0

I will start a web service, and I need to track user activities. These are simple actions, but I have to uniquely identify everybody. No registration is required.

My problem is to identify clients, who are behind the same router, and have exactly the same configuration. This situation is frequent at firms and universities. I do not want to use cookies. The clients has JavaScript enabled browsers. I am building a JS based fingerprint technique, but have no idea what to add to separate these clients.

So is there any way to identify users behind a router with the same configuration using JavaScript?

Patartics Milán
  • 4,858
  • 4
  • 26
  • 32
  • 3
    Why no cookies? That's *the* way, really. – deceze May 07 '13 at 12:14
  • 1
    Can you be more precise about what you mean by 'identify' a user. Do you mean a user, or a client PC? If the user switches to a different browser are they the same client or not? – codebox May 07 '13 at 12:15
  • @deceze Because users can easily delete them, and manipulate statistic data. It have to be as accurate as possible. It is a business site, and don't want to allow anybody to cheat with the data. – Patartics Milán May 07 '13 at 12:16
  • 2
    Without requiring registration, no solution will be 100% foolproof. If foolproof is what you're going for, "anonymous identification" doesn't work. – deceze May 07 '13 at 12:17
  • @codebox I would like to identify client PC if they switch to another browser, it should be the same. Thx – Patartics Milán May 07 '13 at 12:18
  • I don't see how that can be accomplished foolproof only using javascript. – thebreiflabb May 07 '13 at 12:19
  • @JohnJameson: You may want to take a look at [Panopticlick](https://panopticlick.eff.org/), which does part of what you are looking for. In no way foolproof, though. – Henrik Aasted Sørensen May 07 '13 at 12:21

2 Answers2

0

I am curious why you don't want to use cookies...

Anyway the poor man's substitute of cookies is URL rewriting: insert an id at the end of every URL (?id=... or &id=...), and return it from the server in every new page. If you have an SPA, it's even easier, you don't have to pass it back from the server to the client.

Luis Crespo
  • 738
  • 7
  • 20
-4

You can track mouse movements and create a pattern to recognize the user or let them type some words and grab the interval between each digitation.

VeNoMiS
  • 330
  • 5
  • 15
  • 2
    How does that help exactly? – deceze May 07 '13 at 12:18
  • It gives an idea to how to create a simple recognize pattern – VeNoMiS May 07 '13 at 12:23
  • 1
    How many words will the user have to type or how long will he have to wiggle his mouse in order to make him unique and foolproof among possibly millions?! – deceze May 07 '13 at 12:24
  • 2
    Also, OP states that _"users can easily delete them, and manipulate statistic data"_, so it doesn't exactly sound like he is looking for a scheme requiring that a lot of trust is placed on the user to behave correctly. :) – Henrik Aasted Sørensen May 07 '13 at 12:26
  • http://en.wikipedia.org/wiki/Keystroke_dynamics – VeNoMiS May 07 '13 at 12:27
  • 2
    From the ^ abovelinked article: *Researchers are still a long way from being able to read a keylogger session from a public computer in a library or cafe somewhere and identify the person from the keystroke dynamics...* - It's not a feasible, practical solution to the problem at hand! – deceze May 07 '13 at 12:36