CyDec Platform Anti-Fp

Stop trackers in their tracks.

What is it?

Anti-Fp is a Windows application that when combined with the browser extension provides the ability to change almost all aspects of your browser fingerprint.

Why should I care?

If you care about your privacy on the Internet, then you should be worried about how trackers and advertisers are able to follow you around the web. Your browser leaks a lot of information that can be used to create a unique fingerprint of your browser, and in some cases system itself, in order to record and monitor your browsing activity. This type of tracking does not require cookies and in some cases does not even require Javascript. The only way to truly defeat this form of tracking is with a tool like Anti-Fp.

Anti-Fp allows you to create custom fingerprint profiles that can be applied on a per-browser or per-domain basis. Anti-Fp currently supports 10 browsers so fingerprint management can be coordinated and synchronized across your browsing platforms.

Get Started

The first thing to do is download Anti-Fp. The current release is:

You'll also need to install the browser extensions. You can find these in either the Chrome and Firefox extension stores.

Extension

The browser extensions are a key component of Anti-Fp. Without the extensions, the application is not able to actually apply the fingerprints to the browser session.

The browser extensions work both with and without Anti-Fp running. When Anti-Fp is not running, the extensions are limited in what they can do. This is because Anti-Fp contains the logic needed to apply the specific anti-fingerprint profiles. In this limited mode, certain capabilities are not available (such as ETag, Fonts and WebRTC). Also, the extensions fall back to using random values instead of specific values that can be set when using Anti-Fp.
The way you can tell if the extension is currently communicating with Anti-Fp is by looking at the status indicator icon. When not connected, the status icon will be pulsing red. When the extension is communicating with Anti-Fp the status icon will be blue. The main popup window will also have different options.



'Global Settings' and 'Domain Settings' relate to if a spoof category is applied or not. Global settings are the final say whether a particular spoof category is enabled. When a global setting switch is toggled off, that particular setting will be disabled regardless if a domain specific setting is enabled. Domain specific settings are like the global settings except they only apply to the particular domain.

The 'Site Domain List' shows you all the sub-domains that were contacted when visiting the main domain. Generally, this will highlight all the ad networks that the site uses. You can set the 'Use main domain settings' option so that all the sub-domains will use the same profile as the main domain. This option overrides all domain settings so if one of those sub-domains was individually configured, the main domain settings will rule. However, the sub-domain settings are not changed. The main domain settings will only apply for that sub-domain when contacted via the main domain.

The 'Domain History List' is simply a list of all domains that you have browsed. This not only shows you all domains and sub-domains that were contacted, it also allows you to set individual options.

The options that can be set are slightly different based on whether you are using the Firefox extension or the Chrome extension. Because 9 of the 10 browsers that Anti-Fp supports are Chromium-based, there needs to be a way to distinguish between the versions. In order to do that, there is a setting in the Chrome-based extension that allows you to set the specific variant.



Additional options that are found in both extensions are a randomization option and a domain reporting option.

  • Re-sync IP values: If IP sync is enabled, you can re-sync your IP details manually if you change proxies mid-session.
  • Use Random Values: If no browser or domain specific fingerprint is assigned to this browser then random values can be used instead. If you only want assigned fingerprints to be used, then turn this option off.
  • Domain Reporting: If enabled and if Anti-Fp is running, domains will be reported to the local service so that fingerprint profiles can be assigned. This is disabled by default.

IMPORTANT

Domain reporting must be enabled in both the extension and Anti-Fp before any domains get reported. It's also important to note that your domain history is NOT sent to any remote server and only stays in your local database. The database can be password protected to further increase your privacy.

AntiFp.com

AntiFp.com is an online profile builder that is similar in function to the Anti-Fp application. Through the site, you can create new and modify existing profiles which are then synced to your account. Once synced, they can be loaded by the extension. The benefit of the site is that you do not need to install the application to create new fingerprints. While it doesn't give you per-browser or domain targeting, it is useful for users that do not run Windows.


You must have a valid license to use antifp.com. To login, simply use the email address that you used when purchasing the license and provide the 36-character license key. Once you login, your profiles will sync automatically. All of the controls are in the upper-right hand corner of the menu bar. From there, you can:

Create a new profile


Copy an existing profile


Load an existing profile


To delete a profile, simply load it and then click the trash can icon next to its name.


IMPORTANT

Changes are not automatically saved. You must click the 'Save' button in the menu bar if you want to save the changes. Also note, you do not need to manually re-sync unless you want to clear your changes.

Fingerprints

The whole concept behind Anti-Fp is to create custom browser fingerprints that can be applied to a specific browser or domain. On the main window of Anti-Fp with the Fingerprints tab selected, you will see all currently configured fingerprints along with their status.


To create a new fingerprint, click the Create button. This will open the Create Profile window as seen below.

Anti-Fp provides a high degree of customization. From here, there are almost 100 different settings that can be configured in order to create the exact fingerprint you desire. Many of the settings are self-explanatory and should be easy to understand what they are designed to spoof.

Once you create a fingerprint, you have the option of sharing it with other Anti-Fp users and conversely you can download fingerprints created by other users. Once a fingerprint is shared, it is sent to Heilig Defense where it will be vetted and once approved it will be put on the server for download. You can share and sync fingerprints from the Sync page on the main window.

Note

Not all fingerprints that are shared will be added to the publicly available list. Heilig Defense evaluates shared fingerprints for completeness and uniqueness before adding them to the public list.


Fingerprints can be enabled or disabled. When a fingerprint is enabled, it is pushed to the extensions to be used. When it is disabled, then the extension will not use it.


Toggling fingerprint status is easy. You can simply highlight a fingerprint in the listbox and then select the button to set the appropriate status. You can also use the context menu from the task tray icon to do bulk enable/disable operations.

While creating a profile is the first step, before it is used by the extension it must be assigned to either a browser or a domain. To assign a fingerprint to a specific browser or domain, highlight the fingerprint in the listbox and click the Assign button. This will open the following window.

Here you can select which browsers you want the selected fingerprint assigned to along with any specific domains. Visited domains are reported by the extension to Anti-Fp so that you can easily select and assign fingerprints.

Browsers

Anti-Fp currently supports 10 browsers. Nine of them are Chromium variants while the last one is Firefox. As mentioned, fingerprints can be assigned to 1 or more browsers so that you can project the exact fingerprint you desire.


In order for Anti-Fp to distinguish between the different Chromium variants, the appropriate browser flag must be selected in the extension options under the Chrome Type header. If the appropriate browser is not set, then Anti-Fp will just think it is communicating with Chrome. This obviously will lead to unexpected results.

Domains

Per-domain targeting provides an extra level of precision for your anti-fingerprinting efforts. Assigning fingerprints to a domain is easy. Just like with the browsers, you simply select the domains you want a fingerprint assigned to.


When domain reporting is enabled, you will see the different domains you have visited when assigning fingerprints or when managing the domains. To make searching easier, the domains will filter as you type in the textbox. The Manage Domain window, as shown below, just allows you to add or delete existing domains.

If you have not visited a domain yet but know you would like to target it specifically, you can manually enter the domain in the provided input box to add it to the list.

Sync

Anti-Fp provides two profile sync capabilities. One is syncing with our public profile repository and the other is syncing your personal repository. The public repository is controlled by Heilig Defense with a curated set of profiles. These profiles can be downloaded when you run Anti-Fp to get you quickly started. When you make your own custom profiles, you have the option of sharing them with us in order to grow our library. If the profile is complete and unique, we will add it to our repo.


We also offer a personal repo where you can store all your profiles. This repo is then accessible through the extension with a proper license. So, you can create profiles using Anti-Fp and save them to your repository on one machine and then sync them with your extension on another.

Once you sync your profiles through your extension, you can then pick and choose the profile you want to use. You also have the ability to make some minor tweaks to the profiles. There are currently four areas that can be modified.

  • Date/Time
  • Geolocation
  • Language
  • Screen size



Options

The Options tab on the main window provides access to a few settings that control Anti-Fp.

The user-agent listbox is simply a listing of all user-agents that have been reported by the extension to Anti-Fp. This is just provided so you can see what user-agent is currently in use and allows you to copy it if selected.

You can set the path where the database resides. You can clear the database, export configured fingerprints and re-import them at a later time. The database can also be password protected. This will encrypt the database with your own password. If set, the password must be entered successfully before Anti-Fp will load. The password can also be used to provide a little bit extra security by locking Anti-Fp. When it gets minimized to the task tray, the password will be required before it will display again. This is a simple security measure that can prevent other local users from modifying your Anti-Fp settings.

As mentioned above, domain reporting must be enabled in both the extension and Anti-Fp. If you do not want domains saved locally, then check the 'Do not save domains' checkbox.

Anti-Fp can automatically sync your time zone and language to your IP address. This is useful when using a proxy and you want your fingerprint profile to be as realistic as possible. To enable this feature, you first must check the 'Enable IP sync' option. This tells the extension that it should query for IP details. You must also enable this feature in the specific fingerprint profiles that you want to sync. Note that if you change your proxy mid-session, you must manually re-sync your details through the extension interface. Anti-Fp does not detect IP changes.

You can also set Anti-Fp to automatically start with Windows.

Alerts

When enabled, the CyDec extension will notify you when it detects that certain fingerprinting functions have been called. While it is not definitive, detection of the functions can provide a warning that a tracker is attempting to fingerprint you. CyDec is configured to alert on the most common functions used for fingerprinting but it is not an all-encompassing list.

In addition to writing a message to the console, CyDec will also display a notification. The notifications use the built-in browser notification functionality which is a toast-style message that will appear in the bottom corner of your screen. If notifications do not appear, it is likely to be a browser settings issue.


When alerts are enabled while Anti-Fp is running, you can see the history of all recorded alerts by right clicking the task tray icon and selecting the 'Alerts' menu. That will open up the alerts window which simply shows the category of the possible fingerprinting, the actual function that was called and the domain where it was detected. If domain reporting is disabled in the extension then this field will be blank.

Icons

There are a number of icons that are used to display status information about the current Anti-Fp state. The first is the task tray icon.


The task tray icon provides access to a context menu through a right click. Double clicking the icon will bring Anti-Fp back from a minimized state. From the context menu, you can exit Anti-Fp, access the license form to enter a valid license key and open the feedback window to send bugs, comments or suggestions to Heilig Defense. Also from the context menu is the ability to quickly enable or disable profiles. This can be done at a global level, at the browser level or at a domain level. Note that if password protection is enabled, the context menu is only available when the main window is visible.

When Anti-Fp is initializing, the task tray icon will be animated. Once Anti-Fp has everything setup will the icon go to the normal static state.

In addition to the animated task tray icon, you can also tell the status of Anti-Fp by looking at the indicator icon in the top left corner of the main window.

In order for Anti-Fp to communicate with the browser extensions, it must setup a local listener. It currently uses port 61006 which was just a randomly chosen port number with no significance. This port, like all port numbers, may conflict with other software. In most cases this would be a browser. If Anti-Fp cannot open that local port for its own use then it will not be able to communicate with the extensions and the status of the communication is shown with the status icon above. When it is all white, then Anti-Fp is currently trying to setup the local listener. If it is colored like the image above, then the listener was successfully setup and is ready to communicate with the extensions. If Anti-Fp is not able to connect after a short amount of time, you may have to close your open browsers to release the port so Anti-Fp can use it.

The final set of status icons indicate which browsers Anti-Fp is currently communicating with. These can be seen in the bottom left corner of the main window. Initially, all the icons start out as white silhouettes. But as the browser extensions start to connect to Anti-Fp their icon will change.

License

You can try the Anti-Fp application free for 7 days. Once your trial period is up you will have to purchase a license to continue using the Anti-Fp application. The browser extensions are free to use however the functionality is limited when not used in conjunction with Anti-Fp.

When you install Anti-Fp, you will have the option of entering a license key or requesting a trial license. When Anti-Fp starts, it will validate the license key or the trial period. If the trial period has ended, then you must enter a valid license key to continue using Anti-Fp.


Once a license is used for the first time, it becomes associated with that particular system. While the license is a floating license, it first must be released from the current system before it can be re-used on a new system. In order to release the license, you need to open the license window, either from the main window or context menu, and click the Release button. If the license was successfully released, then Anti-Fp will close. The key is then free to be used on a new system.


If for some reason you are not able to release the key on the old system and your new system is not accepting it, please contact Heilig Defense (info@heidef.com) for assistance.

When you purchase an Anti-Fp license, the key can also be applied to the extension on other systems that are not running Anti-Fp so that you can sync your personal fingerprint profiles. To do this, from the main extension click the 'License' link which will popup 'License' dialog. Here you will see your current license status and two buttons. Click the 'Set License' button to bring up the 'Set License' dialog. You need to enter the email address you used when purchasing your Anti-Fp license and the key itself. When you click 'Validate' the extension will contact Heilig Defense and attempt to validate the information. If the email and license are valid, then the dialog will close and your fingerprints will automatically sync. You will be notified of any errors.



Saved fingerprint profiles are automatically synced when the extension loads. However, you can also re-sync manually by clicking the 'Sync Fingerprints' button. You'll want to do this after you save any profile changes made with Anti-Fp.


Feedback

Anti-Fp has a built-in ability to provide feedback directly from the application. Simply open the task tray context menu and click Feedback. You can send us comments, suggestions, or detail any bugs you found. Whatever it may be, we would love to hear from you.

Changelog

v1.2020.293.1530 (APP/EXT) (19 OCT 2020)

  • RELEASED: https://www.antifp.com
  • ADDED: SpeechSynthesis spoofing.
  • ADDED: Ability to toggle status of anti-anti-fingerprinting.
  • ADDED: getClientRects blocking.
  • ADDED: Ability to set multiple values for memory, threads and touchpoints.
  • ADDED: Three built-in profiles to limit site breakage for new users.
  • ADDED: More built-in user-agents.
  • ADDED: Force sync button to refresh profiles.
  • UPDATED: Public fingerprints with latest options.
  • UPDATED: Changed random plugin generator output.
  • UPDATED: Options page for better domain management.
  • FIXED: Other minor bugs.
v1.2020.251.151 (APP) / v1.2020.252.100 (EXT) (08 SEP 2020)
  • UPDATED: Enhanced anti-anti-fingerprinting.
  • UPDATED: Changed way that user-agent details are randomized.
  • ADDED: CSS filtering of screen resolution leaks.
  • ADDED: Math randomization.
  • ADDED: Additional canvas and SVG spoofing.
  • ADDED: Ability to sync timezone and language to IP address (currently uses ipapi.co for look-up).
  • FIXED: Sub-domains using main domain settings.
v1.2020.220.1919 (08 AUG 2020)
  • ADDED: Fingerprint detection and notifications.
  • ADDED: Anti-anti-fingerprinting capabilities.
  • ADDED: Support for Iridium browser.
  • ADDED: WebGL unmasked renderer and vendor.
  • UPDATED: Extension profile override is now persistent and applies to all tabs.
  • UPDATED: Separated timezone location and name for more granular control.
  • UPDATED: Redesigned extension.
  • FIXED: Numerous bugs.
v1.2020.168.1905 (16 JUN 2020)
  • ADDED: Screen size offsets of current resolution.
  • ADDED: VRDisplay spoofing and blocking.
  • ADDED: Gamepad spoofing and blocking.
  • ADDED: sendBeacon blocking.
  • ADDED: Geolocation spoofing, blocking and setting.
  • ADDED: Media device spoofing.
  • UPDATED: All extension options now available.
  • UPDATED: UI updates.
  • FIXED: Installer bug.
v1.2020.132.1445 (11 MAY 2020)
  • ADDED: Per-tab profile override support. Must have extension version >= 1.2020.132.240.
  • FIXED: Minor user interface issues and improvements.
v1.2020.99.1645 (21 APR 2020)
  • ADDED: getClientRects spoofing.
  • UPDATED: Audio, Canvas, and WebGL can now be spoofed with a specific jitter value. This allows for a unique fingerprint that can stay consistent across requests.
  • FIXED: Update version comparison fails for specific values.
  • FIXED: Minor user interface issues.
v1.2020.86.130 (26 MAR 2020)
  • Initial release.