Damru
Benchmarks & fingerprint proof
Damru is validated against open browser-fingerprinting test suites — CreepJS, Sannysoft, and BrowserScan.
These public research tools measure how closely an automated browser environment matches a genuine device fingerprint across navigator, hardware, GPU, and network surfaces. Because Damru runs real Android and spoofs at the OS/binary level, the fingerprint is internally consistent rather than a patched desktop signature.
What do the benchmark results show?
Across each suite, Damru's real-Android fingerprint stays internally consistent, where desktop-stealth tools tend to leak mismatches between their patched surface and the real desktop underneath.
The entity-attribute table below maps each test suite to what it measures, the Damru result, and the typical result for a JavaScript-patched desktop-stealth tool. Reproduce any of these locally with the command beneath the table.
| Test suite | What it measures | Damru result | Desktop-stealth result |
|---|---|---|---|
| CreepJS | Cross-surface fingerprint consistency and lie detection (navigator, GPU, workers) | Consistent across surfaces — real Android signals agree | Mismatches flagged where JS patches contradict the real desktop |
| Sannysoft (bot.sannysoft) | Common headless / automation tells (WebDriver, plugins, languages) | No automation tells exposed — driven over CDP, not WebDriver | WebDriver and patch artifacts often surface |
| BrowserScan | Hardware, network, and device fingerprint authenticity | Authentic mobile fingerprint — values match the device profile | Desktop values leak under a mobile-looking surface |
| WebRTC leak test | Whether the real IP leaks via WebRTC / IPv6 | No leak — blocked at the kernel level | Depends on extra patching; leaks are common |
Reproduce locally:
python -m damru benchmark --device randomHow is the benchmark run? (methodology)
Each test suite is loaded in a fresh Damru worker running a real Android device profile, and the reported fingerprint surfaces are compared against the values a genuine handset of that profile would produce.
The methodology is deliberately reproducible: a worker boots a real Android 14 stack in Redroid, a device profile is applied so the GPU, hardware, and network values are internally consistent, and the public test page is opened over the Chrome DevTools Protocol — with no JavaScript injected into the page. The suite then reports each surface, and those values are checked against the profile they should match. Because nothing is patched in page context, there is no injected script for a detector to flag; the question each suite answers is simply whether the surfaces agree, and on a real Android stack they do. Full methodology and per-suite reports are published in PROOF.md and BROWSERS_BENCHMARK_REPORT.md.
Why is a real Android fingerprint harder to flag?
Because the values are real to the system rather than patched into a desktop browser, every surface a detector reads already agrees — there is no contradiction to catch.
JavaScript-stealth tools have to keep a growing list of patched values consistent with each other and with the real desktop underneath; any gap is a tell. Damru avoids the problem by changing the fingerprint below the browser, so the surfaces are coherent by construction. See how it works and the full comparison.
FAQ
How is Damru tested against fingerprinting?
Damru is run against public, open fingerprinting test suites — CreepJS, Sannysoft, and BrowserScan — on a real Android device stack. Because the spoofing happens at the OS and binary level, the fingerprint is internally consistent rather than a patched desktop signature.
What does the CreepJS test measure?
CreepJS checks whether a browser's fingerprint is consistent across many surfaces (navigator, GPU, web workers) and looks for "lies" where one surface contradicts another. A real Android stack keeps these surfaces in agreement, which is what Damru is built to do.
Can I reproduce the benchmark myself?
Yes. Run python -m damru benchmark --device random to reproduce the fingerprint checks locally, then read the methodology and full reports in PROOF.md and BROWSERS_BENCHMARK_REPORT.md.