complete Fingerprinting lesson, move solution to new Generating fingerprints lesson

Author: mstephen19

content/academy/anti_scraping/mitigation.md

@@ -10,7 +10,7 @@ paths:
 
 In the [techniques]({{@link anti_scraping/techniques.md}}) section of this course, you learned about multiple methods websites use to prevent bots from accessing their content. This **Mitigation** section will be all about how to circumvent these protections using various different techniques.
 
-<!-- Here there should  -->
+<!-- Here there should be a bit of an outline of what mitigation techniques they'll be learning -->
 
 ## [](#next) Next up
 

content/academy/anti_scraping/mitigation/generating_fingerprints.md

@@ -0,0 +1,92 @@
+---
+title: Generating fingerprints
+description: description
+menuWeight: 3
+paths:
+    - anti-scraping/mitigation/generating-fingerprints
+---
+
+# [](#generating-fingerprints) Generating fingerprints
+
+With the [Fingerprint generator](https://github.com/apify/fingerprint-generator) NPM package, you can easily generate a browser fingerprint.
+
+> It is crucial to generate fingerprints for the specific browser and operating system being used to trick the protections successfully. For example, if you are trying to overcome protection locally with Firefox on a macOS system, you should generate fingerprints for Firefox and macOS to achieve the best results.
+
+```JavaScript
+import FingerprintGenerator from 'fingerprint-generator';
+
+// Instantiate the fingerprint generator with
+// configuration options
+const fingerprintGenerator = new FingerprintGenerator({
+  browsers: [
+      { name: "firefox", minVersion: 80 },
+  ],
+  devices: [
+      "desktop"
+  ],
+  operatingSystems: [
+      "windows"
+  ]
+});
+
+// Grab a fingerprint from the fingerprint generator
+const { fingerprint } = fingerprintGenerator.getFingerprint({
+  locales: ["en-US", "en"]
+});
+```
+
+## [](#injecting-fingerprints) Injecting fingerprints
+
+Once you've generated a fingerprint, it can be injected into the browser using the [Fingerprint injector](https://github.com/apify/fingerprint-injector) package. This tool allows you to inject fingerprints to browsers automated by Playwright or Puppeteer:
+
+```JavaScript
+import FingerprintGenerator from 'fingerprint-generator';
+import { FingerprintInjector } from 'fingerprint-injector';
+import { chromium } from 'playwright';
+
+// Instantiate a fingerprint injector
+const fingerprintInjector = new FingerprintInjector();
+
+// Launch a browser in Playwright
+const browser = await chromium.launch();
+
+// Instantiate the fingerprint generator with
+// configuration options
+const fingerprintGenerator = new FingerprintGenerator({
+  browsers: [
+      { name: "firefox", minVersion: 80 },
+  ],
+  devices: [
+      "desktop"
+  ],
+  operatingSystems: [
+      "windows"
+  ]
+});
+
+// Grab a fingerprint
+const { fingerprint } = fingerprintGenerator.getFingerprint({
+  locales: ["en-US", "en"]
+});
+
+// Create a new browser context, plugging in
+// some values from the fingerprint
+const context = await browser.newContext({
+  userAgent: fingerprint.userAgent,
+  locale: fingerprint.navigator.language,
+});
+
+// Attach the fingerprint to the newly created
+// browser context
+await fingerprintInjector.attachFingerprintToPlaywright(context, fingerprint);
+
+// Create a new page and go to Google
+const page = await context.newPage();
+await page.goto('https://google.com');
+```
+
+> Note that the Apify SDK automatically applies wide variety fingerprints by default, so it is not required to do this unless you aren't using the Apify SDK or if you need a super specific custom fingerprint to scrape with.
+
+## [](#next) Next up
+
+That's it for the **Mitigation** course for now, but be on the lookout for future lessons! We release lessons as we write them, and will be updating the Academy frequently, so be sure to check back every once in a while for new content! Alternatively, you can subscribe to our mailing list to get periodic updates on the Academy, as well as what Apify is up to.

content/academy/anti_scraping/mitigation/using_proxies.md

@@ -139,4 +139,4 @@ Notice that we didn't provide it a list of proxy URLs. This is because the `SHAD
 
 ## [](#next) Next up
 
-That's it for the **Mitigation** course for now, but be on the lookout for future lessons! We release lessons as we write them, and will be updating the Academy frequently, so be sure to check back every once in a while for new content! Alternatively, you can subscribe to our mailing list to get periodic updates on the Academy, as well as what Apify is up to.
+[Next up]({{@link anti_scraping/mitigation/generating_fingerprints.md}}), we'll be checking out how to use two NPM packages to generate and inject [browser fingerprints]({{@link anti_scraping/techniques/fingerprinting.md}}).

content/academy/anti_scraping/techniques/fingerprinting.md

@@ -10,9 +10,113 @@ paths:
 
 Browser fingerprinting is a method that some websites use to collect information about a browser's type and version, as well as the operating system being used, any active plugins, the time zone and language of the machine, the screen resolution, and various other active settings. All of this information is called the **fingerprint** of the browser, and the act of collecting it is called **fingerprinting**.
 
-Often times, websites use fingerprinting to track the online behavior of their users in order to serve hyper-personalized advertisements to them. However, in some cases, it is also used to aid in preventing bots from accessing the websites (or certain sections of it).
+Yup! Surprisingly enough, browsers provide a lot of information about the user (and even their machine) that is easily accessible to websites! Browser fingerprinting wouldn't even be possible if it weren't for the sheer amount of information browsers provide, and the fact that each fingerprint is unique.
 
-Here is an example of what a browser fingerprint might look like:
+Based on [research](https://www.eff.org/press/archives/2010/05/13) carried out by the Electronic Frontier Foundation, 84% of collected fingerprints are globally exclusive, and they found that the next 9% were in sets with a size of two. They also stated that even though fingerprints are dynamic, new ones can be matched up with old ones with 99.1% correctness. This makes fingerprinting a very viable option for websites who want to track the online behavior of their users in order to serve hyper-personalized advertisements to them. In some cases, it is also used to aid in preventing bots from accessing the websites (or certain sections of it).
+
+## [](#what-makes-up-a-fingerprint) What makes up a fingerprint?
+
+To collect a good fingerprint, websites must collect them from various places.
+
+### [](#from-http-headers) From HTTP headers
+
+There are a few [HTTP headers]({{@link concepts/http_headers.md}}) which can be used to create a fingerprint about a user. Here  are some of the main ones:
+
+1. **User-Agent** provides information about the  browser and its operating system (including its versions).
+2. **Accept** tells the server what content types the browser can render and send, and **Content-Encoding** provides data about the content compression.
+3. **Content-Language** and **Accept-Language** both indicate the user's (and browser's) preferred language.
+4. **Referer** gives the server the address of the previous page from which the link was followed.
+
+A few other headers commonly used for fingerprinting can be seen below:
+
+![Fingerprinted headers]({{@asset anti_scraping/techniques/images/fingerprinted-headers.webp}})
+
+### [](#from-window-properties) From window properties
+
+The `window` is defined as a global variable that is accessible from an JavaScript running in the browser. It is home to a vast amount of functions, variables, and constructors, and most of the global configuration is stored there.
+
+Most of the attributes that are used for fingerprinting are stored under the `window.navigator` object, which holds methods and info about the user's state and identity starting with the **User-Agent** itself and ending with the device's battery status. All of these properties can be used to fingerprint a device; however, most fingerprinting solutions (such as [Valve](https://valve.github.io/fingerprintjs/)) only use the most crucial ones.
+
+Here is a list of some of the most crucial properties on the `window` object used for fingerprinting:
+
+| Property | Example | Description |
+| - | - | - |
+| `screen.width` | `1680` | Defines the width of the device screen. |
+| `screen.height` | `1050` | Defines the height of the device screen. |
+| `screen.availWidth` | `1680` | The portion of the screen width available to the browser window. |
+| `screen.availHeight` | `1050` | The portion of the screen height available to the browser window. |
+| `navigator.userAgent` | `'Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0'` | Same as the HTTP header. |
+| `navigator.platform` | `'MacIntel'` | The platform the browser is running on. |
+| `navigator.cookieEnabled` | `true` | Whether or not the browser accepts cookies. |
+| `navigator.doNotTrack` | `'1'` | Indicates the browser's Do Not Track settings. |
+| `navigator.buildID` | `20181001000000` | The build ID of the browser. |
+| `navigator.product` | `'Gecko'` | The layout engine used. |
+| `navigator.productSub` | `20030107` | The version of the layout engine used. |
+| `navigator.vendor` | `'Google Inc.'` | Vendor of the browser. |
+| `navigator.hardwareConcurrency` | `4` | The number of logical processors the user's computer has available to run threads on. |
+| `navigator.javaEnabled` | `false` | Whether or not the user has enabled Java. |
+| `navigator.deviceMemory` | `8` | Approximately the amount of user memory (in gigabytes). |
+| `navigator.language` | `'en-US'` | The user's primary language. |
+| `navigator.languages` | `['en-US', 'cs-CZ', 'es']` | Other user languages. |
+
+### [](#from-function-calls) From function calls
+
+Fingerprinting tools can also collect pieces of information that are retrieved by calling specific functions:
+
+```JavaScript
+// Get the WebGL vendor information
+WebGLRenderingContext.getParameter(37445)
+
+// Get the WebGL renderer information
+WebGLRenderingContext.getParameter(37446)
+
+// Pass any codec into this function (ex. "audio/aac"). It will return
+// either "maybe," "probably," or "" indicating whether
+// or not the browser can play that codec. An empty
+// string means that  it can't be played.
+HTMLMediaElement.canPlayType('some/codec')
+
+// can ask for a permission if it is not already enabled.
+// allows you to know which permissions the user has
+// enabled, and which are disabled
+navigator.permissions.query('some_permission')
+```
+
+### [](#with-canvases) With canvases
+
+This technique is based on rendering [WebGL](https://developer.mozilla.org/en-US/docs/Web/API/WebGL_API) scenes to a canvas element and observing the pixels rendered. WebGL rendering is tightly connected with the hardware, and therefore provides high entropy. Here's a quick breakdown of how it works:
+
+1. A JavaScript script creates a [`<canvas>` element](https://developer.mozilla.org/en-US/docs/Web/API/Canvas_API) and renders some font or a custom shape.
+2. The script then gets the pixel-map from the `<canvas>` element.
+3. The collected pixel-map is stored in a cryptographic hash specific to the device's hardware.
+
+Canvas fingerprinting takes advantage of the CSS3 feature for importing fonts into CSS (called [WebFonts](https://developer.mozilla.org/en-US/docs/Learn/CSS/Styling_text/Web_fonts)). This means it's not required to use just the machine's preinstalled fonts.
+
+Here's an example of multiple WebGL scenes visibly being rendered differently on different machines:
+
+![Differences in canvas element renderings]({{@asset anti_scraping/techniques/images/canvas-differences.webp}})
+
+### [](#from-audiocontext) From AudioContext
+
+The [AudioContext](https://developer.mozilla.org/en-US/docs/Web/API/AudioContext) API represents an audio-processing graph built from audio modules linked together, each represented by an [AudioNode](https://developer.mozilla.org/en-US/docs/Web/API/AudioNode) ([OscillatorNode](https://developer.mozilla.org/en-US/docs/Web/API/OscillatorNode)).
+
+In the simplest cases, the fingerprint can be obtained by simply checking for the existence of AudioContext. However, this doesn't provide very much information. In advanced cases, the technique used to collect a fingerprint from AudioContext is quite similar to the `<canvas>` method:
+
+1. Audio is passed through an OscillatorNode.
+2. The signal is processed and collected.
+3. The collected signal is cryptographically hashed to provide a short ID.
+
+> A downfall of this method is that two same machines with the same browser will get the same ID.
+
+### [](#from-batterymanager) From BatteryManager
+
+The `navigator.getBattery()` function returns a promise which resolves with a [BatteryManager](https://developer.mozilla.org/en-US/docs/Web/API/BatteryManager) interface. BatteryManager offers information about whether or not the battery is charging, and how much time is left until the battery has fully discharged/charged.
+
+On its own this method is quite weak, but it can be potent when combined with the `<canvas>` and AudioContext fingerprinting techniques mentioned above.
+
+## [](#fingerprint-example) Fingerprint example
+
+When all is said and done, this is what a browser fingerprint might look like:
 
 ```JSON
 {
@@ -86,85 +190,6 @@ On websites which implement advanced fingerprinting techniques, they will tie th
 
 When dealing with these cases, it's important to sync the generation of headers and fingerprints with the rotation of proxies (this is known as session rotation).
 
-## [](#generating-fingerprints) Generating fingerprints
-
-With the [Fingerprint generator](https://github.com/apify/fingerprint-generator) NPM package, you can easily generate a browser fingerprint.
-
-> It is crucial to generate fingerprints for the specific browser and operating system being used to trick the protections successfully. For example, if you are trying to overcome protection locally with Firefox on a macOS system, you should generate fingerprints for Firefox and macOS to achieve the best results.
-
-```JavaScript
-import FingerprintGenerator from 'fingerprint-generator';
-
-// Instantiate the fingerprint generator with
-// configuration options
-const fingerprintGenerator = new FingerprintGenerator({
-  browsers: [
-      { name: "firefox", minVersion: 80 },
-  ],
-  devices: [
-      "desktop"
-  ],
-  operatingSystems: [
-      "windows"
-  ]
-});
-
-// Grab a fingerprint
-const { fingerprint } = fingerprintGenerator.getFingerprint({
-  locales: ["en-US", "en"]
-});
-```
-
-Once you've generated a fingerprint, it can be injected into the browser using the [Fingerprint injector](https://github.com/apify/fingerprint-injector) package. This tool allows you to inject fingerprints to browsers automated by Playwright or Puppeteer:
-
-```JavaScript
-import FingerprintGenerator from 'fingerprint-generator';
-import { FingerprintInjector } from 'fingerprint-injector';
-import { chromium } from 'playwright';
-
-// Instantiate a fingerprint injector
-const fingerprintInjector = new FingerprintInjector();
-
-// Launch a browser in Playwright
-const browser = await chromium.launch();
-
-// Instantiate the fingerprint generator with
-// configuration options
-const fingerprintGenerator = new FingerprintGenerator({
-  browsers: [
-      { name: "firefox", minVersion: 80 },
-  ],
-  devices: [
-      "desktop"
-  ],
-  operatingSystems: [
-      "windows"
-  ]
-});
-
-// Grab a fingerprint
-const { fingerprint } = fingerprintGenerator.getFingerprint({
-  locales: ["en-US", "en"]
-});
-
-// Create a new browser context, plugging in
-// some values from the fingerprint
-const context = await browser.newContext({
-  userAgent: fingerprint.userAgent,
-  locale: fingerprint.navigator.language,
-});
-
-// Attach the fingerprint to the newly created
-// browser context
-await fingerprintInjector.attachFingerprintToPlaywright(context, fingerprint);
-
-// Create a new page and go to Google
-const page = await context.newPage();
-await page.goto('https://google.com');
-```
-
-> Note that the Apify SDK automatically applies wide variety fingerprints by default, so it is not required to do this unless you need a super specific custom fingerprint to scrape with.
-
 ## [](#next) Next up
 
 [Next up]({{@link anti_scraping/techniques/geolocation.md}}), we'll be covering **geolocation** methods that websites use to grab the location from which a request has been made, and how they relate to anti-scraping.