Open eylon84 opened 3 months ago
In most cases, the ID strictly reflects the raw front end analysis with no server-side computing. If a certain threshold of IDs with significant similarities appear in the same timeseries window, these will be 100% generated server-side. But, they have a cooldown clock and eventually revert back to front end analysis.
thanks really cool! do you also take a fingerprint HTTP headers such as HSTS\JA3 (ssl) as another layer in case of similarities?
No. I'm familiar with JA3 and JA4, but am inclined to focus on client-side observations. The server-side part relies mostly on browser features. Network anomalies are considered but sparingly (it's useful for API limits).
Hi, I was wondering if the data models that you are using are being used to generate the FP ID based on the past (meaning that you need the ML model in order to generate the FP ID), or is it a raw front-end only hash based on the attributes of the browser
Really amazing work btw