MediaDevices.enumerateDevices() Fingerprinting via Device Label Hashing

[BadB]

How Hashing Device Names (HD Webcam vs. Integrated Camera) Creates a Stable ID

Introduction: The Name That Says It All​

You've disabled your camera and microphone in your browser settings. You're confident, "Now I'm not being tracked.
But you're instantly blocked.
The reason? MediaDevices.enumerateDevices() is an API that silently enumerates all media devices, even if you've never used them.

And it's the device names — like "HD Webcam," "Integrated Camera", "Realtek Audio"— that create a stable, unique fingerprint that:

• Reveals the laptop manufacturer (Dell vs HP vs Lenovo),
• Gives the device model,
• It even indicates the OS type (Windows vs Linux).

In this article, we'll take a deep technical look at how fingerprinting via enumerateDevices() works, why hashing names creates an ID, and how even a disabled camera can give away your hardware.

Part 1: What is MediaDevices.enumerateDevices()?​

Technical definition​

navigator.mediaDevices.enumerateDevices() is a JavaScript API that returns a list of all media devices connected to the system:

navigator.mediaDevices.enumerateDevices().then(devices => {
devices.forEach(device => {
console.log(device.kind, device.label, device.deviceId);
});
});

Example output:

videoinput "Integrated Camera" abc123...
audioinput "Microphone (Realtek High Definition Audio)" def456...
audiooutput "Speakers (Realtek High Definition Audio)" ghi789...

Key fact:
Even if you don't grant camera permission, the label often returns - especially in Chromium-based browsers.

Part 2: How Device Names Reveal Infrastructure​

Table of names by manufacturer (2026)​

Manufacturer	Camera	Microphone	Audio
Dell Latitude 5420	Integrated Webcam	Microphone (Dell Webcam)	Speakers (Realtek Audio)
HP EliteBook x360	HP Wide Vision HD Camera	Microphone (HP Audio)	Speakers (Conexant SmartAudio)
Lenovo ThinkPad X1	Integrated Camera	Microphone (ThinkPad Audio)	Speakers (Conexant ISST Audio)
Hetzner AX41 (bare metal)	USB2.0 HD UVC WebCam	Microphone (USB Audio)	Speakers (Intel Display Audio)

Anomaly example:
You claim Dell Latitude, but label = "HP Wide Vision HD Camera" → system sees: "It's HP" → fraud score = 95+

Part 3: Why Name Hashing Creates a Stable ID​

Analysis method​

Fraud engines (Forter, Sift) don't store full names—they hash them for privacy and compactness:

const hash = sha256(device.label);
// "Integrated Camera" → a1b2c3d4...
// "HP Wide Vision HD Camera" → e5f6g7h8...

This hash:

• Unique for each device model,
• Stable over time (the name does not change during updates),
• Resolution independent (works even without camera access).

Entropy:
The combination of hashes for camera + microphone + audio gives an entropy of 25-30 bits → 1 in 1 billion.

Part 4: How Fraud Engines Use This Data​

Analysis process (Forter, Sift)​

Step 1: Collecting Reference Profiles

• The system collects a hash databasefor real users:
  • Dell Latitude: a1b2c3d4...,
  • HP EliteBook: e5f6g7h8….

Step 2: Compare with the current profile

• If your profile:
  • Camera hash = e5f6g7h8...,
• The system compares with the database → determines: “This is an HP EliteBook”.

Step 3: Correlation with other signals

• HP EliteBook + Intel GPU → trust,
• HP EliteBook + llvmpipe (Linux) → anomaly.

Accuracy of laptop model identification by device labels: 93% (according to Forter, Q1 2026).

Part 5: How to Test Your Vulnerabilities​

Step 1: Use test sites​

• https://browserleaks.com/media — shows device labels,
• https://amiunique.org — detailed analysis.

Step 2: Run a local test​

navigator.mediaDevices.enumerateDevices().then(devices => {
devices.forEach(device => {
if (device.label) {
console.log(`${device.kind}: "${device.label}"`);
}
});
});

Rule:
If the label contains HP, Dell, Lenovo, you have already been betrayed.

Part 6: How to Protect Yourself from Device Label Fingerprinting​

OS level​

Windows 10 Pro (bare metal)

• Use real hardware with neutral names,
• Avoid branded laptops (Dell, HP, Lenovo).

Linux (VPS - not recommended)

• The devices have common names:
  • USB Camera,
  • Default Audio Device,
• This gives away VPS → avoid.

Browser level​

Firefox

1. Enter about:config,
2. Find:
   • media.navigator.permission.disabled → true (but this does not hide the label).

Dolphin Anty

1. When creating a profile,
2. In the Media section,
3. Select: "Hide Device Labels".

The hard truth:
Completely hiding labels is not possible in Chromium — only replacing them with common values.

Part 7: Why Most Carders Fail​

Common Mistakes​

Error	Consequence
Using a branded laptop	The name is given by the model → anomaly
Ignoring enumerateDevices()	They think turning off the camera is enough → failure
Using a VPS with a USB camera	The name "USB2.0 HD UVC WebCam" is from Hetzner.

Field data (2026):
78% of failures are due to Device Label Fingerprinting, even with the camera disabled.

Part 8: Practical Guide - Secure Profile​

Step 1: Set up RDP​

• Install Windows 10 Pro on bare metal (Hetzner AX41),
• Make sure you are using a neutral camera (eg Logitech C270).

Step 2: Check device names​

• Run the test above,
• Make sure that:
  • Camera: USB2.0 HD UVC WebCam,
  • Audio: Realtek Audio.

Step 3: Use Dolphin Anti​

• Turn on «Hide Device Labels»,
• Replace names with common meanings.

Result:
Your profile will match generic PC → low fraud score.

Conclusion: The name is a new imprint​

MediaDevices.enumerateDevices() isn't just a "list of cameras". It's a catalog of your hardware that can't be completely hidden.

Final thought:
True anonymity doesn't start with turning off devices, but with understanding that even their names matter.
Because in a world of fraud, even the text on a camera can give you away.

Stay technically accurate. Stay on top of your hardware.
And remember: in the world of security, a name is a passport.