The most advanced browser fingerprinting protection ever created: enter Mimic
NOVEMBER 6, 2017 | FINGERPRINTS
When we started developing Multilogin more than 2 years ago, it was merely a launcher for browsers that were already installed on a user’s computer. Why did we decide to do it this way in the first place? For starters, we didn’t have any community trust to develop a more complex solution. For example, an unknown company offering a heavily custom-coded browser could raise a few reasonable suspicions.
At the same time, everyone else who was trying to combat browser fingerprinting did so by employing browser add-ons. Back then, Multilogin was designed to inject sophisticated add-ons into browsers upon launching. The browser would receive specific parameters to create a browser profile from Multilogin and configure them on the spot.
Was there anything wrong with adhering to the established standard? Not quite. After all, everyone was doing the same thing. What we didn’t know, and came to realize later, is that there were multiple ways websites could reveal a browser’s real fingerprint even after they were rewritten by add-ons. We have covered some of these methods before, like in our article about Content Security Policy, but the reality is that there are multiple ways websites can still extract the real fingerprint from a browser that uses privacy add-ons.
Another major problem we encountered is that our injection mechanism, which is written in Javascript, would interfere with scripts used on some websites. This resulted in a limited browsing experience for some users, while others were unable to use specific websites at all. In some of these cases, users could disable certain Multilogin features, but they would experience reduced privacy.
The only real solution was to scrap everything and start developing our own Chromium-based browser, so we did. After several months of hard work, we released an alpha version of this web browser without a logo or a name, and the results astounded out testing team!
While the browser looked identical to the Chrome most of us use, inside it was a piece of art. Let us take a closer look at what we have in it...
Introducing Mimic browser
Mimic browser, or simply Mimic, is a Chromium-based browser that enhances your privacy and allows you to control your browser fingerprints. The browser looks almost identical to the Chrome most people use every day, but we have customized it to effectively combat the most effective types of browser fingerprinting used today.
In Mimic, we have introduced different ways to combat several browser fingerprinting mechanisms. For example, according to our own research, many major websites are starting to implement a fingerprinting technique based on the AudioContext object. This fingerprint became common due to the so-called Uber-cookie fingerprint test. This test has nothing to do with Cookies. Instead, it generates sounds that are readable to JavaScript functions, even if the system volume is at 0.
Websites can then generate a hash based on the results and compare the different variations to identify users. Mimic can mask the resulting values of the AudioContext object and ultimately distort the fingerprint for each browser profile you create in Multilogin.
Another feature we have implemented in Mimic is the ability to control WebGL fingerprints. WebGL is a type of “hardware fingerprint” and it works in two different ways. The first method is similar to Canvas fingerprinting, so websites are given the task of drawing an image. The picture will have different variations based on the OS, hardware, and drivers used; and these can be used to produce a specific fingerprint.
The second method relies on producing a hash of the entire WebGL Browser Report table, which lists the capabilities and supported extensions of WebGL renderer engine. The hash is taken from the highest supported WebGL context dump and can be easily used to distinguish between different browsers. Mimic provides a feasible solution to mask both fingerprints and control them through the profiles you create on Multilogin.
Mimic browser also provides a solution for problems with automatic timezone selection. In Multilogin, time zones were automatically chosen based on a proxy location. This created a problem because Linux and Windows use different timezone variables. Furthermore, timezone variables in Windows do not match the IANA standard that all other operating systems and applications use. Mimic is designed to handle this situation automatically so that timezone selection is not a problem.
Some sites employ sophisticated browser fingerprinting mechanisms like system font enumeration. Mimic is the only browser capable of creating a completely unique list of fonts for each browser profile you create. All you have to do is create different profiles and the browser will take care of everything else automatically.
Finally, Mimic browser is less likely to raise any red flags because it’s based on a Chromium engine, which means websites will be less likely to scrutinize it. On the other hand, browsers based off of Firefox tend to be regarded as higher risk traffic.
Why websites trust Chrome more than Firefox*
For a very long time, all custom browsers with fingerprint management capabilities were developed on the Firefox engine. Firefox is engineered to be easily customizable, so it’s extremely easy to “fork” it and produce your own browser. Any developer that works with C++ can create their own browser “in a garage.” To give you an idea, the prototype for our very own Stealthfox browser was literally written in Notepad!
But, the same can’t be said for the Chromium engine. The source code of Chromium alone consists of 28 gigabytes of code, so compilation takes a few hours even on a high-end laptop. In a real development environment, you would need an extremely powerful workstation or a stable cloud environment to work on it.
All this means that there are many customized forks of Firefox and not many forked versions of Chromium. Most internet bots that are designed to emulate human behavior are built on a Firefox engine. On the other hand, Chromium-based custom browsers are usually only available to big development studios with significant budgets and human capital. Knowing this, most companies and websites consider traffic that comes from Firefox browser way riskier than that coming from Chrome.
The kicker
Most people that are concerned about privacy believe that only Chrome poses a threat to their information. They believe that the Chromium web browser is free of trackers and that Google adds them later on when turning Chromium into Chrome. Little do they know… while Chromium is an open-source browser and everyone can check its code (not that it’s an easy task, remember those 28GBs of code?) we haven’t found any information about trackers built into Chromium on the internet.
As you already know, websites utilize different features of modern browsers to fingerprint their visitors. Here comes the kicker: Google does the exact same thing. Fingerprinting mechanisms are built into the Chromium engine, and the results are being sent right to Google servers.
Fortunately, Mimic browser offers a robust solution. When we created Mimic, we rewrote all of Google’s telemetry functions, in a way for Google to receive the same exact fingerprint as any other website would. And of course, this fingerprint is provided by Multilogin, so it remains under your full control.
To this date, Mimic is the only browser that creates unique browser fingerprints and broadcasts them to both websites and, internally, to Google servers. It provides the ultimate level of privacy while surfing the web without sacrificing your browsing experience in any way.
*Update: Good news for those who have always preferred to browse with Firefox and prefer our Stealthfox browser. Currently, the new version of the Firefox browser significantly wins over Chrome in terms of security. Moreover, the user can enhance privacy through the vast add-on features. Keep track of our updates of Multilogin and Stealthfox inside.
Mimic is included free in all our pricing plans for Multilogin – find out more about our plans and how they can help your business on our dedicated page. Don't miss out!