Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Rafael Silva
    @rhsilva
    ok, got it. Thanks man @sandeep45 :D
    Jarid Margolin
    @jaridmargolin
    Hey all... was curious of fingerprintjs contains any sort of "fingerprint score"
    As a mechanism for determining the probability a device can be detected as unique
    Jarid Margolin
    @jaridmargolin
    ^ looking for a mechanism to block abusive users on our platform... collisions would have a serious side effect and as a means to reduce collisions we were thinking the blocking behavior could be implemented if a "fingerprint score" was above a specified threshold
    m1johnson
    @m1johnson
    @jaridmargolin I am not aware of anything like this in the Fingerprintjs2 project. My suggestion would be to combine various aspects of the fingerprint that are likely to give you a reliable score. If you are able to use cookies you can match those up with the fingerprint of the device. Desktop would be more reliable than mobile. On desktop you could use things like Flash player version, user agent, resolution, timezone, and so on. I would suggest looking into Levenshtein distance for comparing fingerprints.
    @rhsilva I don't work a lot with iOS devices but the canvas ID seems to be one of the best indicators.
    Alex
    @sanasol
    :clap:
    bgsavage
    @bgsavage
    Hi all - was wondering if anyone knew what that max length character that the fingerprint can return?
    Alan Collins
    @alanc0llins
    Heey
    Kamil Pawluczuk
    @alatar-

    Hi @Valve, everyone,

    I've just finished my research on fingerprinting and I have couple of thoughts to share with you. I believe you may find them an useful contribution. I will simplify the story as it is going to be quite long anyway.

    A couple of months ago, I have developed a similar fingerprinting solution and collected many deterministic samples for analysis of fingerprints "usefulness". I was trying to answer the question which features should be fingerprinted in which way to provide the highest entropy, ensure stability, at the same time having on mind an overall execution time and the code length. Here are some thoughts/questions/observations:

    1) First of all, what is the point of having fingerprints from "has the user tampered with" family? I see a logical hole here – creating artificial fingerprints out of existing one doesn't increase the diversity but just consumes the code length and execution time. If it's not clear what I mean by artificial, let's make an example: we collect screen.availHeight and screen.height properties as one fingerprint; we create second fingerprint telling availHeight > height; if an user tampered with the setting, the first fingerprint will already make the final fingerprint different from the other, adding additional flag will not improve the uniqueness as this is just a duplicate information (paradoxically, users that are trying to hide their identity by setting some strange values are making themselves easily 'fingerprintable', beauty of this world ;))
    2) I believe ad-block detection should be disabled by default, the same way as flash font detection. In some browsers, add-ons are not enabled in private-mode (unless the user does it), therefore the fingerprint is often different while it shouldn't.
    3) Concerning execution time, especially when fingerprinting JS fonts using extended list is enabled, the overall time gets quite heavy. I have noticed it affects the user experience in some cases, e.g. some scripts responsible for scrolling are getting starved. I know there is no easy way to solve the issue as we cannot use WebWorkers but at least the problem could be addressed / or the overall execution time decreased. I have implemented a naive solution for my script but I didn't really have time to check if it's making much of difference.

    4) Fonts analysis with JS. Pretty awesome fingerprint but really time consuming and unstable (I have observed for this fingerprint the highest number of changes) if you collect too many fonts. The entropy I have achieved with a set of 100 optimal fonts was almost identical if consider 800 collected values. Obviously, it would get better with a bigger dataset but my conclusion is still clear – it is really worth to limit the number of fonts (not the random but the most representative set). Execution time improves significantly and the same for stability.
    5) @Valve, you were considering employment of User-Agent parsing library to improve the stability. UA scored for me the 2nd highest instability so it is crucial to do something about it. Yet, the best solution imho is to simply trim the unstable parts from the string, which is in fact the browser version (engine and os are quite ok). Parsing using a library, except of being more expensive, would skip some information that could be useful.
    6) I have found out that canvas, screen dimensions and webGL fingerprints should be particularly taken care of, again, due to the high instability. Drawing a "smile" icon in canvas fingerprint proved to make it really unstable, unfortunately. On the other hand, drawing a simple text is really stable and provides decent information. I know it may sound like going back in evolution but there is so many aspects to be considered... Surprisingly, usage of Arial font instead of fake (fallback) one gave better results, even though the second scored a higher number of unique and distinct values. A lot to play with.
    7) In general, I believe that more focus should be devoted to stability of fp2.js. More and more fingerprints are being added and it doesn't necessary make the script better. People are quite concerned about how often the fingerprint is changing, it is essential for the use cases to keep it stable. I haven't made any official analysis of this particular script but by employing most of the fingerprinting methods I can say the stability leaves a large field for improvement. Well, it must be hard to develop this script without any deterministic data about its efficiency. I am wondering if anyone is collecting and analyzing such data?

    Well, it's much longer than I intended, sorry! :)
    Let me know what you think...

    @bgsavage the final fingerprint is a murmur hash so it's always the same length
    Valentin Vasilyev
    @Valve
    @alatar- thanks for your suggestions, all make sense! Currently @elad-yosifon is working on v2, so he may want to incorporate your ideas. FPJS2 can definitely be made more stable, I agree, but I personally have stopped working on the library and Elad is handling the new development now in v2.
    bgsavage
    @bgsavage
    Great, thanks!
    Kamil Pawluczuk
    @alatar-
    Glad you liked the ideas @Valve.
    I guess the change of the main contributor doesn't mean any change of the direction the script is going? I will see if I can contribute some parts of my code. Yet, I have no clue what balance between diversity and stability is intended. Current version I would call diversity-oriented...
    Rafael Mello Campanari
    @melloc01
    Hi guys, I have been trying to load fingerprintjs2within my typescript App but it seems the module loader can't find fingerprintjs2 module, my sample app is on github: https://github.com/melloc01/ts-library-starter - there are some instructions the get the app running, thank you in advance = ] @Valve
    Victor Ng
    @vicngtor
    Hi there, I am currently exploring on the topic of identification through web requests. Aside from information obtainable from this library, are there any other information which I could use?
    Caleb Chiesa
    @Orbyt
    Is there an es6 example?
    Kevin
    @get-data-
    Hello, I have almost no javascript experience and need help figuring out the usage of Fingerprint2. I'm trying to set up a custom javascript variable that returns the "results" variable referenced in the doc's usage section. Can anyone assist?
    player0k
    @player0k
    When will be released the Half-Life 3 ?
    Alex
    @sanasol
    https://geektimes.ru/post/284604/
    http://yinzhicao.org/TrackingFree/crossbrowsertracking_NDSS17.pdf
    Maybe you can find something useful and not implemented in fp2
    But as i see almost all methods used already :)
    daankuijsten
    @daankuijsten
    @Valve I would like to contribute to the repository but got a few questions:
    1. Is there a particular reason why there is no headless browser testing framework included? I would like to integrate Karma (or something like that) to write automated tests for all browsers
    1. I see a lot of features issues closed because you "want to focus on optimizing the features you got". Is that something you want to hold on to? I really need a couple of new methods to check a browser fingerprint and I am willing to implement them, but when you say upfront that they will not be included I just gonna fork.
    ultramaks
    @ultramaks
    I wonder, why 1.4.4 version shows different fingertips in different ways.
    e.g in your http://valve.github.io/fingerprintjs2/ I see one fingertip, but when I download zip file with 1.4.4 version and put it on my website and go to index.html - fingertip is different... but when I use this library - i receive the one that is the same as fingertip from your site... Internet Explorer, Firefox shows the same fingertips everywhere... when using my local webserver I also get the same fingertip identical to the fingertip from your side...
    version 1.4.0 did not have such issues... what can it be?
    qqTYXn7
    @qqTYXn7
    @Valve
    Hi.
    I was wondering if you could tell me where you got the fonts and extended fonts list from for the JS/CSS font detection test
    Sundareswaran S
    @sundarseswaran_twitter
    @Valve -- any idea why the regular_plugin would provide different results when accessing different webpages. please see the below screenshot
    Capture-3.PNG
    The first result is a webpage that uses angular which includes Shockwave Flash in the list, whereas the second one is a plain HTML with <script> it doesn't see to pull up Shockwave flash into consideration to compute fingerprint
    MXSteel
    @MXSteel
    @Valve Hey! A very small suggestion, for people like me who don't wanna go digging through the code for an answer:
    Write somewhere in the read-me the exact parameters of the output string - aka - "Returns a string of the length 30 to 34 that contains only digits and lowercase letters".
    This would make first-time users' life a bit simpler =)
    BruceBissett
    @BruceBissett
    @valve -- So, testing this on a live production site resulted in tons of duplicate fp's from different users. Reading the FAQ it appears that this solution, while very cool, just isn't going to deliver unique user detection. Do you know of any modern open source libraries that approach 98-100% accuracy?
    ultramaks
    @ultramaks
    @BruceBissett, I do not think you can find a cool thing for this.. At least, free of charge )
    Valentin Vasilyev
    @Valve
    @qqTYXn7 just took from some web page, similar to "the fonts that can be found anywhere" etc
    @sundarseswaran_twitter probably plugins are the same, their order is random every time you access
    @MXSteel please submit a PR for the readme :)
    @BruceBissett I believe you cannot get 98-100% accuracy with JS only. Please look at augur.io, they're not OSS but worth trying
    @daankuijsten yes, initially I was using phantomjs for tests but it cannot run flash, so I dropped the idea, didn't want extra complexity.
    @melloc01 the module loading is broken in the library. Nobody has submitted a PR to fix it yet, so it seems that it's an unnecessary feature. If you need it, please submit a PR
    Aditya Agarwal
    @o0aditya0o
    @Valve In the hasLiedLanguage what is the significance of matching the substring of length 2 and not the entire strings ?
    Aditya Agarwal
    @o0aditya0o
    @Valve Also I think there might be a possible bug in hasLiedBrowser since chrome UA on iphone is something like this - Mozilla/5.0 (iPhone; CPU iPhone OS 10_3 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) CriOS/56.0.2924.75 Mobile/14E5239e Safari/602.1
    @Valve as you can see there is no mention of chrome hence this would be detected as safari
    Himanshu Ranavat
    @atkt_forever_twitter
    question: the fingerprintJS2 library - how expensive it is to run to calculate the fingerprint. could it be a issue on mobile browsers?
    Aditya Agarwal
    @o0aditya0o
    @ptrinh what exactly is this theatMatrix doing ?
    Steven Borrelli
    @stevendborrelli
    The function itself is defined to return 1 if it cannot determine the number of processors, but fingerprint.js returns "unknown". This caused one of our APIs endpoints to have an error, as it was expecting an int in that field.
    I see returning "unknown" is a common patter, but it seems like it would cause issues on systems that have stricter type enforcement.
    Nitzan Aviram
    @nitzanav
    Hi, I am looking for a consultant with a vast experience in fingerprinting. Mostly to guide us and help us choose the right set of attributes. Can some one consult us and invoice us?
    Neumann Valle
    @utan
    mm