Tracking Processors: Client Fingerprint Processor
This processor is designed to collect uniquely identifying information from requests issued by a user. This information is then compared to the information collected about other sessions in the system. If a match is identified, the two sessions are merged. This allows session association to work even if all storage mechanisms used by the other tracking processors are cleared. Some of the uniquely identifying information includes the browser plugin list, the system font list, time skew, time-zone, user-agent, system language, etc.
Table 1: Client Fingerprint Configuration Parameters
Parameter | Type | Default Value | Description |
|---|---|---|---|
Basic | |||
Processor Enabled | Boolean | False | Whether traffic should be passed through this processor. |
Exclude Rules | Collection | [collection:0] | The fingerprint association rules to ignore. |
Excluded Collectors | Collection | [collection:0] | The data points to prevent collection of on the client. |
Hash Fingerprint Data | Boolean | False | Whether to hash the raw fingerprint data points before storing them. This prevents the recorded data from being used to obtain the original information about the client and reduces the overall storage size requirements. If collecting PII data is a concern, this is a recommended option, as it will eliminate any PII data in place of hashed versions of that data which cannot be reversed. |
Page Injection Enabled | Boolean | True | Whether the fingerprint script should be injected into the requested page. |
Advanced | |||
Binary Resource Directory | String | (randomized) | The fake directory where binary resources required by the fingerprinting script are served from. |
Data Obfuscation Key | String | (randomized) | The key used to prevent easy reading of the submitted fingerprint data. This should be alphanumeric and at least 8 unique characters long, duplicate characters are allowed, but do not count toward the total 8. |
Fingerprint Scope Key | String | (randomized) | The key used to store fingerprint data. If this key is changed, all previously stored fingerprint data will be lost and the system will begin collecting fresh fingerprint data. |
Fingerprint Submission Response | HTTP Response | text/plain 200 OK | The response to return when a user attempts to submit a fingerprint in the background. The user will not see this response unless they are using a debug proxy. |
Fingerprint Tracking Cookie Name | String | (randomized) | The name of the cookie used on the client to ensure we don't submit multiple copies of the same fingerprinting data. This can be anything, but should not overlap with a legitimate cookie being used on the site. |
Hash Fingerprint Data | Boolean | False | Whether to hash the raw fingerprint data points before storing them. This prevents the recorded data from being used to obtain the original information about the client and reduces the overall storage size requirements. If collecting PII data is a concern, this is a recommended option, as it will eliminate any PII data in place of hashed versions of that data which cannot be reversed. |
Script Filename | String | (randomized) | The filename to use when serving the fingerprint script to the client. |
Submission Filename | String | (randomized) | The filename where fingerprint data should be submitted back to the server |
Incident: Fingerprint Directory Indexing | Boolean | True | The user requested a directory index listing on the fake directory used to serve binary resources required by the fingerprinting script. Since this is a fake directory, the request represents a malicious action. |
Incident: Fingerprint Directory Probing | Boolean | True | The user requested a random file within the fake directory used to serve binary resources required by the fingerprinting script. Since only files we specifically reference in the fingerprinting script should be requested, this represents a malicious action. |
Incident: Fingerprint Manipulation | Boolean | True | The user submitted fingerprint data to the server which was not properly formatted. This likely means that the user was manipulating the fingerprinting data or spoofed it entirely. |
