Smart Signals Overview

Fingerprint is not just an identity platform but also helps fight fraud by providing actionable device intelligence called Smart Signals. Read on to get basic understanding of individual Smart Signal components and its applications.

Setup and Usage

Typical integration into a project consists of those steps:

  • Add the JavaScript agent on the frontend part of your web application. If you are an existing customer and already deployed Fingerprint, you can skip this step.
  • Get the requestId from the JavaScript agent response and pass it to your server.
  • Call GET /events endpoint from your server-side environment to retrieve the Smart Signals in the API response.
  • Use the information about fraud in your business logic.

📘

Availability

Because Smart Signals are focused on fraud detection, we only made them available through our Server API and Webhooks so we can ensure that you receive those results unaltered.

Smart Signals are available in our Pro Plus and Enterprise plans.

Browser Smart Signals

Each individual Smart Signal contributes with a unique piece of information about the device. Most of our Smart Signals are independent from the source of the request (browser vs. native mobile application) but there are some signals that are not available if the data was collected through our official mobile SDKs.

See the tags under each title or our Smart Signals Cheat Sheet to determine whether you should expect to see the Smart Signal output in Server API and Webhooks based on its source.

Browser Bot Detection

BrowserPro Plus Enterprise

Get information about good and bad bots allowing to block or filter them from your regular traffic and stop automated abuse attempts.

The bot.result field contains one of notDetected, bad or good values where

  • notDetected means that we haven't detected a bot and the payload should belong to a regular visitor
  • good indicates that the bot is a well-known web crawler or other search engine bot
  • bad is an automated tool that doesn't have legitimate uses and assumes fraudulent activity

🚧

VisitorID + Bot Detected

When a bot is detected, we replace visitorID with a BotDetected00000000 value (it follows the usual visitorID format) to decrease the probability of bundling legitimate traffic and bots together

"botd": {
  "data": {
    "bot": {
      "result": "notDetected"
    },
    "url": "https://example.com/",
    "ip": "94.142.239.124",
    "time": "2023-08-29T21:48:17.351Z",
    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36",
    "requestId": "1693345697334.YKOdT5"
  }
}

Incognito Detection

BrowserPro Plus Enterprise

Detects incognito mode in major browsers. It provides additional information about the visitor that might suggest they are trying to hide their identity.

"incognito": {
  "data": {
    "result": false
  }
}

IP Geolocation

iOS Android BrowserPro Plus Enterprise

Provides information about the physical location of the originating IP address.

We deploy several mechanisms to detect the IP address of the original client which allows us to correctly determine visitor's location, even when using anonymizing tools. The geolocation field then shows the estimated physical location of the client.

The asn and dataCenter field can be used to group ranges of IP addresses that belong to the same owner to apply protection rules against a whole block of IP addresses. They could also indicate that the visitor connects through an intermediate server instead of connecting through an ISP directly.

"ipInfo": {
  "data": {
    "v4": {
      "address": "94.142.239.124",
      "geolocation": {
        "accuracyRadius": 20,
        "latitude": 50.05,
        "longitude": 14.4,
        "postalCode": "150 00",
        "timezone": "Europe/Prague",
        "city": {
          "name": "Prague"
        },
        "country": {
          "code": "CZ",
          "name": "Czechia"
        },
        "continent": {
          "code": "EU",
          "name": "Europe"
        },
        "subdivisions": [
          {
            "isoCode": "10",
            "name": "Prague"
          }
        ]
      },
      "asn": {
        "asn": "7922",
        "name": "COMCAST-7922",
        "network": "73.136.0.0/13"
      },
      "dataCenter": {
        "result": true,
        "name": "DediPath"
      }
    },
    "v6": {
      "address": "::ffff:5e8e:ef7c",
      "geolocation": {
        "accuracyRadius": 20,
        "latitude": 50.05,
        "longitude": 14.4,
        "postalCode": "150 00",
        "timezone": "Europe/Prague",
        "city": {
          "name": "Prague"
        },
        "country": {
          "code": "CZ",
          "name": "Czechia"
        },
        "continent": {
          "code": "EU",
          "name": "Europe"
        },
        "subdivisions": [
          {
            "isoCode": "10",
            "name": "Prague"
          }
        ]
      },
      "asn": {
        "asn": "7922",
        "name": "COMCAST-7922",
        "network": "::ffff:5e8e:ef7c/110"
      },
      "dataCenter": {
        "result": true,
        "name": "DediPath"
      }
    }
  }
}

VPN Detection

iOS Android BrowserPro Plus Enterprise

Fingerprint's VPN detection is capable of detecting whether the user is in a different timezone compared to their originating IP address (timezoneMismatch field). It can also provide information about whether an IP address has been known to belong to one of the public VPN providers through the publicVPN field.

For browsers, the result is true if either the publicVPN or timezoneMismatch method is true.

For mobile devices, other additional methods (auxiliaryMobile) are also used to detect the presence of a VPN. For these devices, the result is true if either of the three listed methods is true.

"vpn": {
  "data": {
    "result": false,
    "originTimezone": "Europe/Prague",
    "methods": {
      "timezoneMismatch": false,
      "publicVPN": false,
      "auxiliaryMobile": false
    }
}

Browser Tamper Detection

BrowserPro Plus Enterprise

There are very simple techniques to confuse less sophisticated fingerprinting algorithms through User Agent spoofing or trying to change the output of selected signals that are collected from the browser.

While our visitorID remains stable in those cases, tampering detection helps detect this behavior and flag visitors that have tried applying such techniques by comparing their browser signature to our statistical model.

The output of this model is captured as anomalyScore, a number indicating how improbable is the signature of the visitor's browser. Values close to 1 signify highly anomalous browsers and we consider anything above the threshold of 0.5 to be actionable (the result field conveniently captures that fact).

"tampering": {
  "data": {
    "result": false,
    "anomalyScore": 0
  }
}

Virtual Machine Detection

BrowserPro Plus Enterprise

Identifies whether the request came from a virtual machine.

"virtualMachine": {
  "data": {
    "result": false
  }
}

Privacy-Aware Settings

BrowserPro Plus Enterprise

Firefox, Brave, and other privacy focused browsers actively fight fingerprinting and expose user settings that have the ability to randomize and obfuscate signal output. Privacy-aware settings Smart Signal detects if those settings are enabled and reports it.

"privacySettings": {
  "data": {
    "result": false
  }
}

IP Blocklist Matching

iOS Android BrowserEnterprise

Block IP addresses based on their presence in different public and proprietary blocklists.

The feature uses a combination of our and vendor IP databases to determine whether

  • The IP address is a known tor exit node (tor payload)
  • The IP address has been part of a network attack or email spam attack (ipBlocklist.details payload)
  • The IP address belongs to a public proxy provider (proxy payload)

📘

tor and proxy payloads do not utilize active Tor or proxy detection mechanisms.

"ipBlocklist": {
  "data": {
    "result": false,
    "details": {
      "emailSpam": false,
      "attackSource": false
    }
  }
}
"tor": {
  "data": {
    "result": false
  }
}
"proxy": {
  "data": {
    "result": false
  }
}

Raw Device Attributes

BrowserEnterprise

Raw Device Attributes exposes additional data points we normally collect through our JavaScript agent.

🚧

Format Stability

Raw Device Attributes contents can change at any time in the future (includes complete scoped field removal) and we advise against setting dependencies on concrete field names inside of the data field.

"rawDeviceAttributes": {
  "data": {
    "<field_name>": {
      "value": 127
    }
}

Mobile-Only Smart Signals

Some Smart Signals are dependent on information collected from our native mobile SDKs. Most of them are also platform specific and work either on iOS or Android. Those Smart Signals provide powerful information about the native application's integrity and allow for deep insights into tampering detection for customers that use Fingerprint in their mobile applications.

Android Emulator Detection

AndroidEnterprise

Prevent spam and protect against nefarious Android emulator farms by ensuring the request is coming from a physical device.

"emulator": {
  "data": {
    "result": false
  }
}

Android Tamper Detection

AndroidEnterprise

Ensure a safe Android mobile application environment by detecting rooted devices.

"rootApps": {
  "data": {
    "result": false
  }
}

Cloned App Detection

AndroidEnterprise

Identify if a request is coming from a cloned application. (Android only)

clonedApp": {
  "data": {
    "result": false
  }
}

Factory Reset Detection

AndroidEnterprise

Indicates the exact time a device was reset to its factory settings, which results in wiping all of the user sensitive data. (Android only)

"factoryReset": {
  "data": {
    "time": "1970-01-01T00:00:00Z",
    "timestamp": 0
  }
}

Jailbroken Device Detection

iOSEnterprise

Identifies if a visitor is using an iPhone which has been jailbroken.

"jailbroken": {
  "data": {
    "result": false
  }
}

Frida Detection

iOSEnterprise

Indicates if the open source tool Frida has been used to tamper with the app.

"frida": {
  "data": {
    "result": false
  }
}