404

As a high school teacher, I've seen first hand the effects that a lack of privacy have on creativity, freedom of expression, and willingness to mess up. I don't think we should be subject to consistent monitoring and told we should be okay with it "if we have nothing to hide."

This is why, between grading and lesson planning, I built 404.

Without 404, your browser and network advertise dozens of semi-unique values: screen size, browser version, hardware stack, and installed fonts, to name a few. Individually, none of them are remarkable. Combined, they form a fingerprint specific enough to recognize your device across sessions, sites, and networks. It doesn't matter if you're using a VPN or if you clear your cookies. Your IP changes, but everything else stays the same. This is browser fingerprinting, and the industry built around it is called identity resolution.

404 replaces your device fingerprint with a believable alternative so that the browsing behavior that you want to be private, can actually be private. Where a VPN replaces your IP address, 404 replaces the device behind that request.

This is all done locally, right on your machine. 404 hosts no infrastructure, handles no traffic, and has no access to your information. It runs as a localhost TLS-terminating proxy that rewrites your device's TLS handshake, HTTP headers, and JavaScript surfaces to match a single crowd-sourced identity verified against real fingerprinting services.

The proxy (STATIC) is open source under AGPLv3. The desktop app is a licensed GUI wrapper that builds directly from source. If you want to run it yourself, the docs are at un-nf.github.io/404-docs and the code is on GitHub.

Happy to answer questions in the comments, including the hard ones about what 404 does and doesn't cover.