It’s written in TypeScript, lets you enable/disable collectors, add custom data, and includes a simple suspicious-activity score.
Would love feedback.
It’s written in TypeScript, lets you enable/disable collectors, add custom data, and includes a simple suspicious-activity score.
Would love feedback.
there's no explanation for why certain actions or choices are made.
it doesn't make sense why phantomjs gets a score of 7 while chrome headless gets 8, or why phantomjs and selenium aren't considered headless browsers or automation tools. why the most common legitimate screen resolution is flagged as suspicious or why tools like curl or wget which download conten, are running javascript instead. they would be in a stack that checks ua server side, not in js
https://github.com/Lorenzo-Coslado/fingerprinter-js/blob/f34...
Why would the user agent of a javascript execution environment ever be curl?
https://github.com/Lorenzo-Coslado/fingerprinter-js/blob/f34...
self explanatory
https://github.com/Lorenzo-Coslado/fingerprinter-js/blob/f34...
variable declared but not used anywhere.
mahdiyar•4mo ago
The reason I pay for their library is their accuracy. It would be amazingly interesting if your library could compete. Then I would switch immediately.
By the way, I do not have a problem with paying for a service; their plans are not based on the volume of users. (Minimum is $100 for 20,000 verification) And I use only 2,000.
bobbiechen•4mo ago
FingerprintJS open-source (and the discussed FingerprinterJS) are both trivial to spoof since the entire codebase is easily examined, and the implementation is totally open as an oracle to someone who wants to bypass it or construct arbitrary fingerprints. It's a nice proof of concept (and I like the attention to unstable signals in FingerprinterJS here) but ultimately doesn't hold up against any dedicated attackers.
I work on a competing commercial product (Stytch Device Fingerprinting) and your usage would be within our free tier. Unfortunately we don't have an open-source version or self-serve onboarding because of the adversarial problems mentioned above. Happy to chat if that helps, bchen at stytch dot com.
FP_Protects•4mo ago
Thank you for sharing your experience and for highlighting what matters most to you: accuracy and pricing for lower-usage tiers. I definitely hear your frustration with the removal of the Free plan a few years ago and the challenge of not having a plan that fit your usage level.
Based on feedback like yours, we recently introduced a new Free plan (in May) that includes 1,000 API calls for iOS and web, plus 500,000 calls for Android. Depending on which platform your ~2,000 calls are coming from, this might be a better fit.
Your feedback is exactly what helps us shape these updates, so we’ll continue to take this into account as we refine our plans. If you’d like, I’d be happy to connect directly to see how we can make sure you’re on the plan that best fits your needs.