I’ve been doing some research into browser fingerprinting lately and have been wondering what data is being captured by the industry to identify and classify the different types of users coming to the system.

Here is an excerpt from Fingerprintjs.2 which is a basic library that many people use to fingerprint users. What we see is this excerpt is basic signal detection: user agent, language support, color depth, device memory, pixel ratios, and screen resolution. In the rest of the library we also see CPU classification, fonts installed, browser Plugins, session storage, touch screen detection, WebGL fingerprint, installed Ad blockers.

var UserAgent = function (done) {
done(navigator.userAgent)
}
var languageKey = function (done, options) {
done(navigator.language || navigator.userLanguage || navigator.browserLanguage || navigator.systemLanguage || options.NOT_AVAILABLE)
}
var colorDepthKey = function (done, options) {
done(window.screen.colorDepth || options.NOT_AVAILABLE)
}
var deviceMemoryKey = function (done, options) {
done(navigator.deviceMemory || options.NOT_AVAILABLE)
}
var pixelRatioKey = function (done, options) {
done(window.devicePixelRatio || options.NOT_AVAILABLE)
}
var screenResolutionKey = function (done, options) {
done(getScreenResolution(options))
}
var getScreenResolution = function (options) {
var resolution = [window.screen.width, window.screen.height]
if (options.screen.detectScreenOrientation) {
resolution.sort().reverse()
}
return resolution
}

What I’ve also been wondering is how ReCAPTCHA v3 works, and whether it too uses these same signals to classify requests as human or not human. It’s not super clear from the documentation or the verification response how reCAPTCHA v3 works. However according to 2captcha it seems that ReCAPTCHA v3 is based more on the validation of a user token that is created from a visit to a different site. I have much more to learn in this area and will post my additional finding later.