I don't understand what you mean. What separates this from other fingerprinting techniques your company monetizes?

No software wants to be fingerprinted. If it did, it would offer an API with a stable identifier. All fingerprinting is exploiting unintended behavior of the target software or hardware.

The real reason is that fingerprint.com's selling point is tracking over longer periods (months, their website claims), and this doesn't help them with that.

> We don't use vulnerabilities in our products.

With all due respect, and acknowledging that your work is technically excellent…

Isn't everything that you do an exploitation of vulnerabilities? https://news.ycombinator.com/from?site=fingerprint.com

Fingerprinting is all about extracting information about a site's visitors which those users didn't explicitly intend to reveal.

I’m going to go out on a limb and guess that you define “vulnerability” as something like “thing that will be fixed soon”. After all, Joe Random not liking a behavior doesn’t make it a vuln, there needs to be a litmus test. Am I close?

All fingerprinting is a vulnerability, unless the client opts-in.

Any method of “fingerprinting” and invading a browser’s privacy is inherently an exploit.

[flagged]