Caution
SECURITY ALERT: EXTERNAL DOMAINS ARE UNSAFE
The ONLY official live deployment is on GitHub Pages.
Any .org, .com, or custom domain claiming to be CreepJS is an unauthorized mirror and should be treated as a malicious honeypot designed to steal your fingerprint data.
- ✅ Official:
https://abrahamjuliot.github.io/creepjs - ❌ Unsafe: All other URLs.
https://abrahamjuliot.github.io/creepjs
The purpose of this project is to shed light on weaknesses and privacy leaks among modern anti-fingerprinting extensions and browsers.
- Detect and ignore JavaScript tampering (prototype lies)
- Fingerprint lie patterns
- Fingerprint extension code
- Fingerprint browser privacy settings
- Use large-scale validation and collect inconsistencies
- Feature detect and fingerprint new APIs that contain high entropy
- For fingerprinting, use APIs that are the most difficult to fake
Tests are focused on:
- Tor Browser (SL 1 & 2)
- Firefox (RFP)
- ungoogled-chromium (fingerprint deception)
- Brave Browser (Standard/Strict)
- puppeteer-extra
- FakeBrowser
- Bromite
- uBlock Origin (aopr)
- NoScript
- DuckDuckGo Privacy Essentials
- JShelter (JavaScript Restrictor)
- Privacy Badger
- Privacy Possum
- Random User-Agent
- User Agent Switcher and Manager
- CanvasBlocker
- Trace
- CyDec
- Chameleon
- ScriptSafe
- Windscribe
- contentWindow (Self) object
- CSS System Styles
- CSS Computed Styles
- HTMLElement
- JS Runtime (Math)
- JS Engine (Console Errors)
- Emojis (DomRect)
- DomRect
- SVG
- Audio
- MimeTypes
- Canvas (Image, Blob, Paint, Text, Emoji)
- TextMetrics
- WebGL
- GPU Params (WebGL Parameters)
- GPU Model (WebGL Renderer)
- Fonts
- Voices
- Screen
- Resistance (Known Patterns)
- Device of Timezone
- layout rendering engines:
Gecko,Goanna,Blink,WebKit - JS runtime engines:
SpiderMonkey,JavaScriptCore,V8
window.Fingerprintwindow.Creep
Contributions are welcome.
🟫 install pnpm install
🟩 build pnpm build:dev
🟪 watch pnpm watch:dev
🟦 release to GitHub pages pnpm build
If you would like to test on a secure connection, GitHub Codespaces is supported. The goal of this project is to conduct research and provide education, not to create a fingerprinting library.
Important
LICENSE & TRADEMARK POLICY
This project is governed by a Trademark Policy.
- Code: You are free to fork and modify the code under the MIT License.
- Name: The name "CreepJS" is trademarked. You may not use it for commercial products or public websites (e.g.,
creepjs.orgis strictly prohibited).
Please refrain from hosting public mirrors. To prevent user confusion, distinct public forks must be renamed.