Hi Simon,
Thank you for reaching out. Allow me to reiterate what I shared with you in the Support Case you raised with Vercel Support for the benefits of others in the Community:
It’s important to note that while JA4 fingerprinting can provide valuable information, it’s not designed to uniquely identify individual users or devices. The assumption that each user should generate a unique JA4 fingerprint is unfortunately not accurate. Here’s why:
- Standardized TLS libraries: Many applications use standard TLS libraries, which can result in identical JA4 fingerprints for different users.
- Common browser engines: Popular web browsers often share similar or identical TLS configurations, especially if they’re based on the same engine (e.g., Chromium).
- Operating system updates: When OS updates occur, many users on the same version may suddenly share the same JA4 fingerprint.
- Limited variability: While there are many possible TLS configurations, in practice, only a subset of secure and efficient options are commonly used.
- Cloud services and CDNs: Users accessing content through popular cloud services or CDNs may generate similar or identical JA4 fingerprints.
These factors explain why you and users mentioned in the community post are generating the same fingerprint. Your specific JA4 fingerprint is even the first one listed in this Github repo:
It’s not a malfunction, but rather a limitation of using JA4 fingerprinting for unique user identification.
Please let us know if you have any further questions or issues.