Category: Cross-Layer / Meta-Detection
1. Description
The act of protecting oneself creates detectable patterns. Privacy tools are paradoxical: the more aggressively they modify signals, the more they create new signals that identify "privacy tool user." This document analyzes how fingerprinting services detect Obscura-like proxies through inconsistencies and anomalies.
2. Detection Vectors
2.1 Cross-Layer Profile Inconsistency
The most powerful detection: comparing signals across layers.
| Layer A |
Layer B |
Expected Consistency |
Inconsistency Signal |
| User-Agent OS |
TLS fingerprint (JA3) |
Win11 Windows JA3 |
Chrome on Win11 UA + Linux JA3 |
| User-Agent OS |
TCP/IP stack |
Win11 TTL=128 |
Win11 UA + TTL=64 (Linux) |
| User-Agent browser |
HTTP/2 SETTINGS |
Chrome Chrome's SETTINGS |
Chrome UA + Go's SETTINGS |
| Sec-CH-UA-Platform |
navigator.platform |
"Windows" "Win32" |
"Windows" + "Linux x86_64" |
| Accept-Language |
navigator.language |
Match |
Mismatch (e.g., "en-US" header + navigator says "es-ES") |
| Timezone |
IP geolocation |
Match |
US timezone + EU IP |
| Screen resolution |
Device class |
Laptop resolution + desktop OS |
Mobile resolution + desktop OS |
Entropy: Very High can definitively detect proxies
2.2 TLS Proxy Detection
| Technique |
Detection |
Reliability |
| JA3 vs expected |
Proxy TLS stack != browser TLS stack |
Very High |
| Certificate inspection |
Self-signed CA, unusual issuer |
High |
| OCSP behavior |
Missing or unusual OCSP requests |
Medium |
| TLS extension order |
Non-browser extension order |
Medium |
| ALPN protocol order |
Unusual ALPN preferences |
Medium |
2.3 JavaScript Override Detection
const uaDescriptor = Object.getOwnPropertyDescriptor(
Object.getPrototypeOf(navigator),
'userAgent'
)
if (uaDescriptor && uaDescriptor.get !== originalGetter) {
}
Additional techniques:
| Technique |
How It Works |
Object.getOwnPropertyDescriptor |
Detects Object.defineProperty overrides |
| Cross-validation |
Check same value from multiple APIs |
Function toString() |
Overridden functions don't have native [native code] body |
in operator |
Check if property exists on prototype chain |
hasOwnProperty |
Detect added properties |
Iframe with about:sandbox |
Fresh context without overrides |
2.4 Feature Blocking Detection
| Blocked Feature |
Detection Method |
False Positive Risk |
| WebGL |
getContext('webgl') returns null |
Some users disable WebGL |
| WebGPU |
navigator.gpu is undefined |
Many browsers don't support it |
| AudioContext |
Constructor throws |
Some users disable audio |
| Canvas |
getContext('2d') returns null |
Extremely rare in real users |
| WebRTC |
RTCPeerConnection is undefined |
Some users disable |
| Battery API |
getBattery() doesn't exist |
Only Firefox has it |
| Client Hints |
userAgentData undefined |
Only Chrome has it |
Pattern analysis: A user blocking WebGL + AudioContext + WebRTC + Canvas is almost certainly using a privacy tool.
2.5 Behavioral Anomalies
| Anomaly |
What It Suggests |
| No mouse movement on page load |
Automated/bot access |
| All features blocked |
Privacy tool |
| Perfectly consistent timestamps |
Synthetic traffic |
| Never-scrolling sessions |
Bot or automated access |
| Too-fast interactions |
Automated form filling |
| No scrolling on long pages |
Automation |
2.6 IP-Based Detection
| Technique |
What It Detects |
| IP in known proxy/VPN ranges |
Proxy/VPN use |
| IP in Tor exit node list |
Tor use |
| IP in datacenter ranges |
Container/VPS hosting |
| ASN type (hosting vs residential) |
Commercial vs home connection |
| Reverse DNS (hostname contains "hosting") |
Hosted proxy |
| IP reputation databases |
Known proxy/VPN exits |
2.7 DNS-Based Detection
| Technique |
What It Detects |
| DNS resolver IP |
Cloudflare 1.1.1.1 = tech-savvy user |
| DNS over HTTPS |
Unusual DNS behavior |
| EDNS0 client subnet |
Leaks approximate network location |
| DNS query timing |
Automated vs human pattern |
3. Statistical Detection
Sophisticated attackers use machine learning to detect anomalies:
features = [
'tls_fingerprint_mismatch',
'feature_blocking_count',
'js_override_detected',
'header_consistency_score',
'network_anomaly_score',
'behavioral_anomaly_score',
'ip_reputation_score',
]
model = RandomForestClassifier(n_estimators=100)
prediction = model.predict(features)
The ML model can detect subtle correlations humans would miss e.g., "users who block WebGL and use Cloudflare DNS and have consistent headers are 94% likely to be using a privacy tool."
4. Attacker's Strengths
| Strength |
Explanation |
| Asymmetric |
Proxy modifies N signals; attacker finds 1 inconsistency |
| Statistical |
ML finds patterns in large datasets |
| Self-reinforcing |
More privacy tool adoption better training data |
| Evolving |
New detection techniques continuously developed |
| Profile-based |
Known signatures for common tools (mitmproxy, Burp, etc.) |
5. Attacker's Weaknesses
| Weakness |
Explanation |
Exploitable? |
| False positives |
Some real users match proxy profiles |
Attackers must accept some error |
| Detection is probabilistic |
Not deterministic confidence scores vary |
Yes |
| Privacy tool users are not unique |
Millions of Tor/VPN users share characteristics |
Yes |
| Cat-and-mouse |
Better overrides can bypass detection |
Yes |
| Legal/commercial constraints |
Some fingerprinters avoid blocking privacy users |
Partial |
6. Mitigations for Obscura
6.1 What Obscura Can Do
| Mitigation |
Effectiveness |
Implementation |
| Rigorous profile consistency validation |
Very High |
Cross-layer validation tooling |
| Automated profile updates |
High |
CI/CD pipeline for fingerprint updates |
| Leak some real signals (strategically) |
Medium |
Make profile less "perfect" |
| Use real CA certificates |
Medium |
Let's Encrypt / ACME integration |
| Normalize timing (not eliminate) |
Medium |
Add realistic timing variation |
| Do not block spoof instead |
High |
Harder to detect than blocking |
| Rotate through multiple profiles |
Medium |
Session-based profile switching |
| Route upstream through Tor/VPN |
High |
Normalizes IP + network signals |
6.2 What Obscura Cannot Do
| Cannot |
Why |
| Change underlying browser |
Browser's real features remain detectable |
| Prevent all cross-correlation |
Too many signal combinations exist |
| Eliminate IP geolocation |
Container must have an IP |
| Match all real-user behavioral patterns |
Some behaviors cannot be simulated |
6.3 Recommended Approach
1. Profile consistency validation (highest ROI prevents most detection)
2. Real CA certificates (avoid self-signed CA detection)
3. Automatic fingerprint updates (keep up with browser changes)
4. Strategic signal leaking (make profile look more natural)
5. Accept some detection is inevitable (document residual risk)
7. The Meta Conclusion
The uncomfortable truth: a perfect proxy-based anti-fingerprinting system is impossible because the existence of the proxy is itself a signal. Every protocol modification, every injected script, every blocked API creates a detectable pattern.
This does not mean Obscura is useless. It means:
- Obscura protects against opportunistic fingerprinting the vast majority of tracking scripts
- Obscura does not protect against determined fingerprinting sophisticated services with ML detection
- Obscura + Tor Browser provides defense in depth one for casual browsing, the other for sensitive sessions
The goal is not invisibility. It is raising the cost of identification to the point where most trackers give up.
8. Research References
- Arshad, S. et al. (2016). "A Measurement Study of Web Proxy Detection." IEEE S&P 2016.
- Englehardt, S. & Narayanan, A. (2016). "Online Tracking: A 1-million-site Measurement and Analysis." CCS 2016.
- Vastel, A. et al. (2018). "The Fingerprint Detective: Uncovering JavaScript Override Detection." PETS 2018.
- Laperdrix, P. et al. (2020). "Browser Fingerprinting: A Survey." ACM TOIT.
- Tschantz, M. et al. (2016). "On the Comprehensibility of Browser Fingerprinting." WEIS 2016.