I need to develop an application that registers the device/browser that the user is using. Such as banks or better yet FB does. So for example when a person logs in the application checks to see if they have logged in using that device/browser before. If not then have them go through a verification process.
The application will be built in .Net 4, Asp.Net MVC, js, jQuery, etc..
I hoping to get some advice on what others have used to accomplish this task.
EDIT
Thanks for the comments.
Ok, so basically, if am understanding correctly, both suggestions would mean storing a uniqueid in a cookie/localStorage on a Laptop/Device and also in my DB so i can recognize it in the future.
I was hoping, to be able to get a unique ID from the machine/device that is static and specific to machine/device so that I can use to track it. My concept would mean that a user would have several devices/machines that i have logged in from.
I will also be capturing the IP but i don't want to use that Key to identifying a user.
The chances of getting a precisely unique identifier from a browser is slim to none. There are many privacy risks associated with browsers providing a unique identifier string. However, you can always generate a random GUID for a session a user establishes, and store it either as localStorage or as a cookie.
Related
I've been building a web app which will be served to users via a native webview. I have been using This monitoring Tool to monitor visits and page views but it really does not provide the stats that I need, which is the real number of people actually using my app.
I think, If I could create a js code and serve it withing the index page of the app, so this js code can collect some unique device "something" and create a database with that info, so, everytime a user uses the app this same js code, or something else, could recieve that unique device "somethig" and compare it to the database, if it already exists is not counted as a new user as it has been counted before. But if it does not exist then it would be a new user.
I must state that the app would be hosted on a shared hosting and the webiew app will not be at Google Play but delivered to users in different ways. So, what I really need to know is:
1- Is it the logic I am using correct? Can it be done?
2- Which could be that unique device "something" other than IMEI, phone number or unique device ID?
I know it's not the usually accepted kind of question used to post here but I do not want to dive into some coding without beeing sure it will be usefull. So, depending on the answers I would try it out in practice and reshape this question to fit the Site's guidelines.
Thank you all in advance.
Most analytics libraries like Google analytics usually generate a specific ID for each user.
You're right though that it is possible. Usually you'll simply generate the ID the first time and then just store it locally, checking on every subsequent visit if it's still there, though it can dissapear if a user clears their cookies
I believe some users on my site are using IP masks to create more than one account. Due to the nature of my site/game it's against the rules and I need to remove players like this.
I currently track their IP, host, browser type and such with PHP, I also use javascript/jquery to get their screen size. I also have a little script set up that tells me if their coming through a forwarding service. It says this certain player is although his IP doesn't match any proxy lists I've come across.
Basically I'm looking for any other info I can collect that I can compare and determine if a suspect player is actually another players second account. Any suggestions?
The only thing i can think of is using telephone number as part of subscription process. And sending some sort of verification code via SMS.
Also you can start setting cookies.
And is it possible to imagine some sort of detection as part of your game/application. Like you add some game elements that would expose suspects to some secret knowledge. Setup honeypots. Like you show some secret 'cheat' codes or specific link/location to one suspected double and not to the other. Then if the other tries to use that info - you got him... Basically build some sneaky intelligence into your app
Combining these with all the other detection techniques, could make it very close to 100% bulletproof and can be a lot of fun.
Is there a way to get the device's unique id using JQuery/JavaScript.
I know one can detect the user agent and type of device that is being used but that is not required. I need to know the unique id that is being used.
Having said that I also know that browser is the least priviliged application running on the machine and it should be able to get that id.
But still asking if there is a way?
Not possible as far as I know.
I believe it's a security issue. Your device ID is very sensitive information that you wouldn't want just any website being able to capture.
Update:
It's not possible (without any hackery at least) to physically distinguish the computers accessing a web site without the permission of their owners. You can store a cookie to identify the machine when it visits your site again but the key is that the user is in control, and rightly so.
How can i generate unique fingerprint of each client?
I know must use navigator object but some properties like navigator.battery cannot use in this method.
// battery included and unique may change.
var uniqueHash = exampleHash(JSON.stringify(navigator));
How can i generate correct unique fingerprint for each user just using JavaScript and without cookie.
Cross platform and older browser also must be included.
I need list of cross browser supported by navigator.X
Note:
I don't want to generate random hash. i want to generate system base hash for each user and i dont wanna save on Cookie or Storage.
How can i generate unique fingerprint of each client?
Short answer is that you can't. It's impossible to do this for every client. You can get close using invasive profiling of the client, but you'll probably only get a unique identifier in around 90-95% of cases.
and i dont wanna save on Cookie or Storage.
Is there a reason you don't want to store data client side? If you told us what you were trying to achieve then maybe we could suggest a better way to solve the problem.
One route that may be worth looking into is using the Mozilla Persona API. It exposes a navigator.id property for consumption. Getting a unique id from a user is as simple as...
navigator.id.get(function(unique_id) {
alert("this is your unique id: " + unique_id);
})
This has the downside of requiring user authorization
Example: http://jsfiddle.net/aJsL9/1/
Simplest way to keep a session without using cookies is appending a unique hash (maybe a UUID or something similar) to the urls in the page as a get parameter:
/my/fancy/url
becomes
/my/fancy/url?HASHCODE
whenever the server receives a request, it capture the HASHCODE if present, otherwise it generates one, and then append it to all links on the served page.
Please bear in mind that the user can manipulate the HASHCODE and you should take that into account when engineering your application.
Anyway, notice that it's quite ugly in the fancy-url era. Also notice that user tracking is a delicate subject and you might incur into legal problems if you do not properly declare it in the TOS.
EDIT: you cannot track a person across multiple web sites without using cookies in any of their variants (flash, session storage, etc.) and a domain shared between sites. No way, you cannot set a variable or cookie from one domain and access it from another one in any decent browser, otherwise it would be a big security hole.
EDIT: Panopticlick cannot be used as a tracking method as you suggested, because it is based on statistical matching and it is also pretty bad at that (try browsing https://panopticlick.eff.org/ from outside the USA or with the just-released Chrome/Firefox update). It's a good proof concept, but nothing that you can use for this purpose. Also, you would need a whole lot of samples to get statistically relevant results.
EDIT: Browser fingerprint identifying power is weak: many browsers are autoupdating (like Chrome or Firefox) and official builts are very few (20? 40? Maybe a bit more if you count Linux distribution-compiled ones), so you will find a consistent portion of users with the same user agent. Add that there is a pletora of consumer PCs with similar configurations.
Since most visitor count services are based on measuring public sites I am not able to use such services.
My goal is to measure how many unique visitors are surfing on a specific Intranet site per day. The problem is that I have very litte technical possibilities since I was provided with a simple IIS web space. This means that I can only use HTML5 and JS (This site will only be accessed by iPads). Maybe there is a new HTML5 feature I am missing?
Thanks for any tips and hints.
Unique visits have to be tracked on the back end. You'll need to be able to use some server side code to track people, html and JS have no idea of unique visitors they run on the client side, so its basically static in that sense, a users computer has no idea of who else is using the site.
You'll have to use some type of backend language. (c#, PHP, VB, ...etc whole bunch of them)
You will also have to know what makes each user unique, maybe IP, but your on the intranet, that maybe the same for everyone.
You could simply have code that gets the unique id(maybe the IP), checks a text file, if its not in the text file add it to a new line, then just count the lines.