Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Valentin Vasilyev
    @Valve
    @HERRKIN if you have a specific example of FPJS2 being broken, please submit an issue on the github page. @Grez if two devices are identical - their fingerprints will be the same, there is no way around that currently using purely FPJS2.
    anvd
    @ar-anvd
    @/all When you are talking about server side implementation, what type of things are you thinking about? exclusively evercookie? More than an implementation, I think that we need to clarify objectively what we are looking for with server side.
    Valentin Vasilyev
    @Valve

    @/all I'd think that the (very roughly) structure should be as follows:

    1. A special snippet of JS code is added to every page (akin to Google Analytics).

    2. For every page view this code sends:
      2.1. uniqueID (if available) - stored in evercookie
      2.2. fpjs2id - stored in evercookie, if not, generated
      2.3. User Agent
      2.4. Current URL
      2.5. HTTP Referrer
      2.6. IP address
      2.7. Additional info if available

    3. Server receives such request and sees if:
      3.1 uniqueID is available or not, if not, it generates it and serves as part of the response to be saved on the client.
      3.2. if uniqueID is available then we have a user profile in the DB.
      3.3. if user profile is available - we add current request params to add to some "Big Data analytics thing"
      3.4. "Big Data analytics thing" can link multiple fpjs2 to a single user profile based on viewed pages, IP address, referrer (more).
      3.5. It tries to make its decisions based on persistent, unique identifiers, using fpjs2 as supplementary identifier.
      3.5. Server side analytics will try to do its best to link as many FPJS2 Ids to a user profile to build something like:

    User: "John Doe"

    Devices:

    1. MacBook Pro 2013, 13" with such libraries/fonts/plugins installed
    2. iPhone 6 with such libraries/fonts installed
    3. iPad/iWatch/Android etc.

    Profile data:

    1. Location - Germany, Berlin, 97% statistical confidence
    2. Works in - Mozilla Berlin, 98% statistical confidence
    3. Partner ID: #243523452345234
    4. Interests: [hockey, gaming, fishing)
    5. Social network profiles (fbid, g+id etc)
    6. Hours active: 8am -16pm
    7. etc etc etc

    This system provides both server-side and client-side APIs, that allow:

    1. get a complete profile of current user.
    2. get a complete profile of current device.

    The more companies install the snippet of JS, the more data we have, the more precise/intelligent the system becomes.

    I would very much like to develop a solution like this, but it requires funding to be able to work on it full-time, but I'm certain
    it's possible.

    Valentin Vasilyev
    @Valve
    /@all I've released version 1.0.0-rc1. Please test it and let me know if you find anything. If all goes well, this will become v1.0 in a week or so. The biggest change is that the lib has become 5-10 times faster because I'm only using a subset of detectable fonts by default with an option to use the full list.
    Valentin Vasilyev
    @Valve
    Once I release v.1.0, I will maintain backward compatibility for 1.X branch. All breaking features should go into 2.0 milestone.
    Commerce Experts
    @commerce-experts
    @Valve I'm currently finalizing the same kind of solution you are currently envisioning. I have a very robust fingerprinting layer and the serverside analytics and probabalistic stitching. However I'm having serious trouble to get a client side "evercookie" persistent client side storage running. Did you already had time to look into this?
    Valentin Vasilyev
    @Valve
    v1.0 released
    @commerce-experts It's been a very busy year for me, Yesterday I've applied for a O-1 visa in the US, which took me 7 months to prepare the docs. Now I can breathe more easily :) I haven't started anything yet, but I am starting it now. I will accelerate new features development and bug fixing on the FPJS2 and will start working on the complete solution too. So can't really help you at the moment, but hope to come up with something later
    Valentin Vasilyev
    @Valve

    @/all I have a question to all interested :) Currently FPJS does some feature detection, which should be (IMO) delegated to a specialized library, such as Modernizr. Do you think we should do all feature checks with Modernizr and have it as a dependency? This way we can extend the list of tested features and have them all (their presence and or level of support) contribute to the FPJS calculation. Please share your ideas.

    The job of FPJS2 would be:

    1. To test the presence of a feature with Modernizr.
    2. If feature is present and a unique info about this feature is available - add the unique info to the FP calculation.
    3. If unique info is not available, record the fact of presence or absence of this feature as a weaker FP component.
    Valentin Vasilyev
    @Valve
    I have started working on v2 branch which will have the fuzzy hashing and UA parsing. It's going to be a big release. I'm thinking about dependencies now, on one hand I want to keep it a no-dependency library, but OTOH, I do want to use specialized libraries for respective features (UA parsing, feature detection etc). Please let me know what's the best practice for this in 2015 :)
    Bennett Neale
    @noomerikal
    @Valve with fingerprint.js you stated accuracy of up to 94%, is this still the same case with fpjs2 or is there an increase?
    Valentin Vasilyev
    @Valve
    @noomerikal I think that with newer browsers and more mobile browsers the accuracy for FPJS1 has dropped several percent, while the goal of FPJS2 is to bring it back to 93-94%
    Bennett Neale
    @noomerikal
    @Valve gotcha, thanks! looking forward to helping out server side.
    Michael DeRazon
    @mderazon
    Hi @Valve I was wondering what's your estimate for the chance of collision - two users with the same fingerprint
    How often do you think it can happen realistically
    Valentin Vasilyev
    @Valve
    @mderazon sorry for the late reply, we had A NEW YEAR IN RUSSIA :)
    So, there are two types of collisions:
    1. Two users with identical devices. If two fresh IPhone 6 users from Sao-Paulo try to calculate their FPs, most likely they will have identical values.
    2. Murmur hash collisions (an excellent overview is here: http://programmers.stackexchange.com/a/145633/47699), happens once per ~50K inputs.
      Please let me know if you have additional questions
    @/all I think I have found a balanced answer to features vs dependencies – plugin architecture. The core lib will stay as is, small and no-deps. However it should (IMO) have an ability to have its core mechanisms to be overridden via a plugin. For example - fingerprintjs2-ua plugin will have a full-blown UA parsing ability that ignores frequently changing parts. A plugin should have an ability to override the built-in FP component or add new FP component. Please let me know what you think.
    Javis Sullivan
    @trendsetter37
    I for one like the plugin route. Kudos on this btw I just recently came across your library last week!
    Could fpjs2 be a viable solution to keeping track of random users filling out a survey if you do not want them to see the same questions on repeat visits to your site? I am trying to not require a login.
    Valentin Vasilyev
    @Valve
    @trendsetter37 if all you need is a user differentiation, just use a cookie, it's easier and reliable. FPJS2 is for fraud-sensitive cases mostly
    alexjiang
    @chiangqiqi
    Hi, @Valve , I been trying to use this as a fraud-detection tool for my company website, but as you said, most Iphones has the same id, Is there any good solution to separate these devices?
    Valentin Vasilyev
    @Valve
    @chiangqiqi just use a cookie. If you need persistence, use evercookie. Also you can try using augur.io - the company that does devise/user identification commercially.
    FPJS/FPJS2 is only a supplementary identification mechanism. You cannot use it to achieve 100% identification, this is not possible. Please use it together with other methods of identification.
    Javis Sullivan
    @trendsetter37
    Ok thanks @Valve
    alexjiang
    @chiangqiqi
    @Valve , is it easy to do cookie on Iphone like device? any opensource solution suggest?
    Valentin Vasilyev
    @Valve
    @chiangqiqi, cookies are a part of all browsers on all platforms. https://developer.mozilla.org/en-US/docs/Glossary/Cookie to get you started
    alexjiang
    @chiangqiqi
    @Valve , thx for ur advice
    Marco
    @Maradonna90
    Ok so it seems like Firefox is getting a bit bitchy. There seems to be a NS_ERROR_FAILURE when the getCanvasfp tries to set the fakefont.
    I'll try to set the option, but it may be a bug in Firefox within invisible iFrames or something
    second, the indexedDB is stated as an SecureError. So you would like to exclude it via options
    All on FF 43.0.4 and Mac OSX 10
    Marco
    @Maradonna90
    An 'dontUseFakeFontInCanvas' is not used?
    Would be a nice option tbh
    Marco
    @Maradonna90
    ok so excludeCanvas : true fixes the issue
    but i think it would be cooler to have the dontUseFakeFontInCanvas option
    it still may throw an error
    Alex
    @nyalex
    Hey guys. Sorry if this is a stupid question, but I noticed that the response for Fingerprint2 is scoped in an anon function. Is it possible to use a callback so that I can make the hash available for other functions in my code?
    Marco
    @Maradonna90
    @nyalex : well the get function has the resulting hash as a callback, just look at the source of the testpage
    Another topic: I actually used FP2JS with cookies to have a feel for how often i get collision
    I got alot
    So I though at first that alot of people use the "no-cookies" settings. Because I generate the cookie of the value I would set and transmit it, no matter if it is actually set or not. So I avoid that by the navigator.cookieEnabled check. Still I got alot of collisions (20 on about 200-300 entries)
    Marco
    @Maradonna90
    So I ran a murmur3 implementation on python, generatin a 128 char string as an input and on 1M values I got 118 collision in the first run. Thats about every 8.5k value is a collision on the large scale.
    Marco
    @Maradonna90
    This message was deleted
    So I will now run the 30 run test with 1M entries and will report, but i think for really large numbers at least 32-bit hashes are not useable tbh.
    Marco
    @Maradonna90
    Well i looked into the FP2JS code again and as far as I can tell you are already using murmur3-128 bit?
    @Valve
    Marco
    @Maradonna90
    ok so I ran a test just with the hash implementation that is provided in the fp2js lib and it works fine
    for 1M€ no collision
    1M