Development status: ⚡ Alpha
Thimble is a web browser extension that helps protect against device fingerprinting. By applying subtle random noise to browser APIs that are commonly used for fingerprinting, Thimble aims to make it harder to passively perform cross-site tracking.
- Download the latest release from GitHub.
- Unzip the file somewhere to get a
thimble/directory. - In Chrome:
- Go to
chrome://extensions - Enable developer mode.
- Load the
thimble/directory as an unpacked extension.
In theory this extension should support Firefox and Safari, but it hasn't been widely tested. If you run into problems, please open an issue.
As of this writing (November 2023), Thimble evades these fingerprinters:
- FingerprintJS Free
- FingerprintJS Commercial (clear cookies between tests)
- CreepJS
- Browserleaks Canvas
- Browserleaks Fonts
- Browserleaks WebGL
You should get a randomized fingerprint upon each reload.
Thimble modifies these browser APIs:
- Audio: Applies imperceptible noise to audio data readouts.
- Battery state: Randomizes between "charging" and "discharging". Randomize battery level between 90 and 100%.
- CPU cores: Randomizes between 2 and the actual CPU core count.
- Canvas: Applies imperceptible noise to pixel data readouts.
- Device memory: Randomizes reported available memory.
- "Do not track" preference: Randomly toggled.
- Fonts: Applies imperceptible noise to DOM size calculation used for font detection.
- GPU info: Randomizes WebGL parameters, disables APIs for getting unmasked GPU vendor and renderer.
- Language: Appends a random private-use language tag. Limits number of languages to 1.
- Media formats: Randomly flip between "probably" and "maybe" media format support.
- Media devices: Shuffles available media devices.
- Screen dimensions and window position: Randomized.
- Storage quota: Randomly reports between 2 and 32 GB available.
- User agent: Appends a random suffix.
The main goal is to add as much noise as possible to break fingerprinting without impacting user experience.
npm install
npm run build
The extension will be built to ./dist, which can be loaded as an unpacked extension in your browser.