Skip to content

FingerprintJS still reports browserTampering on Linux with minimal Windows font setup (Chromium 148) #395

Description

@maithanhtrung123

Description
On a Linux VPS running CloakBrowser Pro Chromium 148, FingerprintJS Pro Playground still reports browserTampering: detected despite using the recommended minimal Windows font setup.

Environment

  • cloakbrowser@0.4.3
  • Pro Chromium 148.0.7778.215.2
  • Ubuntu Linux (no Docker)
  • Node.js v22.23.0
  • Running via launchPersistentContext()
  • Xvfb (DISPLAY=:99)

Launch options:

Using launchPersistentContext()
import { launchPersistentContext } from "cloakbrowser";
const context = await launchPersistentContext({
userDataDir: "",
headless: false,
humanize: true,
proxy: "http://user:pass@ip:port",
geoip: true,
viewport: { width: 1920, height: 1080 },
deviceScaleFactor: 1,
args: [
"--fingerprint=98293",
"--fingerprint-platform=windows",
"--fingerprint-windows-font-metrics",
"--fingerprint-noise=false",
"--fingerprint-webrtc-ip=auto",
"--fingerprint-screen-width=1920",
"--fingerprint-screen-height=1080"
]
});
Windows fonts
Installed only the recommended six fonts system-wide:

  • Calibri
  • Franklin Gothic Medium
  • Marlett
  • MS UI Gothic
  • Segoe UI
  • Segoe UI Light

Reality
With the minimal Windows font setup and --fingerprint-windows-font-metrics, FingerprintJS should report:

  • browserTampering: Not detected
  • or at least a significantly lower tampering score.

Fresh profile results:
✅ bot: Not detected
✅ virtualMachine: Not detected
❌ browserTampering: detected
The issue is reproducible across different residential proxies. Persistent context is used (not regular launch()).

Additional notes
Compared to a full Windows font directory, the minimal 6-font setup noticeably improves detection:

  • virtualMachine is no longer detected.
  • Overall suspect score is lower.
  • The only remaining signal is browserTampering.

FingerprintJS also reports:
vpn: You are using a VPN 🌐 (OS mismatch)

The browser fingerprint is reported as:

  • Operating System: Windows 11
  • User-Agent: Windows NT 10.0; Win64; x64

However, the browser is actually running on a Linux using:
--fingerprint-platform=windows
fingerprint-windows-font-metrics
geoip: true
a residential proxy

This may indicate an OS consistency gap between the browser fingerprint and lower-level network or proxy signals.

Current FingerprintJS result:

bot: Not detected
virtualMachine: Not detected
browserTampering: detected
vpn: OS mismatch
suspectScore: 12

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions