Automatic Points Farming: Multi-Account Anti-Association Strategy

The points system has become a core method for e-commerce platforms, games, and membership platforms to enhance user engagement. Whether it’s check-in points on e-commerce sites, daily activity rewards in games, or cashback from credit card spending, points always represent real assets or benefits. Therefore, “points auto-farming,” as a technical means of batch-acquiring points, has attracted significant attention from individual operators, studios, and even enterprise-level users. However, the anti-cheat systems of platforms are becoming increasingly sophisticated. Relying solely on IP proxies or cache clearing can no longer bypass “browser fingerprinting” tracking. This article will systematically analyze how to achieve efficient and secure points auto-farming strategies through environment isolation within compliance boundaries, starting from the technical foundations.

Common Scenarios and Core Pain Points of Points Auto-Farming

The essence of points auto-farming is using automated scripts or tools to simulate user behavior, repeatedly completing actions like “check-in,” “browsing,” “liking,” and “inviting” across multiple accounts to accumulate points. Common application scenarios include:

• E-commerce platform traffic generation: Activities like new user registration points, double check-in points, and sharing for red packets. Studios participate with batch accounts, converting points into coupons or cash.
• In-game daily activity: Many mobile games tie daily quest rewards to accounts, making it impossible for a large number of “alt accounts” to be operated manually; they require automated idle gameplay and reward collection.
• Membership system value-added: Banks and telecom operators offer point-based gift exchanges for consumption. Users rapidly accumulate points by automating daily micro-transactions (e.g., small payments).

The commonality in these scenarios is the need to operate hundreds or thousands of accounts simultaneously. Platform monitoring systems have evolved from simple “same IP detection” to multi-dimensional analysis covering “browser fingerprint + behavior characteristics + device environment.” If multiple accounts share identical Canvas fingerprints, WebGL parameters, font lists, screen resolutions, etc., they are directly flagged as “malicious batch operations.” At best, this results in a 7-day ban; at worst, permanent blacklisting and points clearing. This is the core pain point for all operators.

Why Are Multi-Account Operations Detected? A Brief Analysis of Browser Fingerprint Tracking

Conventional wisdom suggests that using proxy IP switching or clearing cookies is enough to “simulate different users.” However, mainstream platforms (like Taobao, Pinduoduo, WeChat, and various game clients) inject fingerprint collection code into the browser far beyond what you might expect. They capture:

• Hardware fingerprints: CPU core count, GPU model, screen resolution, system font list, Canvas image rendering differences.
• Software fingerprints: Browser version, plugin list, timezone, language, whether Do Not Track is enabled.
• Network fingerprints: WebRTC local IP leaks, DNS resolution speed, TLS handshake characteristics.

Especially for Chromium-based browsers (like Chrome, Edge), the Canvas fingerprint is nearly identical on the same hardware. Real test data shows: creating 10 Chrome incognito windows on the same computer results in a Canvas fingerprint overlap rate as high as 92%. This means even if you use 10 different proxy IPs, the backend can still link those 10 accounts to the same machine via the Canvas fingerprint.

Another common evasion method is using VM virtual machines (VirtualBox, VMware). While they provide an independent virtual hardware environment, the configuration cost is extremely high (each VM consumes about 4-8GB of RAM), and performance overhead is severe. Compounding this, the Canvas fingerprints in VMs remain somewhat predictable, and some platforms can already detect virtualization driver markers to identify them.

The Core of Secure Farming: Isolating Browser Environments

The fundamental solution to the above problems is to provide a “real and independent” browser environment for each account. This environment must achieve:

1. Completely unique fingerprints: Covering hundreds of parameters like Canvas, WebGL, AudioContext, fonts, etc., each generated randomly and conforming to real device distributions.
2. Independent network: Each environment is bound to a dedicated proxy IP, with the IP’s physical region (timezone, language) consistent with the fingerprint.
3. Persistent data: Account data such as Cookies, LocalStorage, IndexedDB are stored in separate compartments without interference.
4. Automation compatibility: Seamless integration with automation frameworks like Puppeteer, Selenium, or Playwright for script control.

Manually building so many virtual environments is nearly impossible, so the industry widely adopts fingerprint browsers. A fingerprint browser is essentially a Chromium-based tool that deeply forges browser fingerprints and creates separate storage spaces for each profile. When batch registration or points farming is needed, you simply launch multiple profiles, each automatically loading its corresponding proxy and fingerprint, then simulate clicks via scripts.

In actual operations, many studios I’ve contacted use NestBrowser for points auto-farming. Its core advantage lies in its built-in fingerprint generation algorithm, which covers over 200 parameters. Each generated result is validated against a real device fingerprint database, avoiding anomaly detection triggered by fingerprints that are too “perfect.” Additionally, it supports batch creation, launching, and closing of profiles via API, making it ideal for integration with automation scripts.

How to Use a Fingerprint Browser for Multi-Account Points Accumulation

Below is a standard technical process for points auto-farming (using an e-commerce platform check-in as an example), assuming you already have a list of 100 accounts.

Step 1: Create Independent Browser Environments

In NestBrowser, import account information (username, password). The system automatically generates a configuration with a unique fingerprint for each account. You can bind a residential proxy IP to each account (dynamic proxies recommended, changing automatically on each launch). Note: The proxy’s region should ideally match the simulated user’s usual location—for example, use a Shanghai-based proxy for a simulated Shanghai user.

Step 2: Write Automation Scripts

Use Python + Playwright to connect to the debugging port provided by the fingerprint browser. Fingerprint browsers typically expose a local WebSocket address (e.g., ws://127.0.0.1:38889/devtools/browser/XXXX), which scripts can use to control the browser instance for a specific configuration. Example logic:

for account in account_list:
    # Fingerprint browser API to start specified profile
    browser_context = await fingerprint_browser.start_profile(profile_id=account['profile_id'])
    page = await browser_context.new_page()
    # Login
    await page.goto('https://example.com/login')
    await page.fill('#username', account['user'])
    await page.fill('#password', account['pass'])
    await page.click('#login-btn')
    # Perform check-in
    await page.wait_for_selector('.sign-in-btn')
    await page.click('.sign-in-btn')
    # Close profile
    await browser_context.close()

Step 3: Set Scheduled Tasks and Anti-Detection Delays

To avoid overly regular behavior patterns (e.g., all accounts checking in on the hour), the script should introduce random delays: random waits of 3-8 seconds between actions, and random intervals of 10-30 minutes between check-ins. Additionally, use the fingerprint browser to directly control timezone and language to make each account’s behavior more “human-like.”

Step 4: Monitoring and Exception Handling

When a platform detects anomalies, it often first requires slider verification or email verification. You need a retry mechanism: if a slider captcha appears, switch the fingerprint parameters within the fingerprint browser (enable the “random fingerprint on each launch” feature) and change the current IP to a backup proxy.

It’s worth mentioning that many teams, when implementing large-scale points farming, choose NestBrowser as the environmental foundation. The reason is its team collaboration feature: administrators can assign account profiles to all members with one click, and each profile’s fingerprint, proxy, and cookies are fully isolated, completely eliminating mass association bans caused by operating multiple accounts on the same device.

Practical Case: Batch Registration and Daily Operation Automation

Suppose you need to farm 500 “newbie gift pack” points for a gaming platform (one per account). Traditional manual registration requires 500 captcha entries. With a fingerprint browser and automation scripts, you can plan as follows:

1. Account Preparation: Create 500 profiles in the fingerprint browser, binding 500 different phone numbers from an SMS receiving platform (or emails).
2. Registration Script: Each profile simulates a real browser environment, automatically filling in the registration form, receiving SMS verification codes (via SMS API), and setting passwords. After registration, automatically log in and claim the newbie gift pack.
3. Risk Control Avoidance: Since each profile’s Canvas fingerprint, WebGL, fonts, etc., are different, and the fingerprint browser internally simulates different OS locales (e.g., Windows 10 Chinese, macOS English, Linux, etc.), the platform finds it very difficult to link the 500 accounts.

In actual stress testing, a team using 20 computers (each running 25 fingerprint browser profiles) completed registration and gift pack claiming for 500 accounts within 3 hours. If they had used 500 Chrome incognito windows on a single computer, they would typically trigger platform bans by the 100th account. The core difference lies in thorough environment fingerprint isolation, which is the irreplaceable value of a fingerprint browser.

Compliance Reminder and Best Practices

Finally, it must be emphasized: points auto-farming carries platform rule risks. The terms of service for most platforms explicitly prohibit “using automated tools for batch operations to obtain points.” If discovered, platforms have the right to revoke points, permanently ban accounts, and even pursue legal action. Therefore, the techniques described in this article are intended for learning, research, or compliant operation scenarios only—for example, testing your own platform’s risk tolerance or operating multiple accounts for legitimate content distribution (not malicious coupon farming).

Best practices include:

• Control frequency: Each account should perform no more than 2-3 tasks per day to avoid triggering anomaly thresholds.
• Simulate human behavior: Avoid consecutive clicks; include mouse trajectory simulation (e.g., using the Puppeteer Extra Stealth plugin).
• Isolate operations: Login times, IP ranges, and device fingerprints for different accounts should be as scattered as possible; do not launch all accounts simultaneously on the same day.
• Use professional tools: To minimize the probability of being associated by the platform, choose a fingerprint browser that has been validated by a large user base. Currently, the mainstream choice in the industry is NestBrowser, which has undergone long-term iteration in fingerprint forgery comprehensiveness and stability, especially suited for multi-account operations involving high-concurrency point farming tasks.

Summary

The core challenge of points auto-farming is not writing scripts, but how to make a large number of accounts appear as different real users in the eyes of the platform. Browser fingerprint tracking technology has rendered simple IP proxies ineffective. By constructing a unique hardware-software-network combination for each account, a fingerprint browser fundamentally solves the anti-association problem. Whether you are an individual developer or a team operator, using a professional environment isolation tool like NestBrowser can significantly improve the success rate and security of points accumulation. Remember: tools are merely aids; strategy and compliance awareness are the true foundation for long-term operation.