[keycloak-dev] Device fingerprinting
Douglas Palmer
dpalmer at redhat.com
Wed Sep 19 13:36:57 EDT 2018
The user agent will give us some device info too, it will allow us to distinguish between PC, tablet and phone in most cases.
Regards
Doug
> On Sep 19, 2018, at 10:18 AM, Stian Thorgersen <sthorger at redhat.com> wrote:
>
> From what I briefly read about fingerprinting and its legality it mentions it's not that OK if used to track users, but that's not the case in this situation I'd say, but hey I'm not a lawyer.
>
> I wonder if we really do need anything beyond what the user agent string gives us. Perhaps OS/Browser is sufficient?
>
> On Tue, 18 Sep 2018 at 22:03, Douglas Palmer <dpalmer at redhat.com <mailto:dpalmer at redhat.com>> wrote:
> Hi everyone
>
> I haven’t managed to find an open source solution to device fingerprinting which gives us everything we need. This library however gets us most of the way there http://valve.github.io/fingerprintjs2 <http://valve.github.io/fingerprintjs2> <http://valve.github.io/fingerprintjs2 <http://valve.github.io/fingerprintjs2>>. It doesn’t give us enough information to distinguish between a desktop and a laptop but it will let us correlate devices and we can distinguish between a PC, a tablet and a phone. We can also get the OS, Browser and Versions from the user agent string.
>
> I have taken a look at a few sites the track device sessions. Apple can tell the difference between an iMac, a MacBook, an iPad and an iPhone. Facebook, GitHub, Google, LinkedIn and Pinterest don’t distinguish between an iMac and a MacBook. So maybe the library above is enough.
>
> I also came across the following article from the EFF which casts doubt on the legality of digital fingerprinting in Europe. https://www.eff.org/deeplinks/2018/06/gdpr-and-browser-fingerprinting-how-it-changes-game-sneakiest- <https://www.eff.org/deeplinks/2018/06/gdpr-and-browser-fingerprinting-how-it-changes-game-sneakiest->… <https://www.eff.org/deeplinks/2018/06/gdpr-and-browser-fingerprinting-how-it-changes-game-sneakiest-web-trackers <https://www.eff.org/deeplinks/2018/06/gdpr-and-browser-fingerprinting-how-it-changes-game-sneakiest-web-trackers>>
>
> Does anyone have any input on any of this? Is there a better library that I have missed? Should we stick to parsing the user agent to avoid potential problems with GDPR?
>
> Regards
> Doug
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
More information about the keycloak-dev
mailing list