Blog > Tech insights > Fingerprinting: how to run multiple accounts and avoid detection
how to avoid fingerprinting while running multiple accounts

Multiaccounting is the backbone of a marketing strategy for many businesses, which allows them to conduct research, lead effective ad campaigns, connect with their audience, and stay ahead of competitors. On the other hand, platforms and social media sites actively fight against multiaccounting as fraudulent activities often hide behind it. So, even if your interest and intentions are totally legitimate, managing several profiles may get tricky, especially with new detection methods evolving and becoming more accurate literally every day. In this article, we discuss them and ways to preserve your privacy. 

What is fingerprinting, and how it betrays you, or how platforms actually link all your accounts to you

When you create several profiles on Instagram, their representatives don’t stand behind your back watching you. However, sometimes even if you cover it, social media platforms somehow figure out that several profiles, seemingly unconnected, belong to the same person. The thing is that every action you take online leaves dozens of small traces. Combined, those signals let websites draft a pretty accurate picture of every user and easily suspect multiaccounting. 

First, it’s browser fingerprinting – a technique that implies collecting and combining pieces of data your browser reveals to a webpage (like screen size, installed fonts, browser version, etc.) to identify a browser. It creates a unique identifier for each browser that remains consistent across sessions. Even without cookies, such an identifier makes it possible to track a browser across sites. 

Next comes device fingerprinting – a similar, yet broader concept, that includes tracking device characteristics like OS version, hardware characteristics, etc. It allows linking activities across several browsers and apps on the same device. 

While separately each piece of data can’t confirm your identity, put together they can make a browser or device statistically unique and help identify you. 

Are fingerprints and cookies the same?

No is a short answer. 

Fingerprinting and cookies enhance each other, but are not the same. Cookies are small pieces of data that a webpage stores in your browser, and they help websites identify you. Cookies are deterministic identifiers – clear and direct markers that a session belongs to you. But, even if you reject or clear cookies, fingerprints are still here. While fingerprints are probabilistic identifiers – indirect signs that can increase or decrease the probability that a session belongs to the same user or device – you can’t reject them. Moreover, websites usually collect them without directly asking for your consent. So, in a way, fingerprints may tell about you even more than cookies – without you knowing it. However, platforms combine both types of identifiers to decide whether you are a legitimate user, as relying solely on fingerprinting may lead to false matches that would harm authorized users or missed matches that would allow bad actors to stay unnoticed.  

What particular types of fingerprints exist, and how to get over them

So, is multiaccounting doomed with all the fingerprinting things growing stronger? Relax, it isn’t. While detection systems evolve, ways to preserve your privacy do as well. Especially considering that fingerprints are collected without your agreement, that detail alone raises concerns regarding privacy and legitimacy. Let’s take a closer look at what you can do.

Disclaimer: The further information is provided for educational purposes only. DataImpulse does not encourage you to take any actions or get involved in any illegal activities, and it does not bear any responsibility for possible outcomes. We strongly recommend always reading websites’ Privacy Policy and Terms of Service, adopting legitimate tools and approaches only, and aligning with data protection regulations like GDPR, CCPA, etc. 

Network&IP metadata

Metadata is data about data. When you send a request, a lot of information accompanies it, like your IP address, port behaviour, and routing metadata. It also reveals your geographic location and internet service provider name. Sometimes, it can disclose whether several sessions share the same upstream gateway. 

How to avoid it: proxies are a reliable solution as they help you conceal your IP from the target server. When you use them, you send requests not to a server directly, but to a proxy, and the latter then forwards your request to a website you try to connect to. As a bonus, it helps you avoid geo-based restrictions. 

HTTP headers and TLS parameters 

Each request contains headers and another request identifier, like browser preferences, necessary for sending the correct response. TLS is a security protocol (S in HTTPS) responsible for encrypted connections. When your browser sends a request, it announces supported protocol versions, encryption algorithms, and their order, extensions, and handshake behaviour. The resulting combination creates a pattern – the so-called TLS fingerprint. Together with headers, it can reveal browser family and version, language preferences, and ideas regarding the software you use. 

How to avoid it: different websites use their own databases and various criteria to allow access, so there is no “cure-all” solution for TLS fingerprinting. Moreover, there is no bypassing TLS fingerprinting. Instead, you have to make them more agreeable for a target server. You can adjust better if you know how a website customizes a basic TLS protocol. 

Also, headless browsers like Puppeteer or Playwright, paired with additional libraries like Puppeteer Stealth or Playwright Stealth, can help you with it. Also, there is a solution called spoofing – in other words, implementing special tools that let you control the order of cipher suites and HTTP2/2 vs HTTP/1.1 negotiation. However, you must determine what triggers TLS fingerprinting on the server side and remember that it is impossible to 100% spoof it. 

Browser storage 

Small data sets like localStorage and sessionStorage come from the browser storage API. Websites can then read them on your subsequent visits. 

LocalStorage persists across sessions, while sessionStorage persists across tabs. They reveal preference flags and deterministic session tokens and are generally explicit identifiers that provide very clear evidence that a browser is the same as before.

How to avoid it: There are several ways. First, special browsers designed for multiaccounting, like Multilogin or GoLogin, help you create unique profiles that don’t share the same data.

Second, browser extensions like Privacy Badger allow you to block platforms from tracking your activities. Third, if hiding is impossible, try spoofing. This technique includes altering your browser data to make it look like you use a different device, OS, or browser, thus making it harder to track you down. Some browsers, like Mozilla, allow you to change some data manually. There are also spoofing extensions like Chameleon for modifying data. 

Canvas&WebGL signals 

When you visit a webpage, it may ask your browser to render a piece of text, shapes (canvas fingerprinting), or GPU shades (WebGL fingerprinting). It happens in milliseconds and stays invisible to you – off-screen or in a 1×1 pixel size. As a result of a combination of different hardware, OS, and browsers, the same picture will be rendered in a slightly different manner, producing different canvas hashes. It reveals much information like CPU (central processing unit) and GPU (graphics processing unit) models, OS, drivers, etc. 

How to avoid it: Canvas and WebGL fingerprinting are hard to avoid, as they rely on hardware-level signals (unlike the types mentioned above that rely on software-level signals). Even if you use scripts or browser extensions to fake some values, the rendered output will differ from what you try to show, and those inconsistencies will expose you. Still, some methods can help, like using virtualized environments with similar GPU parameters. However, this method is expensive, requires strong technical skills, and is hard to scale. 

Behavioral and timing signals 

The movements of your mouse, typing cadence, scrolling speed, and timing between actions, taken together, help identify whether a human or a bot is on the other side of a screen. Such characteristics can persist across sessions. 

How to avoid it: use privacy-focused browsers and reliable automation tools that implement randomized delays between actions. Clear cache and cookies regularly, adjust privacy settings in your browser. VPNs and proxies are also helpful.

What comes after collecting fingerprints 

Each type of fingerprint has its advantages and disadvantages. Cookies are solid proof, but you can easily clear them. Canvas hashes may differ after driver updates, and behavioral signals are noisy. So, relying solely on any of the mentioned types isn’t practical. That is why, after collecting data, platforms merge all those weak and strong signals into coherent links and create identity graphs – data structures representing relationships between signals. Like this, IP was seen with that cookie, or that canvas hash was noticed with that account (a bit similar to celebrity rumors). Those graphs grow into dense webs that help catch if sets of seemingly disparate sessions belong to the same user. Also, thanks to those webs, sudden changes and account behavior anomalies may indicate multiaccounting. 

That is why it is crucial to be aware of all the ways you may be tracked down and combine numerous tools to avoid detection. Even if you use the best anti-detect browser and ignore proxies or automation tools, it will be a problem, as many signals will still point to you managing all those numerous accounts. That’s not a fire that gives you away, but smoke. 

Key takeaways 

  • Your online activities leave dozens of small traces that platforms collect and merge. It helps suspect multi-accounting.
  • The process is called fingerprinting. There is browser fingerprinting—collecting data that your browser reveals to a webpage—and device fingerprinting—a similar concept that involves collecting device-linked information.
  • Cookies and fingerprints are not entirely the same. While cookies are more solid evidence, you can reject or clear them. Fingerprints may not be that explicit, but platforms mostly collect fingerprints without directly asking for your consent. Websites usually combine both types of data. 
  • Webpages collect several data types, such as canvas hashes, behavioral patterns, and TLS parameters. Generally, software-level signals like browser storage data are easier to hide, spoof, or alter than hardware-level signals like WebGL rendering. Still, special tools like anti-detect browsers, VPNs, and proxies help. 
  • It is important to know that platforms track and consider multiple signals, so you must cover all of them if you want to manage several accounts successfully. For that, you will likely need to combine several reliable tools that serve different purposes. Together, they will protect your privacy well. 

Jennifer R.

Content Editor

Content Manager at DataImpulse. Jennifer's degree in philology and translation and several years of experience in content writing help her create easy-to-understand copies, even on tangled tech topics. While writing every text, her goal is to provide an in-depth look at the given topic and give answers to all possible questions. Subscribe to our newsletter and always be updated on the best technologies for your business.