I'm building a list of variables available on mobile devices, for device signature analysis. Here is what I've identified so far. Please help me fill out the list. Thanks!
General HTTP Variables
IP Address
Cookie
User Agent
Smart Phone Variables
Device ID
Geolocation
Device MAC Address
Javascript Variables
Current Time
Time Zone
Screen Size
Supported Fonts
Preferred Language
Installed Components
Cookies Enabled
The general pattern for getting variables might look something like this:
The Panopticlick project fingerprints browsers using a verity of techniques. This includes version numbers of the browser and all isntalled components (Flash, java, ect). The Project also looks at supported fonts, and prefered language, screen size and time zone.
Check out the results.
Related
I suspect we're all familiar with how facebook and google and the like detect if you're using a different device than usual, I was wondering what the most reliable way to do this is?
I'm talking about the old 'It looks like you're signing in from a different device', and then when you confirm etc, it usually sends you an email and asks whether you want to trust this device or not.
Obviously one could just set a cookie, one that maybe get's checked and logged each visit, but what about when the user signs out? Do we keep the cookie?
Is there any other reliable method to 'trust' a 'device' other than setting cookies? Or is this the best/most reliable way to do it?
The most reliable way to detect a device change is to create a fingerprint of the browser/device the browser is running on. This is a complex topic to get 100% right, and there are commercial offerings that are pretty darn good but not flawless. I worked at one of those companies several years ago.
There is now at least one open source fingerprinting project Client JS. I have not used it, but it seems to cover the bases.
Just setting a cookie is not very reliable because on average users clear cookies about every 30-45 days unless you use a network that attempts to re-set the cookie (paid services). Even those are not flawless.
Just using the IP address is useless. Some devices legitimately have many IPs in a short period of time (laptop at home, work and Starbucks or most any mobile device), while sometimes a single IP is shared by a large number of users (all the folks at Starbucks or behind a corporate proxy server).
UPDATE
Thoughts on your similar hash code.
It is a complex topic to get right. I had a small team for a few years. We got pretty darn good, but you can never be 100% accurate even when people are not intentionally trying to trick you.
If the CPU changes, it's probably a different device.
The same physical device can have many user agents. Each browser on the device has a different user agent, and privacy mode of browsers have different user agents with far less entropy.
Fonts doesn't change very quickly for a given physical device, though it's not a great source of entropy on mobile devices (few fonts installed, and typically all the same ones for a given type of device).
OS is generally stable, until it suddenly changes. Does it matter in your case if every device appears to be a new device when it updates to Windows 10?
Color depth will be pretty stable. If the user installs a new graphic card, this may change. Does that matter in your case?
If you can accept thinking some devices are new when in fact they are the same and vice-versa, this type of similarity hash may work for you. Note that you can never use this type of fingerprint to uniquely identify a device for a purpose that requires positive identification such as access to secure data. It's great for making probabilistic decisions such as serving an appropriate ad.
is it possible to detect the color temperature settings of a monitor or display with css, javascript, html5, silverlight, java, flash, or anything that could be used on the web?
no problem if it's not working for all the cases, I am interested in everything.
if it is not possible right now at all, is there work in progress for this field (under what name)?
No, there isn't any way to detect this from web-based tools. In fact, there isn't really any way to detect this (in general) from a computer at all. You can change your monitor's settings all you like and your computer never knows the difference. It just sends the video signal down the cord and doesn't really care what the monitor does with it.
There is some information that goes back from the monitor to the computer, but in general color temperature is not included in that information.
However, some platforms that are more integrated, like many Apple products, may have a way to get this information from the system, but it would likely need to be a native application that has access to low-level system APIs, which most frameworks (especially web ones), including those you mentioned, tend not to have access to.
Is there a (open source or commercial) software solution available for the Linux platform to build a custom embedded navigation device? It should be able to display maps and do routing (just like a TomTom/Navigon/Garmin/... navi device).
Unfortunately all navigation solutions seem to target Windows CE only.
Something based on OpenStreeMap data is not an option, because the map data is IMHO not always good enough for serious routing / driving instructions.
Since I'm searching for a long time now without luck I'm not too restrictive on the implementation details, however it should be possible to extend the software with custom functions or ideally embed the navigation in my own software.
Android with Google Maps comes to my mind, but I'd like to avoid setting up Android for my device.
Alternatively, if there is no such solution, I might use a end-user navigation device if that allows me some kind of communication with my own device to control it.
I'm open for any suggestions, thanks..
There is a huge list here. Take a look if anything suites your needs.
My company has a Compact Framework.NET WinForms application which runs on rugged handhelds manufactured by companies like Motorola, Intermec and Psion. These are expensive devices with built-in barcode scanners that are used in harsh conditions.
The configuration of the handheld application is managed by business users through our web site. The devices pick up the configuration when they sync from within the handheld application. Field workers use the handhelds, business users use the web site.
The business users have expressed the desire to, for lack of a better description, configure and preview or even fully use the actual handheld application through a web browser. They want to make configuration changes in the web site and immediately see what the impact will be in the handheld, without having to have a physical device (again, the devices are quite expensive). They want to be able to create training materials or conduct sales meetings and be able to demonstrate the application to their customers without having a physical device on hand.
Microsoft offers several Device Emulators, but they are probably too complex for business users. They are developer tools. One idea might be to somehow use the emulators within virtual machines possibly in conjunction with Terminal Services or even some kind of clever screen capture/VNC to show an emulated device in a browser. I suspect running emulators in the fashion may not exactly be a scalable solution, however. Also, only one emulator at a time on a single machine can be "cradled" and connected to network.
I'm looking for any suggestions which might help me meet the business users' requirements.
Thanks.
The only thing I can think of offhand is not that simple, but would probably be useful (and certainly the only "true" way for them to test).
I'd create a service that works like the Remote Display app (part of the WinMo Developer power tools, also ships with Platform Builder for CE), in fact it might just use that app (the source code for it actually ships with Platform Builder, so the eval version of PB would get you that source).
You would then create a web interface that acts as a "shell" for that service, marshalling the display image out to a web page and image clicks back as mouse events to the device.
I'm looking for options to replace and old application running in a Psion Workabout mx handheld, developed in OPL.
The handheld and the application (developed more than 10 years ago) are both working fine
by now, but the device is discontinued, and each time is harder to find replacement parts for it.
Then I started to look to the newer Psion handheld models, but they are expensive and
filled with features that I don't need at all (color screen, barcode reader, ...). Also,
they look a lot less rugged than the actual Workabout mx that I'm using. I had to replace
around 50 handhelds, and i'm looking for good options with this features:
Reasonable priced
Fast numeric data entry, optionally alphanumeric data (not usual)
Readable screen, with at least 7 lines of text visible. No color needed
Rugged
Replacement parts available
Reasonable development environment (handheld emulator, IDE, minimal GUI support, PC / handheld connectivity)
Maybe an old mobile phone with Java support can do the work?
Please indicate the suggested device model and the development options available for it.
Thanks in advance
Perhaps a compaq ipaqs may be suitable replacements, but I'm not sure they make those anymore.
I was also thinking an iPod iTouch (serious suggestion!) may be a good device to get (cheapest version £165) Its a good development environment (Objective-C, free compiler download, although you'll probably have to register with apple to get your apps. a certificate so it works on the device). This may be too expensive, and far above the requirements you're looking for.
If you're thinking about java enabled phones (I'm not sure what you're performance requirements are, but sounds quite minimal if its a port of a 10 year old app) you want to be careful, some mobile java implementations won't support floating point arithmetic directly, you may have to implement a fixed point math library. Somes phone Java VMs vary quite dramatically performance wise too, again this may not be your primary concern. The mobile phone development route may be a valid one, if you're assuming that your off-site engineers all have company phones anyway!