Device fingerprint

A stable identifier derived from a device's browser and hardware attributes, used to detect bots, emulators and repeat fraud without a cookie.

A device fingerprint is computed from dozens of attributes exposed by the browser and hardware — canvas and WebGL rendering, audio stack, installed fonts, screen and GPU characteristics, timezone, language and platform — combined into an identifier that is stable across sessions without storing anything on the device.

Its value for fraud detection is proportional to its entropy (how many bits genuinely distinguish devices) and to how hard those bits are to spoof. Inconsistencies — a claimed iOS device with Linux fonts, a headless-browser flag, impossible event timing — flag automation and emulators.

A robust implementation cross-checks the fingerprint against the network layer (see the JA4/TLS handshake) and never decides on a single signal; it is one of the Mask's five checkers.