Device Fingerprinting

What Is Device Fingerprinting?

Device fingerprinting is a technique that identifies a device by collecting a combination of its hardware and software attributes. These attributes include the browser type and version, operating system, screen resolution, timezone, language settings, installed plugins, WebGL renderer, canvas rendering characteristics, and dozens of other signals. When combined, these attributes create a fingerprint that is often unique enough to identify a specific device across sessions, even without cookies.

How Fingerprinting Works

A JavaScript snippet runs in the user's browser and queries various browser APIs to collect attribute values. The collected data is hashed into a compact identifier. Even if individual attributes are common, the combination of all attributes is highly distinctive. Advanced fingerprinting techniques include canvas fingerprinting (rendering invisible graphics and comparing pixel data), AudioContext fingerprinting (measuring audio processing differences), and WebRTC fingerprinting (detecting local IP addresses).

Fingerprinting for Fraud Detection

Device fingerprinting is a powerful tool against multi-accounting, account takeover, and credential stuffing. If the same device fingerprint appears across multiple accounts, it suggests multi-accounting. If an account is suddenly accessed from a completely new fingerprint, it may indicate an ATO attempt. Fingerprinting remains effective even when attackers rotate IPs using backconnect proxies.

Combining Fingerprinting with AntiProxies

Device fingerprinting and IP reputation are complementary defenses. AntiProxies provides the network-layer intelligence (Is this IP a proxy? A VPN? A Tor exit?), while device fingerprinting provides the client-layer intelligence (Is this the same device that was seen yesterday?). Together, they create a robust identity signal that is extremely difficult for attackers to spoof across both layers simultaneously.