

Ask HN: How much user data can I get from user via web browser - cturhan

Alright, this is serious. Someone stole the password of our customer and now he logins using this password. We need to know who he is. We currently log IP, session_id, login and logout time but this is not enough to know who he is. IP addresses are mostly dynamic, session_id changes so we need another solution. Can you give an example what other things that we can collect. Is it possible to found his address, name etc somehow?
======
lsiebert
Checking visited links and browser config including plugins has a good chance
to give you a unique fingerprint. Though depending on how the password was
taken, it's possible that you are dealing with multiple people with the same
access. Consider having the user contact law enforcement.
[https://www.eff.org/deeplinks/2010/05/every-browser-
unique-r...](https://www.eff.org/deeplinks/2010/05/every-browser-unique-
results-fom-panopticlick)

~~~
cturhan
Checking visited links? Can I do that? Most probably the user has facebook
account and he always visit there. If this is what you mean, wow this will
work. And yes, there may be more than one sessions for each user which makes
it difficult.

