September 28, 2016

Mobile device and advanced cookie tracking via Node

If you’re using our Node client for anomaly detection and contextual authentication then you’ll be happy to hear about two new features that have just been added.

You can get the latest npm package using

npm install thisdata  

Advanced Cookie Tracking

Our npm module will now automatically pickup the ThisData tracking cookie that is dropped into the browser when you use our Javascript tracking code.

If you have the script installed then you can also supply a cookieExpected value when calling the track method.

e.g. Setting it once on initialization

var ThisData = require('thisdata');

var thisdata = new ThisData('YOUR-API-KEY', {  
   cookieExpected: true
});

Or setting it per event tracked

thisdata.track(req, {  
   verb: 'log-in',
   user: {
      id: '123456789',
      email: [email protected]',
      name: 'John Titor'
   },
   cookieExpected: true
});

By having the javascript installed our algorithms are able to track more ambient data about usage patterns, probability of changes in browser configuration and more precise location.

A browser fingerprint and cookie id is generated and tracked back directly to ThisData via a tracking gif. By enabling cookieExpected we’re also able to correlate cookie ids and detect if Javascript has been disabled for a user that normally has it enabled.

Device tracking

If you’re using Node as a backend for your mobile app then our javascript tracking is not much good to you. Fortunately we have something better. You can now track your unique mobile device ids.

Apple and Google have different names for these ids but essentially they don’t change much so make a great way to build up a profile of trusted devices for a user.

IDFA - Apples Identifier for Advertising
GAID - Google Advertising ID

e.g. Using an IDFA

thisdata.track(req, {  
   verb: 'log-in',
   user: {
      id: '123456789',
      email: [email protected]',
      name: 'John Titor'
   },
   device: {
      id: 'AEBE52E7-03EE-455A-B3C4-E57283966239'
   }
});

Summary

These enhancements not only enable us to improve our contextual user verification but also create more stumbling blocks for baddies to trip on and trigger behavioral anomalies.

YOU MAY ALSO BE INTERESTED IN

Introducing custom security rules

For the past few years we’ve been working hard to create a plug and play adaptive risk engine. We designed our core service using a mix of b ...

Cloudbleed - ThisData's Response

Late last week Cloudflare announced that a pretty serious bug had been found in the way they handled their traffic. The bug allowed private ...