It’s written in TypeScript, lets you enable/disable collectors, add custom data, and includes a simple suspicious-activity score.
Would love feedback.
It’s written in TypeScript, lets you enable/disable collectors, add custom data, and includes a simple suspicious-activity score.
Would love feedback.
there's no explanation for why certain actions or choices are made.
it doesn't make sense why phantomjs gets a score of 7 while chrome headless gets 8, or why phantomjs and selenium aren't considered headless browsers or automation tools. why the most common legitimate screen resolution is flagged as suspicious or why tools like curl or wget which download conten, are running javascript instead. they would be in a stack that checks ua server side, not in js
mahdiyar•1h ago
The reason I pay for their library is their accuracy. It would be amazingly interesting if your library could compete. Then I would switch immediately.
By the way, I do not have a problem with paying for a service; their plans are not based on the volume of users. (Minimum is $100 for 20,000 verification) And I use only 2,000.
bobbiechen•49m ago
FingerprintJS open-source (and the discussed FingerprinterJS) are both trivial to spoof since the entire codebase is easily examined, and the implementation is totally open as an oracle to someone who wants to bypass it or construct arbitrary fingerprints. It's a nice proof of concept (and I like the attention to unstable signals in FingerprinterJS here) but ultimately doesn't hold up against any dedicated attackers.
I work on a competing commercial product (Stytch Device Fingerprinting) and your usage would be within our free tier. Unfortunately we don't have an open-source version or self-serve onboarding because of the adversarial problems mentioned above. Happy to chat if that helps, bchen at stytch dot com.