Dashboard Manual Pricing Use Cases

Device fingerprinting catches duplicate accounts.

Dregs builds a stable identifier, or "fingerprint", of every browser that visits your application. Fingerprints uniquely identify end user browsers without the need for troublesome cookies or annoying consent prompts, and without breaking when users go incognito or clear their cache.

Unlike most fingerprinting tools, Dregs takes it a step further by allowing you to link those devices to user identities in your application and score the identities by their Humanity, Authenticity, Uniqueness, and Behavior. This combination of fingerprinting and scoring gives you the upper hand against duplicate accounts, free trial account churning, and many other abusive practices.

Start Free Trial Schedule Demo

What Is Device Fingerprinting

A device fingerprint is a compact identifier derived from the many hardware and software signals a browser exposes. Dregs uses things like screen resolution, GPU, installed fonts, timezone, network, and CPU cores. No single signal is unique, but the combination is. Two browsers on two different machines almost never produce the same fingerprint, and the same browser produces the same fingerprint visit after visit, even when the user clears cookies, switches to incognito, or creates a new account.

Fingerprinting fills the gap left behind by cookies and IP addresses. Cookies are easy to clear and don't survive incognito mode. IP addresses change every time someone switches networks or flips on a VPN. Fingerprints persist through both, which is exactly what you need when the same person keeps coming back wearing a different disguise.

How Dregs Fingerprints Devices

The Dregs tracking script collects browser and hardware signals on page load and computes a 50-character fingerprint composed of three parts:

Stable hash Hardware that rarely changes, like GPU, CPU cores, device memory, screen resolution. Survives browser updates.

Unstable hash Software and environmental signals that may shift over time, like the user agent, timezone, language, plugins.

Session hash Per-session identifier that links every event in a single browsing session, then resets when the session ends.

Splitting the fingerprint this way means Dregs can recognize a returning device even when its environment has changed. A user who updates Chrome, switches keyboards, or adds a browser extension still hashes to the same stable component, which is the part that matters for catching the same device across multiple accounts.

Your Fingerprint, Right Now

Here's what Dregs sees about the browser you're reading this on.

What Dregs Captures Per Device

Every device record exposed through the REST API and dashboard includes:

Fingerprint — the 50-character identifier composed of the three hashes above
IP Address — the most recent network address, updated on every event
Geolocation — city, region, country, country code, timezone, and latitude/longitude derived from the IP
ASN — the autonomous system number and label, useful for spotting data-center traffic
User Agent — browser name, version, and operating system
First Seen / Last Seen — when the device first appeared and when it was last active
Associated Identities — every account that has been seen on this device

The tracking script collects all of this automatically. There's nothing to configure, just drop the script into your website or web application and Dregs will start tracking devices and fingerprints.

What Makes Dregs Different

Plenty of services will sell you a device fingerprint as a primitive, and there are even open source libraries that you can use for free. But Dregs goes further: every fingerprint is part of an identity graph, which is where most fraud actually lives.

Shared Device Detection

Dregs automatically flags devices used by more than one identity and reflects it in the Uniqueness score. A returning freeloader who creates a fresh account on the same laptop drops the new account's Uniqueness score within seconds.

Identity Relationships

When a device links two or more identities, Dregs records the relationship and surfaces it in your dashboard and through the API. You can walk the graph from a single account to every other account linked to the device.

IP and Geolocation Intelligence

Every fingerprint comes with the device's network and geographic context. Data-center ASNs, impossible travel between events, and rapidly churning IP addresses all feed into the Behavior score alongside the device signals.

Disregarded Devices

Your office machines, QA bots, and internal test devices share fingerprints with real users and would otherwise distort scoring. Mark a device or identity as disregarded and Dregs excludes it from shared-device analysis.

Fingerprints: One Signal Among Several

Device fingerprinting is powerful, but it isn't invincible. A determined attacker with the right tools can change enough signals to produce a different fingerprint by using virtual machines, anti-detect browsers, and possibly even hardware swaps. Two devices with truly identical hardware and software (think a corporate laptop fleet imaged from the same template) will sometimes share a fingerprint.

That's why Dregs treats the fingerprint as one signal among several. It's the strongest single signal for catching repeat users, and the foundation of the Uniqueness score... but the Authenticity, Humanity, and Behavior scores look at the rest of the picture too, so a single bypassed signal doesn't break the detection.

Where Fingerprinting Makes Sense

Device fingerprinting is instrumental for detecting many of the abuse patterns Dregs is designed to fight.

Free Trial Abuse

Catch the same person signing up for a fresh trial on the same laptop, even with a brand-new email address.

Duplicate Accounts

Link multiple accounts back to a single device and a single person, regardless of how different the profiles look.

Referral Fraud

Spot self-referrals where the referrer and referred account share a device — the most common shape of referral abuse.

Included With Every Dregs Plan

With Dregs, device fingerprinting isn't a separate product or an add-on tier. It's part of every Dregs plan, billed against the same active-identity meter as the rest of the platform. Plans start at $17/month and include unlimited device fingerprints — see the pricing page for the details.

Frequently Asked Questions

Q: Does device fingerprinting work in incognito or private browsing mode?

A: Yes. Fingerprinting reads hardware and software signals that don't change between normal and private browsing: GPU, CPU cores, screen resolution, timezone, fonts, and so on. The same browser produces the same stable fingerprint whether the user is in a normal window, an incognito window, or a fresh profile, and that's exactly what makes it useful for catching duplicate accounts.

Q: Do I need a cookie consent banner to use Dregs fingerprinting?

A: Dregs fingerprinting doesn't use cookies, localStorage, or any persistent client-side storage to compute the fingerprint, so it doesn't trigger most cookie-banner requirements. That said, fingerprinting is still considered personal data under GDPR and similar regimes, so you should disclose it in your privacy policy and make sure you have a lawful basis for processing (legitimate interest for fraud prevention). Talk to your own counsel for jurisdiction-specific advice.

Q: How is Dregs different from FingerprintJS or Fingerprint.com?

A: FingerprintJS and Fingerprint.com sell device fingerprinting as a primitive. You get a stable visitor ID and risk signals, then it's on you to build the fraud detection on top. Dregs ships fingerprinting as part of a full identity-based fraud detection platform: shared-device detection, identity relationship graphs, behavioral scoring, badges, and escalations are all built in and tied to the fingerprint automatically. If you only need a visitor ID primitive, those tools are a better fit. If you're trying to actually stop free trial abuse and duplicate accounts, Dregs does the whole job.

Q: Can users bypass device fingerprinting?

A: A determined attacker with virtual machines, anti-detect browsers, or hardware swaps can produce a different fingerprint, and that's why Dregs treats the fingerprint as one signal among several. The Authenticity, Humanity, and Behavior scores look at email patterns, automation signatures, and usage behavior, so a single bypassed signal doesn't break detection. Most real-world abusers will just start a new incognito session or clear cookies and try again, which fingerprinting catches.

Q: How accurate is the fingerprint?

A: Two different devices producing the same fingerprint is rare but possible, like when a corporate fleet of identical laptops is imaged from the same template. The same device producing different fingerprints across visits is also rare and usually triggered by a major browser or OS update. Dregs splits the fingerprint into stable and unstable components specifically to recognize a device through environmental change, which keeps the false-negative rate low without inflating false positives.

Q: Does Dregs fingerprinting work on mobile browsers?

A: Yes. The tracking script collects the same hardware and software signals from mobile browsers that it does on desktop. Mobile fingerprints tend to be slightly less unique than desktop fingerprints because of more uniform device populations (a million iPhone 15s look very similar to each other), so on mobile the fingerprint pulls extra weight from network and behavioral signals. For native iOS and Android apps, you'd need to integrate at the SDK level.

See your fingerprints in action.

Drop the Dregs tracking script into your application and start collecting device fingerprints, IP intelligence, and shared-device signals from the very first page load.

Schedule a Demo