[SavannahJS]

Hey there, I work at FingerprintJS.

We don't believe in third party tracking and only focus on first party anti-fraud use cases. We publicly reveal any methods that we detect as being pure third party tracking privacy violations so that they get patched.

[sa1]

I suspect first party anti-fraud tracking methods and third party tracking methods have a lot of overlap. What are meaningful differences?

[SavannahJS]

It is certainly a discussion we are having internally often. Overall we focus on identifiers that are not uniquely identifiable to a person on their own without taking them in aggregate, which makes them harder to share across unrelated domains. We also generally avoid anything personally identifiable (name, email, etc) that could be tied back to anyone in particular - we aim only to accurately identify a browser or app instance itself.