(no title)

I think he is saying that users can't be tracked between page-loads using this method, or your risk sending multiple users the same token. (which is true, at least with this implementation)

The time they spend on the website, latency, etc can all be used to add to a fingerprint, but there isn't something magic that makes this accurate, especially without JavaScript.

Edit: please don't mind me ghostposting kthx