Devices

Every browser that visits your site becomes a tracked device in Dregs. Devices are identified persistently across sessions — without cookies — and mapped to the identities that use them. This device intelligence is a cornerstone of fraud detection: shared devices reveal duplicate accounts, device profiles expose bots, and geographic patterns surface suspicious behavior.

What Is a Device

In Dregs, a device represents a specific browser on a specific machine. When the tracking script loads, it silently collects hardware and browser signals and computes a fingerprint — a compact identifier for that particular combination of hardware and software. This fingerprint persists across sessions, even if the user clears cookies, switches to incognito mode, or creates a new account.

Dregs handles the fingerprinting and analysis automatically. You don't need to work with fingerprints directly unless you want to. The scores and relationships derived from device data are what matter most, and those are surfaced in the dashboard and through the API.

What Dregs Tracks

Each device record in Dregs includes:

• Fingerprint — the unique device identifier computed from browser and hardware signals
• IP address — the most recent network address, updated with each event
• Geolocation — city and country derived from the IP address
• User agent — browser name, version, and operating system
• Associated identities — which user accounts have been seen on this device
• First seen / last seen — when the device first appeared and when it was last active

All of this is collected automatically by the tracking script. You don't need to configure anything — device tracking starts the moment the script loads.

Device Fingerprinting

The tracking script collects a range of browser and hardware signals to build the fingerprint: user agent, screen resolution and color depth, timezone and language, hardware concurrency (CPU cores), device memory, canvas rendering characteristics, WebGL renderer information, and installed browser plugins.

No single signal is unique on its own. Combined, they form a fingerprint that reliably distinguishes one device from another. Unlike cookies, fingerprints survive private browsing, cache clears, and session resets. Unlike IP addresses, they stay consistent across networks.

Dregs computes three separate hashes from these signals:

• Stable hash — derived from hardware characteristics that rarely change (GPU, screen resolution, CPU cores, device memory). Persists across browser updates.
• Unstable hash — derived from environment characteristics that may change (user agent string, timezone, language, plugins). Changes when the browser updates but the stable hash stays the same.
• Session hash — a per-session identifier that links all events within a single browsing session.

Together, these three components form the full fingerprint.

Device-to-Identity Relationships

One of the most powerful aspects of device tracking is the relationships it reveals between devices and identities:

• One device, multiple identities — a single device used by several different accounts is a strong signal of duplicate accounts, free trial abuse, or credential sharing. Dregs detects this automatically and reflects it in the Uniqueness score.
• One identity, multiple devices — a single user logging in from several devices is normal behavior. Dregs tracks the full set of devices per identity to build a richer behavioral profile.

You can see all identities associated with a device (and all devices associated with an identity) directly in the dashboard. These relationships are established automatically as events flow in and are used by analyzers when computing scores.

Geolocation and IP Intelligence

Dregs records the IP address of every event and geolocates it to a city and country. This data supports several types of analysis:

• VPN and proxy detection — IP ranges associated with known VPN providers and data centers
• Impossible travel — events from distant locations within implausibly short timeframes
• IP churn — rapidly changing IP addresses, which can indicate proxy rotation or evasion attempts
• Geographic consistency — whether a user's claimed location matches their actual IP geolocation

IP and geolocation data feeds into the Behavior score, contributing to the overall risk profile alongside device fingerprint signals.

Using Device Data

For most use cases, you don't need to interact with device data directly — Dregs incorporates it into scores automatically. But there are situations where direct access is valuable:

• Investigating alerts — when an alert fires, checking the identity's devices reveals whether multiple accounts share a device, or whether a device has been seen from unusual locations.
• Client-side device queries — the tracking script's dregs.getDeviceInfo() method lets your frontend fetch device data (IP, geolocation) without a separate geolocation service.
• Server-side device lookups — the REST API exposes device endpoints for querying device details and associated identities programmatically.

Disregarding Devices

Not every device should count toward scoring. Your own office machines, QA test devices, and internal tools can distort scores by sharing fingerprints with real users. Dregs lets you mark specific devices as disregarded to exclude them from analysis.

A disregarded device is filtered out when scoring any identity that has used it. This means the device will not contribute to shared-device signals or inflate Uniqueness scores for other users.

Similarly, when you disregard an identity, all devices associated with that identity are automatically excluded from the analysis of other identities. This is useful for excluding admin and employee accounts without having to disregard each of their devices individually.