How Anonymity Checkers Work — Pixelscan, BrowserLeaks, Whoer, and CreepJS

Over the past few years, the approach to digital privacy has changed significantly. Platforms have started tracking users more aggressively and implementing identification technologies. One of the most important is browser fingerprinting — a method that identifies users based on the unique characteristics of their device and browser.

Unlike cookies, fingerprinting works passively. The system quietly queries dozens of browser API parameters — from installed fonts to the GPU — and builds a unique digital signature. It survives both cache clearing and IP changes.

As this technology evolved, specialized services known as checkers began to appear. They let you quickly assess how unique your browser looks and what data it exposes. However, many people mistakenly treat checker results as the ultimate measure of anonymity. Let's examine the architecture of leading checkers, what they actually test, and whether you can trust their results.

The Basics: Whoer.net and Network Anonymity

Whoer is one of the simplest checkers. You visit the site, and it shows everything about your connection and browser — from IP address to system time.

It's typically used to verify that a VPN, proxy, or anti-detect browser is configured correctly and isn't leaking real data. Whoer doesn't dig into GPU rendering or other hardware-level parameters. It focuses on visible identity — the network parameters your connection openly exposes to servers.

What it checks:

• Geo consistency. If your profile is mimicking a California resident, Whoer checks whether the IP belongs to a US address pool and whether the system time zone matches the declared state.
• DNS leaks. Whether your requests are going through your real home ISP instead of your configured VPN or proxy.
• WebRTC. Attempts to extract your real local and public IP through P2P browser connections.
• Basic fingerprint. OS version, browser version, JavaScript status, installed plugins, screen parameters.

Whoer gamified the process and introduced an "anonymity percentage" on a 100-point scale. At 90–100%, you look like a regular user from your declared country. At 40–70%, it highlights issues and gives tips on how to fix them.

Whoer doesn't go deeper. But if you need to quickly check your proxies for network leaks, it does the job perfectly.

Deep Audit: BrowserLeaks and Hardware Entropy

BrowserLeaks goes much deeper and focuses on technical analysis. The service collects and displays a wide range of parameters related to your browser, device, and runtime environment.

It doesn't give scores — it just shows factual data that almost any website can collect about your browser. Interpreting these values requires technical understanding.

BrowserLeaks checks graphics rendering parameters (Canvas, WebGL), analyzes audio processing, detects available system fonts, and collects various network and system characteristics used for fingerprinting.

Canvas Fingerprinting

The most well-known method of hardware tracking. The browser receives a hidden command to render a complex image on an invisible canvas element (usually text with specific fonts, shadows, and semi-transparent colors). Based on the rendering result, the checker infers your OS and browser.

Unlike cookies (easy to delete) or IP addresses (easy to change), the Canvas fingerprint relies on your device's physical parameters. It survives cache clearing, time zone changes, and incognito mode.

If you create multiple accounts on a service from the same computer, just changing proxies, Canvas will link them all in one chain. Same hardware means the same image hash every time.

Different operating systems use their own font smoothing algorithms (ClearType on Windows, Quartz on macOS, FreeType on Linux). Different GPU drivers round pixels and handle floating-point calculations differently. Together, this forms a unique Canvas.

The Cross-Platform Myth

You create a profile in an anti-detect browser and choose macOS in settings, even though your device runs Windows. The anti-detect browser changes the User-Agent, injects the correct headers, and adjusts screen resolution. But when the site requests Canvas rendering — the checker shows your Windows. Why?

The vast majority of anti-detect browsers are built on Chromium. Graphics rendering is handled by the Skia engine. But for fonts and shadows, Skia calls your operating system's low-level APIs. On Windows, it calls DirectWrite and ClearType. On macOS, it calls CoreText and Quartz (Apple's proprietary engine).

For your Windows-based anti-detect browser to render Canvas like a Mac, developers would have to remove DirectWrite calls and somehow embed Apple's closed code. This is technically impossible.

If you've read anti-detect browser documentation, you may have noticed they often recommend using the same OS as your real one. They rarely explain why.

Technically, there's a workaround: disable GPU hardware acceleration. Then the CPU renders images via Google SwiftShader. You'll get a different Canvas hash, but in the WebGL section, you'll see "SwiftShader" instead of a GPU. Regular users don't disable hardware acceleration, so this would attract anti-fraud attention.

The Consistency Police: Pixelscan

BrowserLeaks shows what you have. Pixelscan checks whether you're lying. Modern anti-fraud doesn't ban for fingerprint uniqueness (millions of legitimate users are unique) — it bans for logical contradictions. If your User-Agent says Windows but navigator.platform returns Linux, Pixelscan throws an error.

In Octo Browser, you can set any values for hardwareConcurrency (CPU cores) and deviceMemory (RAM). But in reality, these correlate with each other. Try Octo Browser for free with promo code DEVTO.

Another example: your profile settings specify 1920×1080 resolution, but Pixelscan sees that the browser viewport is also exactly 1920×1080. Regular users always lose some screen space to taskbars, browser frames, and tabs.

A clean local Chrome without extensions sometimes shows an "Inconsistent" status. Reasons include:

• Network changes (switched from Wi-Fi to LTE, system changed time zone)
• Privacy browsers (Brave or uBlock restrict APIs, breaking fingerprint consistency)
• Relocation (moved to another region, but device time zone didn't update)

Pixelscan compares your Canvas hash against a massive database of real devices. If your hash is 100% unique — that's bad. A good profile should blend into the crowd.

Pixelscan's advantages:

• Comprehensiveness. Analyzes consistency between parameters, not just individual values. This is exactly how anti-fraud systems at Facebook, Google, and Amazon work.
• Automation detection. Easily spots traces of Puppeteer and Playwright.
• Real fingerprints. The platform compares your data against a database of actual devices

Pixelscan is an excellent training tool, but the goal of an anti-detect browser isn't green checkmarks — it's avoiding bans on your target service. Sometimes a profile with a few warnings lasts longer than a perfect but suspiciously sterile account.

Advanced Detection: CreepJS

CreepJS isn't a commercial product — it's an open-source project by security researchers. It doesn't need a fancy UI. It aggressively and deeply inspects your browser's JavaScript engine, looking for interference in the browser kernel and traces of spoofing and automation.

Regular checkers just take a hash of the rendered Canvas image. CreepJS can analyze the actual image texture and detect noise-injection algorithms. Adding random color noise to pixels is an outdated workaround that CreepJS highlights.

A clean profile

Profile with noise

The checker looks for hidden browser control flags from Puppeteer, Playwright, or Selenium, checks for headless mode, the webdriver object, and how window parameters naturally behave.

If you run a high-quality anti-detect browser like Octo Browser manually, you will pass this test without issues. But if you automate your workflows via Puppeteer, a cheap anti-detect browser will immediately raise a webdriver: true red flag, while top-tier solutions can even spoof script-based browser control.

What else CreepJS detects:

• Prototype tampering. If a cheap extension overwrites a native JS function (to hide the real battery, for example), CreepJS triggers an error in that function and reads the stack trace. Native code produces a system error; fake code reveals its script path.
• Engine math. Forces the browser to calculate complex fractions (sines, cosines). Different engine versions round numbers slightly differently — exposing spoofing.
• Software rendering. Analyzes how WebGL is rendered, detecting software emulators often used on cheap bot farm servers.

CreepJS is an objective tool that's nearly impossible to fool. If it finds prototype tampering or math spoofing — the vulnerability is real.
But does a lot of red text mean an instant ban on Google, Facebook, or crypto exchanges? No.

Why not to absolutize CreepJS:

• Commercial anti-fraud works differently. Ad networks need real users who generate revenue. They don't ban solely for privacy extensions that restrict APIs.
• False positives. A perfectly clean home Chrome can look suspicious if you install a strict ad blocker, change your time zone, or disable third-party cookies.
• Bans are based on the whole picture. Algorithms consider IP, account history, behavior, and fingerprint together. If your fingerprint is slightly unusual but you behave like a real user with quality proxies — you'll be fine.

Conclusions

Can you trust checkers? Yes — as diagnostic tools:

• Whoer.net quickly checks whether your connection is leaking your real IP or DNS.
• BrowserLeaks shows all the technical data your browser voluntarily gives to websites.
• Pixelscan finds inconsistencies between your profile's declared characteristics and real hardware.
• CreepJS detects deep programmatic interference in browser behavior and bot usage.

The highest level of automation today isn't becoming invisible by locking down all APIs — it's creating a consistent profile that completely blends in among millions of real internet users.