ब्लॉग पर वापस जाएं
एंटी-डिटेक्शन

Storage Quota Fingerprinting: How Disk Size Reveals Your Identity

The Storage API reveals your disk size through quota calculations. Learn how storage quota fingerprinting works and how it can identify your device.

Introduction

The navigator.storage.estimate() API was designed to help web applications manage offline storage. It returns the total available quota and current usage. However, since the quota is calculated as a percentage of the total disk size, it effectively reveals your disk capacity, which is a stable, identifying characteristic of your device.

How Storage Quota Reveals Disk Size

Chrome allocates approximately 60% of the total disk volume to web storage. By reading the quota, a fingerprinting script can calculate the approximate disk size:

const estimate = await navigator.storage.estimate();
console.log({
  quota: estimate.quota,   // e.g., 299,710,955,110 bytes
  usage: estimate.usage,   // e.g., 0 bytes
});

// Approximate disk size = quota / 0.6
const diskSizeGB = (estimate.quota / 0.6) / (1024 ** 3);
// ~465 GB (500 GB drive)

Why This Is a Strong Signal

Disk Size Tiers

Standard disk sizes are well-known:

Reported Quota (approx)Calculated DiskLikely Configuration
~143 GB238 GB256 GB SSD
~286 GB477 GB512 GB SSD
~572 GB953 GB1 TB SSD
~1144 GB1907 GB2 TB SSD

Stability

Unlike cookies or IP addresses, disk size does not change between sessions. It provides a stable identifier that persists across browser clears, private browsing sessions, and even browser changes.

Precision

The quota value is precise enough to narrow down not just the disk tier but potentially the exact model, since actual formatted capacity varies slightly between manufacturers.

Additional Storage Signals

IndexedDB

IndexedDB database creation and quota behavior differs between browsers and modes:

const request = indexedDB.open('test', 1);
// Success/failure timing and quota limits vary

Cache API

const cache = await caches.open('test');
// Cache quota shares the same pool as other storage

Temporary vs Persistent Storage

const persisted = await navigator.storage.persisted();
// false in most cases unless the user granted persistent storage

Detection in Practice

Fingerprinting services combine storage quota with other signals:

  • FingerprintJS Pro uses storage quota as one of many entropy sources
  • CreepJS reports storage quota in its fingerprint analysis
  • Custom scripts can use quota to confirm device identity across sessions

How BotCloud Handles Storage Quota

BotCloud profiles control the storage quota value:

  • Quota values match realistic disk configurations
  • Different profiles report different disk sizes
  • The ratio between quota and estimated disk size is consistent with Chrome's allocation algorithm
  • Values are set at the engine level, not through JavaScript overrides

This prevents both disk-based identification and the detection of quota spoofing through inconsistencies.

Best Practices

  1. Use realistic disk sizes - 256 GB, 512 GB, and 1 TB are the most common SSD sizes
  2. Match disk size to device type - A mobile profile with 4 TB of storage is suspicious
  3. Verify quota consistency across navigator.storage.estimate() and related APIs
  4. Consider that disk size is stable - The same profile should report the same quota across sessions
#storage#quota#fingerprinting#disk