Talk:Device fingerprint

Untitled
I arrived here installing a Nuance product that asked for a machine fingerprint, and the article was no help. I then used the My Computer utility to look at the System Information and on the Dell PC in question found a four-part 21-digit alphanumeric code which worked. So perhaps a Machine Fingerprint page distinct from device fingerprint is in order as the machine print looks to be Nuance's way of referring to the OEM serial number for the PC. translator (talk) 18:02, 12 March 2011 (UTC)

Known companies and products using fingerprinting
I'm quite surprised there is no information at all about who does actively fingerprinting activity.

It's not that hard to find:
 * Iovation claims to acquire "over 100 attributes about the device" with their javascript snippet, while it is claimed that the activity is for fraud prevention uses, they encourage to use iovationscore to "offer trusted customers your best promotion".
 * Equifax provides a product based on that iovation code. — Preceding unsigned comment added by Privon (talk • contribs) 09:10, 1 January 2017 (UTC)

Proposed merger with Canvas fingerprinting
I'm thinking that Canvas fingerprinting has more than enough detail to stand on its own as an independent article and shouldn't be merged. This article, on the other hand, should be expanded to provide more detail on the different device fingerprinting techniques available, including canvas fingerprinting. — AfroThundr (u · t · c) 16:00, 7 July 2018 (UTC)
 * Oppose - Canvas fingerprinting is a specific technique that is notable on its own. Also, there is no rationale given for a merger so this request is malformed.- MrX 🖋 17:16, 7 July 2018 (UTC)
 * Indeed, normally one would be provided on the talk page of one of the merging articles, but none was provided here. Do you have a decent rationale for the proposed merge? — AfroThundr (u · t · c) 17:37, 7 July 2018 (UTC)


 * I apologize for not having shared the motivation in advance. You'll agree that the article about Device fingerprint is critically lacking. On the other hand, most of the comprehensive contents of canvas fingerprinting (that is nothing more than a subtopic) are quite relevant to the main topic of device fingerprinting and would be probably best put into context there. Specifically:
 * The (short) history of canvas fingerprinting is relevant to the main topic (being a fundamental step of the evolution of device fingerprinting) and would be better put into context there, together with the (short and currently patchy) history of device fingerprinting.
 * Mitigation methods are almost the same for canvas fingerprinting and for device fingerprinting in general: spoofing the fingerprint, offering a simplified fingerprint, blocking third parties who seem to track people, blocking attempts to read too many parameters.
 * What remains is only the definition of the canvas fingerprinting method. I think that this as well could be well fitted in the main topic, because it would provide the most prominent example of a fingerprinting method. –Esponenziale (talk) 20:35, 7 July 2018 (UTC)
 * If this is merged, the rest of the article would need reworking and expansion, otherwise it's mostly about canvas fingerprinting. This could work, provided we can find further material to flesh out the resulting combined article. I'm kind of surprised the article is still this short, given the increased attention to this topic over the last several years. — AfroThundr (u · t · c) 22:17, 10 July 2018 (UTC)

Is There Means to Defeat "Browser Fingerprinting", and If So, Should It Be Included in the Article?
I've had some conversations with some "Tech" types about browser fingerprinting, exploring the possibility that a software (addon, extension, etc...) might be able to "anonymize" a browser's fingerprint by altering certain, minor characteristics of the fingerprint periodically so that the browser's fingerprint never appears exactly the same for an extended period of time. One idea is to "lie" and claim that certain, mostly-unused fonts are either installed when they are not, or that they are not installed when they are, so as to obfuscate the fingerprint from automated, machine detection. The upshot of these conversations has been "it's possible", but to this date I've not heard of anyone creating such a software.

Does one exist?

If so, should it/could it be mentioned here in this Article? It seems to me that it should, given that a person concerned enough about computer privacy that they are reading about browser fingerprinting, the logical next step would be to learn about ways in which to try to defeat it. I think the Article would be improved if at least some discussion about means to defeat (or obfuscate) browser fingerprinting were discussed, even if it is to only mention that a means to do so does not yet exist.2605:6000:6947:AB00:75A9:D270:2421:59E (talk) 06:51, 1 October 2018 (UTC)
 * There are many methods of resisting browser fingerprinting available. This can range from simple useragent spoofing to blocking the javascript responsible. Many adblockers and other privacy plugins can do this (in every major browser, besides IE). Mozilla, Google, and Apple have started to add fingerprint resistance natively to their browsers as well. This is all mentioned in the article already. As for mentioning specific tools in the article, Wikipedia is not a how-to or guide, so just listing them in the article would not be proper. If there are notable uses of them, they could be mentioned, along with a reliable source to back the addition. — AfroThundr (u · t · c) 01:11, 2 October 2018 (UTC)

Overlap with Browser fingerprint and Canvas fingerprinting
One of the previous arguments against merging device fingerprint and canvas fingerprinting was the fact that this merger would place undue weight on canvas fingerprinting as the only (perceived) method of fingerprinting. Now that significant work has been done to expand browser fingerprint (thanks to Ergozat and others), would it be worth revisiting the debate? From my perspective as a reader, I would find it useful to have one page that summarizes all "digital fingerprints" (browser, hardware, canvas, or otherwise derived) as a complement to the more technical article at fingerprint (computing). But that's just me. Thoughts? Aeffenberger (talk) 00:48, 22 January 2020 (UTC)


 * Merge – As per my motivation when I proposed the merger two years ago —Esponenziale (talk) 11:20, 22 January 2020 (UTC)


 * Bumping this discussion and also announcing my intentions... I am planning to merge canvas fingerprinting with browser fingerprint in the next 24 hours (unless someone else decides they really want to do it while I am asleep). Speak now or revert me later! Aeffenberger (talk) 03:12, 30 January 2020 (UTC)


 * Does this make a better article? We seem pretty good as is. Andy Dingley (talk) 23:47, 31 January 2020 (UTC)
 * Most contents, and specifically history and mitigation methods, have common relevance but they're scattered on three pages, or futilely repeated at best.—Esponenziale (talk) 00:02, 1 February 2020 (UTC)


 * Ok, it seems that the proposition hasn't been met with enthusiasm, but neither with opposition. Specifically, neither nor  have opposed it so far. If things remain unchanged, I'll proceed to merge canvas fingerprinting with browser fingerprint in a couple of days. I'll wait more before merging browser fingerprint with device fingerprint.—Esponenziale (talk) 20:12, 5 February 2020 (UTC)


 * Could someone please clarify how the three articles would be merged and advance an argument for the merged-to article being a superset of the three articles? Right now there are templatse suggesting merging Canvas Fingerprint into browser fingerprint, which I disagree with. However, the OP talks about a "digital fingerprints" article. Once this is clarified, I will be happy to weigh in. - MrX 🖋 20:26, 5 February 2020 (UTC)


 * The canvas fingerprint is one of the browser fingerprints. It has great relevance in that context and doesn't have any relevance outside of it. Specifically, the history of canvas fingerprinting is relevant to the history of browser fingerprinting and it would be better put into context there. The methods for mitigating canvas fingerprinting (spoofing the fingerprint, offering a simplified fingerprint, blocking third parties, blocking attempts to read too many parameters) are the same used for mitigating browser fingerprinting in general.
 * Browser fingerprint (the article has been recently created) is the only device fingerprint that has practical relevance. Indeed, the current article about device fingerprinting is actually about browser fingerprinting. We can merge the two either to browser fingerprint or to device fingerprint, any suggestion is welcome.—Esponenziale (talk) 21:07, 5 February 2020 (UTC)


 * ✅, at last —Esponenziale (talk) 20:57, 15 March 2020 (UTC)
 * Despite opposition from two other editors? Andy Dingley (talk) 22:34, 15 March 2020 (UTC)
 * Well no, since you didn't get back after I answered your question, I honestly understood that you were both lacking interest in either opposing or supporting the merger. Also in retrospective I think it can't be interpreted otherwise. If you were opposing the merger you should have made it explicit with no question attached and possibly you should have given some reasons against mine.–Esponenziale (talk) 22:59, 15 March 2020 (UTC)
 * Reverted. My question has not really been addressed and I think consensus should be reached before trying to merge two articles into a third. If device finger rint and browser fingerprint have the same meaning, then we first need to determine which title to use. Canvas fingerprinting is notable on its own. Why not just take a relevant summary from that article an include it here? - MrX 🖋 22:47, 22 March 2020 (UTC)
 * Are you joking? You've left the discussion after asking one question. You can't expect to come back a month later and revert all back as you please. Consensus is reached with the parties that do discuss at the time of the discussion. —Esponenziale (talk) 23:17, 22 March 2020 (UTC)
 * When browser fingerprint was created, no consensus was reached about keeping it separate from device fingerprint (see Talk:Browser_fingerprint), therefore, now that the contents have been merged, it must redirect to this page. –Esponenziale (talk) 00:23, 23 March 2020 (UTC)
 * Yes, I see now that Browser fingerprint was arguably a duplicate of this article, so I apologize for that edit, but I stand by my revert on canvas fingerprint. As far as my absence from the discussion is concerned, I edit a lot of other articles. I have thousands on my watchlist, and I allegedly even have a life. Someone could have simply pinged me back to the discussion so that we could continue it. objected to this merge as well. - MrX 🖋 00:50, 23 March 2020 (UTC)
 * Everybody has limited time and can't control everything: you had no fault when you left the discussion, but you have now when you subvert the work done when you weren't here, without even reading anything.
 * I pinged you into the discussion the 5th of February. At that time I pinged also Andy Dingley, noting that his question, despite showing lack of enthusiasm, didn't amount to an opposition.
 * As you could see by reading the article, canvas fingerprinting is intertwined with most other sections of device fingerprint:
 * the applications of device fingerprinting and the reasons for its importance are quite relevant also to the particular case of canvas fingerprinting,
 * the short history of canvas fingerprinting is relevant to the main topic and is better put into context there,
 * the high level motivations for diversity and stability are relevant also to the particular case of canvas fingerprinting,
 * the mitigation methods apply as they are also to the particular case of canvas fingerprinting.–Esponenziale (talk) 12:07, 23 March 2020 (UTC)
 * Yes, and I responded to your ping. Your first bullet point is circular. I disagree with the conclusion of your second bullet point. I don't know what "high level motivations for diversity and stability" means in your third bullet point. I don't understand what point you are trying to make in your fourth bullet point.
 * I have no objection to covering canvas fingerprinting in this article, but I do oppose deleting the independent article because it's existence allows for more detailed coverage of the subject and it easily meets WP:GNG. - MrX 🖋 12:33, 23 March 2020 (UTC)
 * If you don't know what "high level motivations for diversity and stability" means, then you might consider to read the article before discussing it: there's a section just about that titled "diversity and stability."
 * With my fourth bullet point I'm saying that it makes no sense to treat the mitigation methods both in the canvas fingerprint and device fingerprint articles, as we currently do, because they're exactly the same: the methods for resisting canvas fingerprinting are the same for resisting any other browser fingerprinting technique. And similarly for the other topics in my list. For example, with the first bullet point I'm saying that it wouldn't make sense to explain the applications of canvas fingerprinting in its page, when they're just the same of device fingerprinting in general.–Esponenziale (talk) 13:06, 23 March 2020 (UTC)

Closing analysis
This discussion has been stale for over a month (since 23 March 2020‎), making it overdue for closure.

Closing this discussion is made more complicated by the fact that there are three pages involved, which means there are more than the usual possible outcomes when only two pages are involved.
 * Device fingerprint – Created at 06:44, 7 March 2008 by
 * It was suggested by that Canvas fingerprinting be merged into this article at 09:44, 7 July 2018. The discussion was closed by  as No consensus at 16:25, 21 November 2019
 * started this discussion at 00:48, 22 January 2020
 * merged 19,842 bytes from canvas fingerprinting (a 9,877-byte article) and Browser fingerprint (a 25,582-byte article) to this article at at 20:39, 15 March 2020
 * Browser fingerprint
 * #REDIRECT to Device fingerprint created at 03:01, 2 April 2016 by
 * The lead sentence of device fingerprint at 02:53, 2 April 2016 indicates that machine fingerprint and browser fingerprint are synonyms for device fingerprint
 * A new article was started at 22:36, 13 January 2020 by (Removed redirect to Device fingerprint) Ergozat announced their intention to start this article HERE.
 * A discussion is started at at 03:20, 17 January 2020. The last comment in this thread was made at 20:13, 21 January 2020. The '''result of this discussion is a rough consensus to merge to Device fingerprint.
 * started this discussion at 00:48, 22 January 2020
 * merged a 3,066-byte summary of Canvas fingerprinting to this article at 17:03, 30 January 2020.
 * redirected this page to Device fingerprint at 20:46, 15 March 2020, was reverted by at 22:33, 22 March 2020, but reverted the revert at 00:24, 23 March 2020
 * Canvas fingerprinting
 * Created at 03:12, 22 July 2014 by
 * It was suggested by that this article be merged into Device fingerprint at 09:42, 7 July 2018. The discussion was closed by  as No consensus at 16:25, 21 November 2019
 * started this discussion at 00:48, 22 January 2020
 * merged a 3,066-byte summary of this 9,729-byte article to Browser fingerprint at 17:03, 30 January 2020
 * redirected this page to Browser fingerprint at 17:03, 30 January 2020 but was reverted by  at 17:07, 30 January 2020
 * It was suggested by that this article be merged into Browser fingerprint at 23:24, 31 January 2020. This is the proposal which is curently up for closing.
 * merged 19,842 bytes from canvas fingerprinting (a 9,877-byte article) and Browser fingerprint (a 25,582-byte article) to Device fingerprint at at 20:39, 15 March 2020
 * redirected this page to Device fingerprint at 20:43, 15 March 2020 but was reverted by at 22:36, 22 March 2020

brave.com/privacy-updates

 * https://brave.com/privacy-updates-1/
 * https://brave.com/privacy-updates-2/
 * https://brave.com/privacy-updates-3/
 * https://brave.com/privacy-updates-4/
 * https://brave.com/privacy-updates-5/
 * https://brave.com/privacy-updates-6/
 * https://brave.com/privacy-updates-7/
 * https://brave.com/privacy-updates-8/
 * 0mtwb9gd5wx (talk) 13:35, 27 August 2021 (UTC)
 * 0mtwb9gd5wx (talk) 13:35, 27 August 2021 (UTC)

Recent addition to the lead
In my opinion the by user:BunnyyHop lacks precision and briefness: I'm open to discussion. Since consensus is currently lacking, I'll proceed to delete the addition, a part for a phrase that I'll move to the section about diversity and stability. —Esponenziale (talk) 17:51, 20 September 2021 (UTC)
 * 1) it refers to browser fingerprinting while describing features that apply more generically to device fingerprinting,
 * 2) it says that browser fingerprinting "uses a stateless technique," which I find misleading not being a communication protocol,
 * 3) it summarizes the problem of diversity and stability, which I find unnecessary since the relevant section is almost short as the summary and also I don't see it of sufficient importance to be discussed right in the introduction.




 * While I personally agree with the difference between the usage of "device fingerprinting" and "browser fingerprinting", that document in specific used "browser fingerprinting", which I decided to follow, to avoid OR. Papers such as this one that approach device fingerprinting, say that "[w]e identify and classify 29 available device fingerprinting mechanisms, primarily browser-based and known, but including several network-based methods and others not in the literature". For device fingerprinting, I believe this one might be of better usage.
 * The exact quote is "[u]nlike cookies, fingerprinting is a stateless technique that does not store any information on devices, but instead exploits unique combinations of attributes handed over freely by browsers". To avoid a COPYVIO, naturally, the phrasing must be altered. This is a problem of wikilink and not with the wording itself, I believe. I don't think there's an article in Wikipedia for "stateless" as described here.
 * While I agree that the diversity and stability section ought to be moved to its respective section, I believe these phrases: "Browser fingerprinting came to light as a way to track users without consent. It uses a stateless technique, which doesn't store data on those devices, and takes advantage of multiple attributes given by the browser. As such, identification is possible given the uniqueness of the fingerprint. Nonetheless, since browser fingerprints are altered with time, the efficacy of long-term user tracking isn't accurately known" are essential to the introduction.
 * -- BunnyyHop ( talk ) 20:45, 20 September 2021 (UTC)


 * I clarify: describing features as pertaining to browser fingerprinting, although correct, might be misleading in the context of our introduction because it suggests that they pertain only to browser fingerprinting and not to device fingerprinting. There would be no sense in referring to "browser or device fingerprinting" because browser fingerprinting is a type of device fingerprinting, as per the quote you've mentioned and the first paragraph of the current introduction.
 * Apart for the wikilink, the adjective "stateless" remains obscure without further explanation, and also misleading being commonly used for communication protocols. More importantly, the fact that fingerprinting techniques don't store any data on the client side is already stated in precise terms in the second paragraph of the current introduction.
 * The fact that device fingerprinting is used for tracking users without consent is already stated in the second paragraph of the current introduction with better detail. The subject of diversity and stability is treated in the brief section about that. If you think that the subject should be given more prominence, we may think to move up in first place the relevant section or even merging it to the lead (not sure)?—Esponenziale (talk) 12:18, 21 September 2021 (UTC)
 * The fact that device fingerprinting is used for tracking users without consent is already stated in the second paragraph of the current introduction with better detail. The subject of diversity and stability is treated in the brief section about that. If you think that the subject should be given more prominence, we may think to move up in first place the relevant section or even merging it to the lead (not sure)?—Esponenziale (talk) 12:18, 21 September 2021 (UTC)


 * Shouldn't we describe browser fingerprinting (giving it more weight) and its common attributes instead of concealing it due to a more general device fingerprinting, as it is the primary and predominant way of device fingerprinting?
 * "stateless" is mentioned twice in the document, and one describes the following "technique [as] completely stateless": "[a] browser fingerprint is composed of a set of browser and system attributes. By executing a script in the browser, sensitive meta-data can be revealed, including the browser’s parameters, but also operating system and hardware details.". This paper also describes browser fingerprinting as an "invasive and opaque stateless technique", and describes the statelessness in a more in depth way: "Browser fingerprinting is a stateless tracking technique that uses device configuration information exposed by the browser through JavaScript APIs (e.g., Canvas) and HTTP headers (e.g., User-Agent). In contrast to traditional stateful tracking, browser fingerprinting is stateless—the tracker does not need to store any client-side information (e.g., unique identifiers in cookies or local storage)". It seems to me that the problem you brought up can be fixed by mentioned that the fact that it doesn't store any client-side information is what the "stateless" refers to.
 * It is, but in a tacit way. I think a brief phrase about how it's an invasive technique (per this) that arose as a way to track users without their consent is sufficient. -- BunnyyHop ( talk ) 22:56, 21 September 2021 (UTC)


 * Nothing comes to mind worth adding to the introduction specifically about browser fingerprint.
 * I don't see why using an obscure adjective which needs a description, instead of using the description straight away.
 * I find the current phrasing very clear about it: "this may allow a service provider [...] to compile long-term records of individuals' browsing histories [...] even when they are attempting to avoid tracking." —Esponenziale (talk) 20:02, 22 September 2021 (UTC)

Split into Browser fingerprinting and others
Currently Device fingerprint page starts of with a mishmash of all kinds of fingerprinting techniques (browser, mobile, network etc) and then slides off into just browser fingerprinting, neglecting to mention any other fingerprinting tecnique. This is due to a previous merge in 2020. I would like to propose a split to unmerge browser fingerprinting from this article and make it a seperate standalone article (and similarly create spinoffs for each of those fingerprinting techniques, network fingerprinting has a ton of old literature, mobile fingerprinting also has some literature, etc from 2013-2018). Once we create spinoff articles, we should be able to create a overview/summary style article of device fingerprinting here. Sohom (talk) 20:47, 24 February 2024 (UTC)


 * This has been here for two weeks, I'm assuming consensus here :) Sohom (talk) 23:57, 8 March 2024 (UTC)