-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve the available screen resolution component #585
Conversation
Hello, |
@Finesse I think this change and its consequences are more nuanced and we shouldn't hurry with merging it. |
@spyjo Only 40% of visitors use desktop devices. This component gives no information on 99.5% of mobile devices and spoils fingerprint on the rest 0.5% of mobile devices so removing it for mobile devices will only increase accuracy a bit. Fullscreen is very common on macOS, it's very convenient, but the macOS share is pretty small (about 3% of desktops). I also suppose that Windows users use OS fullscreen (F11) very rarely, and since such fullscreen doesn't change the component result, so there is no point in discussing this. But programmatic fullscreen does change the result in Blink (Chromium-like browsers) and programmatic fullscreen is often used on some websites to show videos, photos, presentations, etc. There are a few options to handle this case: either ask library users to not run the library in programmatic fullscreen mode, or disable the component in Blink on Windows, or complicate the library API by adding a special setting for those who's going to use programmatic fullscreen. Update: probably programmatic fullscreen won't change the component result if the code runs in an iframe, I will check it. |
I've tried a few tricks to get real available screen resolution in programmatic fullscreen mode on Windows including running the code in an iframe and in a separate window. They all have failed. If you have an idea to solve it, please share. I think that UI fullscreen is an issue on macOS and it should be considered. I think that programmatic fullscreen is an issue on all platforms and should be considered even though fingerprint is very unlikely to be taken in such situation. Browsers can be split into following groups:
Let's say that 40% of macOS and Chrome OS users toggle OS fullscreen, and 0.5% of all users have their fingerprint calculated during programmatic fullscreen. If so, then the component precision at
(the tables show shares of visitors who's prone to specific situations, not shares of results of visitor identifications) The merge request code state at commit 21b7fdc discards the component value in all the browser groups except the 1st, so the precision is:
So the error rate has increased from 6% to 30% and the error type has switched from false negative to false positive. False positive is more preferable because it can be compensated by other components and false negative can't. But I think the change is too serious. My bad that I hadn't made these estimations before implementing the solution. Luckily, I've found a way to make the component be stable despite programmatic fullscreen. The library can get and cache available screen resolution before even
I.e. the error rate will increase from 6% to 8%, but the errors type will switch from false negative to false positive. This is a good deal, I think. |
In my experience a false positive is a far more serious type of error than a false negative. Usually it's fine to occasionally generate multiple visitorID values per single browser, but it's a worse problem to identify multiple unrelated visitors as one visitor. For this reason I think this proposal shouldn't be implemented.
If we can do the first item consistently somehow, we should do it. |
This is also an issue if you attach a secondary monitor to your screen resolution values.
|
@Valve Thanks for your opinion. Ok, I won't exclude the component. I'll implement another solution to improve its accuracy without losing the entropy: exit programmatic fullscreen and watch the available screen resolution before
It does. You can see that all 4 measurements are taken at https://github.com/fingerprintjs/fingerprintjs/pull/585/files#diff-6411a5d12f7f63f6085e73468c1d6c96b5505da2b1b2404ff1493f9e50a904f1R21
I think it's a good idea. I'm going to make the component do measure toolbar sizes at all 4 sides. It's more reliable because toolbar sizes are unlikely to change when the screen is rotated or the resolution changes.
@tbadlov Yes, it's a known problem, there is nothing we can do with it. Do you have an idea how to mitigate this? Consider that a visitor can have many identifiers due to various changes, you can either exclude unstable components or improve your system to handle multiple identifires. |
I've found a possible reason for available screen resolution to change a bit. When macOS Dock contains too many icons to fit them all in one row, it shrinks to fit more icons, i.e. the toolbar size decreases. This changes the values of This is message is for historical purposes. This feature will be mitigated by the rounding. |
…nstead; watch available screen frame before calling `get()`
3222d52
to
11013d3
Compare
I've implemented the solution that I mentioned at #585 (comment). See the latest commit for the change. |
function initFingerprintJS() { | ||
FingerprintJS.load().then(fp => { | ||
// The FingerprintJS agent is ready. | ||
// Get a visitor identifier when you'd like to. | ||
fp.get().then(result => { | ||
// We recommend to call `load` at application startup. | ||
const fpPromise = FingerprintJS.load() | ||
|
||
// Get a visitor identifier when you need it. | ||
fpPromise | ||
.then(fp => fp.get) | ||
.then(result => { | ||
// This is the visitor identifier: | ||
const visitorId = result.visitorId; | ||
console.log(visitorId); | ||
}); | ||
}); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having a big timespan between starting agent and getting an identifier increases the chance of getting the real screen frame size (the frame between screen resolution and available screen resolution).
Another idea we can explore is: https://developer.mozilla.org/en-US/docs/Web/CSS/@media/device-height |
@Valve I've created a separate branch for commits that change fingerprint: |
My available resolution changed 4 times in 1 day on chrome on mac OS and I NEVER entered full screen mode. It just randomly changes by 10 to 15 pixels throughout the dday. |
@swilliams-a3digital looks like an edge case to me. Please feel free to exclude it using the documentation link that @Finesse provided. |
@swilliams-a3digital I'm curious, do you have your dock fixed with dynamic sizing? |
I am using a mac book Pro. I don't have a monitor attached, just using the laptop screen. Display settings are set to |
I meant more your dock settings or your other software settings. Please ignore |
@swilliams-a3digital Does your Dock size change within a day? MacOS Dock shrinks when there are too many icons to fit inside, the shrinking changes the available screen resolution. Could you please send us a couple of full screenshots: the first when |
@swilliams-a3digital Thanks for the screenshots. Your screenshots have different resolutions. You either use different monitors (the fingerprint will be different for different monitors) or have cropped the screenshots (we need full screen screenshots to investigate the issue). |
Resolves #568
This PR will change every visitor identifier.