Every time you click a link or visit a web page, your browser shares a wealth of details about your computer, screen, local network, and hardware configurations. While browser APIs are designed to make web apps powerful, they are also exploited by advertisers to leak personal data.
Here are 10 browser APIs that leak data, why they pose a privacy risk, and how to lock down your system.
1. GPU Hardware Models (WebGL API)
The WebGL API provides access to hardware-accelerated graphics. However, calling gl.getParameter(gl.getExtension('WEBGL_debug_renderer_info').UNMASKED_RENDERER_WEBGL) leaks your exact graphics card manufacturer and card model (e.g., NVIDIA GeForce RTX 4070/PCIe/SSE2).
- Risk: High uniqueness for custom GPU drivers.
- Solution: Use Brave or Firefox with ResistFingerprinting to spoof the GPU model as a generic renderer.
2. Battery Telemetry (Battery Status API)
The Battery Status API exposes your device's battery level percentage and remaining charging time.
- Risk: Precision metrics (like
0.841392) update constantly, creating a temporary tracking identifier that allows scripts to follow your sessions across private windows. - Solution: Modern browsers like Safari and Firefox have removed this API. If you use Chrome, you can block it using permissions managers.
3. Installed System Fonts
Websites can measure text render dimensions to test for the presence of hundreds of pre-installed system fonts.
- Risk: Having custom design or language fonts makes your browser configuration stand out in tracking indexes.
- Solution: Use a browser extension that blocks font measurement or enforces standard system fonts.
4. Local IP Leaks (WebRTC API)
WebRTC queries STUN servers to resolve networking paths, revealing your local network IP (like 192.168.1.42) and bypassing VPN tunnels.
- Risk: Exposes your actual ISP IP even behind a VPN.
- Solution: Turn off WebRTC in Firefox settings or install a routing blocker on Chromium browsers.
5. Audio Processing Hashes (Web Audio API)
By rendering an inaudible audio wave in an OfflineAudioContext, scripts analyze sub-pixel math discrepancies in your sound card's digital-to-analog converter (DAC).
- Risk: Permanent hardware fingerprint.
- Solution: Use Brave or extensions to add mathematical noise to AudioContext outputs.
6. Timezone Offset & Locale Discrepancies
The Intl.DateTimeFormat().resolvedOptions().timeZone property exposes your system timezone (e.g., Asia/Kolkata).
- Risk: If your VPN routes through the US but your timezone remains local, ad networks flag the location discrepancy.
- Solution: Spoof your timezone or configure your browser to match your VPN location.
7. Media Device Count (MediaDevices API)
Calling navigator.mediaDevices.enumerateDevices() returns the count and connection kinds (mic, speaker, webcam) connected to your computer.
- Risk: Users with multiple audio input/output routes are easily identified.
- Solution: Restrict Media Device permissions to block device enumeration.
8. CPU Logical Cores (Hardware Concurrency)
navigator.hardwareConcurrency returns the number of logical CPU cores on your processor (e.g., 8, 12, or 16).
- Risk: Exposes hardware tiers.
- Solution: Spoof this value to a generic standard (e.g., 4 or 8) in privacy settings.
9. Network Connection Estimates (Network Information API)
Exposes your connection type (Wi-Fi, cellular) and estimated download speeds.
- Risk: Adds extra bits of entropy to your fingerprint.
- Solution: Use Firefox or Safari which block this API.
10. Device Memory API
navigator.deviceMemory returns the approximate amount of RAM in gigabytes (e.g., 2, 4, or 8 GB).
- Risk: Categorizes your device category.
- Solution: Spoof this property to a standard level.
Test Your Browser Leak Status
Visit the BrowserProbe Homepage to run all 10 hardware, network, and privacy tests instantly in a single scan. Make sure your privacy blockers are configured correctly to hide your device signatures!