We use web fingerprinting and adjacent methods to crack down on ID sharing for our SaaS that charges (per person). I make no apologies for this practice.
How does that work out for you? This doesn't strike me as a good use of fingerprinting:
- Since you charge per person, what about people that use multiple machines and browsers (with presumably different fingerprints)?
- On the other hand, unless two people share the same workstation and computer account, how do you expect to use fingerprints to detect license abuse?
We use other signals as well: time of day, ip address, new cookie logs out old cookie. At the end of day we are dealing in probabilities, but we can definitely find the most aggressive sharers.
