14

I was wondering how streaming service providers like Netflix, Hulu, Sling.. et identify my device when I login using web Browser on my labtop.
I couldn't find any Javascript APIs to get a GUID or so.

Amged
  • 670
  • 1
  • 7
  • 19
  • 2
    Probably using the user-agent header of the request. – Nir Alfasi Jul 28 '19 at 09:18
  • 1
    They probably build a "fingerprint" based on whatever cross–browser data they can scrape from the [*Navigator* interface](https://developer.mozilla.org/en-US/docs/Web/API/Navigator), cookies, etc. – RobG Jul 28 '19 at 09:21
  • I cloned everything in different devices and got the same result – Amged Jul 28 '19 at 09:25

3 Answers3

17

You can use the fingerprintJS2 library for your project too.

https://fingerprintjs.com/

How this library gets fingerprints

Fingerprint.js collects all the unique features from a device/browser passing them through a hash function to provide a unique identifier.

Example enter image description here

There are many other ways to get unique browser fingerprint.

The newest method to obtain browser information is called “Canvas Fingerprinting.” Simply put, websites are written in HTML5 code, and inside that code, there is a little piece of code that takes your browser’s fingerprint.

So, how are websites doing that, exactly? Let me explain.

This new tracking method that websites employ to obtain your browser fingerprint is enabled by new coding features in HTML5.

HTML5 is the coding language used to build websites. It’s the core fundamentals of every website. Within the HTML5 coding language, there’s an element which is called “canvas.”

Originally, the HTML element was used to draw graphics on a web page.

Wikipedia provides the following explanation on how exploiting the HTML5 canvas element generates browser fingerprinting:

“When a user visits a page, the fingerprinting script first draws text with the font and size of its choice and adds background colors. Next, the script calls Canvas API’s ToDataURL method to get the canvas pixel data in dataURL format, which is basically a Base64 encoded representation of the binary pixel data. Finally, the script takes the hash of the text-encoded pixel data, which serves as the fingerprint."

In plain English, what this means is that the HTML5 canvas element generates certain data, such as the font size and active background color settings of the visitor’s browser, on a website. This information serves as the unique fingerprint of every visitor.

In contrast to how cookies work, canvas fingerprinting doesn’t load anything onto your computer, so you won’t be able to delete any data, since it’s not stored on your computer or device, but elsewhere.

Source and further reading: https://pixelprivacy.com/resources/browser-fingerprinting/

https://multilogin.com/everything-you-need-to-know-about-canvas-fingerprinting/

By the way you can get much more information from Googling yourself.

halfer
  • 19,824
  • 17
  • 99
  • 186
Hisham___Pak
  • 1,472
  • 1
  • 11
  • 23
  • 1
    the question is how they identify this fingerprint? – Amged Aug 01 '19 at 06:15
  • 3
    even if you get it, using fingerprintjs or canvas, how is it ensured that on every visit the same fingerprint is created? – Paulo Aug 11 '20 at 12:11
  • @Paulo There are many methods to identify devices, yes you are right it CAN NOT be ensured that same fingerprint is generated this answer was relevant to his question asking for a JS API. Usually they know their customer when they authorize (login/signup) for their services and store the data accordingly. – Hisham___Pak Dec 01 '20 at 11:02
  • 1
    If the **"UNIQUE"** hash is created using my default font, background color, ..etc. How do they be sure there is no other visitor have the same font, background, .. etc and build the **SAME** hash ? – Accountant م Mar 10 '21 at 13:09
  • @Accountantم I already answered in my previous comment. – Hisham___Pak Mar 12 '21 at 13:48
5

I am using fingerprintjs.library for creating a browser fingerprint it works well with all device but when i test fingerprint in exact configuration device like laptop with exact configuration it generate same fingerprint. Before implementation i read many blogs says canvas fingerprint generate unique base64 string but when i tested in device with same configuration it generate same canvas fingerprint. The canvas fingerprint is not unique in exact or similar device.

While using fingerprint.Js libary, i made some option disable like plugins, enumerate device, browser version because this are dynamic in nature on adding headphone in device fingerprint will read headphone information or generate fingerprint accordingly or same with browser version. fingerprint will vary if any of this thing change in future. My requirement was to create a unique & constant fingerprint that donot change even after opening browser after somedays.

Farhaan
  • 75
  • 1
  • 4
-15

I suggest using localStorage and store a unique white-listed ID that gets verified on every login attempt.

localStorage.setItem('laazaz_id', '4587ff526d');

localStorage.getItem('laazaz_id'); //returns 4587ff526d

docs: https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage

Ayoub Laazazi
  • 540
  • 7
  • 15
  • if this is the case, a user can delete its localstorage and he'll get another new item. But fingerprint won't change. so, for each browser the user can be tracked. but with your case, it won't happen I guess. – ssi-anik Jan 06 '21 at 07:29
  • You can't make sure if that's a unique user if the localstorage is removed. or incognito mode is used. Best is to use browser fingerprinting. – Rahul Gandhi Jan 04 '22 at 17:39
  • 1
    This will not work - i can copy info from local storage to N computers easily. And your website will identify them as the same browser. – Uldis Valneris Apr 10 '22 at 13:36
  • How can this work if user changes the browser, what if user does not have access to localstorage, what if user cleears the local storage.? – Bhumit 070 May 09 '23 at 05:39