Devices

Every browser that visits your site becomes a tracked device in Dregs. Dregs identifies devices persistently across sessions — without cookies — and maps them to the identities that use them. Device intelligence is a cornerstone of fraud detection: shared devices reveal duplicate accounts, device profiles expose bots, and geographic patterns surface suspicious behavior.

What Is a Device

In Dregs, a device represents a specific browser on a specific machine. When the tracking script loads, it silently collects hardware and browser signals and computes a fingerprint — a compact identifier for that combination of hardware and software. This fingerprint persists across sessions, even when the user clears cookies, switches to incognito mode, or creates a new account.

Dregs handles the fingerprinting and analysis automatically. You need not work with fingerprints directly unless you want to. What matters most are the scores and relationships derived from device data, and the dashboard and API surface both.

What Dregs Tracks

Each device record in Dregs includes:

• Fingerprint — the unique device identifier computed from browser and hardware signals
• IP address — the most recent network address, updated with each event
• Geolocation — city and country derived from the IP address
• User agent — browser name, version, and operating system
• Associated identities — which user accounts have been seen on this device
• First seen / last seen — when the device first appeared and when it was last active

The tracking script collects all of this automatically. You need not configure anything — device tracking starts the moment the script loads.

Device Fingerprinting

The tracking script collects a range of browser and hardware signals to build the fingerprint: user agent, screen resolution and color depth, timezone and language, hardware concurrency (CPU cores), device memory, canvas rendering characteristics, WebGL renderer information, and installed browser plugins.

No single signal is unique on its own. Combined, they form a fingerprint that reliably distinguishes one device from another. Fingerprints survive private browsing, cache clears, and session resets — unlike cookies — and stay consistent across networks, unlike IP addresses.

Dregs computes three separate hashes from these signals:

• Stable hash — derived from hardware characteristics that rarely change (GPU, screen resolution, CPU cores, device memory). Persists across browser updates.
• Unstable hash — derived from environment characteristics that may change (user agent string, timezone, language, plugins). Changes on browser updates while the stable hash stays the same.
• Session hash — a per-session identifier that links all events within a single browsing session.

Together, these three components form the full fingerprint.

Device-to-Identity Relationships

Device tracking's greatest power lies in the relationships it reveals between devices and identities:

• One device, multiple identities — a single device used by several different accounts signals duplicate accounts, free trial abuse, or credential sharing. Dregs detects this automatically and reflects it in the Uniqueness score.
• One identity, multiple devices — a single user logging in from several devices is normal. Dregs tracks the full set of devices per identity to build a richer behavioral profile.

The dashboard shows every identity associated with a device and every device associated with an identity. Dregs establishes these relationships automatically as events flow in, and analyzers use them when computing scores.

Geolocation and IP Intelligence

Dregs records the IP address of every event and geolocates it to a city and country. This data supports several kinds of analysis:

• VPN and proxy detection — IP ranges associated with known VPN providers and data centers
• Impossible travel — events from distant locations within implausibly short timeframes
• IP churn — rapidly changing IP addresses, signaling proxy rotation or evasion attempts
• Geographic consistency — whether a user's claimed location matches their IP geolocation

IP and geolocation data feed into the Behavior score, contributing to the overall risk profile alongside device fingerprint signals.

Using Device Data

For most use cases, you need not interact with device data directly — Dregs incorporates it into scores automatically. But direct access helps in several situations:

• Investigating alerts — when an alert fires, checking the identity's devices reveals whether multiple accounts share a device or whether a device has appeared from unusual locations.
• Client-side device queries — the tracking script's dregs.getDeviceInfo() method lets your frontend fetch device data (IP, geolocation) without a separate geolocation service.
• Server-side device lookups — the REST API exposes device endpoints for querying device details and associated identities programmatically.

Disregarding Devices

Not every device should count toward scoring. Your own office machines, QA test devices, and internal tools can distort scores by sharing fingerprints with real users. Mark specific devices as disregarded to exclude them from analysis.

Dregs filters a disregarded device out when scoring any identity that has used it. The device will not contribute to shared-device signals or inflate Uniqueness scores for other users.

Similarly, when you disregard an identity, Dregs automatically excludes all devices associated with it from the analysis of other identities. This lets you exclude admin and employee accounts without disregarding each of their devices individually.