resistFingerprinting signature (UTC + letterboxed window + 2-core, all at once)

br.rfp_browser  ·  corroborates

browserlayer
environmentcategory

What it catches

Tor design: RFP forces UTC, letterboxes to 200x100, clamps hardwareConcurrency to 2 (conjunction required — each alone is common). Identifies a privacy browser = elevated risk, NOT a bot conviction (Tor/Mullvad/RFP-Firefox users are HUMAN). v0.73.4: category corrected artifact->ENVIRONMENT to match that intent — RFP is a privacy feature, not a bot signature, so it must only CORROBORATE (cap at suspicious), never convict. Previously its artifact category let a real Tor user noisy-or rfp_browser + the RFP-blocked canvas to bot. Paired with the detector.applicability N/A that drops the privacy-browser farbling artifacts (canvas_noise/audio_noise) for an RFP session.

Signals it reads

browser.rfp_browser

How it fires

present

← all detections