Tracking Processors: Client Fingerprint Processor

This processor is designed to collect uniquely identifying information from requests issued by a user. This information is then compared to the information collected about other sessions in the system. If a match is identified, the two sessions are merged. This allows session association to work even if all storage mechanisms used by the other tracking processors are cleared. Some of the uniquely identifying information includes the browser plugin list, the system font list, time skew, time-zone, user-agent, system language, and so on.

Table 28: Client Fingerprint Configuration Parameters

Parameter

Type

Default Value

Description

Basic

Processor Enabled

Boolean

False

Whether traffic should be passed through this processor.

Exclude Rules

Collection

[collection:0]

The fingerprint association rules to ignore.

Excluded Collectors

Collection

[collection:0]

The data points to prevent collection of on the client.

Hash Fingerprint Data

Boolean

False

Whether to hash the raw fingerprint data points before storing them. This prevents the recorded data from being used to obtain the original information about the client and reduces the overall storage size requirements. If collecting PII data is a concern, this is a recommended option, as it will eliminate any PII data in place of hashed versions of that data which cannot be reversed.

Page Injection Enabled

Boolean

True

Whether the fingerprint script should be injected into the requested page.

Advanced

Binary Resource Directory

String

(randomized)

The fake directory where binary resources required by the fingerprinting script are served from.

Data Obfuscation Key

String

(randomized)

The key used to prevent easy reading of the submitted fingerprint data. This should be alphanumeric and at least 8 unique characters long, duplicate characters are allowed, but do not count toward the total 8.

Fingerprint Scope Key

String

(randomized)

The key used to store fingerprint data. If this key is changed, all previously stored fingerprint data will be lost and the system will begin collecting fresh fingerprint data.

Fingerprint Submission Response

HTTP Response

text/plain 200 OK

The response to return when a user attempts to submit a fingerprint in the background. The user will not see this response unless they are using a debug proxy.

Fingerprint Tracking Cookie Name

String

(randomized)

The name of the cookie used on the client to ensure we don't submit multiple copies of the same fingerprinting data. This can be anything, but should not overlap with a legitimate cookie being used on the site.

Hash Fingerprint Data

Boolean

False

Whether to hash the raw fingerprint data points before storing them. This prevents the recorded data from being used to obtain the original information about the client and reduces the overall storage size requirements. If collecting PII data is a concern, this is a recommended option, as it will eliminate any PII data in place of hashed versions of that data which cannot be reversed.

Script Filename

String

(randomized)

The filename to use when serving the fingerprint script to the client.

Submission Filename

String

(randomized)

The filename where fingerprint data should be submitted back to the server

Incident: Fingerprint Directory Indexing

Boolean

True

The user requested a directory index listing on the fake directory used to serve binary resources required by the fingerprinting script. Since this is a fake directory, the request represents a malicious action.

Incident: Fingerprint Directory Probing

Boolean

True

The user requested a random file within the fake directory used to serve binary resources required by the fingerprinting script. Since only files we specifically reference in the fingerprinting script should be requested, this represents a malicious action.

Incident: Fingerprint Manipulation

Boolean

True

The user submitted fingerprint data to the server which was not properly formatted. This likely means that the user was manipulating the fingerprinting data or spoofed it entirely.