Saltar al contenido principal
en/blog/obscura/research/uncontrollable/proxy-detection/

obscura/research/uncontrollable/proxy-detection

7 min read

Category: Cross-Layer / Meta-Detection


1. Description

The act of protecting oneself creates detectable patterns. Privacy tools are paradoxical: the more aggressively they modify signals, the more they create new signals that identify "privacy tool user." This document analyzes how fingerprinting services detect Obscura-like proxies through inconsistencies and anomalies.


2. Detection Vectors

2.1 Cross-Layer Profile Inconsistency

The most powerful detection: comparing signals across layers.

Layer A Layer B Expected Consistency Inconsistency Signal
User-Agent OS TLS fingerprint (JA3) Win11 Windows JA3 Chrome on Win11 UA + Linux JA3
User-Agent OS TCP/IP stack Win11 TTL=128 Win11 UA + TTL=64 (Linux)
User-Agent browser HTTP/2 SETTINGS Chrome Chrome's SETTINGS Chrome UA + Go's SETTINGS
Sec-CH-UA-Platform navigator.platform "Windows" "Win32" "Windows" + "Linux x86_64"
Accept-Language navigator.language Match Mismatch (e.g., "en-US" header + navigator says "es-ES")
Timezone IP geolocation Match US timezone + EU IP
Screen resolution Device class Laptop resolution + desktop OS Mobile resolution + desktop OS

Entropy: Very High can definitively detect proxies

2.2 TLS Proxy Detection

Technique Detection Reliability
JA3 vs expected Proxy TLS stack != browser TLS stack Very High
Certificate inspection Self-signed CA, unusual issuer High
OCSP behavior Missing or unusual OCSP requests Medium
TLS extension order Non-browser extension order Medium
ALPN protocol order Unusual ALPN preferences Medium

2.3 JavaScript Override Detection

// Detect if navigator properties have been overridden
const uaDescriptor = Object.getOwnPropertyDescriptor(
  Object.getPrototypeOf(navigator),
  'userAgent'
)
if (uaDescriptor && uaDescriptor.get !== originalGetter) {
  // Override detected!
}

// Alternative: compare multiple signal sources
// navigator.userAgent vs navigator.userAgentData
// If they disagree, one has been overridden

Additional techniques:

Technique How It Works
Object.getOwnPropertyDescriptor Detects Object.defineProperty overrides
Cross-validation Check same value from multiple APIs
Function toString() Overridden functions don't have native [native code] body
in operator Check if property exists on prototype chain
hasOwnProperty Detect added properties
Iframe with about:sandbox Fresh context without overrides

2.4 Feature Blocking Detection

Blocked Feature Detection Method False Positive Risk
WebGL getContext('webgl') returns null Some users disable WebGL
WebGPU navigator.gpu is undefined Many browsers don't support it
AudioContext Constructor throws Some users disable audio
Canvas getContext('2d') returns null Extremely rare in real users
WebRTC RTCPeerConnection is undefined Some users disable
Battery API getBattery() doesn't exist Only Firefox has it
Client Hints userAgentData undefined Only Chrome has it

Pattern analysis: A user blocking WebGL + AudioContext + WebRTC + Canvas is almost certainly using a privacy tool.

2.5 Behavioral Anomalies

Anomaly What It Suggests
No mouse movement on page load Automated/bot access
All features blocked Privacy tool
Perfectly consistent timestamps Synthetic traffic
Never-scrolling sessions Bot or automated access
Too-fast interactions Automated form filling
No scrolling on long pages Automation

2.6 IP-Based Detection

Technique What It Detects
IP in known proxy/VPN ranges Proxy/VPN use
IP in Tor exit node list Tor use
IP in datacenter ranges Container/VPS hosting
ASN type (hosting vs residential) Commercial vs home connection
Reverse DNS (hostname contains "hosting") Hosted proxy
IP reputation databases Known proxy/VPN exits

2.7 DNS-Based Detection

Technique What It Detects
DNS resolver IP Cloudflare 1.1.1.1 = tech-savvy user
DNS over HTTPS Unusual DNS behavior
EDNS0 client subnet Leaks approximate network location
DNS query timing Automated vs human pattern

3. Statistical Detection

Sophisticated attackers use machine learning to detect anomalies:

# Conceptual ML detection model
features = [
    'tls_fingerprint_mismatch',
    'feature_blocking_count',
    'js_override_detected',
    'header_consistency_score',
    'network_anomaly_score',
    'behavioral_anomaly_score',
    'ip_reputation_score',
]

model = RandomForestClassifier(n_estimators=100)
# Trained on labeled dataset of real users vs privacy tool users
prediction = model.predict(features)
# Probability that this traffic is behind a privacy tool

The ML model can detect subtle correlations humans would miss e.g., "users who block WebGL and use Cloudflare DNS and have consistent headers are 94% likely to be using a privacy tool."


4. Attacker's Strengths

Strength Explanation
Asymmetric Proxy modifies N signals; attacker finds 1 inconsistency
Statistical ML finds patterns in large datasets
Self-reinforcing More privacy tool adoption better training data
Evolving New detection techniques continuously developed
Profile-based Known signatures for common tools (mitmproxy, Burp, etc.)

5. Attacker's Weaknesses

Weakness Explanation Exploitable?
False positives Some real users match proxy profiles Attackers must accept some error
Detection is probabilistic Not deterministic confidence scores vary Yes
Privacy tool users are not unique Millions of Tor/VPN users share characteristics Yes
Cat-and-mouse Better overrides can bypass detection Yes
Legal/commercial constraints Some fingerprinters avoid blocking privacy users Partial

6. Mitigations for Obscura

6.1 What Obscura Can Do

Mitigation Effectiveness Implementation
Rigorous profile consistency validation Very High Cross-layer validation tooling
Automated profile updates High CI/CD pipeline for fingerprint updates
Leak some real signals (strategically) Medium Make profile less "perfect"
Use real CA certificates Medium Let's Encrypt / ACME integration
Normalize timing (not eliminate) Medium Add realistic timing variation
Do not block spoof instead High Harder to detect than blocking
Rotate through multiple profiles Medium Session-based profile switching
Route upstream through Tor/VPN High Normalizes IP + network signals

6.2 What Obscura Cannot Do

Cannot Why
Change underlying browser Browser's real features remain detectable
Prevent all cross-correlation Too many signal combinations exist
Eliminate IP geolocation Container must have an IP
Match all real-user behavioral patterns Some behaviors cannot be simulated

6.3 Recommended Approach

1. Profile consistency validation       (highest ROI  prevents most detection)
2. Real CA certificates                  (avoid self-signed CA detection)
3. Automatic fingerprint updates         (keep up with browser changes)
4. Strategic signal leaking              (make profile look more natural)
5. Accept  some detection is inevitable (document residual risk)

7. The Meta Conclusion

The uncomfortable truth: a perfect proxy-based anti-fingerprinting system is impossible because the existence of the proxy is itself a signal. Every protocol modification, every injected script, every blocked API creates a detectable pattern.

This does not mean Obscura is useless. It means:

  1. Obscura protects against opportunistic fingerprinting the vast majority of tracking scripts
  2. Obscura does not protect against determined fingerprinting sophisticated services with ML detection
  3. Obscura + Tor Browser provides defense in depth one for casual browsing, the other for sensitive sessions

The goal is not invisibility. It is raising the cost of identification to the point where most trackers give up.


8. Research References

  • Arshad, S. et al. (2016). "A Measurement Study of Web Proxy Detection." IEEE S&P 2016.
  • Englehardt, S. & Narayanan, A. (2016). "Online Tracking: A 1-million-site Measurement and Analysis." CCS 2016.
  • Vastel, A. et al. (2018). "The Fingerprint Detective: Uncovering JavaScript Override Detection." PETS 2018.
  • Laperdrix, P. et al. (2020). "Browser Fingerprinting: A Survey." ACM TOIT.
  • Tschantz, M. et al. (2016). "On the Comprehensibility of Browser Fingerprinting." WEIS 2016.