Appearance
User Identifiers
Before you can configure a behavior, you need to answer a simple question:
Behavior of what?
Behaviors must be linked to something. For example, if you want to know when users create multiple accounts (e.g. to detect free trial abuse), you need to decide whether to track multiple accounts per device, IP address, or some other identifier.
Honeypot allows you to track behaviors against any identifier you'd like. Some common options are listed below. Once you've selected an identifier, you can then configure the behavior accordingly.
Handprint ID
Field: handprint_id
Confidence: Medium-High
Persistence: Survives browser restarts, cookie clearing, and minor network changes
Handprint IDs combine client and network signals to create a stable identifier that tolerates short-term changes that would break other identification methods.
Use when:
- Dealing with sophisticated users who clear cookies or change browsers
Limitations:
- May occasionally link legitimate users sharing networks (offices, families)
Device ID
Field: device_id
Confidence: Highest Persistence: Survives browser restarts, lost when cookies are cleared
Cookie-based identifier. Reliable for tracking across browser sessions on the same device.
Use when:
- Critical applications where false positives are costly
- Users are unlikely to clear cookies frequently
- You want a balance between accuracy and coverage
- Building user behavior profiles over time
Limitations:
- Lost when users clear cookies or use incognito mode
- Different browsers on same device = different IDs
Browser Fingerprint
Field: browser_fingerprint
Confidence: Medium (Use with caution)
Persistence: Can survive cookie clearing but affected by browser updates
Computes information about the client browser and system configuration.
Use when:
- As a secondary signal combined with other identifiers
- Users are on older browsers with less anti-fingerprinting protection
- You need some identification even when cookies are disabled
Limitations:
- Modern browsers actively fight fingerprinting
- Can change with browser updates or settings changes
- Privacy-conscious users may have similar fingerprints
IP Address
Field: ip_address
Confidence: Low-Medium
Persistence: Can change frequently
Network-based identification using the user's IP address.
Use when:
- As supporting evidence with other identifiers
- Detecting rapid account creation from same location
- Geographic-based restrictions are relevant
Limitations:
- Shared by multiple users (offices, families, public WiFi)
- Can change frequently (mobile networks, VPNs)
- Easy to circumvent with proxies/VPNs
Custom Properties
When you call honeypot.track, you can optionally pass in custom event properties. These can also be used as grouping criteria / user identifiers. Two common use cases are email and phone_number.
For example, if you call Honeypot with this payload:
js
// Load your honeypot
honeypot.setup({ url: 'https://<your-honeypot-url>/js' })
// Track an individual event
await honeypot.track(
'Login',
// custom identifiers in the event properties
{"email": "a@example.com", "phone": "123-456-7890"}
)python
from honeypot import honeypot
insights = honeypot(url)
.set_ip(ip)
.identify("user123")
.track(
"Login",
# custom identifiers in the event properties
{"email": "a@example.com", "phone": "123-456-7890"}
)You could set the group_by value in your behavior config to event_properties.phone or event_properties.email to capture behaviors at the email or phone level.