Web - Browser Fingerprinting



A digital fingerprint is a string that represents a unique id of a device (browser).

The more unique is the browser, the more it has a one on one relationship with a user.

A digital fingerprint may be computed for a device:


The below example is a device characteristic fingerprinting that has been computed with the valve library.



A characteristic device fingerprinting is computed by collecting characteristics of a user's device and by generating a unique string of this collection via a hash function.

Example of characteristics:

  • fonts a user has installed
  • the exact list of which features a user agents supports.
  • the maximum allowed stack depth for recursion in script.
  • features that describe the user's environment
  • the user's time zone.

See example


Canvas fingerprinting is a type of browser or device fingerprinting technique that was first presented by (2012) Mowery and Shacham in 2012 (Pixel Perfect: Fingerprinting Canvas in HTML5) -

The rendering of a canvas is heavily dependent on the device.

Algo: Render a picture on the canvas > To Base64 encoded > digest function to get the fingerprint value.


An etag is an unique identifier resource send with a HTTP request.

Because the etag is used by the browser when validating the cache in a conditional request, it could be used as fingerprint.



Valve is a browser fingerprinting library (Valve/fingerprintjs2) that implements a characteristics fingerprinting. The example is based on it.

Browser DNA



  • Aloodo is a tracking detection script. (designed to be blocked by all the popular Web privacy tools). You can use it to help your users learn if they are still vulnerable to third-party tracking, and start to do something about it.

See also:


Panopticlick, Eckersley’s “open-source” implementation of browser fingerprinting. They take:

  • plugins,
  • fonts,
  • timezone,
  • supercookies,
  • cookies enabled,
  • user agent,
  • http accept
  • and screen resolution

Documentation / Reference

Discover More
Card Puncher Data Processing
Analytics - User Id (Person identity)

This page is a user identity (id). A person’s identity can be: anonymous (we don’t know anything this person yet), or named (we know something them such as an email address.) The most...
Card Puncher Data Processing
Consumer Analytics - Privacy

The purpose of data mining is to discriminate … who gets the loan who gets the special offer Certain kinds of discrimination are unethical, and illegal racial, sexual, religious, … But it...
Etag - An unique identifier for a HTTP resource

The ETag HTTP response header is an identifier for a specific version of a resource. A etag comparison determines whether two representations of a resource are the same and is therefore similar to a hash...
HTML - Privacy (Anonymization)

in the HTML context. A user can be distinguished from another by the user's IP address. (IP addresses are not a perfectly match to a user due to routing, proxy, ...); Technologies such as onion...
Card Puncher Data Processing
How are users/consumers tracked on the internet?

This page shows how tracking works. tracking is the process of following a user. Tracking Cookie: Evercookies, Cookie Syncing - Automatically re-sync unique cookie ID across consumer devices....
How can I protect myself from Bad Bot (Spambot, Attacker )?

Bad Bots are robots with bad intentions. They are also known as attackers. They walk through: web pages trying to find a form and to fill them trying: to send email in mass to create a fake...
Data System Architecture
What is a Surrogate Primary key? known also as Substitute, Synthetic or Generated Key - Logical Data Modeling -

A surrogate key is a substitute primary key for when: the data entity are created in distributed way you don't have access to a central entity such as database to create a simple sequence you don't...

Share this page:
Follow us:
Task Runner