What is the best approach to use FingerprintJS

[vietnguyen09]

Hi guys,

As far as we know, FingerprintJS will generate an ID based on the client's information. And according to the excellent video guide, we can put this ID into a hidden input field, send it to the server, and use this visitorID to get the client's info from API.

My question is simple, what if I open developer tools (F12) and change the hidden input value that contains visistorID?
Or using some data changer when posting info to change the visistorID such as THIS ONE

I thought about encrypting the visistorID using CryptoJS when sending this to the server but as far as I know, encrypting something from the client-side is not the best way if we want to hide something.

Any idea?

[makma]

Hello @vietnguyen09,
This is a great question and it depends on what product you use.
Is your question related to the open-source FingerprintJS library or SaaS FingerprintJS Pro?

[vietnguyen09]

Thank you for your reply. Could you please point out solutions for both?

[makma]

Hello @vietnguyen09!

FingerprintJS Pro PoV

Since you mentioned the Server API in your question, I assume it's related to the FingerprintJS Pro product.
You should query our Server API or collect a webhook on the server-side. If the provided visitorId is not present in our server API response (or webhook), you can assume the visitorId provided by your frontend was forged. It's also a good practice to check other fields like time or confidence. You might also use the requestId to check details about the identification request.

FingerprintJS Pro can detect tampered signals and in the majority of cases will return a correct visitor identifier. Encrypting the visitorId is not necessary. You should always check if the provided information from the client corresponds to the data obtained by the Server API.

There are also other countermeasures under the hood we don't share publicly.

Open-source FingerprintJS Library PoV

Since open-source FingerprintJS is a client-side library only, there's no 100% solution. Open-source library FingerprintJS is designed to deal with regular users, not tech savvy folks.

Note

Instead of getting the fingerprint before the form is submitted, you can get a fingerprint right after the form is submitted and before the data is sent. It provides you with two benefits:

• Longer duration between the load and the get functions might improve accuracy.
• It's slightly more difficult for visitors to modify the form content using the HTML editor.

[vietnguyen09]

Thank you for your excellent solutions. Got it loud and clear!

[perpi]

according to the excellent video guide

Would you please give the link of this video you are talking about

[Valve]

@perpi probably this video was mentioned: https://www.youtube.com/watch?v=jWX9P5_jZn8&t