Blog / Technical

How to Detect Anti-Detect Browsers (Multilogin, GoLogin, Dolphin Anty)

March 25, 2026 · 16 min read · David Kim — Co-founder & CTO

Anti-detect browsers are the most sophisticated evasion tool in a fraudster's arsenal. Unlike VPNs or proxy chains that only mask IP addresses, anti-detect browsers create entirely new device identities — spoofing canvas, WebGL, fonts, audio, and dozens of other browser fingerprinting signals.

What Are Anti-Detect Browsers?

Anti-detect browsers are modified Chromium (or Firefox) builds designed to make each browser profile appear as a completely different device. They're used for managing multiple accounts on platforms that enforce one-account-per-person policies, for ad fraud across multiple advertising accounts, for affiliate marketing fraud, and for web scraping at scale.

The three dominant players in this market are Multilogin, GoLogin, and Dolphin Anty.

How Multilogin Works

Multilogin is the enterprise-grade option. It ships two custom browser engines: Mimic (Chromium-based) and Stealthfox (Firefox-based). Each profile gets a unique combination of canvas noise, WebGL parameters, font lists, screen resolution, timezone, language, and WebRTC settings.

The key innovation in Multilogin is deterministic noise injection. Rather than adding random noise to canvas rendering (which is itself a detectable pattern), Multilogin applies a consistent transformation to each profile. The same profile always produces the same canvas hash, making it look like a real device to naive fingerprinting systems.

How GoLogin Works

GoLogin targets the mid-market with its Orbita browser. It's more affordable than Multilogin and offers similar spoofing capabilities: canvas, WebGL, fonts, timezone, geolocation, and proxy integration.

GoLogin's approach to fingerprint spoofing is less sophisticated than Multilogin's. Canvas noise tends to be more uniform across profiles, and some WebGL parameter combinations don't match any real hardware. This creates detection opportunities.

How Dolphin Anty Works

Dolphin Anty dominates the affiliate marketing space. It offers team collaboration features — profiles can be shared between team members, which is useful for agencies managing hundreds of ad accounts.

Detection Techniques

Canvas Inconsistency Analysis

Anti-detect browsers spoof canvas output, but the spoofing reveals itself through statistical analysis. Real GPUs produce canvas output with consistent sub-pixel rendering patterns that correlate with the declared GPU model from WebGL. Anti-detect browsers inject noise into the canvas output, but the noise pattern doesn't match what any real GPU would produce.

We compute the Shannon entropy of pixel neighborhoods and compare it against known GPU rendering profiles. A real NVIDIA GeForce RTX 3060 produces canvas output with a specific entropy signature. Multilogin's Mimic browser produces canvas output with slightly higher entropy due to the noise injection. This difference is small — less than 0.3 bits per pixel neighborhood — but it's consistent and measurable.

Six independent detection methods identify anti-detect browsers through signal inconsistencies and timing anomalies.

WebGL Parameter Mismatch

WebGL exposes detailed information about the GPU: vendor string, renderer string, supported extensions, max texture size, and precision formats. Anti-detect browsers let users select GPU profiles, but the combinations don't always make sense. A profile claiming to be an Intel UHD 630 but reporting max texture size values that only AMD GPUs support is suspicious. We maintain a database of valid parameter combinations for every major GPU released in the past decade.

Navigator Property Inconsistencies

The navigator object reports properties that should be internally consistent. hardwareConcurrency (CPU cores), deviceMemory, platform, and userAgent should all tell a coherent story about the device. Anti-detect browsers sometimes create impossible combinations: a Windows user agent with a Linux platform, or 32GB memory with 2 CPU cores. We check 47 cross-property consistency rules.

Font Rendering Anomalies

Font rendering is determined by the OS, the font rendering engine, and available fonts. Anti-detect browsers can inject custom font lists, but they can't perfectly replicate how a different OS renders those fonts. We render specific glyphs and analyze bounding box dimensions, advance widths, and kerning pairs. A Windows machine rendering text produces subtly different metrics than a Mac, even for the same font.

Timing Analysis

Fingerprint spoofing takes time. Every spoofed API call adds a small but measurable overhead compared to native execution. We measure the execution time of 12 key API calls and compare them against expected ranges for the claimed hardware. On a real device, canvas.toDataURL() takes 2-8ms. With noise injection, it takes 8-20ms.

Automation Framework Artifacts

Many anti-detect browsers leave traces of their automation infrastructure. Custom Chromium builds may expose non-standard properties on the navigator or window objects. We check for over 200 known automation artifacts, including CDP traces, Puppeteer-specific properties, and custom properties injected by GoLogin's Orbita browser.

Polymorphic detection pipeline: unique JS per visitor makes reverse-engineering economically unviable.

The Polymorphic Advantage

Detection logic in static JavaScript is vulnerable to reverse-engineering. tracio.ai's polymorphic script solves this. Every visitor receives unique JavaScript — the same checks, but with different variable names, different execution orders, different code structures. An anti-detect vendor would need to reverse-engineer every variation, which is economically unviable.

API Response Example

When tracio.ai detects an anti-detect browser, the API response includes specific signals:

The antiDetectBrowser signal includes the detected family (Multilogin, GoLogin, or Dolphin Anty), the specific engine variant, and the indicators that triggered detection — such as canvas_entropy_anomaly, webgl_param_mismatch, and timing_deviation.

Threat map: Multilogin, GoLogin, and Dolphin Anty detected at varying sophistication distances.

Recommendations

If multi-accounting or affiliate fraud is a problem for your platform:

1. Implement device fingerprinting on signup, login, and key conversion events 2. Enable anti-detect browser detection 3. Use the Verdict Engine to automate BLOCK and CHALLENGE decisions 4. Monitor for new evasion techniques — the anti-detect landscape evolves monthly

Start with tracio.ai's free tier to see what your current anti-detect browser traffic looks like. Most platforms are surprised by the volume.

Blog / Technical

How to Detect Anti-Detect Browsers (Multilogin, GoLogin, Dolphin Anty)

March 25, 2026 · 16 min read · David Kim — Co-founder & CTO

What Are Anti-Detect Browsers?

The three dominant players in this market are Multilogin, GoLogin, and Dolphin Anty.

How Multilogin Works

How GoLogin Works

How Dolphin Anty Works

Detection Techniques

Canvas Inconsistency Analysis

Six independent detection methods identify anti-detect browsers through signal inconsistencies and timing anomalies.

WebGL Parameter Mismatch

Navigator Property Inconsistencies

Font Rendering Anomalies

Timing Analysis

Automation Framework Artifacts

Polymorphic detection pipeline: unique JS per visitor makes reverse-engineering economically unviable.

The Polymorphic Advantage

API Response Example

When tracio.ai detects an anti-detect browser, the API response includes specific signals:

Threat map: Multilogin, GoLogin, and Dolphin Anty detected at varying sophistication distances.

Recommendations

If multi-accounting or affiliate fraud is a problem for your platform:

Start with tracio.ai's free tier to see what your current anti-detect browser traffic looks like. Most platforms are surprised by the volume.