Skip to content
View Joe12387's full-sized avatar
28 followers · 8 following
  • Crawless
  • New York
  • 19:50 (UTC -04:00)
  • LinkedIn in/joe12387

Achievements

Achievement: Starstruckx2
BetaSend feedback

Achievements

Achievement: Starstruckx2
BetaSend feedback
Block or Report

Block or report Joe12387

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Joe12387/README.md

I'm a software developer specializing in information security, reverse engineering, browser fingerprinting & bot detection.

I maintain several open source repositories here on GitHub.

You can contact me at Joe@dreggle.com. My PGP key is available here if you for some reason require increased confidentiality.

That's about it.

--

Here are my current active projects as of June 2024:

  • detectIncognito - A TypeScript/JavaScript library for detecting the use of incognito mode or a similar private browsing mode when a browser visits a site. Works with all browsers with compatability for old browsers going back approximately 10 years.
  • Browser Fingerprinting Resistance Research Repo - Documentation on the current state of browser fingerprinting, browsers' attempts at mitigating such techniques, and the current trackability of all browsers (hint: it's basically all of them).

These project(s) are currently stagnant or deprecated in favor of an unreleased replacement project:

  • Overpowered Browser Fingerprinting Script (OPFS) - Released in 2022, this is a browser fingerprinting library that featured certain techniques that were non-public at the time of publishing such as [brave/brave-browser] Issue #24681. I am currently working on a replacement for this library that allows a certain level in change in the browser fingerprint while still being trackable, increasing the lifespans of fingerprint IDs from weeks or months to potentially multiple years. It also includes improved techniques including non-public ones. If you are a company that is interested in this technology and may be interested in purchasing licensing for commercial purposes, send me an email and if we make a deal I'll expedite development. There will also be an open source version of this library for non-commercial use only at some point, but some techniques will remain closed source in order to attempt to prevent Orwellian cross-site surveillance. Potential licencees may be required to sign a contract that requires user concent regardless of applicable privacy regulations prior to fingerprinting similar to a cookie dialog, so I can sleep at night knowing I haven't completely killed privacy.

--

Also, I don't have anywhere to put my list of reported security vulnerabilities, so here they are:

Pinned

  1. detectIncognito detectIncognito Public

    JavaScript detection of Incognito & other private browsing modes on Chrome, Edge, Safari, Brave, Firefox, Opera and MSIE.

    TypeScript 295 40

  2. OP-Fingerprinting-Script OP-Fingerprinting-Script Public

    An overpowered JavaScript browser fingerprinting library for creating persistent, unique and long-lasting digital fingerprints.

    TypeScript 101 4

  3. safari-canvas-fingerprinting-exploit safari-canvas-fingerprinting-exploit Public

    An exploit for Safari 17.4 and lower that enables fingerprinting Safari users using OffscreenCanvas and SharedWorkers even if fingerprinting protections are enabled.

    HTML 4

  4. browser-fingerprinting-resistance-research browser-fingerprinting-resistance-research Public

    List of current browser fingerprinting protections used by various browsers and their effectiveness against various fingerprinting techniques & services.

    10 1

  5. chromedriver-credential-stuffing chromedriver-credential-stuffing Public

    A collection of brute forcing code for conducting credential stuffing attacks on popular websites.

    PHP 4

  6. malicedetect malicedetect Public

    A simple JS library to detect malicious browsers, including bots & browsers lying about their user agent.

    JavaScript 5