alt Hacker NewsShow HN: DevicePrint – device fingerprinting without cookies
Hi HN,
I built DevicePrint after running into problems with duplicate accounts and unreliable cookies in my own projects.
DevicePrint is a lightweight device fingerprinting tool designed for developers. It helps identify devices across sessions without relying on cookies.
Use cases include fraud detection, preventing duplicate signups, and security-sensitive workflows.
I'd really appreciate feedback — especially around privacy concerns or edge cases you’ve run into.
Link: https://deviceprint.io
Comments
AmIUnique.org has a good collection of non-cookie tracking techniques.
I’ve visited 292 times. From Melbourne, Athens, Piraeus, Paris, Munich, Vantaa, Berlin and Kuala Lumpur. I’ve used Chrome, Firefox and Safari on both mobile and desktop.
What’s even more impressive is I’ve made all of those visits from all of those cities in the last few minutes.
You may have a bug.
I love services that have not a single person as a contact/responsible for the site. /sarcasm
It's a red flag if you hide behind a contact form with no reachability beyond that whatsoever.
And as other said: 99.5% accuracy means you should have millions of working fingerprints, since mine and others are faulty as hell.
Unfortunately this is an example of how AI should not be used.
You have to be able to understand your core technology/IP/logic - I feel that must have been significantly overlooked here.
This reminds me of EFF's Cover Your Tracks, the rebrand of Panopticlick: https://coveryourtracks.eff.org/
This helps you see how your browser tries to block or deflect fingerprint and trackers. I miss their "You are one of x,000 users" from the old site but it still gives a nice summary of bits of info your browser leaks and how fingerprinting basically works.
What differentiates this from http://fingerprint.com/?
Visited for the first time and it said I already visited 800+ times with a 99.5% accurancy - not very promising. From the code this also looks like very simple client-side fingerprinting + IP information?
FYI, I'm seeing 99.5% confidence I've been to the site 62 times. I can assure you 've been there once.
Apparently I went from Germany to UK in 29 minutes, pretty good.
It's a 99.5% declared confidence and says it used 30+ signals.
Assuming you've a list of VPN IP addresses, and travel times between countries, I reckon you should be able to rule out some false positives.
Would be interested to know what the "signals" were that produced the match.
I'm on domestic broadband in the UK (IPv4), according to dnschecker they're on a mainstream mobile provider in Germany. Could be a private tunnel, but those would be rare. Which raises the question of how the confidence rating is made.
I like the general page presentation, a good landing page except that you'll tend to put off everyone who gets a bad result for the example. That might be turned around with something showing "if this isn't you, well done on your browser security" and maybe some compelling stats on confirmed matches from testing?
The aim is great, and this would be useful for many use cases, especially when buying traffic (ads).
But as others mentioned, it is far from being accurate. I got the same as others, multiple visits from multiple countries.
Seeing as everyone is apparently seeing themselves having visited multiple times when it wasn't them, including me, I'm very happy with the privacy of this system =) It cannot effectively track me
It has 99.5% confidence this is my 10th visit. I've hit refresh once, but the rest aren't me. My other "visits" are from many countries, saying I've changed browser, IP, and location. They are using the same OS and browser though.
It shows I've visited twice already, from different countries, IPs and browsers. I don't think this works. This open source one does work between incognito and normal session: https://fingerprintjs.github.io/fingerprintjs/
Chrome, Windows 11, apparently, it saw me loads of times, but my first visit was today.
I'd love to use a reliable system like this to detect returning fake, banned, and bot users on my services.
Haha, same here, first visit but system saw me severals times already. I have a quite unique setup..
Works great! Thank you for fighting for users anonymity
Saint-Jean-sur-Richelieu sounds lovely! as does firefox, I should check out one of them at least...
Opening the site from two different temporary tab containers in Firefox yields different IDs.
AI SLOP [ insert image for "Certified AI BULLSH*" ]
Works great, my device visited over 100 times already
edit: not only that, under past visits I can now see the ip address of other visitors, together with their rough location and browser setup. You may want to remove the "gdpr compliant" from the website :)
Happy to answer any technical questions or discuss implementation details.
thinks i have visited multiple times when i definitely haven't, did you test this on macs?
Definitely not working at all.
It shows I've visited all around the world, lots of times.
Nope. Just once, and from one location.
It doesn’t seem to be very good, but don’t worry, just keep prompting Claude and I’m sure you’ll get it sorted out.
Jokes aside, it’s cool but it’s not useful if it’s the first time I visit and I see I have 10+ past visits from all around the world… obviously this is not reliable and I wouldn’t use it for anything, much less anything serious.