Overview

Roundtable Alias uses device fingerprinting to identify and track the devices participants use while taking a survey. This lets users identify duplicate participants and analyze device characteristics such as location spoofing, automated scripts, and browser tampering.

Implementation

Frontend Integration

  1. Import the fingerprinting script:
<script src="https://roundtable.ai/js/fingerprinting.js"></script>
  1. The script automatically generates a fingerprint_id and stores it in the browser’s session storage.

API Integration

Request

Include the optional fingerprint_id in your API request:

{
  "participant_id": "participant_123",
  "fingerprint_id": "fp_abc123",  // Optional
  // ... other fields
}

Response

When a fingerprint_id is provided, the API returns a fingerprint_checks object:

{
  "fingerprint_checks": {
    "device_id": "3pzig2Tu5GtqHY1Kh1p3",  // Unique identifier for the device
    "duplicate": false,            // Whether this device has submitted before
    "ip_country": "Germany",      // Country where participant's IP is located
    "bot": false,                 // Participant using automated script/bot
    "vpn": true,                  // Participant using VPN
    "incognito": false,           // Browser in private mode
    "tampering": false,           // Signs of browser manipulation
    "virtual_machine": false      // Participant using virtual hardware
    "error": false                 // Whether fingerprinting encountered errors
  }
  // ... other response fields
}

Field Descriptions

fingerprint_id

  • Type: string
  • Required: No
  • Description: A unique identifier generated by the fingerprinting script
  • Source: Generated by fingerprinting.js (see script above) and stored in session storage

fingerprint_checks

  • Type: object | null
  • Fields:
    • device_id: A stable, unique identifier for the participant’s device based on browser and system attributes
    • duplicate: Boolean indicating if this device has previously submitted responses to the same survey
    • ip_country: String containing the full country name where the IP is located
    • bot: Boolean indicating if the participant appears to be using an automated script
    • vpn: Boolean indicating if the participant is using a VPN
    • incognito: Boolean indicating if the participant’s browser is in private/incognito mode
    • tampering: Boolean indicating if the participant’s browser shows signs of manipulation
    • virtual_machine: Boolean indicating if the participant is using from virtualized hardware
    • error: Boolean indicating if there were any errors during fingerprint processing

Error Handling

The fingerprint_checks object handles various scenarios:

  1. No fingerprint_id provided:

    • fingerprint_checks will be null

  2. Invalid fingerprint_id provided:

    • fingerprint_checks.error will be true
    • All fingerprint_checks fields will be null
    • Other fields may still contain valid data

  3. Fingerprinting error:

    • fingerprint_checks.error will be true
    • Affected fields will be null

Security Considerations

The device fingerprinting system:

  • Provides a stable identifier across browser sessions
  • Helps identify repeat participants
  • Works independently of cookies or local storage

Best Practices

  1. Always handle cases where fingerprinting data might be unavailable
  2. Check the error field before relying on fingerprinting results
  3. Consider fingerprinting as one of multiple signals for detecting duplicate submissions
  4. Implement appropriate error handling for cases where the fingerprinting script fails to load
Effort ScoringAPI Specification