Are there open source examples of javascript reputation/fingerprinting code?

[sashafrolov]

I'm working on a project that is related to this proposal, and I was wondering if there exist open source examples of the (eventually obfuscated) Javscript code that is used to produce the reputation scores required for this proposal. Or even something close to what happens in practice. I realize that there is probably a lot of proprietary secret sauce here, but I think this proposal would be stronger if somebody outside of a big tech company could get an idea of what the obfuscated javascript that is used for generating risk scores looks like.

This project is the closest thing that I have been able to find: https://github.com/abrahamjuliot/creepjs.

[SamuelSchlesinger]

Hi @sashafrolov, thanks for the question! This type of thing is orthogonal to this proposal. In particular, our primary target use case is client age rather than reputation signals. Further, an arbitrary issuer could decide to enter into the market doing whatever they want. However, I'll provide some examples of what, in practice could wind up being used here:

• a CAPTCHA score
• proof of work
• authentication with some account or credential

This is a non-exhaustive list, of course, and you could do an arbitrary thing.

[SamuelSchlesinger]

Oh, I realize I didn't clarify what client age is. In particular, this is where you would put a value into the token which represents the current date/time. Then, you'd check that its less than or equal to a given bound, to ensure the user is not new to the site.