Best Way to Identify a User Uniquely

Best way to Identify a user uniquely

Recently I read an article about this question and was surprised of how many methods exist for such task. IP and cookies are just "the tip of the iceberg".
Look at evercookie, js library that produces "extremely persistent cookies".

Best way to uniquely identify a user in this case?

After some reading, it appears making a browser fingerprint will be the solution. These github projects are helpful:

• https://github.com/Valve/fingerprintjs2
• https://github.com/ephoton/browser-flag
• https://github.com/rynr/fingerprint.js

I'll probably use one of those, or get some ideas for implementing my own simplified solution.

Least invasive way to uniquely identify Android user

Have a look at Firebase Authentication. It's quite seamless and does not require much effort to incorporate. Also it does not feel intrusive or cumbersome to the end user.

Here is a video tutorial by Google.

EDIT:
In case your users are sure to have a cellular device with a phone number, you can use AccountKit. It is also what they call OTA (One Time Authentication). AccountKit uses just the users phone number to verify and validate users.

EDIT:
Firebase Authentication now features 'Phone Verification' which is similar to AccountKit mentioned above. Both are good services. However, Firebase phone verification lets you make your own UI from scratch (which means a lot better control than AccountKit). Also, if you don't want to make your UI, you can always use FirebaseUI

Detecting a unique anonymous user

There are actually many ways you can detect a "unique" user. Many of these methods are used by our marketing friends. It get's even easier when you have plugins enabled such as Java, Flash etc.

Currently my favorite presentation of cookie based tracking is evercookie (http://samy.pl/evercookie/). It creates a "permanent" cookie via multiple storage mechanisms, the average user is not able to flush, specifically it uses:

• Standard HTTP Cookies
• Local Shared Objects (Flash Cookies)
• Silverlight Isolated Storage
• Storing cookies in RGB values of
  auto-generated, force-cached PNGs
  using HTML5 Canvas tag to read pixels
  (cookies) back out
• Storing cookies in Web History
• Storing cookies in HTTP ETags
• Storing cookies in Web cache
• window.name caching
• Internet Explorer userData storage
• HTML5 Session Storage
• HTML5 Local Storage
• HTML5 Global Storage
• HTML5 Database Storage via SQLite

I can't remember the URL, but there is also a site which tells you how "anonymous" you are based on everything it can gather from your web browser: What plugins you have loaded, what version, what language, screensize, ... Then you can leverage the plugins I was talking about earlier (Flash, Java, ...) to find out even more about the user. I'll edit this post when I find the page whcih showed you "how unique you are" or maybe somebody knows actually it looks as if every user is in a way unique!

--EDIT--

Found the page I was talking about: Panopticlick - "How Unique and trackable is your browser".

It collects stuff like User Agent, HTTP_ACCEPT headers, Browser Plugins, Time Zone, Screen Size and Depth, System Fonts (via Java?), Cookies...

My result: Your browser fingerprint appears to be unique among the 1,221,154 tested so far.

What's the best way to uniquely identify Android users to a server?

As stated by developer.android:

Applications typically try to remember the user using one of three techniques:

1. Ask the user to type in a username
2. Retrieve a unique device ID to remember the device
3. Retrieve a built-in account from AccountManager

Option (1) is problematic. First, asking the user to type something before entering your app will automatically make your app less appealing. Second, there's no guarantee that the username chosen will be unique.

Option (2) is less onerous for the user, but it's tricky to get right. More importantly, it only allows you to remember the user on one device. Imagine the frustration of someone who upgrades to a shiny new device, only to find that your app no longer remembers them.

Option (3) is the preferred technique. Account Manager allows you to get information about the accounts that are stored on the user's device. As we'll see in this lesson, using Account Manager lets you remember your user, no matter how many devices the user may own, by adding just a couple of extra taps to your UI.

How to identify unique users without using a login system (iOS)

After a while we decided that it was either unreliable, impossible or really annoying to get unique user ID's without asking them to fill some kind of field and actually sign up.

We therefore decided to use their encrypted formatter phone numbers using the following process :

• Ask for phone number & international code* (+1, +32, etc.)
• Verify integrity of phone number programatically
• If satisfactory, ask user to verify with alert
• If okay, send pin code and wait for validation
• If valid, signup to database.

The user's username is : formatted phone number (+32495555556 for example), and that string is then hashed in SHA-256, and finally we save that super-long string to the database and recognize everyone like that.

If you have any question please ask here so I can give some clarification. If you have a better idea I'd still be glad to hear it.

---

Related Topics