|
| 1 | +--- |
| 2 | +title: Device Fingerprinter v2 |
| 3 | +--- |
| 4 | + |
| 5 | +# Device Fingerprinter (DFP) v2 (Active after 2026 February 25 10:00 UTC) |
| 6 | + |
| 7 | +## Overview |
| 8 | + |
| 9 | +**Device Fingerprinter (DFP) v2** is a high-precision challenge focused on device identity consistency and uniqueness. Participants must develop a browser SDK capable of generating a "fingerprint" string that remains identical for the same physical device across multiple browsers while remaining unique between different devices. |
| 10 | + |
| 11 | +The challenge evaluates your SDK's ability to resist browser-level variations (like user agents or window sizes) and extract hardware-level or deeper software signals that uniquely identify the hardware. |
| 12 | + |
| 13 | +For general information and technical setup, please refer to the [Main README](./README.md). |
| 14 | + |
| 15 | +--- |
| 16 | + |
| 17 | +## Mandatory Requirements |
| 18 | + |
| 19 | +1. Use the template provided in the [`templates/commit/src/fingerprinter/`](./templates/commit/src/fingerprinter/fingerprinter.js) directory. |
| 20 | +2. Implement your logic within the `fingerprinter.js` file. |
| 21 | +3. Your SDK must: |
| 22 | + - Generate a single string (the "fingerprint"). |
| 23 | + - Report this string to the evaluator when executed within a browser environment. |
| 24 | + - Be self-contained and not rely on external API calls or non-standard browser features that require user permissions (e.g., Camera/Microphone). |
| 25 | + |
| 26 | +### Browsers |
| 27 | + |
| 28 | +Your SDK will be evaluated across multiple mobile and desktop browsers, including: |
| 29 | + |
| 30 | +- **Chrome** |
| 31 | +- **Brave** |
| 32 | +- **Firefox Focus** |
| 33 | +- **DuckDuckGo** |
| 34 | +- **Safari** |
| 35 | + |
| 36 | +All browsers are run in incognito mode. Each device will be tested in multiple "batches" across these browsers to ensure consistency. |
| 37 | + |
| 38 | +--- |
| 39 | + |
| 40 | +## Key Guidelines |
| 41 | + |
| 42 | +- **Fragmentation (Internal Consistency)**: Your SDK must produce the same ID for a device even if the browser changes. If the ID changes between Chrome and Brave, you will be penalized for "Fragmentation." |
| 43 | +- **Collision (External Uniqueness)**: Your SDK must produce different IDs for different physical devices. If two devices share the same ID, you will be penalized for "Collision" via the **Two-Strike Rule**. |
| 44 | +- **Hardware Focus**: Avoid using volatile signals (like window size, battery level, or IP address) as they vary between browsers and sessions, leading to fragmentation penalties. |
| 45 | + |
| 46 | +--- |
| 47 | + |
| 48 | +## Technical Architecture (Challenger & Proxy) |
| 49 | + |
| 50 | +DFP v2 utilizes a two-tier architecture to ensure a realistic evaluation environment: |
| 51 | + |
| 52 | +1. **Challenger API**: The "Brain" of the operation. It receives your submission, manages the test session, notifies physical devices via SMTP, and calculates the final score based on the data received. |
| 53 | +2. **DFP Proxy**: The "Gateway." It hosts your `fingerprinter.js` script and acts as the collection point for device reports. This prevents direct communication between the test devices and the main Challenger, ensuring security and isolation. |
| 54 | + |
| 55 | +### The Lifecycle of a Fingerprint |
| 56 | + |
| 57 | +- **Submission**: You send your `fingerprinter.js` to the Challenger. |
| 58 | +- **Distribution**: The Challenger automatically pushes your script to the Proxy. |
| 59 | +- **Collection**: Physical devices visit the Proxy, execute your script, and send the results back to the Proxy. |
| 60 | +- **Scoring**: The Proxy forwards the collected results to the Challenger for the final calculation. |
| 61 | + |
| 62 | +--- |
| 63 | + |
| 64 | +## Mandatory Functions |
| 65 | + |
| 66 | +Participants must implement and export two specific async functions in their `fingerprinter.js` script. These are the entry points used by the evaluation environment. |
| 67 | + |
| 68 | +### 1. `runFingerprinting()` |
| 69 | + |
| 70 | +This function is responsible for gathering device signals and generating the fingerprint hash. |
| 71 | + |
| 72 | +- **Miner Requirement**: Miners must capture the exact 32-character string returned by this function and submit it unmodified. |
| 73 | +- **Goal**: Collect hardware/software data and return a unique, consistent hash. |
| 74 | + |
| 75 | +--- |
| 76 | + |
| 77 | +## Evaluation Criteria |
| 78 | + |
| 79 | +- **High Consistency**: Maintain the same fingerprint for a single device across all 5+ target browsers. |
| 80 | +- **High Uniqueness**: Ensure no other physical device generates the same fingerprint. |
| 81 | +- **Minimum Participation**: At least 2 physical devices must successfully report fingerprints for a session to be valid. |
| 82 | +- **Stability**: The script must execute quickly and reliably within the evaluator's `fp_timeout` window. |
| 83 | + |
| 84 | +--- |
| 85 | + |
| 86 | +## Scoring System |
| 87 | + |
| 88 | +The final score is an average of the points earned by each physical device in the session, normalized between **0.0 and 1.0**. |
| 89 | + |
| 90 | +### 1. Fragmentation Penalty |
| 91 | + |
| 92 | +Each device starts with **1.0 point**. |
| 93 | + |
| 94 | +- For every unique fingerprint string generated by the *same* device beyond the first, a penalty of **-0.3** is applied. |
| 95 | +- **Max Fragmentation**: If a device generates **3 or more** different IDs across browsers, its score for the session is automatically **0.0**. |
| 96 | + |
| 97 | +### 2. Two-Strike Collision Rule |
| 98 | + |
| 99 | +This rule ensures your ID is unique across the network. |
| 100 | + |
| 101 | +- **Strike 1**: If a fingerprint generated by a device is shared by *any* other physical device in **one** browser batch, a penalty of **-0.25** is applied. |
| 102 | +- **Strike 2**: If the same collision happens in **2 or more** batches, that device's score becomes **0.0**. |
| 103 | + |
| 104 | +### Scoring Example |
| 105 | + |
| 106 | +Imagine a session with 2 devices across 5 browsers (10 batches total with `n_repeat=2`): |
| 107 | + |
| 108 | +- **Device 1 (Perfect)**: Reports "ID-AAA" in all 10 batches. |
| 109 | + - Unique IDs: 1 (Penalty: 0) |
| 110 | + - Collisions: 0 (Penalty: 0) |
| 111 | + - **Points: 1.0** |
| 112 | + |
| 113 | +- **Device 2 (Fragmented)**: Reports "ID-BBB" in 8 batches and "ID-CCC" in 2 batches. |
| 114 | + - Unique IDs: 2 (Penalty: -0.3) |
| 115 | + - Collisions: 0 (Penalty: 0) |
| 116 | + - **Points: 0.7** |
| 117 | + |
| 118 | +- **Device 3 (Collided)**: Reports "ID-AAA" (Collides with Device 1) in 2 batches. |
| 119 | + - Unique IDs: 1 (Penalty: 0) |
| 120 | + - Collisions: 2 batches (Strike 2 triggered) |
| 121 | + - **Points: 0.0** |
| 122 | + |
| 123 | +**Final Session Score**: `(1.0 + 0.7 + 0.0) / 3 = 0.567` |
| 124 | + |
| 125 | +--- |
| 126 | + |
| 127 | +## Submission |
| 128 | + |
| 129 | +After local validation using the [Testing Manual](./testing_manuals.md), package your script into a submission container. Ensure your `fingerprinter.js` is correctly placed in the miner template. |
0 commit comments