uR2NULL is an educational project designed to demonstrate browser fingerprinting techniques. This project:
- Does NOT store or persist any collected data
- Does NOT track users across sessions
- Does NOT share data with third parties
- Is intended SOLELY for educational and research purposes
| Version | Supported |
|---|---|
| 1.x | ✅ |
We take security seriously, even for educational projects. If you discover a security vulnerability, please follow responsible disclosure:
- Security vulnerabilities in the code
- Privacy leaks beyond intended demonstration
- Data persistence issues (we should never store data)
- Malicious use potential that wasn't considered
- DO NOT open a public GitHub issue for security vulnerabilities
- Email the maintainer directly (check GitHub profile for contact)
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours
- Assessment within 7 days
- Fix timeline communicated based on severity
- Credit in the security advisory (if desired)
- No persistence: All data is ephemeral and exists only in memory
- No cookies: No tracking cookies are set
- No cross-session correlation: Each visit is independent
- No third-party sharing: Data never leaves the demo environment
- CORS restrictions: Only allowed origins can access the API
- Rate limiting: Prevents abuse of the inference endpoint
- Input validation: All signals are validated and sanitized
- No code execution: User input is never executed as code
- No forced permissions: Never requests camera, microphone, or location
- No exploits: Uses only legitimate browser APIs
- Transparent collection: All collection is visible in source code
- No obfuscation: Code is readable and auditable
✅ Educational purposes - Learning about browser fingerprinting
✅ Research - Privacy research and analysis
✅ Awareness - Demonstrating privacy implications
✅ Testing - Testing privacy protection tools
❌ Tracking users without consent
❌ Data collection for commercial purposes
❌ Malicious fingerprinting for fraud or exploitation
❌ Circumventing privacy protections maliciously
❌ Any illegal activity
This project demonstrates collection of:
- Hardware information (CPU, GPU, RAM, screen)
- Browser information (user agent, features, capabilities)
- Network information (connection type, timing)
- Environmental information (timezone, locale, theme)
- Personal identifiable information (PII)
- Browsing history
- Cookies or storage data
- Keyboard/mouse input
- Camera or microphone data
- Location (beyond IP geolocation)
If you use this project for research that reveals new privacy concerns:
- Document your findings thoroughly
- Notify browser vendors if applicable
- Share with the community responsibly
- Consider the impact on user privacy
- Propose mitigations where possible
This demonstration project:
- Processes data transiently (no storage)
- Does not identify individuals
- Provides transparency about collection
- Does not require consent for educational demonstration
- No personal information is sold
- No data is retained
- Users can see all collected data
- No cross-site tracking
This security policy may be updated as the project evolves. Check back regularly for changes.
For security concerns: Open an issue with the security label or contact maintainers directly.
Remember: This project exists to educate about privacy risks. Use it responsibly and ethically.