Fraud Type Guide

Device Fingerprinting: How It Detects Ad Fraud

Q: What is device fingerprinting?

Device fingerprinting is a technique that identifies individual devices by collecting and analysing a combination of attributes — including screen resolution, installed fonts, browser plugins, GPU characteristics, timezone, language settings, and more. Together, these attributes create a unique "fingerprint" that can distinguish one device from another without relying on cookies or device IDs.

Q: How does device fingerprinting help detect ad fraud?

Device fingerprinting helps detect ad fraud by revealing when the same device interacts with ads multiple times under different identities, when emulators or virtual machines impersonate real devices, and when device attributes are inconsistent. It provides a persistent identifier that survives cookie clearing and IP rotation.

Q: Can fraudsters defeat device fingerprinting?

While fraudsters can spoof individual attributes (like user-agent strings or screen resolution), spoofing all attributes consistently is extremely difficult. Advanced fingerprinting systems like Opticks analyse dozens of signals simultaneously and look for inconsistencies that reveal spoofing attempts — making comprehensive evasion impractical at scale.

Device fingerprinting is one of the most powerful tools for identifying bots, emulators, and repeat offenders. Learn how it works and why it is essential for modern fraud detection.

What Is Device Fingerprinting?

Quick answer: Device fingerprinting identifies unique devices by analysing attributes like screen resolution, fonts, plugins, and browser configuration — enabling fraud detection systems to spot bots, emulators, and repeat offenders.

Device fingerprinting is a technique that creates a unique identifier for a device by collecting and combining dozens of attributes — screen resolution, installed fonts, browser plugins, GPU model, timezone, language settings, audio processing characteristics, and more. Together, these attributes form a "fingerprint" that is highly unique to each individual device.

Unlike cookies or device advertising IDs, fingerprints cannot be easily deleted or reset by users or fraudsters. This persistence makes device fingerprinting invaluable for ad fraud detection, where fraudsters routinely clear cookies, rotate IPs, and reset device identifiers to avoid being recognised.

In the context of ad fraud, device fingerprinting serves as a foundational detection layer. It reveals when the same physical device interacts with your ads under multiple identities, when an emulator impersonates real hardware, and when claimed device attributes are inconsistent with actual capabilities.

Key Signals in a Device Fingerprint

A comprehensive device fingerprint analyses multiple layers of signals that are difficult for fraudsters to spoof simultaneously.

Browser Attributes

User-agent string, installed plugins, supported MIME types, Do Not Track settings, cookie and JavaScript capabilities, and language preferences.

Canvas and WebGL

Rendering differences in HTML5 Canvas and WebGL produce unique outputs based on the GPU, driver version, and operating system — extremely difficult to replicate across devices.

Audio Fingerprint

The Web Audio API processes sound slightly differently on each device due to hardware and software variations, producing a unique audio fingerprint.

Hardware Signals

CPU core count, device memory, screen resolution and colour depth, GPU renderer string, and available sensors (accelerometer, gyroscope) all contribute to device identification.

Font Enumeration

The set of installed fonts varies significantly between devices and operating systems, providing a high-entropy signal that is difficult to fake comprehensively.

Network and Timing

Connection type, TCP/IP stack behaviour, TLS fingerprint, and timing-based signals provide additional layers that round out the device profile.

How Device Fingerprinting Catches Fraud

Device fingerprinting exposes fraud through several mechanisms that work together to identify both simple and sophisticated attacks.

Repeat Offender Detection

When a device clears cookies and rotates IP addresses, its fingerprint persists. This reveals the same device clicking your ads repeatedly under different identities.

Emulator Identification

Emulated devices produce fingerprints with telltale anomalies — missing sensors, generic GPU strings, inconsistent rendering results — that distinguish them from real hardware.

Attribute Consistency

When a fraudster claims to be on an iPhone but the fingerprint reveals Android-specific APIs, Linux kernel timing, or desktop GPU characteristics, the inconsistency signals fraud.

Cluster Analysis

Groups of devices with suspiciously similar fingerprints — identical font lists, same GPU renderer, matching rendering outputs — indicate a bot farm or emulator array.

Fingerprinting vs. Other Detection Methods

Device fingerprinting complements other fraud detection techniques, each covering different blind spots.

vs. Cookie-Based Tracking

Cookies can be deleted, blocked, or faked. Device fingerprints persist across sessions and cannot be cleared by the user, providing more reliable identification.

vs. IP-Based Detection

IP addresses change with VPNs, proxies, and mobile networks. Fingerprinting identifies the device itself regardless of which network it connects through.

vs. Behavioural Analysis

Behavioural analysis detects how a user interacts; fingerprinting identifies what device they use. Together they provide much stronger fraud detection than either alone.

vs. CAPTCHA Challenges

CAPTCHAs disrupt user experience and can be solved by CAPTCHA farms. Fingerprinting works passively in the background with no impact on genuine visitors.

How Opticks Uses Device Fingerprinting

30+ Signal Analysis

Opticks collects and analyses over 30 device attributes in real time, building comprehensive fingerprints that are extremely difficult for fraudsters to spoof.

Cross-Campaign Tracking

Device fingerprints persist across campaigns, channels, and time periods — revealing patterns of fraudulent activity that single-campaign analysis would miss.

Layered Detection

Fingerprinting works alongside IP intelligence, behavioural analysis, and network checks for multi-layered fraud detection that catches both simple and advanced threats.

Frequently Asked Questions

What is device fingerprinting?

How does device fingerprinting help detect ad fraud?

Is device fingerprinting the same as browser fingerprinting?

Browser fingerprinting is a subset of device fingerprinting. Browser fingerprinting focuses on attributes exposed through the web browser (user-agent, plugins, canvas rendering), while device fingerprinting includes deeper hardware-level signals like GPU model, sensor data, audio processing characteristics, and battery status. Device fingerprinting provides a more comprehensive and harder-to-spoof identification.

Can fraudsters defeat device fingerprinting?

Keep Exploring

Related Resources

Glossary of Ad Fraud Terms Device Emulation Guide Bot Traffic Guide Data Centre Traffic Guide Fake Leads Guide Start Your Free Trial

Identify Every Device Touching Your Ads

See how Opticks uses device fingerprinting to expose bots, emulators, and repeat offenders across all your campaigns. No code changes required — install via Google Tag Manager in under five minutes.

Start Free Trial

No credit card required

Talk to Our Team