Ask HN: How much user data can I get from user via web browser

2 points by cturhan ↗ HN
Alright, this is serious. Someone stole the password of our customer and now he logins using this password. We need to know who he is. We currently log IP, session_id, login and logout time but this is not enough to know who he is. IP addresses are mostly dynamic, session_id changes so we need another solution. Can you give an example what other things that we can collect. Is it possible to found his address, name etc somehow?

2 comments

[ 4.7 ms ] story [ 18.3 ms ] thread
Checking visited links and browser config including plugins has a good chance to give you a unique fingerprint. Though depending on how the password was taken, it's possible that you are dealing with multiple people with the same access. Consider having the user contact law enforcement. https://www.eff.org/deeplinks/2010/05/every-browser-unique-r...
Checking visited links? Can I do that? Most probably the user has facebook account and he always visit there. If this is what you mean, wow this will work. And yes, there may be more than one sessions for each user which makes it difficult.