I'm using FingerprintJS, overnight, they changed their pricing and removed the free plan, so I ended up paying for the subscription for the past 3 years. And also I can't remove them because it is critical in our anti-fraud system.
The reason I pay for their library is their accuracy. It would be amazingly interesting if your library could compete. Then I would switch immediately.
By the way, I do not have a problem with paying for a service; their plans are not based on the volume of users. (Minimum is $100 for 20,000 verification) And I use only 2,000.
Thank you for sharing your experience and for highlighting what matters most to you: accuracy and pricing for lower-usage tiers. I definitely hear your frustration with the removal of the Free plan a few years ago and the challenge of not having a plan that fit your usage level.
Based on feedback like yours, we recently introduced a new Free plan (in May) that includes 1,000 API calls for iOS and web, plus 500,000 calls for Android. Depending on which platform your ~2,000 calls are coming from, this might be a better fit.
Your feedback is exactly what helps us shape these updates, so we’ll continue to take this into account as we refine our plans. If you’d like, I’d be happy to connect directly to see how we can make sure you’re on the plan that best fits your needs.
I get that open-source in fraud prevention is really hard, I'm sympathetic to the challenges here.
FingerprintJS open-source (and the discussed FingerprinterJS) are both trivial to spoof since the entire codebase is easily examined, and the implementation is totally open as an oracle to someone who wants to bypass it or construct arbitrary fingerprints. It's a nice proof of concept (and I like the attention to unstable signals in FingerprinterJS here) but ultimately doesn't hold up against any dedicated attackers.
I work on a competing commercial product (Stytch Device Fingerprinting) and your usage would be within our free tier. Unfortunately we don't have an open-source version or self-serve onboarding because of the adversarial problems mentioned above. Happy to chat if that helps, bchen at stytch dot com.
Thanks for sharing! For me, it's fundamental to have a demo page where we can see it working. A very nice to have would be a comparison between your project and FingerprintJS / CreepJS.
the code seems like poorly generated ai with unnecessary comments in different languages.
there's no explanation for why certain actions or choices are made.
it doesn't make sense why phantomjs gets a score of 7 while chrome headless gets 8, or why phantomjs and selenium aren't considered headless browsers or automation tools. why the most common legitimate screen resolution is flagged as suspicious or why tools like curl or wget which download conten, are running javascript instead. they would be in a stack that checks ua server side, not in js
I'm using FingerprintJS, overnight, they changed their pricing and removed the free plan, so I ended up paying for the subscription for the past 3 years. And also I can't remove them because it is critical in our anti-fraud system.
The reason I pay for their library is their accuracy. It would be amazingly interesting if your library could compete. Then I would switch immediately.
By the way, I do not have a problem with paying for a service; their plans are not based on the volume of users. (Minimum is $100 for 20,000 verification) And I use only 2,000.
Hey - Fingerprint team here.
Thank you for sharing your experience and for highlighting what matters most to you: accuracy and pricing for lower-usage tiers. I definitely hear your frustration with the removal of the Free plan a few years ago and the challenge of not having a plan that fit your usage level.
Based on feedback like yours, we recently introduced a new Free plan (in May) that includes 1,000 API calls for iOS and web, plus 500,000 calls for Android. Depending on which platform your ~2,000 calls are coming from, this might be a better fit.
Your feedback is exactly what helps us shape these updates, so we’ll continue to take this into account as we refine our plans. If you’d like, I’d be happy to connect directly to see how we can make sure you’re on the plan that best fits your needs.
I get that open-source in fraud prevention is really hard, I'm sympathetic to the challenges here.
FingerprintJS open-source (and the discussed FingerprinterJS) are both trivial to spoof since the entire codebase is easily examined, and the implementation is totally open as an oracle to someone who wants to bypass it or construct arbitrary fingerprints. It's a nice proof of concept (and I like the attention to unstable signals in FingerprinterJS here) but ultimately doesn't hold up against any dedicated attackers.
I work on a competing commercial product (Stytch Device Fingerprinting) and your usage would be within our free tier. Unfortunately we don't have an open-source version or self-serve onboarding because of the adversarial problems mentioned above. Happy to chat if that helps, bchen at stytch dot com.
Thanks for sharing! For me, it's fundamental to have a demo page where we can see it working. A very nice to have would be a comparison between your project and FingerprintJS / CreepJS.
the code seems like poorly generated ai with unnecessary comments in different languages.
there's no explanation for why certain actions or choices are made.
it doesn't make sense why phantomjs gets a score of 7 while chrome headless gets 8, or why phantomjs and selenium aren't considered headless browsers or automation tools. why the most common legitimate screen resolution is flagged as suspicious or why tools like curl or wget which download conten, are running javascript instead. they would be in a stack that checks ua server side, not in js
Yeah, some parts of the code that obviously don't make any sense:
https://github.com/Lorenzo-Coslado/fingerprinter-js/blob/f34...
Why would the user agent of a javascript execution environment ever be curl?
https://github.com/Lorenzo-Coslado/fingerprinter-js/blob/f34...
self explanatory
https://github.com/Lorenzo-Coslado/fingerprinter-js/blob/f34...
variable declared but not used anywhere.