Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
By Sarah Gooding - Jan 28, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@ch1/browser-dna
Advanced tools
CH1 Browser DNA
This is not well maintained
Installation
yarn add @ch1/browser-dna
What is This
This is a simple browser finger print generator that focuses on the JavaScript side of browser finger printing.
For full fledged fingerprinting, server side solutions should also be used. They would look at HTTP headers, IPs, and if they have access to lower protocols even OS fingerprinting.
Morality of Browser Fingerprinting
Fingerprinting can be a hot button topic and for good reason. Privacy on the internet is an illusion. We should expect some modicum of privacy but we should also be aware of the limitations of the tools we use. This library and other - more robust - libraries like Panopticlick show just how much trivial seeming data we give away that actually "marks" us.
Ultimately your fingerprint from a library like this, in combination with an IP address is not really enough to uniquely identify most people but it really shrinks the pool, especially in certain areas.
Why Would We Want This?
While we want and should have privacy there is a strong use case for having our connections be semi-identifiable.
Consider the following:
- You run a web service of some sort
- You're getting a lot of connections from one IP
- The IP represents a huge institution that has a lot of legitimate users but due to NAT they all appear as one user
This is where at least fingerprinting headers and connection detail server side helps.
Another case would be implementing an app that uses semi-anonymous sharing having a JS + server side fingerprint would allow the app to somewhat distinguish anonymous connections for the purpose of say short term chat.
Usage
import { create } from '@ch1/browser-dna';
const fingerprint = create();
// now send fingerprint to a server
The current fingerprint only includes this set:
export interface Fingerprint {
browserDepth: number;
browserHeight: number;
browserWidth: number;
concurrency: number;
os: string;
plugins: string[];
tzOffset: number;
usesTouch: boolean;
usesCookies: boolean;
}
License
0.1.0
Basic set of fingerprint data:
export interface Fingerprint {
browserDepth: number;
browserHeight: number;
browserWidth: number;
concurrency: number;
os: string;
plugins: string[];
tzOffset: number;
usesTouch: boolean;
usesCookies: boolean;
}
Keywords
FAQs
Browser DNA is a tool for generating web browser fingerprints
The npm package @ch1/browser-dna receives a total of 2 weekly downloads. As such, @ch1/browser-dna popularity was classified as not popular.
We found that @ch1/browser-dna demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 22 Sep 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
By Sarah Gooding - Jan 24, 2025
Security News
cURL Project and Go Security Teams Reject CVSS as Broken
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
By Sarah Gooding - Jan 24, 2025