Best way to Identify a user uniquely
Recently I read an article about this question and was surprised of how many methods exist for such task. IP and cookies are just "the tip of the iceberg".
Look at evercookie, js library that produces "extremely persistent cookies".
Best way to uniquely identify a user in this case?
After some reading, it appears making a browser fingerprint will be the solution. These github projects are helpful:
- https://github.com/Valve/fingerprintjs2
- https://github.com/ephoton/browser-flag
- https://github.com/rynr/fingerprint.js
Least invasive way to uniquely identify Android user
Have a look at Firebase Authentication. It's quite seamless and does not require much effort to incorporate. Also it does not feel intrusive or cumbersome to the end user.
Here is a video tutorial by Google.
EDIT:
In case your users are sure to have a cellular device with a phone number, you can use AccountKit. It is also what they call OTA (One Time Authentication). AccountKit uses just the users phone number to verify and validate users.
EDIT:
Firebase Authentication now features 'Phone Verification' which is similar to AccountKit mentioned above. Both are good services. However, Firebase phone verification lets you make your own UI from scratch (which means a lot better control than AccountKit). Also, if you don't want to make your UI, you can always use FirebaseUI
Detecting a unique anonymous user
There are actually many ways you can detect a "unique" user. Many of these methods are used by our marketing friends. It get's even easier when you have plugins enabled such as Java, Flash etc.
Currently my favorite presentation of cookie based tracking is evercookie (http://samy.pl/evercookie/). It creates a "permanent" cookie via multiple storage mechanisms, the average user is not able to flush, specifically it uses:
- Standard HTTP Cookies
- Local Shared Objects (Flash Cookies)
- Silverlight Isolated Storage
- Storing cookies in RGB values of
auto-generated, force-cached PNGs
using HTML5 Canvas tag to read pixels
(cookies) back out - Storing cookies in Web History
- Storing cookies in HTTP ETags
- Storing cookies in Web cache
- window.name caching
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite
--EDIT--
Found the page I was talking about: Panopticlick - "How Unique and trackable is your browser".
It collects stuff like User Agent, HTTP_ACCEPT headers, Browser Plugins, Time Zone, Screen Size and Depth, System Fonts (via Java?), Cookies...
My result: Your browser fingerprint appears to be unique among the 1,221,154 tested so far.
What's the best way to uniquely identify Android users to a server?
As stated by developer.android:
Applications typically try to remember the user using one of three techniques:
- Ask the user to type in a username
- Retrieve a unique device ID to remember the device
- Retrieve a built-in account from AccountManager
Option (2) is less onerous for the user, but it's tricky to get right. More importantly, it only allows you to remember the user on one device. Imagine the frustration of someone who upgrades to a shiny new device, only to find that your app no longer remembers them.
Option (3) is the preferred technique. Account Manager allows you to get information about the accounts that are stored on the user's device. As we'll see in this lesson, using Account Manager lets you remember your user, no matter how many devices the user may own, by adding just a couple of extra taps to your UI.
How to identify unique users without using a login system (iOS)
After a while we decided that it was either unreliable, impossible or really annoying to get unique user ID's without asking them to fill some kind of field and actually sign up.
We therefore decided to use their encrypted formatter phone numbers using the following process :
- Ask for phone number & international code* (+1, +32, etc.)
- Verify integrity of phone number programatically
- If satisfactory, ask user to verify with alert
- If okay, send pin code and wait for validation
- If valid, signup to database.
If you have any question please ask here so I can give some clarification. If you have a better idea I'd still be glad to hear it.
Related Topics
Laravel: How to Use Multiple Pivot Table Relationships
How Would You Transform a Pre-Existing Web App into a Multilingual One
What's the Difference Between Post and Raw Post in PHP at All
PHP MySQL Pagination with Random Ordering
PHP - Ini_Set('Session.Gc_Maxlifetime', 5) - Why It Doesn't End the Session
How to Convert Latin1_Swedish_Ci Data into Utf8_General_Ci
Get User Data Using Access Token in Laravel Passport Client App
Doctrine2 Findby Relationship Object Triggers String Conversion Error
Laravel 5 Auth Post Submit - Tokenmismatchexception in Verifycsrftoken.PHP Line 46
How to Remove Text Between Tags in PHP
Paypal Ipn Bad Request 400 Error
How to Check Is Timezone Identifier Valid from Code
How to Add Filter or Hook for "Woocommerce_Add_To_Cart"
Typecasting VS Function to Convert Variable Type in PHP