Afina vs demo.fingerprint.com: Beating the ML Bot Detector
demo.fingerprint.com is the most aggressive public bot detector. We walk through what its ML model checks and how Afina passes consistently.
FingerprintJS is the de-facto fingerprinting library: open source FOSS layer plus a paid PRO ML model. Their public demo at demo.fingerprint.com is the most rigorous public bot test out there.
If your anti-detect browser can't get a "very low" bot probability on demo.fingerprint.com, it cannot beat any commercial anti-bot in production.
What the demo measures
The page shows a few visible metrics β visitor ID, "bot" score, "incognito" score β but under the hood it runs a 30-surface battery plus consistency checks. The model rolls them into a single confidence score.
The signals it weights most heavily, in our reverse-engineering:
- IP-geo / timezone / locale / language alignment β the cheapest, biggest signal. A US residential IP with Europe/Moscow timezone is an instant flag.
- WebRTC ICE candidate alignment β STUN-reported IP must match the HTTP source IP.
- TLS JA3 / HTTP2 SETTINGS β must match the claimed user agent.
- Canvas / WebGL hash stability β the same hash on repeat visits.
- AudioContext stability with realistic noise floor.
- Battery / device memory / hardware concurrency matching device profile.
- Behavioural β does the visitor move the mouse, scroll, hover, hesitate?
A bot drops one of these. A real user drops zero. The ML model has been trained on millions of sessions to recognise the gap.
How Afina approaches it
Afina hits all 47 surfaces (full inventory in our full spoofing breakdown) with values derived from a single device profile. So Canvas, WebGL, fonts, screen, and audio all reference the same chosen device.
The two ML-killer features specifically:
1. IP-aware injection
When you assign a proxy to a profile, Afina queries the proxy IP's geolocation database and offers to align:
- Timezone (via Intl + Date)
- Locale and accept-language
- Font set (US fonts for US IPs, etc.)
- Default search engine and bookmarks
- WebRTC reported region
You can override any of these, but the default is "match." The "match" path is what demo.fingerprint.com scores as "very low" bot probability.
2. UDP proxy support
WebRTC ICE candidates are tunnelled. STUN returns the proxy IP. No leak.
Reproducing the test
- Open a fresh profile in Afina with a residential US IP.
- Click "Align fingerprint to IP" in the profile settings.
- Load demo.fingerprint.com.
- Bot score should read 0β10%, suspect score 0β15%.
Repeat from the same profile a day later β visitor ID should be stable, which the ML treats as "returning user" signal (a positive trust marker).
What about FingerprintJS Pro?
The paid Pro version of FingerprintJS adds:
- Server-side behaviour scoring (mouse paths, focus events)
- Device intelligence (suspect device flags from cross-customer data)
- Smart signals (smartphone gyroscope-by-touch for mobile)
Afina's Scenarios humaniser covers behaviour. For Pro device intelligence flags, the only mitigation is fresh, clean residential exits β see our proxy guide.
Other detectors layered on top
- Castle β adds account-level behavioural fingerprinting
- Cloudflare Bot Management β adds Akamai-style network probing
- DataDome β adds aggressive JS challenges and timing checks
- PerimeterX β adds invisible reCAPTCHA-like challenges
Beating fingerprint.com is the baseline. The rest layer on top β most of them call FingerprintJS internally.
Bottom line
A demo.fingerprint.com pass is the cheapest, most public way to validate an anti-detect engine. If your tool can't clear it, no marketing copy makes up for it. We re-test the top 14 quarterly and publish updates; Afina has held a sub-15% bot probability for four consecutive quarters.