[keycloak-dev] Device fingerprinting

Stian Thorgersen sthorger at redhat.com
Thu Sep 20 02:35:45 EDT 2018 

+1 To just using user agent for now.

I wouldn't write our own parser, that would be a lot of effort. If we want
to do any enhancing I would do that by submitting a PR to ua-parser. I
don't think that's a priority right now. Let's get something that works,
then we can consider improving in the future based on community feedback.
Or perhaps we can even get the community to improve for us ;)

On Wed, 19 Sep 2018 at 21:02, Douglas Palmer <dpalmer at redhat.com> wrote:

> I think this is my preference too. If we go this route should we use
> ua-parser (https://github.com/ua-parser <https://github.com/ua-parser>)
> and maybe enhance it or should we write our own parser? Ua-parser as it
> stands lists my Mac as “Other” for the device.
>
> Regards
> Doug
>
>
> > On Sep 19, 2018, at 11:11 AM, Stan Silvert <ssilvert at redhat.com> wrote:
> >
> > On 9/19/2018 1:36 PM, Douglas Palmer wrote:
> >> The user agent will give us some device info too, it will allow us to
> distinguish between PC, tablet and phone in most cases.
> > My vote is to just do everything we can with the user agent right now.
> > We parse it and make it easy to consume from the REST API. Then later,
> > we figure out how to enhance it.
> >>
> >> Regards
> >> Doug
> >>
> >>
> >>> On Sep 19, 2018, at 10:18 AM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
> >>>
> >>> From what I briefly read about fingerprinting and its legality it
> mentions it's not that OK if used to track users, but that's not the case
> in this situation I'd say, but hey I'm not a lawyer.
> >>>
> >>> I wonder if we really do need anything beyond what the user agent
> string gives us. Perhaps OS/Browser is sufficient?
> >>>
> >>> On Tue, 18 Sep 2018 at 22:03, Douglas Palmer <dpalmer at redhat.com
> <mailto:dpalmer at redhat.com>> wrote:
> >>> Hi everyone
> >>>
> >>> I haven’t managed to find an open source solution to device
> fingerprinting which gives us everything we need. This library however gets
> us most of the way there http://valve.github.io/fingerprintjs2 <
> http://valve.github.io/fingerprintjs2> <
> http://valve.github.io/fingerprintjs2 <
> http://valve.github.io/fingerprintjs2>>. It doesn’t give us enough
> information to distinguish between a desktop and a laptop but it will let
> us correlate devices and we can distinguish between a PC, a tablet and a
> phone. We can also get the OS, Browser and Versions from the user agent
> string.
> >>>
> >>> I have taken a look at a few sites the track device sessions. Apple
> can tell the difference between an iMac, a MacBook, an iPad and an iPhone.
> Facebook, GitHub, Google, LinkedIn and Pinterest don’t distinguish between
> an iMac and a MacBook. So maybe the library above is enough.
> >>>
> >>> I also came across the following article from the EFF which casts
> doubt on the legality of digital fingerprinting in Europe.
> https://www.eff.org/deeplinks/2018/06/gdpr-and-browser-fingerprinting-how-it-changes-game-sneakiest-
> <
> https://www.eff.org/deeplinks/2018/06/gdpr-and-browser-fingerprinting-how-it-changes-game-sneakiest->…
> <
> https://www.eff.org/deeplinks/2018/06/gdpr-and-browser-fingerprinting-how-it-changes-game-sneakiest-web-trackers
> <
> https://www.eff.org/deeplinks/2018/06/gdpr-and-browser-fingerprinting-how-it-changes-game-sneakiest-web-trackers
> >>
> >>>
> >>> Does anyone have any input on any of this? Is there a better library
> that I have missed? Should we stick to parsing the user agent to avoid
> potential problems with GDPR?
> >>>
> >>> Regards
> >>> Doug
> >>> _______________________________________________
> >>> keycloak-dev mailing list
> >>> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-dev <
> https://lists.jboss.org/mailman/listinfo/keycloak-dev>
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list