Device fingerprinting

Castle's fingerprinting methods and the information that is collected

Introduction

Castle’s Fingerprinting solutions aim to collect device information in order to determine uniqueness of devices. This allows Castle to reliably identify devices for future events.

Castle fingerprinting is an important component to a Castle integration because it allows detection of, for example, a single device being used to access or register for multiple accounts. It also allows Castle to detect attempts to falsify device information, which is frequently a sign of malicious intent.

Castle’s Fingerprinting is designed for exclusive use with Castle server-side integrations. Castle does not offer a standalone fingerprinting product.


Data collection

The data collected by Castle’s fingerprinting solutions depends on the device being used. The reason for this variance is that different platforms expose different device properties. In general, the properties include things like screen resolutions, pixel density, video and audio capabilities, installed plugins, and any exposed hardware properties such as number of CPU cores.

Castle does not intentionally collect any sensitive or personal identifiable information via our fingerprinting solutions. We collect request context information provided in URL paths and headers, but we scrub headers that frequently carry sensitive information (such as Cookie).


Supported platforms

Castle’s fingerprinting solutions are available for the browser (Castle.js) and for various mobile application development platforms, including native iOS, native Android, React Native, and Flutter.


Performance

Castle strives to make our fingerprinting solutions extremely lightweight and performant.

Our mobile SDK’s offer configurable batch-processing settings. The packaged SDK sizes are provided on GitHub.

The Castle.js minified JavaScript snippet is available as a minified script, or as an NPM package. We host the script on Cloudfront for high global availability and minimal latency, should you choose to add it in a script tag to your application .html pages.


Open source

Castle’s mobile SDKs are open-source repositories on Castle’s GitHub account. We welcome the creation of issues and pull requests from the community.