Cross-Device Tracking: Linking Sessions Without Login

When a user visits your site on their laptop in the morning and their phone in the afternoon, most analytics platforms see two completely separate visitors. Our device identification algorithm can link these sessions probabilistically — without requiring login — by analyzing signal overlap and building device graphs.

The Cross-Device Problem

Traditional fingerprinting generates a unique ID per browser instance. Chrome on a laptop produces one ID; Safari on an iPhone produces another. Even on the same device, different browsers generate different fingerprints because they have different user agents, different feature support, and different rendering characteristics.

But users do not think in terms of browsers. They think in terms of sessions. They start a purchase on their phone during lunch and finish it on their laptop at home. They research a product on their tablet and buy it on their desktop. For fraud detection and personalization, understanding that these sessions belong to the same person is critical.

Probabilistic Signal Matching

Our cross-device linking works by identifying signals that are shared across devices on the same network or owned by the same person. IP address and network characteristics are the most obvious shared signals — devices on the same Wi-Fi network share the same public IP and often the same ISP and ASN.

But IP alone is not enough. Many users share the same IP (office networks, university campuses, carrier-grade NAT). We combine IP matching with temporal analysis (do the sessions happen at similar times?), behavioral similarity (do they visit similar pages?), and hardware correlation (are the devices consistent with a single owner — for example, a MacBook and an iPhone rather than two Windows desktops?).

Device Graph Construction

Each confirmed or high-probability link between sessions creates an edge in a device graph. The graph connects browser instances to device nodes, and device nodes to person nodes. Over time, as more sessions accumulate, the graph becomes increasingly accurate.

The graph construction uses a conservative approach: we require multiple corroborating signals before creating a link, and we assign confidence scores to each edge. A link based on shared IP alone might have a confidence of 0.3, while a link based on shared IP + temporal correlation + consistent device ecosystem might have a confidence of 0.9.

Fraud Detection Applications

Cross-device linking is particularly powerful for fraud detection. A fraudster who creates accounts on multiple devices can be identified when those devices share network characteristics. A stolen credit card used on a device that has never been associated with the cardholder's device graph triggers an immediate alert.

We have seen fraud rings where a single operator uses dozens of virtual machines to create fake accounts. While each VM has a unique fingerprint, they all share the same underlying hardware characteristics and network profile. Our graph analysis connects them, exposing the entire ring from a single detected account.

Privacy-Preserving Design

Cross-device linking raises legitimate privacy concerns. Our approach mitigates these through several design decisions. First, linking is probabilistic, not deterministic — we never claim certainty about cross-device connections. Second, all linking happens server-side on your infrastructure, not ours. Third, linking can be disabled entirely if it is not relevant to your use case. Fourth, users can be provided with transparency about linked devices through your privacy interface.

Accuracy Metrics

In controlled testing with known cross-device sessions, our linking algorithm achieves 78% recall (finding 78% of true cross-device pairs) with 94% precision (94% of identified links are correct). These numbers reflect a deliberate tradeoff favoring precision over recall — we would rather miss a link than create a false one.