A website created to collect device information from clients. This repository is organised as a monolith, with all library, front and back-end code living in the same repository:
api/ - Serverless configuration files and AWS Lambda code
app/ - Front end i.e. render code for public site
lib/ - A library of javascript probes used to scrape data from clients
lib/vendor - Vendor scripts used in probes. Includes third party fingerprinting libraries
This site and accompanying libraries were written in pure (ES6) Javascript. The front-end application uses React, Redux and Redux-sagas (async operations), with Webpack to package and Babel to transpile (to browser compatible JS) the bundle. The API runs Node.js code on AWS Lambdas to save on running costs.
I'm looking at device fingerprinting for my masters project as part of my fourth year at Imperial College London studying Computing. I've written a library of probes based on as many common/recent fingerprinting techniques as possible. Through collecting browser metrics from many clients, I aim to work towards an 'ideal' fingerprint and additionally measure the success of existing libraries.
I aim to provide an entropy (i.e. a measure of uniqueness) for each browser metric I probe.
Here is the current list of metrics I probe:
- Adblock detection
TODOAudio and Video codec detection- Cookies
- Enabled?
TODOSupercookies
- CPU Information
- Logical cores
TODOMath constants
- DevicePixelRatio
- DoNotTrack
- Device memory
- Fonts
- Classic font detection (via font-detect by Lalit Patel - included in
vendor/) from pre-defined font list. TODOUnicode glyph measurements
- Classic font detection (via font-detect by Lalit Patel - included in
- Hardware detection
- Accelerometer
TODOCameraTODOMicrophoneTODOMulti-monitor- Touchscreen + WebAPI metrics
- HTML Canvas - 2D
- Alpha channel (transparency)
- Arc
- Bezier Curve
- Composition modes:
[ 'source-over', 'source-in', 'source-out', 'source-atop', 'destination-over', 'destination-in', 'destination-out', 'destination-atop', 'lighter', 'copy', 'xor', 'multiply', 'screen', 'overlay', 'darken', 'lighten', 'color-dodge', 'color-burn', 'hard-light', 'soft-light', 'difference', 'exclusion', 'hue', 'saturation', 'color', 'luminosity', ]- Image
- Quadratic Curve
- Radial Gradient
- Basic text
- Text with shadow
- Transformations
- Basic triangle
- Navigator object
TODOPlugins- Internet Explorer specific
- Non-IE
- Screen
- Colour depth
- Various dimension measurements
- Timezone
- Modernizr feature detection
TODOWebGL - 3D- Clipping planes
- Fragment shaders
- Lighting and Shadow mapping
- Pre-defined model renders
- Vertex shaders
TODOWebRTC- WebStorage
TODO: open()IndexedDB- LocalStorage
- SessionStorage
TODOWriting script detection (i.e. OS level installed languages)
I have also included asynchronous calls to other fingerprinting libraries found in the public domain. I aim to test the effectiveness of these libraries and form comparisons relative to both my library and relative to other libraries:
- fingerprintjs2 - Valve (MIT)
- clientjs - jackspirou (Apache)