One Device. One Trial.
No Exceptions.
Trial abuse is the most common fraud vector in SaaS — and the most undertreated. Users create unlimited free accounts using email aliases, incognito mode, and VPN rotation. Every traditional countermeasure is defeated in seconds. VerifyStack solves this at the hardware layer: crystal oscillator drift fingerprinting creates a device identity that survives everything except purchasing a new device.
Abuse Vector Analysis
Each evasion technique has a specific cost to the abuser and a specific VerifyStack signal that defeats it. The fundamental insight: every evasion operates at the software layer, while VerifyStack's signals are anchored in physical hardware properties that cannot be programmatically altered.
Email Aliasing
Gmail dot-trick (j.ohn@gmail.com), plus-addressing (john+trial1@gmail.com), and disposable services (Guerrilla Mail, TempMail)
Even with unique emails, the hardware fingerprint matches across all aliases from the same device.
Browser Profile Isolation
Separate Chrome profiles, Firefox containers, or different browsers entirely. Each profile appears as a distinct "user" to cookie-based tracking.
Crystal oscillator drift and GPU shader timing are OS-level properties — browser profiles don't change silicon.
Incognito / Private Browsing
Incognito mode clears cookies, localStorage, and sessionStorage. Many platforms treat incognito as a "new" visitor.
Incognito clears software state. It cannot change the frequency of a quartz crystal oscillator.
VPN & Proxy Rotation
Residential proxy services (SOAX, Bright Data) provide millions of clean IP addresses. Each trial signup appears from a different geographic location.
The device fingerprint is computed entirely client-side from hardware signals. Changing the IP changes nothing.
Virtual Machines
VirtualBox, VMware, or cloud VMs create distinct OS environments. Each VM appears as a separate "device" to basic fingerprinting.
VM detection is a dedicated signal layer. GPU timing in virtual environments exhibits characteristic latency signatures distinct from bare-metal.
Anti-Detect Browsers
Multilogin, GoLogin, and Dolphin Anty spoof browser fingerprints (user-agent, canvas, WebGL) to create unlimited "unique" browser profiles.
VerifyStack's hardware probes operate below the browser fingerprint layer. Anti-detect tools modify the wrong abstraction level.
Detection Pipeline
From page load to risk decision, the entire pipeline executes in under 270ms total (<200ms client-side + <12ms server-side). The user experiences zero perceptible delay in the registration flow.
Signal Collection
<200msBrowser SDK runs 9 hardware probes in parallel: crystal oscillator drift, GPU shader timing, audio DAC latency, canvas rendering, WebGL renderer hash, memory access patterns, sensor calibration, screen characterization, and font enumeration.
Device Identity Computation
<50msRaw signals are normalized, entropy-weighted, and hashed through the SimHash FNV-1a algorithm to produce a deterministic device fingerprint (visitorId) that is stable across sessions and browsers.
Historical Correlation
<15msThe visitorId is checked against the device graph to identify any previously-seen accounts associated with this hardware. Accounts within Hamming distance 3 are linked.
Velocity Analysis
<3msDual-window velocity tracking evaluates signup frequency from this device: burst detection (1-minute window) and behavioral pattern detection (1-hour window). Device velocity threshold: high=20/hour.
Bayesian Fusion & Decision
<50msAll signal layers are fused through the Bayesian Beta distribution model. The /api/v1/decide endpoint returns allow, challenge, or deny with structured explainability metadata.
Implementation Path
Four steps from zero to protected. Most teams complete the integration in under 30 minutes. The SDK handles all signal collection automatically — no manual probe configuration required.
Registration Page Integration
Add the Browser SDK to your registration page. The SDK begins hardware probing immediately on page load, ensuring signals are collected before the form is submitted.
Add <script> tag → SDK auto-initializes → signals ready at form submit
Server-Side Decision
When the registration form is submitted, send the collected requestId to /api/v1/decide. The response tells you whether to allow the signup, challenge the user, or deny the registration.
POST /api/v1/decide → { action: "allow" | "challenge" | "deny", riskScore, signals }
Policy Configuration
Configure your trial abuse policies: how many accounts per device are allowed, what challenge flow to present, and how to handle edge cases (shared computers, corporate networks).
Policy engine → max 1 trial per device → challenge on 2nd → deny on 3rd+
Feedback Loop
Report conversion and abuse outcomes back to VerifyStack. This feedback improves signal weighting and calibrates the Bayesian model to your specific user population.
POST /api/v1/feedback → { requestId, outcome: "converted" | "abused" | "legitimate" }
Verify It Yourself
Don't take our word for it. Run these tests on the live homepage demo and inspect the raw API response.
Cross-Browser Test
Open the homepage in Chrome and Firefox. Compare the visitorId — the hardware fingerprint matches across browsers.
Incognito Test
Open the homepage in incognito. The hardware fingerprint is identical to your normal session. Incognito clears cookies, not silicon.
View signalsHardware X-Ray
Inspect all 9 hardware probes running on your device: oscillator drift, GPU timing, audio DAC latency, and more.
View probesRelated Solutions
SaaS & Software
Industry-wide fraud prevention including trial abuse, account sharing, and API key protection.
Bot Protection
Six-layer invisible defense against automated account creation and credential stuffing.
Payment Fraud Detection
Pre-authorization device intelligence for CNP fraud, card testing, and chargeback prevention.
Your free tier should fund growth, not fraud.
Integrate the Browser SDK on your signup page. One device, one trial. No CAPTCHAs, no phone verification, no friction for legitimate users.