Last updated: 12 July 2025
Click fraud is a major challenge for advertisers. Some companies try to detect bots by using device fingerprinting - a technique that identifies a user’s device based on unique browser and hardware attributes. While device fingerprinting can be useful, it’s far from a reliable way to spot click fraud. Here’s why.
What is click fraud?
Click fraud is an online scam where criminals use bots to click on ads, draining advertisers’ budgets and generating fake leads and abandoned checkouts. These bots mimic human behavior to trick advertising networks into treating the traffic as real, costing businesses billions every year.
Fraudsters create websites filled with copied or generic content and open publisher accounts with ad networks like Google Ads or Microsoft Ads. Instead of waiting for real visitors, they deploy bots that simulate searches for high-value keywords and click ads to earn revenue.
To avoid detection, bots also submit fake conversions - such as filling out lead forms or adding items to shopping carts - to fool the ad networks into thinking the traffic is high quality.
What is device fingerprinting?
Device fingerprinting collects data points from a device’s browser and hardware - such as operating system, browser version, screen size, fonts, plugins, timezone, and more - to create a pseudo-unique identifier or “fingerprint.” The goal is to recognize devices across visits and flag suspicious or inconsistent fingerprints.
Imagine it like a police sketch: basic details (gender, height) are common, but add in tattoos, gait, and language, and you get a profile that’s quite distinctive - yet not perfectly unique.
Websites gather this info by running JavaScript commands like navigator.userAgent or navigator.plugins when you visit them.
Why device fingerprinting is easy to fake
Fraudsters are aware of fingerprinting and actively tamper with it to avoid detection.
They use methods like:
- JavaScript tampering - modifying scripts to send false device data
- JavaScript proxy objects - intercepting calls and faking device attribute responses
These tricks let a single bot appear as many different devices or disguise bots as real users, causing inaccurate detection with false negatives (missed fraud) and false positives (blocking real users).
Why device fingerprinting alone can’t stop click fraud
Because it’s so easy to fake fingerprints, relying only on device fingerprinting leads to unreliable results. Many of our competitors depend heavily on this method, missing much fraud or mistakenly blocking legitimate traffic.
How Polygraph uses device fingerprinting differently
Polygraph logs and tracks devices with fake fingerprints but doesn’t assume these are fraudulent by default - many users have legitimate reasons (like privacy browser plugins) to mask their fingerprint.
However, if an unusually high percentage of visitors have fake fingerprints - for example, 50% or more - this strongly suggests advanced click fraud bots are active.
By combining fingerprint data with other advanced detection techniques, Polygraph paints a clearer picture of suspicious traffic, improving accuracy and protecting your ad budget.
Why this matters
Device fingerprinting is just one tool in the fight against click fraud. Used alone, it’s unreliable and easily fooled. But integrated into a layered, sophisticated approach - like Polygraph’s - it helps uncover hidden fraud and reduce wasted ad spend.
In summary
Device fingerprinting creates a pseudo-unique identifier based on device and browser data, but fraudsters can easily fake these fingerprints. As a result, fingerprinting is unreliable on its own for detecting click fraud. Polygraph tracks fake fingerprints as part of a broader detection strategy to identify suspicious traffic and better protect advertisers.