Identification using pseudonymized IP Address

The originating event's IP address is an important signal that Fingerprint Identification relies upon to accurately identify browsers and mobile devices. Normally, Fingerprint Identification stores the IP address as plain text and uses it in its identification algorithms.

Several regulatory frameworks (e.g. GDPRCCPA) have classified IP addresses as Personally Identifiable Information (PII). When you use Fingerprint Identification for purposes with a legitimate interest, these frameworks allow you to store these IP addresses(PII) as plain text.

On the other hand, if you use Fingerprint Identification for purposes that do not fall under legitimate interest, then these frameworks recommend using pseudonymized IP addresses as an alternative to comply with regulations.

Accordingly, we have introduced a new form of Identification that uses pseudonymized IP addresses. In this approach, the original IP address is combined with other metadata and then cryptographically transformed into an unrecognizable, binary value after which it is used by our identification algorithms. It is impossible to retrieve the original IP address from this unrecognizable binary value.

Identification using pseudonymized IP addresses is a worthwhile alternative to experience the core capabilities of the Fingerprint Device Intelligence platform without compromising on identification accuracy and regulatory compliance.

Identification using regular IP address vs. pseudonymized IP address

Several features in Fingerprint’s Device Intelligence platform that rely on the IP address being available in plain text will not be available when using a pseudonymized IP address. For example, IP Geolocation and several Smart Signals (e.g. vpnipInfo) will not be available. The table below outlines the differences between the two approaches:

FeatureIdentification using regular IP addressIdentification using pseudonymized IP address
How is the IP address stored?It is stored as plain text.It is combined with other metadata, transformed into an unrecognizable binary value, and then stored.
Can the original IP address be retrieved?Yes, in identifiable clear text.No. It is impossible to retrieve the original IP address address from the binary value.
How does the IP address appear in responses to JS Agent / SDK requests, Server API requests, and Webhooks?Original, unmodified IP address.
Is ipLocation available in responses?YesNo
Are all Smart Signals available?YesNo. IP Geolocation, IP Blocklist Matching, and VPN Detection will not be available.

Enabling pseudonymized IP addresses for your subscription

Apart from a few smart signals being unavailable, pseudonymized IP addresses do not affect your subscription in any other way:

  • You can continue to use the same subscription.
  • Your users will continue to be identified using the same visitor ID as before.
  • Identification accuracy remains the same.

If you would like to try this feature for your subscription, please contact our support team.