Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Discussion] Browser Fingerprinting #51

Open
reallytiredofclowns opened this issue Mar 27, 2024 · 3 comments
Open

[Discussion] Browser Fingerprinting #51

reallytiredofclowns opened this issue Mar 27, 2024 · 3 comments

Comments

@reallytiredofclowns
Copy link
Contributor

Does anyone have any expertise with fingerprinting? Related to the suggestion with IP banning, I know Reddit does implement some sort of procedure to help detect ban evasion. This might help with the recurring !@#$-disturber on Discuit.

Here is an overview article of fingerprinting that I found fairly comprehensible, as someone completely new to the idea.
@Codycody31
Copy link
Contributor

This could be possible. Though I believe it would case of once we block a user the fingerprint is added to a list that is blocked. A main issue with implementing this though would be privacy as we would need to store the fingerprint anyways to tie it back to a specific user/person.

Something like this maybe (just a same demo idea)

// getIP extracts the IP address of the client from the request
func getIP(r *http.Request) string {
	// Standard proxy forwarding header
	forwarded := r.Header.Get("X-Forwarded-For")
	if forwarded != "" {
		return strings.Split(forwarded, ",")[0] // return the first IP if multiple are present
	}
	return strings.Split(r.RemoteAddr, ":")[0] // fallback to direct connection IP
}

// browserFingerprint generates a unique identifier for a user based on their browser details
func browserFingerprint(r *http.Request) string {
	userAgent := r.UserAgent()
	acceptLang := r.Header.Get("Accept-Language")
	encoding := r.Header.Get("Accept-Encoding")
	ip := getIP(r)

	// Combine the collected details to form a unique identifier
	rawIdentifier := fmt.Sprintf("%s|%s|%s|%s", userAgent, acceptLang, encoding, ip)

	// Hash the combined string using SHA-256 for a consistent, anonymized identifier
	hasher := sha256.New()
	hasher.Write([]byte(rawIdentifier))
	hashedIdentifier := hex.EncodeToString(hasher.Sum(nil))

	return hashedIdentifier
}

@reallytiredofclowns
Copy link
Contributor Author

I don't think having the IP address as a part of the hash is helpful in this particular case, as the user in question is apparently hopping IPs like crazy. But the general idea is interesting.

@Codycody31
Copy link
Contributor

Ah, then that tends to make it harder. Either way, they could just spoof a new browser which is pretty easy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Codycody31 @reallytiredofclowns