CODEWITHSUNDEEP
javascriptunique
Mohammad Hossein Fattahizadeh
Mohammad Hossein Fattahizadeh

Reputation: 2731

generate fingerprint of client using javascript

How can i generate unique fingerprint of each client?

I know must use navigator object but some properties like navigator.battery cannot use in this method.

// battery included and unique may change.
var uniqueHash = exampleHash(JSON.stringify(navigator));

How can i generate correct unique fingerprint for each user just using JavaScript and without cookie.

Cross platform and older browser also must be included.

I need list of cross browser supported by navigator.X

Note: I don't want to generate random hash. i want to generate system base hash for each user and i dont wanna save on Cookie or Storage.

Upvotes: 1

Views: 8932

Answers (3)

symcbean
symcbean

Reputation: 48357

How can i generate unique fingerprint of each client?

Short answer is that you can't. It's impossible to do this for every client. You can get close using invasive profiling of the client, but you'll probably only get a unique identifier in around 90-95% of cases.

and i dont wanna save on Cookie or Storage.

Is there a reason you don't want to store data client side? If you told us what you were trying to achieve then maybe we could suggest a better way to solve the problem.

Upvotes: 2

Stefano Sanfilippo
Stefano Sanfilippo

Reputation: 33046

Simplest way to keep a session without using cookies is appending a unique hash (maybe a UUID or something similar) to the urls in the page as a get parameter:

/my/fancy/url

becomes

/my/fancy/url?HASHCODE

whenever the server receives a request, it capture the HASHCODE if present, otherwise it generates one, and then append it to all links on the served page.

Please bear in mind that the user can manipulate the HASHCODE and you should take that into account when engineering your application.

Anyway, notice that it's quite ugly in the fancy-url era. Also notice that user tracking is a delicate subject and you might incur into legal problems if you do not properly declare it in the TOS.

EDIT: you cannot track a person across multiple web sites without using cookies in any of their variants (flash, session storage, etc.) and a domain shared between sites. No way, you cannot set a variable or cookie from one domain and access it from another one in any decent browser, otherwise it would be a big security hole.

EDIT: Panopticlick cannot be used as a tracking method as you suggested, because it is based on statistical matching and it is also pretty bad at that (try browsing https://panopticlick.eff.org/ from outside the USA or with the just-released Chrome/Firefox update). It's a good proof concept, but nothing that you can use for this purpose. Also, you would need a whole lot of samples to get statistically relevant results.

EDIT: Browser fingerprint identifying power is weak: many browsers are autoupdating (like Chrome or Firefox) and official builts are very few (20? 40? Maybe a bit more if you count Linux distribution-compiled ones), so you will find a consistent portion of users with the same user agent. Add that there is a pletora of consumer PCs with similar configurations.

Upvotes: 1

wycleffsean
wycleffsean

Reputation: 1377

One route that may be worth looking into is using the Mozilla Persona API. It exposes a navigator.id property for consumption. Getting a unique id from a user is as simple as...

navigator.id.get(function(unique_id) {
    alert("this is your unique id: " + unique_id);
})

This has the downside of requiring user authorization

Example: http://jsfiddle.net/aJsL9/1/

Upvotes: 1

Related Questions