JavaScript device fingerprinting is an increasingly popular method of tracking and scoring users on websites. It uses a small piece of JS code to collect data points about a visitor’s browser and device configuration. These data points are used to generate a fingerprint that’s then compared to a database of known fingerprints in order to identify a visitor.
In addition to identifying devices, fingerprinting can also be used to identify unusual or suspicious behavior patterns like login-free verification, fraud, and other security threats. This is why some Internet users are skeptical of using device fingerprinting, particularly when it comes to the collection and use of personal information.
JavaScript Device Fingerprinting: A Comprehensive Guide
To create a device fingerprint, developers use the WebGL API to render on-screen images and graphics. These images are rendered differently by different GPUs, which gives an indication of a device’s graphical capabilities. In this way, fingerprinting can be used to detect things like the graphics card model, screen resolution, and operating system version.
Other features are also used to construct a fingerprint, such as the user agent string (which identifies the browser), fonts and colors, and plugins. Combined, these provide an accurate picture of the device.
Commercial fingerprinting solutions, such as Castle and Seon, can offer additional aggregations to improve accuracy. Seon, for example, prioritizes identity enrichment — which can help reduce the risk of false positives. Open-source options like CreepJS, FingerprintJS, and Stytch are a good choice for developers looking to evaluate device fingerprinting without spending money. They are all free for up to 2,000 API calls and are simple to integrate.