Java-Gaming.org    
Featured games (91)
games approved by the League of Dukes
Games in Showcase (581)
games submitted by our members
Games in WIP (500)
games currently in development
News: Read the Java Gaming Resources, or peek at the official Java tutorials
 
    Home     Help   Search   Login   Register   
Pages: [1]
  ignore  |  Print  
  Applet Fingerprinting  (Read 5384 times)
0 Members and 1 Guest are viewing this topic.
Offline Orangy Tang

JGO Kernel


Medals: 51
Projects: 11


Monkey for a head


« Posted 2010-06-06 01:08:54 »

For Albion I wanted to make it as easy as possible for a player to save their progress, without requiring registration. The usual methods are:

1. Write to the local hard drive.
2. Use the persistence service (muffins).
3. Use the browser's cookies.

All of these have various downsides of some sort. For '1', you need to sign you applet, which prompts the usual scary security dialogs. For '2' this is only available for JNLP applets, which are less robust and less well supported, plus it doesn't work when you're running via your IDE. For '3' you have to deal with browser and javascript quirks and incompatibilities, and the user might have them switched off anyway.

So, inspired by panopticlick I decided to see if it was possible to generate a unique fingerprint for a system from within the applet sandbox. Here's my applet fingerprint:



And you can generate your own fingerprint here.

And heres my fingerprint:
1  
rO0ABXNyABlhbGJpb24uY29tbW9uLkZpbmdlcnByaW50t8BDM/LcEnACAAJbAA1mb250SGlzdG9ncmFtdAACW0lMAAdtaW51dGlhdAAPTGphdmEvdXRpbC9NYXA7eHB1cgACW0lNumAmduqypQIAAHhwAAAAGwAAAAAAAAAIAAAABAAAAAsAAAAPAAAABAAAAAQAAAAIAAAAAAAAAAMAAAABAAAABwAAAAkAAAAeAAAAAwAAAAEAAAAHAAAAAAAAAAIAAAATAAAABQAAAAEAAAAEAAAAAgAAAAAAAAAAAAAAAHNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAABh3CAAAACAAAAAXdAAMZGV2aWNlMFdpZHRodAAEMTkyMHQAD3dpbi5tZW51LmhlaWdodHQAAjE5dAALZGV2aWNlQ291bnR0AAExdAANd2luLm1lbnUuZm9udHQAQGphdmEuYXd0LkZvbnRbZmFtaWx5PVNlZ29lIFVJLG5hbWU9U2Vnb2UgVUksc3R5bGU9cGxhaW4sc2l6ZT0xMl10AA9qYXZhLnZlbmRvci51cmx0ABRodHRwOi8vamF2YS5zdW4uY29tL3QAFGF3dC5tb3VzZS5udW1CdXR0b25zdAABNHQAFWF3dC53aGVlbE1vdXNlUHJlc2VudHQABHRydWV0AAtkZXZpY2UwTmFtZXQACVxEaXNwbGF5MHQADmRldmljZTBSZWZyZXNodAACNTl0AAdvcy5uYW1ldAAJV2luZG93cyA3dAANZGV2aWNlMEhlaWdodHQABDEyMDB0ABx3aW4uZnJhbWUuY2FwdGlvbkdyYWRpZW50c09ucQB+ABV0ABh3aW4ubWVudS5iYWNrZ3JvdW5kQ29sb3J0ACFqYXZhLmF3dC5Db2xvcltyPTI0MCxnPTI0MCxiPTI0MF10AApvcy52ZXJzaW9udAADNi4xdAAXd2luLnhwc3R5bGUudGhlbWVBY3RpdmVxAH4AFXQAFWF3dC5mb250LmRlc2t0b3BoaW50c3QAa3tUZXh0LXNwZWNpZmljIExDRCBjb250cmFzdCBrZXk9MTIwLCBUZXh0LXNwZWNpZmljIGFudGlhbGlhc2luZyBlbmFibGUga2V5PUxDRCBIUkdCIGFudGlhbGlhc2luZyB0ZXh0IG1vZGV9dAAHb3MuYXJjaHQAA3g4NnQAGGF3dC5maWxlLnNob3dIaWRkZW5GaWxlc3EAfgAVdAAMamF2YS52ZXJzaW9udAAIMS42LjBfMTh0ABZhd3QubXVsdGlDbGlja0ludGVydmFsdAADNTAwdAAbd2luLmRlc2t0b3AuYmFja2dyb3VuZENvbG9ydAAbamF2YS5hd3QuQ29sb3Jbcj0wLGc9MCxiPTBddAALamF2YS52ZW5kb3J0ABVTdW4gTWljcm9zeXN0ZW1zIEluYy50ABZhd3QuZmlsZS5zaG93QXR0cmliQ29sdAAFZmFsc2V4


At the moment, the fingerprint is broken down into different sections (as represented by the different colours, left to right):
 - Blue is windows settings (font size, colours, etc.)
 - Yellow are os properties (name, version, architecture)
 - Red is VM properties (vendor, version, url)
 - Cyan is display info (number of displays, resolution, etc.)
 - Light blue is awt info (desktop hints, click interval, etcl)
 - Green is a histogram of all the available font families on a system.

Most of these are stored as hashes, and mapping them onto actual heights for display is somewhat arbitrary but that's just for visualisation purposes.

I'm still not sure how unique these fingerprints are, so I'd like to get as many people as possible to visit the applet and share their fingerprint so I can tweak the algorithm. I expect fingerprints from similar spec machines to be similar (ie. two fingerprints from Win7 with JRE6 will look pretty close), but for Albion I'll be tying it with IP as well so the combination should work out to be unique. If anyone's got any ideas for additional (applet readable!) state then I'm open to suggestions.

I'll be posting the source too once I've gone over it and cleaned it up a bit.

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Offline Eli Delventhal

JGO Kernel


Medals: 42
Projects: 12


Game Engineer


« Reply #1 - Posted 2010-06-06 01:30:54 »

1  
rO0ABXNyABlhbGJpb24uY29tbW9uLkZpbmdlcnByaW50t8BDM/LcEnACAAJbAA1mb250SGlzdG9ncmFtdAACW0lMAAdtaW51dGlhdAAPTGphdmEvdXRpbC9NYXA7eHB1cgACW0lNumAmduqypQIAAHhwAAAAGwAAAAAAAAAXAAAAHwAAAB8AAAAGAAAABQAAAAUAAAASAAAAGAAAAAQAAAABAAAACQAAAA8AAAAZAAAABAAAAAYAAAAOAAAAAAAAAAQAAAAVAAAACQAAAAAAAAABAAAABQAAAAAAAAAAAAAAAnNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAABh3CAAAACAAAAAOdAAMZGV2aWNlMFdpZHRodAAEMTQ0MHQAC2RldmljZUNvdW50dAABMXQAD2phdmEudmVuZG9yLnVybHQAFWh0dHA6Ly93d3cuYXBwbGUuY29tL3QAFGF3dC5tb3VzZS5udW1CdXR0b25zdAABM3QAC2RldmljZTBOYW1ldAAJXERpc3BsYXkwdAAOZGV2aWNlMFJlZnJlc2h0AAEwdAAHb3MubmFtZXQACE1hYyBPUyBYdAANZGV2aWNlMEhlaWdodHQAAzkwMHQACm9zLnZlcnNpb250AAYxMC42LjN0ABVhd3QuZm9udC5kZXNrdG9waGludHN0AD17VGV4dC1zcGVjaWZpYyBhbnRpYWxpYXNpbmcgZW5hYmxlIGtleT1BbnRpYWxpYXNlZCB0ZXh0IG1vZGV9dAAHb3MuYXJjaHQABng4Nl82NHQADGphdmEudmVyc2lvbnQACDEuNi4wXzIwdAAWYXd0Lm11bHRpQ2xpY2tJbnRlcnZhbHQAAzUwMHQAC2phdmEudmVuZG9ydAAKQXBwbGUgSW5jLng=


How does this help with saving? Are you saving the fingerprint in a DB or something? I still don't get how that would really help.

See my work:
OTC Software
Offline Orangy Tang

JGO Kernel


Medals: 51
Projects: 11


Monkey for a head


« Reply #2 - Posted 2010-06-06 01:33:57 »

Yeah, the fingerprint will be used as the key in the server database for the player's save info. This is usually how it's done with cookies (with only the id stored in the cookie) but here because the fingerprint is stable it doesn't need to be stored and can just be regenerated each run.

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline irreversible_kev

Junior Member





« Reply #3 - Posted 2010-06-06 03:09:35 »

1  
rO0ABXNyABlhbGJpb24uY29tbW9uLkZpbmdlcnByaW50AAAAAAAAAAECAAJbAA1mb250SGlzdG9ncmFtdAACW0lMAAdtaW51dGlhdAAPTGphdmEvdXRpbC9NYXA7eHB1cgACW0lNumAmduqypQIAAHhwAAAAGwAAAAAAAAAIAAAABAAAAAsAAAAPAAAABAAAAAQAAAAKAAAAAAAAAAMAAAABAAAABgAAAAgAAAAdAAAAAwAAAAEAAAAEAAAAAAAAAAIAAAASAAAABQAAAAEAAAAEAAAAAgAAAAAAAAAAAAAAAHNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAABh3CAAAACAAAAAXdAAMZGV2aWNlMFdpZHRodAAEMTY4MHQAD3dpbi5tZW51LmhlaWdodHQAAjE5dAALZGV2aWNlQ291bnR0AAExdAANd2luLm1lbnUuZm9udHQAQGphdmEuYXd0LkZvbnRbZmFtaWx5PVNlZ29lIFVJLG5hbWU9U2Vnb2UgVUksc3R5bGU9cGxhaW4sc2l6ZT0xMl10AA9qYXZhLnZlbmRvci51cmx0ABRodHRwOi8vamF2YS5zdW4uY29tL3QAFGF3dC5tb3VzZS5udW1CdXR0b25zdAACMTZ0ABVhd3Qud2hlZWxNb3VzZVByZXNlbnR0AAR0cnVldAALZGV2aWNlME5hbWV0AAlcRGlzcGxheTB0AA5kZXZpY2UwUmVmcmVzaHQAAjYwdAAHb3MubmFtZXQACVdpbmRvd3MgN3QADWRldmljZTBIZWlnaHR0AAQxMDUwdAAcd2luLmZyYW1lLmNhcHRpb25HcmFkaWVudHNPbnEAfgAVdAAYd2luLm1lbnUuYmFja2dyb3VuZENvbG9ydAAhamF2YS5hd3QuQ29sb3Jbcj0yNDAsZz0yNDAsYj0yNDBddAAKb3MudmVyc2lvbnQAAzYuMXQAF3dpbi54cHN0eWxlLnRoZW1lQWN0aXZlcQB+ABV0ABVhd3QuZm9udC5kZXNrdG9waGludHN0AGt7VGV4dC1zcGVjaWZpYyBMQ0QgY29udHJhc3Qga2V5PTEyMCwgVGV4dC1zcGVjaWZpYyBhbnRpYWxpYXNpbmcgZW5hYmxlIGtleT1MQ0QgSFJHQiBhbnRpYWxpYXNpbmcgdGV4dCBtb2RlfXQAB29zLmFyY2h0AAN4ODZ0ABhhd3QuZmlsZS5zaG93SGlkZGVuRmlsZXNxAH4AFXQADGphdmEudmVyc2lvbnQACDEuNi4wXzIwdAAWYXd0Lm11bHRpQ2xpY2tJbnRlcnZhbHQAAzUwMHQAG3dpbi5kZXNrdG9wLmJhY2tncm91bmRDb2xvcnQAG2phdmEuYXd0LkNvbG9yW3I9MCxnPTAsYj0wXXQAC2phdmEudmVuZG9ydAAVU3VuIE1pY3Jvc3lzdGVtcyBJbmMudAAWYXd0LmZpbGUuc2hvd0F0dHJpYkNvbHQABWZhbHNleA==
Offline jezek2
« Reply #4 - Posted 2010-06-06 05:41:01 »

While interesting idea and research of EFF, this will break very easily for your purposes. Also many users have dynamic IPs or are just connecting from different networks. The problem is that the original idea is about connecting the previous information based on probability, so it works only with masses with certain (big) error. This can't be used if you need to precisely identify someone's browser.

Just use cookies, with some detection and warning if they're disabled (or just specify you're using cookies for saving game). Most users have cookies enabled anyway, especially causal gamers. Also add ability to register account so users can play from different computer if they opt to.
Offline Eli Delventhal

JGO Kernel


Medals: 42
Projects: 12


Game Engineer


« Reply #5 - Posted 2010-06-06 07:20:43 »

Yeah, the fingerprint will be used as the key in the server database for the player's save info. This is usually how it's done with cookies (with only the id stored in the cookie) but here because the fingerprint is stable it doesn't need to be stored and can just be regenerated each run.
Why can't a user just type in a login name if you've already got a DB? I guess it's nice to be automatic but it doesn't seem like you're gaining too much here.

See my work:
OTC Software
Offline Jono
« Reply #6 - Posted 2010-06-06 10:28:59 »

1  
rO0ABXNyABlhbGJpb24uY29tbW9uLkZpbmdlcnByaW50AAAAAAAAAAECAAJbAA1mb250SGlzdG9ncmFtdAACW0lMAAdtaW51dGlhdAAPTGphdmEvdXRpbC9NYXA7eHB1cgACW0lNumAmduqypQIAAHhwAAAAGwAAAAAAAAAPAAAABwAAAAQAAAAGAAAAAgAAAAMAAAAEAAAAAAAAAAEAAAAAAAAAFQAAADwAAAAKAAAABAAAAAEAAAADAAAAAAAAAAIAAAAIAAAABwAAABUAAAAEAAAABAAAAAAAAAAAAAAAAHNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAABh3CAAAACAAAAASdAANZGV2aWNlMUhlaWdodHQAAzkwMHQADGRldmljZTBXaWR0aHQABDE5MjB0AAtkZXZpY2VDb3VudHQAATJ0AA9qYXZhLnZlbmRvci51cmx0ABRodHRwOi8vamF2YS5zdW4uY29tL3QAFGF3dC5tb3VzZS5udW1CdXR0b25zdAACMTZ0AAtkZXZpY2UwTmFtZXQABDowLjB0AA5kZXZpY2UwUmVmcmVzaHQAATB0AAdvcy5uYW1ldAAFTGludXh0AA5kZXZpY2UxUmVmcmVzaHQAATB0AA1kZXZpY2UwSGVpZ2h0dAAEMTA4MHQAC2RldmljZTFOYW1ldAAEOjAuMXQACm9zLnZlcnNpb250ABEyLjYuMzItMjItZ2VuZXJpY3QAFWF3dC5mb250LmRlc2t0b3BoaW50c3QAR3tUZXh0LXNwZWNpZmljIGFudGlhbGlhc2luZyBlbmFibGUga2V5PUxDRCBIUkdCIGFudGlhbGlhc2luZyB0ZXh0IG1vZGV9dAAMZGV2aWNlMVdpZHRodAAEMTQ0MHQAB29zLmFyY2h0AAVhbWQ2NHQADGphdmEudmVyc2lvbnQACDEuNi4wXzIwdAAWYXd0Lm11bHRpQ2xpY2tJbnRlcnZhbHQAAzIwMHQAC2phdmEudmVuZG9ydAAVU3VuIE1pY3Jvc3lzdGVtcyBJbmMueA==

So if a user plays on a different machine they'd have a different set of save info? What about if they just installed some new fonts?
Offline Orangy Tang

JGO Kernel


Medals: 51
Projects: 11


Monkey for a head


« Reply #7 - Posted 2010-06-06 11:03:42 »

While interesting idea and research of EFF, this will break very easily for your purposes.
Well that's what this thread is about - trying to gather data from people to see how unique (or not) these fingerprints are.

Quote
Just use cookies, with some detection and warning if they're disabled (or just specify you're using cookies for saving game). Most users have cookies enabled anyway, especially causal gamers. Also add ability to register account so users can play from different computer if they opt to.
Cookies require per-browser and per-os testing, which I just don't have the time and hardware to pull off.

Quote from:  Demonpants
Why can't a user just type in a login name if you've already got a DB? I guess it's nice to be automatic but it doesn't seem like you're gaining too much here.
Just typing a username is unreliable because there's lots of people who'll just type in their (common) first name so i'll get people playing with different user's data. Adding a username+password combo is reliable but from what I've personally seen a lot of players are instantly turned off and with close the game straight away. The idea is to use this to get people playing straight away, and provide an option for entering a username / password at any later point, but until they do the fingerprint + IP will have a reasonably good chance of restoring their game.

I suppose just asking for the user's name would also make the fingerprint matching better, but I'm not sure I want the extra step for the user.

Quote from: jono
So if a user plays on a different machine they'd have a different set of save info? What about if they just installed some new fonts?
Different machine == different save.
Minor system changes (installing / removing fonts, upgrading VM) should be ok, since I can directly compare the code points / minutia between fingerprints and get a difference value (eg. installing a new font would make the fingerprint differ by 1). Changes under a certain threshold will be considered to be the same system.


It seems like everyone's programmer OCD just has to come up with the convoluted edge cases where this will have issues. Smiley I'm already aware of them but frankly I don't think they matter for what I'm after here.

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Offline mike_bike_kite

Senior Member


Medals: 1
Projects: 2



« Reply #8 - Posted 2010-06-06 11:21:42 »

I wanted to do the same thing with one of my games to store the user's high score and tried using the MAC address of the users computer - this worked fine on some machines but stopped the program from running at all on other computers (apple). In the end I game up:(

Arcade swarm
Board Chess - Checkers - Othello
Offline CommanderKeith
« Reply #9 - Posted 2010-06-06 15:10:23 »

Pretty cool. Here's mine:

1  
rO0ABXNyABlhbGJpb24uY29tbW9uLkZpbmdlcnByaW50AAAAAAAAAAECAAJbAA1mb250SGlzdG9ncmFtdAACW0lMAAdtaW51dGlhdAAPTGphdmEvdXRpbC9NYXA7eHB1cgACW0lNumAmduqypQIAAHhwAAAAGwAAAAAAAAAMAAAAFgAAABgAAAAJAAAACgAAAA4AAAARAAAABAAAAAUAAAADAAAABgAAAAwAAAAkAAAABQAAAAMAAAAMAAAAAAAAAAcAAAARAAAACQAAAAAAAAAFAAAABQAAAAAAAAAAAAAAAHNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAABh3CAAAACAAAAAXdAAMZGV2aWNlMFdpZHRodAAEMTQ0MHQAD3dpbi5tZW51LmhlaWdodHQAAjE5dAALZGV2aWNlQ291bnR0AAExdAANd2luLm1lbnUuZm9udHQAQGphdmEuYXd0LkZvbnRbZmFtaWx5PVNlZ29lIFVJLG5hbWU9U2Vnb2UgVUksc3R5bGU9cGxhaW4sc2l6ZT0xMl10AA9qYXZhLnZlbmRvci51cmx0ABRodHRwOi8vamF2YS5zdW4uY29tL3QAFGF3dC5tb3VzZS5udW1CdXR0b25zdAABM3QAFWF3dC53aGVlbE1vdXNlUHJlc2VudHQABHRydWV0AAtkZXZpY2UwTmFtZXQACVxEaXNwbGF5MHQADmRldmljZTBSZWZyZXNodAACNjB0AAdvcy5uYW1ldAANV2luZG93cyBWaXN0YXQADWRldmljZTBIZWlnaHR0AAM5MDB0ABx3aW4uZnJhbWUuY2FwdGlvbkdyYWRpZW50c09ucQB+ABV0ABh3aW4ubWVudS5iYWNrZ3JvdW5kQ29sb3J0ACFqYXZhLmF3dC5Db2xvcltyPTI0MCxnPTI0MCxiPTI0MF10AApvcy52ZXJzaW9udAADNi4wdAAXd2luLnhwc3R5bGUudGhlbWVBY3RpdmVxAH4AFXQAFWF3dC5mb250LmRlc2t0b3BoaW50c3QAa3tUZXh0LXNwZWNpZmljIGFudGlhbGlhc2luZyBlbmFibGUga2V5PUxDRCBIUkdCIGFudGlhbGlhc2luZyB0ZXh0IG1vZGUsIFRleHQtc3BlY2lmaWMgTENEIGNvbnRyYXN0IGtleT0xMjB9dAAHb3MuYXJjaHQAA3g4NnQAGGF3dC5maWxlLnNob3dIaWRkZW5GaWxlc3QABWZhbHNldAAMamF2YS52ZXJzaW9udAAIMS42LjBfMjB0ABZhd3QubXVsdGlDbGlja0ludGVydmFsdAADNDgwdAAbd2luLmRlc2t0b3AuYmFja2dyb3VuZENvbG9ydAAbamF2YS5hd3QuQ29sb3Jbcj0wLGc9MCxiPTBddAALamF2YS52ZW5kb3J0ABVTdW4gTWljcm9zeXN0ZW1zIEluYy50ABZhd3QuZmlsZS5zaG93QXR0cmliQ29scQB+ACl4


Games published by our own members! Check 'em out!
Legends of Yore - The Casual Retro Roguelike
Offline CaptainJester

JGO Knight


Medals: 12
Projects: 2


Make it work; make it better.


« Reply #10 - Posted 2010-06-06 16:09:42 »

Just ask for an email address.  Make the password optional.  Also only ask for it at the point they want to save.  If people get to that point then they have invested enough time that entering an email address will not be that much bother.  People only tend to be turned off by registration systems that take too much time.  ie arbitrary rules for password characters or short lengths for user names.

Offline SimonH
« Reply #11 - Posted 2010-06-06 17:13:00 »

1  
rO0ABXNyABlhbGJpb24uY29tbW9uLkZpbmdlcnByaW50AAAAAAAAAAECAAJbAA1mb250SGlzdG9ncmFtdAACW0lMAAdtaW51dGlhdAAPTGphdmEvdXRpbC9NYXA7eHB1cgACW0lNumAmduqypQIAAHhwAAAAGwAAAAAAAAADAAAAAwAAAAMAAAAEAAAAAAAAAAAAAAACAAAAAQAAAAEAAAAAAAAAAAAAAAQAAAAFAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAFAAAAAwAAAAAAAAACAAAABAAAAAEAAAAAAAAAAHNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAABh3CAAAACAAAAAWdAAMZGV2aWNlMFdpZHRodAAEMTAyNHQAD3dpbi5tZW51LmhlaWdodHQAAjE4dAALZGV2aWNlQ291bnR0AAExdAANd2luLm1lbnUuZm9udHQAPGphdmEuYXd0LkZvbnRbZmFtaWx5PVRhaG9tYSxuYW1lPVRhaG9tYSxzdHlsZT1wbGFpbixzaXplPTExXXQAD2phdmEudmVuZG9yLnVybHQAFGh0dHA6Ly9qYXZhLnN1bi5jb20vdAAUYXd0Lm1vdXNlLm51bUJ1dHRvbnN0AAEzdAAVYXd0LndoZWVsTW91c2VQcmVzZW50dAAEdHJ1ZXQAC2RldmljZTBOYW1ldAAJXERpc3BsYXkwdAAOZGV2aWNlMFJlZnJlc2h0AAI3NXQAB29zLm5hbWV0AAxXaW5kb3dzIDIwMDB0AA1kZXZpY2UwSGVpZ2h0dAADNzY4dAAcd2luLmZyYW1lLmNhcHRpb25HcmFkaWVudHNPbnEAfgAVdAAYd2luLm1lbnUuYmFja2dyb3VuZENvbG9ydAAhamF2YS5hd3QuQ29sb3Jbcj0yMTIsZz0yMDgsYj0yMDBddAAKb3MudmVyc2lvbnQAAzUuMHQAFWF3dC5mb250LmRlc2t0b3BoaW50c3QARntUZXh0LXNwZWNpZmljIGFudGlhbGlhc2luZyBlbmFibGUga2V5PURlZmF1bHQgYW50aWFsaWFzaW5nIHRleHQgbW9kZX10AAdvcy5hcmNodAADeDg2dAAYYXd0LmZpbGUuc2hvd0hpZGRlbkZpbGVzcQB+ABV0AAxqYXZhLnZlcnNpb250AAgxLjYuMF8xNnQAFmF3dC5tdWx0aUNsaWNrSW50ZXJ2YWx0AAM1MDB0ABt3aW4uZGVza3RvcC5iYWNrZ3JvdW5kQ29sb3J0ACBqYXZhLmF3dC5Db2xvcltyPTU4LGc9MTEwLGI9MTY1XXQAC2phdmEudmVuZG9ydAAVU3VuIE1pY3Jvc3lzdGVtcyBJbmMudAAWYXd0LmZpbGUuc2hvd0F0dHJpYkNvbHQABWZhbHNleA==


I like the idea, but I can't ever see it being reliable for the reasons given above. I don't think people mind registering if they think it's worth it. The funorb system of play unregistered but register to save games (& other benefits) is a good one.

People make games and games make people
Offline Orangy Tang

JGO Kernel


Medals: 51
Projects: 11


Monkey for a head


« Reply #12 - Posted 2010-06-06 19:19:42 »

Man, you guys need to actually watch users (proper users, not your tech-savy friends) and how they behave. And I do mean watch, not just sit over their shoulder giving them instructions at every step.

Ask for an email address before gameplay? -> Browser closed, user gone.
Ask for username and registration before gameplay? -> Browser closed, user gone.
Force use to manually save? -> user never saves.
Popup telling user 'game will not be saved until you enable cookies / javascript'? -> Popup ignored, user probably gone.

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Offline Eli Delventhal

JGO Kernel


Medals: 42
Projects: 12


Game Engineer


« Reply #13 - Posted 2010-06-06 19:30:49 »

If those are problems. why not have the player name their character/gun/ship/whatever some name that must be unique, but when they start give them a default (combination of 3 random words from a 1,000 item list or something)?

For example, if you have a spaceship game when the game starts up their ship could be named IllegalMonsterNail or something, and they have the option at any point to type in a different ship name (that must be unique to your DB). Use IllegalMonsterNail as the key for the DB and whenever they change the name use that instead.

I guess the main problem for you is asking the user for their ship's name, and/or stopping people from typing in OrangyTangsShip to access your account.

But still, it seems like if you make it seem like it's part of the game ("Jump into an existing ship!" "What's the ship's name?") rather than "Please log in" then most people won't even notice.

See my work:
OTC Software
Offline Nate

JGO Kernel


Medals: 129
Projects: 3
Exp: 14 years


Esoteric Software


« Reply #14 - Posted 2010-06-07 08:00:05 »

Popup telling user 'game will not be saved until you enable cookies / javascript'? -> Popup ignored, user probably gone.
I was with you up to the last point. I would just use cookies. If you are targeting normal users, normal users have cookies and javascript enabled.

Offline princec

JGO Kernel


Medals: 284
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #15 - Posted 2010-06-07 11:50:51 »

Aside: are local user prefs not allowed for sandboxed applets?

Cas Smiley

Offline kappa
« League of Dukes »

JGO Kernel


Medals: 70
Projects: 15


★★★★★


« Reply #16 - Posted 2010-06-07 13:54:20 »

Aside: are local user prefs not allowed for sandboxed applets?

Cas Smiley

nope, the Preference API is not allowed from the sandbox.

If you launch your applets with a jnlp file (new stuff in plugin2) then you can use JWS muffins for local storage (you get 250kb). However using jnlp for applets isn't that nice. It would be nice if they allowed access to muffins using just the normal applet tag, maybe via parameter if not by default.

The javascript bridge is pretty good now for applets so cookies look like the easiest way to handle this problem (html5 web storage is looking pretty good too now and might be the way to go once it becomes a bit more widespread).

Another idea you might want to explore is Flash. It gives you 100kb of local storage and available almost everywhere, so you could use a hidden flash element and just pass the information via javascript to it and allow it to store it for you (yeh its a long shot, but hey it'll work Smiley).

This finger printing looks like an interesting idea method but sounds like it might break easily if something on the system changes.
Offline zammbi

JGO Coder


Medals: 4



« Reply #17 - Posted 2010-06-07 13:59:43 »

JavaFX allows saving without a security popup I believe.

Current project - Rename and Sort
Offline Orangy Tang

JGO Kernel


Medals: 51
Projects: 11


Monkey for a head


« Reply #18 - Posted 2010-06-07 16:29:14 »

nope, the Preference API is not allowed from the sandbox.

It's even more annoying than that though - ServiceManager.getServiceNames() actually returns (amongst other things) 'PersistenceService', which implies it's actually available, but trying to actually lookup the service will fail. (As opposed to a regular client app, where the list of service names will be empty).

It really looks like it should be available to applets, but someone was sloppy and forgot to call an initialisation function somewhere. Angry

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Offline h3ckboy
« Reply #19 - Posted 2010-06-10 09:28:48 »

Im with demonpants. Just be like,  "what willy ou name your character?", and there you got a username.
Offline bobjob

JGO Knight


Medals: 10
Projects: 6


David Aaron Muhar


« Reply #20 - Posted 2010-06-10 10:40:35 »



1  
rO0ABXNyABlhbGJpb24uY29tbW9uLkZpbmdlcnByaW50AAAAAAAAAAECAAJbAA1mb250SGlzdG9ncmFtdAACW0lMAAdtaW51dGlhdAAPTGphdmEvdXRpbC9NYXA7eHB1cgACW0lNumAmduqypQIAAHhwAAAAGwAAAAAAAAAIAAAABAAAAAsAAAAPAAAABAAAAAQAAAAKAAAAAAAAAAMAAAABAAAABgAAAAgAAAAdAAAAAwAAAAEAAAAEAAAAAAAAAAIAAAASAAAABQAAAAEAAAAEAAAAAgAAAAAAAAAAAAAAAHNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAABh3CAAAACAAAAAXdAAMZGV2aWNlMFdpZHRodAAEMTkyMHQAD3dpbi5tZW51LmhlaWdodHQAAjE5dAALZGV2aWNlQ291bnR0AAExdAANd2luLm1lbnUuZm9udHQAQGphdmEuYXd0LkZvbnRbZmFtaWx5PVNlZ29lIFVJLG5hbWU9U2Vnb2UgVUksc3R5bGU9cGxhaW4sc2l6ZT0xMl10AA9qYXZhLnZlbmRvci51cmx0ABRodHRwOi8vamF2YS5zdW4uY29tL3QAFGF3dC5tb3VzZS5udW1CdXR0b25zdAABNXQAFWF3dC53aGVlbE1vdXNlUHJlc2VudHQABHRydWV0AAtkZXZpY2UwTmFtZXQACVxEaXNwbGF5MHQADmRldmljZTBSZWZyZXNodAACNTl0AAdvcy5uYW1ldAAJV2luZG93cyA3dAANZGV2aWNlMEhlaWdodHQABDEwODB0ABx3aW4uZnJhbWUuY2FwdGlvbkdyYWRpZW50c09ucQB+ABV0ABh3aW4ubWVudS5iYWNrZ3JvdW5kQ29sb3J0ACFqYXZhLmF3dC5Db2xvcltyPTI0MCxnPTI0MCxiPTI0MF10AApvcy52ZXJzaW9udAADNi4xdAAXd2luLnhwc3R5bGUudGhlbWVBY3RpdmVxAH4AFXQAFWF3dC5mb250LmRlc2t0b3BoaW50c3QAa3tUZXh0LXNwZWNpZmljIExDRCBjb250cmFzdCBrZXk9MTIwLCBUZXh0LXNwZWNpZmljIGFudGlhbGlhc2luZyBlbmFibGUga2V5PUxDRCBIUkdCIGFudGlhbGlhc2luZyB0ZXh0IG1vZGV9dAAHb3MuYXJjaHQAA3g4NnQAGGF3dC5maWxlLnNob3dIaWRkZW5GaWxlc3EAfgAVdAAMamF2YS52ZXJzaW9udAAIMS42LjBfMjB0ABZhd3QubXVsdGlDbGlja0ludGVydmFsdAADNTAwdAAbd2luLmRlc2t0b3AuYmFja2dyb3VuZENvbG9ydAAbamF2YS5hd3QuQ29sb3Jbcj0wLGc9MCxiPTBddAALamF2YS52ZW5kb3J0ABVTdW4gTWljcm9zeXN0ZW1zIEluYy50ABZhd3QuZmlsZS5zaG93QXR0cmliQ29sdAAFZmFsc2V4

very interesting idea. Ill be keen to see how effective this is at handling accounts.

My Projects
Games, Webcam chat, Video screencast, PDF tools.

Javagaming.org with chat room
Offline bobjob

JGO Knight


Medals: 10
Projects: 6


David Aaron Muhar


« Reply #21 - Posted 2010-06-10 10:52:59 »

Im guessing it could only help to generate serverside info, such as source IP address.

does the fingerprint currently include local network address.
http://reglos.de/myaddress/MyAddress.html

My Projects
Games, Webcam chat, Video screencast, PDF tools.

Javagaming.org with chat room
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 70
Projects: 15


★★★★★


« Reply #22 - Posted 2010-06-10 12:15:33 »

correct me if i'm wrong but it seems that unsigned applets can get the MAC Address, isn't this enough to uniquely identify a computer?

http://techdetails.agwego.com/2008/02/11/37/
Offline princec

JGO Kernel


Medals: 284
Projects: 3
Exp: 16 years


Eh? Who? What? ... Me?


« Reply #23 - Posted 2010-06-10 12:38:35 »

Not on its own but combined with just 1 or 2 other bits of information it'd probably be perfectly adequate.

Cas Smiley

Offline Orangy Tang

JGO Kernel


Medals: 51
Projects: 11


Monkey for a head


« Reply #24 - Posted 2010-06-10 13:03:34 »

correct me if i'm wrong but it seems that unsigned applets can get the MAC Address, isn't this enough to uniquely identify a computer?

http://techdetails.agwego.com/2008/02/11/37/

I've looked into getting the mac before and IIRC the method mentioned there is massively unreliable (especially when you start talking about non-windows or non-java6 VMs). The only reliable way to get the mac address in java required signed code.

That said, it could be integrated into the fingerprinting to provide more accurate results on the platforms that do actually return something.

[ TriangularPixels.com - Play Growth Spurt, Rescue Squad and Snowman Village ] [ Rebirth - game resource library ]
Offline bobjob

JGO Knight


Medals: 10
Projects: 6


David Aaron Muhar


« Reply #25 - Posted 2010-06-14 04:47:06 »

I have been thinking about this idea a bit lately, I thought of another great instance for varation.

I know there are issues with cookies, but i think it would make sence to try at least implement it, so that it takes a random generated cookie into account for the fingerprint.
cant hurt can it?

My Projects
Games, Webcam chat, Video screencast, PDF tools.

Javagaming.org with chat room
Offline kappa
« League of Dukes »

JGO Kernel


Medals: 70
Projects: 15


★★★★★


« Reply #26 - Posted 2010-06-14 11:14:55 »

another option that could be used http://developer.yahoo.com/yui/swfstore/ should be more reliable then cookies and work the same crossplatfrom/crossbrowsers.
Offline Swattkidd7

Junior Member





« Reply #27 - Posted 2010-06-15 00:06:17 »

Hmm, I think that if you have a main menu screen where they can enter a "Ships name" and then a "Ships password" with a little tip underneath it explaining what it is used for, then you should be fine because the only thing that turns off most people in "registering" is when it asks for your email and then you have to go verify etc etc. But if you can just type some stuff in and start, it should be fine.
Online Riven
« League of Dukes »

JGO Overlord


Medals: 606
Projects: 4
Exp: 16 years


Hand over your head.


« Reply #28 - Posted 2010-06-15 00:46:23 »

Why not look at it from the other side?

What is registering and logging in:
1. Submitting a username/password
2. The server creates / looks up a database row for you
3. A cookie is sent back to the client, which the client uses every request to confirm it is logged in.

Why don't we do it a different way, as in the end, the only thing a client needs is a cookie. The username/password are only a way to deliver the right serial (cookie) to the right client. If the client knows the serial, it can ignore logging in. We can take it one step further: we don't even need a username/password, at all, ever.

Each new client gets a serial (cookie) from the server and that will be his sole identifier. The serial can be queried in the UI, and used to login into another browser, or another computer. It can even be sent to an emailaddress, if the user wishes to do so.

In conclusion: the first hit you make to a site *is* your registration process: the generated serial is stored in the database. It happens behind the scenes, the user doesn't know. The serial is the 'applet fingerprint'.


Regarding your current fingerprinting algorithm: it's flaky at best. I wouldn't want to trust any identification of any user on it. Random serial numbers are much more effective, and more importantly: you can use the same serial to login from different browsers or machines.

Hi, appreciate more people! Σ ♥ = ¾
Learn how to award medals... and work your way up the social rankings
Pages: [1]
  ignore  |  Print  
 
 
You cannot reply to this message, because it is very, very old.

 

Add your game by posting it in the WIP section,
or publish it in Showcase.

The first screenshot will be displayed as a thumbnail.

xsi3rr4x (64 views)
2014-04-15 18:08:23

BurntPizza (62 views)
2014-04-15 03:46:01

UprightPath (75 views)
2014-04-14 17:39:50

UprightPath (58 views)
2014-04-14 17:35:47

Porlus (76 views)
2014-04-14 15:48:38

tom_mai78101 (101 views)
2014-04-10 04:04:31

BurntPizza (161 views)
2014-04-08 23:06:04

tom_mai78101 (256 views)
2014-04-05 13:34:39

trollwarrior1 (209 views)
2014-04-04 12:06:45

CJLetsGame (216 views)
2014-04-01 02:16:10
List of Learning Resources
by SHC
2014-04-18 03:17:39

List of Learning Resources
by Longarmx
2014-04-08 03:14:44

Good Examples
by matheus23
2014-04-05 13:51:37

Good Examples
by Grunnt
2014-04-03 15:48:46

Good Examples
by Grunnt
2014-04-03 15:48:37

Good Examples
by matheus23
2014-04-01 18:40:51

Good Examples
by matheus23
2014-04-01 18:40:34

Anonymous/Local/Inner class gotchas
by Roquen
2014-03-11 15:22:30
java-gaming.org is not responsible for the content posted by its members, including references to external websites, and other references that may or may not have a relation with our primarily gaming and game production oriented community. inquiries and complaints can be sent via email to the info‑account of the company managing the website of java‑gaming.org
Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines | Managed by Enhanced Four Valid XHTML 1.0! Valid CSS!