A device fingerprint is an identifier derived from hardware-bound signals, such as GPU capabilities, platform architecture, and media device configuration, that stays stable across different browsers on the same machine. Unlike a browser fingerprint, which changes when the user switches browsers, a device fingerprint targets the physical device itself.
Browser fingerprints are engine-bound: the same machine produces different output in Chrome and Firefox because each browser ships its own rendering pipeline. A device fingerprint sidesteps this by selecting only signals that are tied to the hardware rather than the engine, so the resulting identifier remains the same regardless of which browser is running.
Because hardware-bound signals change rarely, device fingerprints offer strong cross-session stability. They complement browser fingerprints rather than replacing them: a browser fingerprint tells two browsers apart on the same device, while a device fingerprint recognises the device itself.
In doorman-benny
doorman-benny exposes the device fingerprint as the `hardwareFingerprint` field, computed from hardware-bound signals only, alongside the engine-bound `fingerprint` field that identifies the specific browser.
Hardware vs engine fingerprintFrequently asked questions
How is a device fingerprint different from a browser fingerprint?
A browser fingerprint identifies one specific browser and changes when the user switches to a different browser on the same machine. A device fingerprint uses only hardware-bound signals, so it identifies the physical device across any browser.
Does a device fingerprint work in private or incognito mode?
Yes. Because the signals come from the hardware rather than browser storage, switching to incognito mode does not change the device fingerprint. The underlying GPU, platform, and media configuration remain the same.
Can a device fingerprint be spoofed?
Spoofing hardware-bound signals is significantly harder than deleting cookies or rotating user agents. Anti-detect browsers attempt to forge these signals, but inconsistencies between spoofed values are detectable through cross-signal consistency analysis.
