Arrow back to overview Arrow More blogs Arrow

Camera Fingerprinting: Exposed by Your Webcam

Check if your camera device names, resolutions, and frame rates are exposed.

Note: This test requests camera permission to demonstrate how websites can access detailed device labels. Access is temporary and local only.

Most people worry about their webcam being hacked to spy on them visually. But there's another privacy risk associated with your camera that doesn't involve recording a single frame of video: Camera Fingerprinting.

How Does It Work?

Modern browsers allow websites to query the list of available media devices (cameras and microphones) to support features like video conferencing. This is done via the MediaDevices API.

When a website asks for this list, it can receive information about:

  • Device Labels: The specific model name of your camera (e.g., "Logitech HD Pro Webcam C920").
  • Device IDs: Unique identifiers assigned by the browser.
  • Capabilities: Supported resolutions, frame rates, and aspect ratios.

This combination of hardware information creates a fingerprint. If you have a specific external webcam, a virtual camera software installed, or a unique combination of built-in devices, you stand out from the crowd.

The Permission Trap

By default, browsers often hide the specific labels of your devices until you grant permission to use the camera. However, once you click "Allow" on a permission prompt, perhaps for a legitimate video call, the website gains access to the full list of detailed device names and capabilities.

This means a site could ask for camera access for a seemingly innocent reason (like "Verify you are human" or "Take a profile picture") and silently harvest your device details to build a persistent tracking profile.

Virtual Cameras and Blocking

Many users employ virtual cameras, such as OBS Virtual Camera, to protect their privacy or add effects. However, some services actively detect and block these virtual devices.

Because the MediaDevices API reveals the label "OBS Virtual Camera," banking apps, exam proctoring software, and some chat services may automatically refuse to work if they detect it. They do this to prevent users from feeding pre-recorded footage or manipulating their video feed. This is another example of how device enumeration affects your online experience.

How Can You Protect Yourself?

1. Be Careful with Permissions

Only grant camera access to websites you explicitly trust and need to use for video. Deny requests from random sites.

2. Use Anti-Detect Browsers

Browsers like Incogniton can manage these fingerprints. They can:

  • Spoof Device Names: Report generic or randomized camera names to websites.
  • Block Enumeration: Prevent websites from seeing the list of devices altogether.
  • Add Noise: Alter the reported capabilities to make your device look different each time.
Check All Fingerprints
Incogniton Logo

Level up your privacy

Arrow