CreepJS is an open-source fingerprinting research project by abrahamjuliot on GitHub. It is the most comprehensive public demonstration of browser fingerprinting techniques, including experimental API probes, timing-based attacks, and lie-detection algorithms that identify browsers attempting to spoof their own attributes.

Does Snitchtest use CreepJS?

No. Snitchtest is independent and uses its own fingerprint-reading engine. The two tools share conceptual lineage — any modern fingerprint test inherits from the public research CreepJS demonstrated — but Snitchtest's implementation is built from scratch and optimized for readable per-attribute output rather than exhaustive research-grade coverage.

Which is more complete?

CreepJS is more complete in pure research terms. It probes more attributes, runs more timing attacks, and detects more categories of spoofing than any competing tool. Snitchtest trades some of that research depth for a clearer per-attribute entropy breakdown and actionable defensive guidance.

For a privacy-focused user, yes. CreepJS shows you how aggressive fingerprinting can be; Snitchtest shows you what to do about the subset of attributes a typical ad-tech vendor actually uses. The research tool and the practical dossier complement each other.

Snitchtest vs CreepJS

CreepJS is the most aggressive public fingerprinting demo on the internet — a research-grade tool that reads attributes most trackers do not, runs timing attacks on permission APIs, and specifically detects browsers that are lying about their own identity. Snitchtest covers a smaller attribute set but presents results as a readable dossier with specific defensive recommendations. Here is the honest positioning of each.

Updated 2026-04-22 · 5 min read · Snitchtest editorial

Summary comparison

Dimension	CreepJS	Snitchtest
Attribute count	80+ (research-grade)	~20 (common vectors)
Experimental APIs?	Yes (WebGPU, trust tokens, etc.)	No — stable attributes only
Lie-detection?	Yes (trust score)	No
Readability	Dense, technical	Per-attribute dossier
Defensive guidance?	Minimal	Per-attribute recommendations
Intended audience	Security researchers	General privacy-curious users
License	MIT, open source	Independent, not open source
Use case	"What is the worst-case fingerprint?"	"What is leaking and how do I fix it?"

What CreepJS does that nothing else does

CreepJS's distinguishing feature is lie-detection. The tool runs consistency checks across related attributes: if your user agent claims Firefox but your permission-API timing matches Chrome, CreepJS flags the inconsistency. If your canvas hash matches Tor Browser but your WebGL renderer string shows an Intel GPU, CreepJS flags that too. The resulting "trust score" specifically penalizes browsers that attempt fingerprint spoofing without committing to it fully.

This matters because most real-world fingerprint defenses do some version of spoofing. Brave randomizes canvas output. Firefox's resistFingerprinting standardizes the user agent. Extension-based spoofers like Canvas Blocker change specific attributes while leaving others untouched. CreepJS is the only public tool that specifically looks for the telltale signs of partial-spoofing — and uses those as identifying signals in themselves. "The browser that lies about its canvas but tells the truth about its WebGL renderer" is its own fingerprint category.

The attribute breadth is also best-in-class. CreepJS probes APIs most trackers ignore because they are not yet widely deployed: WebGPU renderer metadata, trust-token implementations, offscreen canvas rendering paths, permission-query timing signatures. Any tool built in 2026 that claims "comprehensive fingerprinting" but does not include these vectors is incomplete. CreepJS includes all of them.

Where Snitchtest positions differently

CreepJS is a research tool. Snitchtest is a dossier. The distinction is in the output surface: CreepJS produces pages of dense technical readouts optimized for someone evaluating fingerprinting techniques; Snitchtest produces a plainer per-attribute breakdown optimized for someone who wants to understand their own exposure and take action.

The attribute subset Snitchtest reads is deliberately smaller. It covers the vectors that mainstream ad-tech trackers actually use in production — canvas hash, WebGL renderer, audio hash, font list, screen metadata, user agent derivatives, timezone, hardware concurrency. It skips experimental APIs because most vendors do not yet consume them. The trade-off is research completeness for actionability: Snitchtest tells you what specifically to change, CreepJS tells you what is theoretically possible.

Which should you use?

"I want the most comprehensive fingerprint demonstration that exists" — CreepJS. Nothing else is close.
"I want to understand what is leaking and what I should change" — Snitchtest. Per-attribute guidance.
"I am building a privacy browser and need to stress-test it" — Both, starting with CreepJS.
"I want to check whether my VPN leaks WebRTC" — Snitchtest (CreepJS covers this but not as clearly).
"I'm writing about fingerprinting and need to cite specific techniques" — CreepJS's open-source code is the definitive reference.

Credit where due

CreepJS and its maintainer abrahamjuliot have pushed the public understanding of fingerprinting further than any commercial effort in the past five years. Every tool in this space — Snitchtest included — benefits from the research CreepJS has made public. If you want to see what is actually possible with browser fingerprinting in 2026, CreepJS is the single most educational site on the internet.

Frequently asked questions

What is CreepJS?: An open-source fingerprinting research project by abrahamjuliot. The most comprehensive public demonstration of browser fingerprinting techniques, including lie-detection.
Why is CreepJS called "creepy"?: Because it reveals fingerprinting vectors most users have never heard of, and flags browsers that appear to be lying about their own attributes.
Does Snitchtest use CreepJS?: No. Snitchtest is independent with its own fingerprint-reading engine. The two share conceptual lineage only.
Which is more complete?: CreepJS in research terms; Snitchtest in actionable defensive guidance.
Should I run both?: For a privacy-focused user, yes. CreepJS for the worst-case picture, Snitchtest for the "what do I change" answer.