Browser fingerprint comprises many pieces of information gathered from a user’s browser such as user agent, Flash version, timezone, and over a dozen others. As a result, browser fingerprint is a fairly good indicator of uniqueness, but isn’t foolproof. For example, two brand new computers from the same manufacturer that are set up and not updated in the same city will have identical browser fingerprints.
Device fingerprint, like browser fingerprint, takes into account many different pieces of information that allows us to identify a computer as unique. In addition to many of the browser signals, device fingerprint also includes device-specific information such as IP and screen size. Device fingerprint is also known as device ID or device identification.
Sift uses both device and browser fingerprint as identity signals to detect fraudsters and other bad users. A few notes on device fingerprinting specifically:
- Sift computes multiple device fingerprints using multiple methodologies to uniquely identify a device.
- Clever fraudsters will disable javascript, thus crippling device fingerprint. Therefore, Sift includes the lack of fingerprint as factor in its machine-learning models. For some merchants, no device fingerprint (or javascript enabled) is a signal of risky behavior.