Comment by ArcHound

Comment by ArcHound 10 hours ago

10 replies

View on Hacker News

You missed one of our best guarded secrets: ja3 hashes and their successors.

Basically, we can identify browsers based on the supported ciphers in TLS handshake (order matters too AFAIK). Then when your declared identity is not matching the ja3 hash, you're automatically suspicious, if not blocked right away. I think that's the reason for so many Capchas.

peetistaken 10 hours ago

I built a nice tool to visualize that: https://tls.peet.ws. Its not that secret anymore though, more and more libraries are starting to allow spoofing for browser tls configs. There isnt really a cat/mouse game here - once you match the latest chrome, there is nothing to fingerprint

Reply View 4 replies
  • johnisgood 9 hours ago

    I do not think I understand that website. I see that JA3 always gets changed after refresh, but not sure what JA3 is. Why is it always different, and is it good or bad?

    Reply View 3 replies
    • Retr0id 9 hours ago

      Modern browsers randomise parts of the handshake, which results in an unstable ja3. ja4 and others normalize the relevant details to make the fingerprint constant again.

      Reply View 2 replies
      • johnisgood 8 hours ago

        How effective is it at "un-anonymizing" me? I value privacy. What do you think I can do about "any" of this?

        Reply View 1 reply
        • Retr0id 8 hours ago

          It tends to identify your platform/browser version, with relatively low granularity. Unless you have an unusually rare OS/browser config, it won't deanon you on on its own. But it can be combined with other fingerprinting vectors.

          Reply View 0 replies
mike_d 9 hours ago

JA3/JA4 are useless now.

At best they identify the family of browser, and spoofing it is table stakes for bad actors. https://github.com/lwthiker/curl-impersonate

Reply View 1 reply
  • ArcHound 8 hours ago

    Slight correction: Spoofing it is table stakes for ever so slightly capable actors.

    These will still help against the masses of dumb actors flooding your stuff.

    Reply View 0 replies