TL;DR
ThumbmarkJS and Benny both offer free, modern, drop-in browser fingerprinting for teams who'd rather not adopt FingerprintJS's $99-a-month Pro tier. From the outside they look similar. They aren't.
Benny tags every signal as hardware or engine. That tagging produces a deterministic cross-browser hardwareFingerprint, the same hash in Chrome, Safari, and Firefox on the same device. Benny also ships a compareFingerprints API with six modes and a 16-check anti-spoof consistency engine in the free tier. ThumbmarkJS produces a single hash and leaves the rest to you.
ThumbmarkJS ships a single-hash fingerprint with a mature freemium pricing ladder starting at €15/mo and an MIT license, both real reasons to pick it over Benny. If you need cross-browser matching, free anti-spoof, or a real comparison API, those are Benny.
Architecture: one hash vs two
ThumbmarkJS produces a single hash from its signal set. It's fast, simple, and drop-in. It doesn't distinguish between signals that depend on the browser (canvas, audio, math operations) and signals that depend on the underlying hardware (fonts, GPU identity, screen, timezone).
Benny tags every signal as hardware-bound or engine-bound and produces two hashes: fingerprint for per-browser identity, and hardwareFingerprint for deterministic cross-browser identity. Same device, three browsers, three different fingerprint values, but one identical hardwareFingerprint.
For many fingerprinting use cases (recognizing returning visitors, flagging single-browser anomalies), a single hash is enough. For cross-browser device matching (anti-fraud across browser switches, device-bound MFA, license enforcement), the two-hash architecture is the difference between "works" and "doesn't." ThumbmarkJS doesn't ship this.
Comparison API: ship it or build it
ThumbmarkJS hands you a hash. If you want to ask "is this the same device as last week with one minor screen-resolution change?" or "is this device similar enough to count as the same user across browsers?", you write that comparison logic yourself.
Benny ships compareFingerprints with six modes: exact, cross-browser, hardware-only, engine-only, strict, and lenient. Each returns a weighted similarity score, constraint violations, fuzzy matches on screen and audio attributes, and a numeric diff vector ready for ML downstream.
If you're building anti-fraud, where the question is rarely "exact match yes/no" and usually "how similar is this?", the comparison logic is the actual product. Benny gives it to you for free. ThumbmarkJS leaves it to you.
Anti-spoof: free vs partial
Anti-spoof detection (catching anti-detect browsers, spoofed user agents, automation tooling, and tampered fingerprints) is gated to paid tiers across most fingerprinting vendors. ThumbmarkJS has some consistency checks, particularly in their Pro tier. The free tier coverage is limited and lightly documented.
Benny ships a dedicated consistency engine on every fingerprint result in the free tier. It returns a score, a list of flags, and a spoofLikelihood rating (low / medium / high). 16 named checks: automation attributes, spoofed UA strings, anti-detect browser signatures, inconsistent claimed-vs-actual hardware, engine-vs-UA cross-checks, an error-stack engine classifier, a dual-source font-OS plausibility pair, and canvas/audio statistical-uniformity classifiers (1.24.0) that distinguish algorithmic noise patterns from legitimate browser farbling on Samsung Internet and Safari 17. Rule-based, not ML, but documented and free.
If anti-spoof is core to your use case, that gap matters.
Where ThumbmarkJS is ahead
Honesty time. ThumbmarkJS has things Benny doesn't, and pretending otherwise would be both wrong and obvious.
A mature paid tier. ThumbmarkJS Pro starts at €15/mo for 15,000 requests, with predictable per-request overage. Benny is free today, with paid plans planned but not announced. If you need to know production-scale pricing before you adopt, ThumbmarkJS has a clear answer; Benny doesn't yet.
An open-source license. ThumbmarkJS is MIT. Benny is closed-source. If you require source-available libraries (compliance audit, the ability to fork, internal security review), that's a hard requirement only ThumbmarkJS meets.
