Detecting a "unique" anonymous user

unique visitor-statistic user-tracking visitors
Omar picture Omar · Oct 15, 2010 · Viewed 27.8k times · Source

It is impossible to identify a user or request as unique since duping is trivial.

However, there are a handful of methods that, combined, can hamper cheating attempts and give a user quasi-unique status.

I know of the following:

  1. IP Address - store the IP address of each visitor in a database of some sort
    • Can be faked
    • Multiple computers/users can have the same address
    • Users with dynamic IP addresses (some ISP issue them)
  2. Cookie tracking - store a cookie per visitor. Visitors that don't have it are considered "unique"
    • Can be faked
    • Cookies can be blocked or cleared via browser

Are there more ways to track non-authorized (non-login, non-authentication) website visitors?

Answer

Dennis G picture Dennis G · Oct 15, 2010

There are actually many ways you can detect a "unique" user. Many of these methods are used by our marketing friends. It get's even easier when you have plugins enabled such as Java, Flash etc.

Currently my favorite presentation of cookie based tracking is evercookie (http://samy.pl/evercookie/). It creates a "permanent" cookie via multiple storage mechanisms, the average user is not able to flush, specifically it uses:

  • Standard HTTP Cookies
  • Local Shared Objects (Flash Cookies)
  • Silverlight Isolated Storage
  • Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
  • Storing cookies in Web History
  • Storing cookies in HTTP ETags
  • Storing cookies in Web cache
  • window.name caching
  • Internet Explorer userData storage
  • HTML5 Session Storage
  • HTML5 Local Storage
  • HTML5 Global Storage
  • HTML5 Database Storage via SQLite

I can't remember the URL, but there is also a site which tells you how "anonymous" you are based on everything it can gather from your web browser: What plugins you have loaded, what version, what language, screensize, ... Then you can leverage the plugins I was talking about earlier (Flash, Java, ...) to find out even more about the user. I'll edit this post when I find the page whcih showed you "how unique you are" or maybe somebody knows »» actually it looks as if every user is in a way unique!

--EDIT--

Found the page I was talking about: Panopticlick - "How Unique and trackable is your browser".

It collects stuff like User Agent, HTTP_ACCEPT headers, Browser Plugins, Time Zone, Screen Size and Depth, System Fonts (via Java?), Cookies...

My result: Your browser fingerprint appears to be unique among the 1,221,154 tested so far.

Related questions

Get all unique values in a JavaScript array (remove duplicates)

I have an array of numbers that I need to make sure are unique. I found the code snippet below on the internet and it works great until the array has a zero in it. I found this other script …

Read More
Remove duplicate values from JS array

I have a very simple JavaScript array that may or may not contain duplicates. var names = ["Mike","Matt","Nancy","Adam","Jenny","Nancy","Carl"]; I need to remove the duplicates and put the unique values in a new array. I could …

Read More
Count unique values with pandas per groups

I need to count unique ID values in every domain I have data ID, domain 123, 'vk.com' 123, 'vk.com' 123, 'twitter.com' 456, 'vk.com' 456, 'facebook.com' 456, 'vk.com' 456, 'google.com' 789, 'twitter.com' 789, 'vk.com' I try df.groupby(['domain', 'ID']).count() …

Read More