Multi-Account Management with Mobile Proxies
How to isolate accounts properly using mobile proxies and antidetect browsers so platforms cannot link them together.
Why Accounts Get Linked
Platforms detect multi-accounting by correlating multiple signals across sessions. If any two accounts share enough of these signals, they get flagged as related:
- --IP address: The most obvious signal. Same IP across accounts is the first correlation point.
- --Browser fingerprint: Canvas hash, WebGL renderer, AudioContext output, installed fonts, and TLS/JA3 fingerprint.
- --Cookies and local storage: Shared cookies or localStorage keys across browser profiles.
- --Timezone and language: Mismatches between IP geolocation and browser timezone/language settings.
- --Screen resolution: Identical or unusual resolution values across accounts.
- --WebRTC leaks: WebRTC can expose your real IP address even when using a proxy, bypassing the proxy entirely.
Browser Fingerprinting: How It Works
Browser fingerprinting collects hardware and software characteristics that are unique enough to identify a specific browser instance without cookies.
Canvas Fingerprinting
The browser draws text and shapes on a hidden HTML5 canvas element, then extracts the pixel data as a hash. Different GPU hardware, graphics drivers, and operating systems produce subtly different pixel-level rendering, making the hash unique per device configuration.
WebGL Fingerprinting
Queries the WebGL API for the GPU vendor string, renderer string, supported extensions, and shader precision formats. The combination of WEBGL_debug_renderer_info values is highly unique — it identifies the exact GPU model and driver version.
AudioContext Fingerprinting
Creates an OfflineAudioContext, runs a signal through the Web Audio API (typically an oscillator through a compressor), and measures the output buffer. Differences in audio processing hardware and software produce unique floating-point output values.
TLS / JA3 Fingerprinting
Analyzes the TLS ClientHello message sent during the handshake — specifically the cipher suites, extensions, elliptic curves, and point formats. The JA3 hash of these fields identifies the client software. This happens at the network level, before any JavaScript runs, making it impossible to spoof from within the browser alone.
WebRTC IP Leak
WebRTC (used for real-time communication) can discover the client's local and public IP addresses via STUN server requests, even when a proxy is configured. This happens through the RTCPeerConnection API and must be explicitly disabled or spoofed.
The Isolation Formula
Unique IP + Unique Fingerprint + Isolated Storage = Unlinked Account
Each account needs all three components to be independent. Missing any one creates a correlation point. A unique IP alone is not enough if two accounts share the same canvas fingerprint. A unique fingerprint is not enough if two accounts connect from the same IP. And both are useless if cookies leak between profiles.
Step-by-Step Setup
- 1Get mobile proxy credentials. Each proxy provides a real carrier IP via CGNAT, which platforms trust because thousands of legitimate users share the same IP ranges.
- 2Use an antidetect browser. Tools like DiCloak, Multilogin, or GoLogin create isolated browser profiles with unique fingerprints for each account.
- 3Create a separate profile per account. Each profile gets its own cookies, localStorage, IndexedDB, canvas noise, WebGL overrides, and audio fingerprint.
- 4Assign one proxy per profile. Use sticky sessions so the account always connects from the same mobile IP. This builds a consistent IP history for each account.
- 5Match timezone and language to proxy geo. If your proxy exits in Germany, set the browser timezone to Europe/Berlin and the language to de-DE. Mismatches are a strong detection signal.
- 6Disable or spoof WebRTC. Configure the antidetect browser to either disable WebRTC entirely or replace the IP returned by STUN requests with the proxy's IP address.
Rotation Strategy by Platform
| Platform | Sticky Session | Notes |
|---|---|---|
| 10-30 min | Avoid more than 20 actions (likes, follows, comments) per hour. Instagram tracks action velocity and device consistency. | |
| TikTok | 30-60 min | Checks multiple signals including device hardware, sensor data, and behavioral patterns. Use longer sticky sessions with natural timing gaps. |
| 15-30 min | ML-based detection correlates browsing patterns across sessions. Vary posting times, content types, and interaction patterns. | |
| Twitter / X | 10-20 min | Dynamic rate limits based on account age and trust score. New accounts have stricter limits; age accounts for several days before heavy use. |
Common Mistakes
- --Sharing IPs across accounts. If two accounts ever use the same IP at the same time, they are immediately correlated. Use one dedicated proxy per account.
- --Inconsistent timezone/language vs IP geo. An IP geolocating to Brazil with a browser set to en-US and America/New_York timezone is an obvious red flag.
- --Mechanical action timing. Actions at exact intervals (every 30 seconds, every 2 minutes) look automated. Add random delays and vary patterns.
- --Ignoring WebRTC leaks. A proxy means nothing if WebRTC reveals your real IP through a STUN request. Always verify WebRTC is disabled or spoofed before operating accounts.
- --Using the same fingerprint across profiles. Antidetect browsers only work if you actually configure unique fingerprints. Default profiles with identical settings are just as linkable as a regular browser.
Ready to Scale Your Accounts?
Real carrier IPs with sticky sessions, unlimited bandwidth, and instant setup. Pair with your antidetect browser for complete account isolation.