What is the best approach to use FingerprintJS #749
-
Hi guys, As far as we know, FingerprintJS will generate an ID based on the client's information. And according to the excellent video guide, we can put this ID into a hidden input field, send it to the server, and use this My question is simple, what if I open developer tools (F12) and change the hidden input value that contains I thought about encrypting the Any idea? |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 2 replies
-
Hello @vietnguyen09, |
Beta Was this translation helpful? Give feedback.
-
Hello @vietnguyen09! FingerprintJS Pro PoVSince you mentioned the Server API in your question, I assume it's related to the FingerprintJS Pro product. FingerprintJS Pro can detect tampered signals and in the majority of cases will return a correct visitor identifier. Encrypting the There are also other countermeasures under the hood we don't share publicly. Open-source FingerprintJS Library PoVSince open-source FingerprintJS is a client-side library only, there's no 100% solution. Open-source library FingerprintJS is designed to deal with regular users, not tech savvy folks. NoteInstead of getting the fingerprint before the form is submitted, you can get a fingerprint right after the form is submitted and before the data is sent. It provides you with two benefits:
|
Beta Was this translation helpful? Give feedback.
-
Would you please give the link of this video you are talking about |
Beta Was this translation helpful? Give feedback.
-
@perpi probably this video was mentioned: https://www.youtube.com/watch?v=jWX9P5_jZn8&t |
Beta Was this translation helpful? Give feedback.
Hello @vietnguyen09!
FingerprintJS Pro PoV
Since you mentioned the Server API in your question, I assume it's related to the FingerprintJS Pro product.
You should query our Server API or collect a webhook on the server-side. If the provided
visitorId
is not present in our server API response (or webhook), you can assume thevisitorId
provided by your frontend was forged. It's also a good practice to check other fields like time or confidence. You might also use the requestId to check details about the identification request.FingerprintJS Pro can detect tampered signals and in the majority of cases will return a correct visitor identifier. Encrypting the
visitorId
is not necessary. You sh…