Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Javis Sullivan
    @trendsetter37
    I for one like the plugin route. Kudos on this btw I just recently came across your library last week!
    Could fpjs2 be a viable solution to keeping track of random users filling out a survey if you do not want them to see the same questions on repeat visits to your site? I am trying to not require a login.
    Valentin Vasilyev
    @Valve
    @trendsetter37 if all you need is a user differentiation, just use a cookie, it's easier and reliable. FPJS2 is for fraud-sensitive cases mostly
    alexjiang
    @chiangqiqi
    Hi, @Valve , I been trying to use this as a fraud-detection tool for my company website, but as you said, most Iphones has the same id, Is there any good solution to separate these devices?
    Valentin Vasilyev
    @Valve
    @chiangqiqi just use a cookie. If you need persistence, use evercookie. Also you can try using augur.io - the company that does devise/user identification commercially.
    FPJS/FPJS2 is only a supplementary identification mechanism. You cannot use it to achieve 100% identification, this is not possible. Please use it together with other methods of identification.
    Javis Sullivan
    @trendsetter37
    Ok thanks @Valve
    alexjiang
    @chiangqiqi
    @Valve , is it easy to do cookie on Iphone like device? any opensource solution suggest?
    Valentin Vasilyev
    @Valve
    @chiangqiqi, cookies are a part of all browsers on all platforms. https://developer.mozilla.org/en-US/docs/Glossary/Cookie to get you started
    alexjiang
    @chiangqiqi
    @Valve , thx for ur advice
    Marco
    @Maradonna90
    Ok so it seems like Firefox is getting a bit bitchy. There seems to be a NS_ERROR_FAILURE when the getCanvasfp tries to set the fakefont.
    I'll try to set the option, but it may be a bug in Firefox within invisible iFrames or something
    second, the indexedDB is stated as an SecureError. So you would like to exclude it via options
    All on FF 43.0.4 and Mac OSX 10
    Marco
    @Maradonna90
    An 'dontUseFakeFontInCanvas' is not used?
    Would be a nice option tbh
    Marco
    @Maradonna90
    ok so excludeCanvas : true fixes the issue
    but i think it would be cooler to have the dontUseFakeFontInCanvas option
    it still may throw an error
    Alex
    @nyalex
    Hey guys. Sorry if this is a stupid question, but I noticed that the response for Fingerprint2 is scoped in an anon function. Is it possible to use a callback so that I can make the hash available for other functions in my code?
    Marco
    @Maradonna90
    @nyalex : well the get function has the resulting hash as a callback, just look at the source of the testpage
    Another topic: I actually used FP2JS with cookies to have a feel for how often i get collision
    I got alot
    So I though at first that alot of people use the "no-cookies" settings. Because I generate the cookie of the value I would set and transmit it, no matter if it is actually set or not. So I avoid that by the navigator.cookieEnabled check. Still I got alot of collisions (20 on about 200-300 entries)
    Marco
    @Maradonna90
    So I ran a murmur3 implementation on python, generatin a 128 char string as an input and on 1M values I got 118 collision in the first run. Thats about every 8.5k value is a collision on the large scale.
    Marco
    @Maradonna90
    This message was deleted
    So I will now run the 30 run test with 1M entries and will report, but i think for really large numbers at least 32-bit hashes are not useable tbh.
    Marco
    @Maradonna90
    Well i looked into the FP2JS code again and as far as I can tell you are already using murmur3-128 bit?
    @Valve
    Marco
    @Maradonna90
    ok so I ran a test just with the hash implementation that is provided in the fp2js lib and it works fine
    for 1M€ no collision
    1M
    and 10M entries should also not be a problem at all
    Alex
    @nyalex
    @Maradonna90 Are you referring to this page? I think I got it, but it would have been wonderful if the hash could have been outputting into a variable like fingerprint1. The reason being is that I am concerned that if there is an issue with the fingerprint generator and the callback doesn't fire for some reason, my other code won't run either.
    Marco
    @Maradonna90
    yeah there is no error handling as far as I can see.
    Alex
    @nyalex
    @Maradonna90 Would you recommend a try/catch thing then?
    Marco
    @Maradonna90
    @nyalex: that would be an approach.
    Marco
    @Maradonna90
    So I have recorded some data with fingerprinting, cookies and IPs. The given records all have the same IP and if you just look at the timespan it seems like its the same fp for at least two distinct users. First we have the 6.5 cookie, 5mins later the q.5, than really fast the y.5 following the q.5 again. http://abload.de/img/bildschirmfoto2016-02fuluo.png
    Marco
    @Maradonna90
    This underlines that fp is not that good in identification solely.
    Alex
    @nyalex
    @Maradonna90 I am seeing similar results too. One thought I had was that the user switched to private browsing.
    Valentin Vasilyev
    @Valve
    @Maradonna90 sorry for the late reply, I have been moving to another country and the process is mostly complete. Yes, I'm using Murmur3 128 bit
    Commerce Experts
    @commerce-experts
    Hi guys, fp is not really supposed to identify users. Technically if you look at the data that is being captured/used this is simply not possible because most of the data is dependent on a device / browser combination rather than on a user/device combination. Just to give you a quick example: If you capture the fp's inside a cafe you'll see almost 50-60% identical fps just because all of these users are using the same device models. In oder to distinguish between these users you have to track their behavior and come up with a probabilistic model
    m1johnson
    @m1johnson

    Hello all. I've just recently found this chat but have been involved in device fingerprinting for 6+ months now. Me and my team recently did some work on determining whether a mobile device is a real mobile device or an emulator. I would be happy to share my results if anyone is interested. It is not perfect but basically it relies on the number of calculations or speed of canvas rendering. Even on a low quality laptop the laptop running the emulator outperformed many smartphones. Only the most expensive phones (Android) were able to give similar results. If you use a quality desktop with graphics cards, i7, etc it is not comparable.

    I wanted to ask if anyone has experience with TCP/IP fingerprinting? I believe ThreatMetrix uses it. From a few days of research I have found you can determine a few things from the data such as OS. I am working on a solution to beat proxies (other than a database of ips).

    Alan Collins
    @alanc0llins
    Hi
    Valentin Vasilyev
    @Valve
    Hi @alanc0llins
    Please ask your technical questions about the library, we'll gladly answer them! A single "Hi", however, will not trigger any response, because this chat room is for the library discussion, not for a regular chit-chat. :)
    alexjiang
    @chiangqiqi
    hi, @Valve , I wonder if I am using this fingerprint on our site, and one day, we upgrade it. does this necessarily means that all the fingerprint we generate with the older version means nothing? or how do we link the result from the old data and the new one
    Valentin Vasilyev
    @Valve
    @chiangqiqi I always try to maintain the backwards compatibility and only break it on major updates, so your FPs will stay the same. Most updates are just bug fixes or optional components, disabled by default
    Alex
    @sashberd
    Hello, can you please advice what is the general error percentage of different users getting the same fingerprint? In addition, is there a way to tell that the user is the same one in 95% assurance (let's say he updated one of the versions of the objects you rely on)?Thanks
    Valentin Vasilyev
    @Valve