# PlatPhorm Fingerprint > Privacy-first browser fingerprint education, local inspection, deterministic analysis, and public-safe defensive research tooling for the PlatPhormNews web mesh. Service: fingerprint Version: 1.0.0-phase3 Canonical URL: https://fingerprint.platphormnews.com Updated: 2026-05-25T10:20:04.541Z ## Purpose Fingerprint helps humans and agents understand what browser and device signals are exposed. Phase 3 is educational, consent-based, public-safe, and local-first by default. It is not a covert tracking platform and does not silently submit raw fingerprints. ## Phase 3 Mission Fingerprint is the canonical PlatPhormNews browser fingerprint observatory, automation and bot signal lab, JA4 / JA4M research surface, client capability analyzer, and public-safe trust-signal platform. ## Public-Safe Capabilities - local component availability and confidence - deterministic entropy labels - headless and browser automation indicators - bot user-agent indicators - JavaScript lies and tampering indicators - privacy-resistance mode hints - local snapshot comparison - privacy-safe aggregate stats - JA4 and JA4M redaction policy inspection - MCP/API-accessible public-safe fingerprint intelligence ## Local-Only Capabilities - browser component collection - visitor hash display - local comparison snapshots - local analysis export - clear local snapshots - redacted report export ## Fingerprint Components - Canvas: Canvas rendering can vary by browser, graphics stack, font rendering, and anti-fingerprinting protections. Entropy: high. Public risk: medium. - WebGL: WebGL exposes graphics capability and renderer signals. Fingerprint stores and shares only summaries or hashes. Entropy: high. Public risk: high. - Audio: Audio processing differences can identify browser and hardware behavior without recording microphone input. Entropy: medium. Public risk: medium. - Fonts: Font availability can vary by OS, browser, and installed software. Public output uses counts and hashes. Entropy: high. Public risk: medium. - Screen: Screen dimensions, color depth, and pixel ratio help explain layout and device class exposure. Entropy: medium. Public risk: low. - Navigator: Navigator exposes browser, language, hardware, plugin, cookie, and automation hints. Entropy: medium. Public risk: medium. - CSS Support: CSS feature support explains browser engine capability. Unsupported APIs are marked unavailable instead of guessed. Entropy: medium. Public risk: low. - Media Capabilities: Media capability checks summarize codec and rendering support without requesting camera or microphone access. Entropy: medium. Public risk: low. - Permissions: Permission state summaries are limited to safe, non-invasive API availability and do not prompt for location, camera, or microphone. Entropy: low. Public risk: low. - Storage: Cookie, localStorage, sessionStorage, and IndexedDB availability help explain privacy or browser policy mode. Entropy: low. Public risk: low. - Timezone: Timezone and locale can reveal broad regional settings and privacy-resistance behavior. Entropy: low. Public risk: low. - DOMRect: DOMRect measures subpixel layout behavior that may vary across engines, zoom, and font settings. Entropy: medium. Public risk: low. - JA4H: JA4H is represented as a local browser-header style summary where available; Atlas correlation is protected/degraded. Entropy: medium. Public risk: medium. - Connection: Connection and edge hints are limited to safe availability metadata and never include raw IP addresses. Entropy: low. Public risk: low. ## Auth Policy Public-safe analysis and discovery are open by default. Future protected actions use only PLATPHORM_API_KEY via Authorization: Bearer $PLATPHORM_API_KEY or X-PlatPhorm-API-Key: $PLATPHORM_API_KEY. ## Algorithm Versions - algorithmVersion: fingerprint-analysis-v3.0.0 - componentSchemaVersion: fingerprint-components-v3.0.0 - hashVersion: sha256-stable-json-v3.0.0 - fuzzyHashVersion: weighted-component-vector-v3.0.0 - detectionVersion: deterministic-signal-rules-v3.0.0 Future protected actions: - server fingerprint persistence - server fingerprint list and detail access - raw or reversible identifier access - internal trust scoring - JA4 digest correlation - Atlas correlation - Trace private correlation - Monitor signal publishing - BrowserOps collection triggers - Sandbox execution triggers - Evals run triggers - webhook operations - event stream access - report generation - sync and cron refresh - administrative route and trusted-domain mutation ## Privacy Policy Summary - Local browser collection starts only from visible user action. - Server submission requires explicit consent and stores redacted summaries only when persistence is configured. - Public stats are aggregate and non-identifying. - Raw fingerprint records are not exposed publicly. - The Vercel JA4 digest header is captured only as present/absent plus a hash for safe correlation; the unredacted digest is never public. - No PLATPHORM_API_KEY, cookies, raw IPs, or raw high-entropy component details are placed in public discovery files. ## Model Capability State - Provider status: degraded - Deterministic fallback: enabled - Client-side model calls: disabled ## Integrations - Atlas: degraded. Public UI links are available. Protected live correlation requires future PLATPHORM_API_KEY-backed service configuration. - Monitor: public_link. Public link available for uptime and service context. - Trace: trace_headers. Fingerprint emits trace identifiers and W3C trace headers in API responses. - BrowserOps: future_protected_degraded. Public status is documented. Triggering controlled browser collections requires protected service configuration. - Sandbox: future_protected_degraded. Algorithm fixture execution is planned as a protected dry-run integration; no fake sandbox output is shown. - Evals: future_protected_degraded. Algorithm and redaction scorecards are planned protected integrations; public UI shows readiness only. - MCP: public_introspection. Read-only MCP introspection and public-safe analysis tools are available at /api/mcp. - API Hub: public_docs. OpenAPI, policy, and CLI examples are published for API catalog discovery. - ThreatRelay: external_link. External informational link only; no hidden data sharing is performed. ## MCP - GET https://fingerprint.platphormnews.com/api/mcp - POST https://fingerprint.platphormnews.com/api/mcp - JSON-RPC 2.0 only for MCP calls. - Public read-only introspection is available. Tool calls that would persist, correlate, or report externally are future protected/degraded. ## Standard Discovery - GET https://fingerprint.platphormnews.com/: Research-oriented public overview and local browser fingerprint workbench. - GET https://fingerprint.platphormnews.com/dashboard: Public local browser fingerprint workbench. - GET https://fingerprint.platphormnews.com/analysis: Public deterministic headless, bot, lies, and resistance analysis. - GET https://fingerprint.platphormnews.com/compare: Local-only snapshot comparison. - GET https://fingerprint.platphormnews.com/stats: Privacy-safe aggregate statistics or degraded storage status. - GET https://fingerprint.platphormnews.com/components: Fingerprint component explorer and explanations. - GET https://fingerprint.platphormnews.com/headless: Headless browser signal lab with deterministic local checks. - GET https://fingerprint.platphormnews.com/automation: Automation and bot signal lab with likelihood scoring caveats. - GET https://fingerprint.platphormnews.com/privacy: Consent, local-only analysis, and data boundary policy. - GET https://fingerprint.platphormnews.com/ja4: JA4 digest redaction and public-safe correlation policy. - GET https://fingerprint.platphormnews.com/ja4m: JA4M research notes for MCP and automation client signatures. - GET https://fingerprint.platphormnews.com/signals: Client trust signals and confidence definitions. - GET https://fingerprint.platphormnews.com/correlations: Public-safe cross-site correlation status without fake matches. - GET https://fingerprint.platphormnews.com/integrations: Atlas, Monitor, Trace, BrowserOps, Sandbox, Evals, MCP, API, and CLI integration states. - GET https://fingerprint.platphormnews.com/events: Redacted event and webhook policy status. - GET https://fingerprint.platphormnews.com/docs: Human-readable API, MCP, privacy, redaction, and policy documentation. - GET https://fingerprint.platphormnews.com/faq: Frequently asked questions about privacy-first fingerprint analysis. - GET https://fingerprint.platphormnews.com/clients/cli: platphormctl examples for Fingerprint inspection, MCP validation, policy checks, and dry-run harnesses. - GET https://fingerprint.platphormnews.com/education: Browser fingerprinting education and defensive guidance. - GET https://fingerprint.platphormnews.com/terms: Public educational use terms. - GET https://fingerprint.platphormnews.com/disclaimer: Educational and defensive-use limitations. - GET https://fingerprint.platphormnews.com/api/health: Public health summary. - GET https://fingerprint.platphormnews.com/api/v1/health: Versioned public health summary. - GET https://fingerprint.platphormnews.com/api/docs: OpenAPI JSON metadata. - POST https://fingerprint.platphormnews.com/api/mcp: JSON-RPC MCP endpoint and metadata. - GET https://fingerprint.platphormnews.com/openapi.json: Canonical OpenAPI JSON. - GET https://fingerprint.platphormnews.com/openapi.yaml: Canonical OpenAPI YAML. - GET https://fingerprint.platphormnews.com/llms.txt: Concise AI-readable service profile. - GET https://fingerprint.platphormnews.com/llms-full.txt: Detailed AI-readable service profile. - GET https://fingerprint.platphormnews.com/llms-index.json: Structured AI-readable service profile. - GET https://fingerprint.platphormnews.com/rss.xml: Public-safe education and changelog feed. - GET https://fingerprint.platphormnews.com/feed.xml: Public-safe education and changelog feed. - GET https://fingerprint.platphormnews.com/sitemap.xml: Canonical sitemap. - GET https://fingerprint.platphormnews.com/sitemap-main.xml: Human-page and discovery sitemap. - GET https://fingerprint.platphormnews.com/sitemap-index.xml: Sitemap index. - GET https://fingerprint.platphormnews.com/robots.txt: Crawler policy. - GET https://fingerprint.platphormnews.com/manifest.webmanifest: Installable app manifest. - GET https://fingerprint.platphormnews.com/.well-known/mcp.json: Public read-only MCP manifest. - GET https://fingerprint.platphormnews.com/.well-known/agents.json: Public agent-operation manifest. - GET https://fingerprint.platphormnews.com/.well-known/agent-policy.json: Agent and crawler policy with verified/degraded platform labels. - GET https://fingerprint.platphormnews.com/.well-known/ai-policy.json: AI client access and redaction policy. - GET https://fingerprint.platphormnews.com/.well-known/ai-plugin.json: Public AI plugin manifest for read-only discovery. - GET https://fingerprint.platphormnews.com/.well-known/security.txt: Security contact and policy. - GET https://fingerprint.platphormnews.com/.well-known/trust.json: Public trust and privacy boundary policy. ## Trace Requirement API, MCP, and cron responses include W3C traceparent and PlatPhorm trace headers. Secrets and raw fingerprint details are excluded from trace metadata. ## platphormctl Examples - platphormctl site inspect fingerprint - platphormctl mcp validate fingerprint - platphormctl policy inspect fingerprint - platphormctl fingerprint analyze --file fingerprint.json - platphormctl fingerprint compare --left a.json --right b.json - platphormctl fingerprint ja4-summary - platphormctl browserops check https://fingerprint.platphormnews.com - platphormctl harness run developer-validation --target https://fingerprint.platphormnews.com --dry-run