess: function requestMIDIAccess() { [native code] }
mozGetUserMedia: function mozGetUserMedia() { [native code] }
sendBeacon: function sendBeacon() { [native code] }
requestMediaKeySystemAccess: function requestMediaKeySystemAccess() { [native code] }
getAutoplayPolicy: function getAutoplayPolicy() { [native code] }
registerProtocolHandler: function registerProtocolHandler() { [native code] }
taintEnabled: function taintEnabled() { [native code] }
permissions: "[object Permissions]"
pdfViewerEnabled: true
doNotTrack: 1
mediaCapabilities: "[object MediaCapabilities]"
vendorSub:
cookieEnabled: true
mediaDevices: "[object MediaDevices]"
serviceWorker: "[object ServiceWorkerContainer]"
credentials: "[object CredentialsContainer]"
clipboard: "[object Clipboard]"
mediaSession: "[object MediaSession]"
userActivation: "[object UserActivation]"
wakeLock: "[object WakeLock]"
globalPrivacyControl: true
webdriver: false
geolocation: "[object Geolocation]"
appCodeName: Mozilla
appName: Netscape
platform: Win32
product: Gecko
locks: "[object LockManager]"
onLine: true
storage: "[object StorageManager]"
constructor: function Navigator() { [native code] }
duckduckgo: { "platform": "extension" }
toString: function toString() { [native code] }
toLocaleString: function toLocaleString() { [native code] }
valueOf: function valueOf() { [native code] }
isPrototypeOf: function isPrototypeOf() { [native code] }
propertyIsEnumerable: function propertyIsEnumerable() { [native code] }
__defineGetter__: function __defineGetter__() { [native code] }
__defineSetter__: function __defineSetter__() { [native code] }
__lookupGetter__: function __lookupGetter__() { [native code] }
__lookupSetter__: function __lookupSetter__() { [native code] }
9 条评论
文章结构紧凑,层次分明,逻辑严密,让人一读即懂。
作者对主题的挖掘深入骨髓,展现了非凡的洞察力和理解力。
每个标点都承载着思考的重量。
文化底蕴深厚,引经据典信手拈来。
反驳对手观点时需更注重逻辑严密性。
场景转换稍显突兀,可增加过渡描写。
?叙事类评语?
建议增加个人经历分享,增强情感穿透力。
若能结合热点事件分析,会更富时代性。