Skip to main content
Accurate results come from corroborating several independent signals, never from trusting any single one. ShieldLabs builds identity and anonymity verdicts on two layers that check each other, so a returning person keeps the same identity and a masked one is hard to hide. The two layers are:
  • Device Intelligence - the persistent DeviceID, derived server-side from dozens of stable device and browser characteristics. It is what lets a returning person keep the same identity after clearing cookies or using incognito.
  • Network Intelligence - IP and connection analysis that corroborates a visit across multiple independent signals. It tells you whether a visit is relayed, tunneled, or coming from infrastructure rather than an ordinary network.
Identification accuracy is about recognizing the same visitor again. Anonymity-detection accuracy is about seeing through masking. They are measured differently, so this page covers each in turn.

Identification accuracy

Identification accuracy is the ability to recognize a returning browser as the same one across visits. The handle for this is the DeviceID, the most durable identifier ShieldLabs produces. The DeviceID is derived, not stored. The server computes it from dozens of stable browser and device characteristics, so the same browser environment always produces the same DeviceID. Because nothing about it lives in the cookie, it holds when cookie-based tracking breaks:
  • Survives cleared cookies. Clearing cookies removes the CookieID, not the identity.
  • Survives incognito. A private window keeps the same environment, so the DeviceID is stable.
  • Survives IP rotation. Switching networks or using a VPN does not change the identity.
This is the difference from cookie analytics. Tools that count by a first-party cookie or client id count a brand-new visitor every time someone clears cookies, opens incognito, or rotates IP. Counting by a derived identity keeps that returning person on the same DeviceID instead.
DeviceID is browser-bound, so identity-based counts are best read as estimated, not exact. The Identification page covers what that means in practice.
A returning visitor is anchored to a stable DeviceID even when the cookie-scoped VisitorID resets: 
{
  "RequestID": "13f84f05-2f3a-4c2e-9b1f-7a6d3e8c1b22",
  "DeviceID": "5eb7fd5c-9a21-4b6e-8c3d-2f1a9e7b0c45",
  "VisitorID": "161dfbad-4e8c-4d1a-9f72-3b6c0a2e8d57",
  "OS": "Windows",
  "Country": "Belarus",
  "Score": 0,
  "Details": [],
  "Phase": "initial"
}
The DeviceID is the durable handle here. The VisitorID is the cookie-scoped view, so it changes when cookies are cleared while the DeviceID stays put. The full identifier model walks through how each one is made.

Anonymity-detection accuracy

Anonymity-detection accuracy is the ability to tell that a visit is masked: relayed, tunneled, spoofed, or coming from infrastructure rather than an ordinary network. This is where up to 99% accuracy comes from. That number is an outcome of corroboration. A verdict is asserted when multiple independent signals across Device Intelligence and Network Intelligence agree, not when one list says so. Corroborating across signals catches masking that a simple IP blocklist misses, because:
  • Blocklists are always behind. Commercial VPNs rotate through large IP pools daily, and residential proxies hide on ordinary consumer ISPs.
  • A single list is one opinion. A fresh exit node that no blocklist has yet seen can still surface when other signals point to it.
  • Mismatches are hard to fake at once. The browser’s story and the network’s story have to agree, and spoofing leaves the two out of sync.
Every verdict is explainable. Each signal that fires lands in the Details array with the points it added, so you can see why a visit was flagged: 
{
  "RequestID": "13f84f05-3b2a-4f1e-9c7d-2a4b6e8f0a11",
  "DeviceID": "5eb7fd5c-8c2e-4a91-b0f3-1d7c9e2a4b55",
  "IP": "203.0.113.42",
  "OS": "Windows",
  "Country": "Germany",
  "Score": 70,
  "Details": [
    { "Value": 60, "Description": "OS Mismatch" },
    { "Value": 10, "Description": "Datacenter IP" }
  ],
  "Phase": "initial"
}
The score is 70 because two independent signals agree that this visit is masked. Either one alone is weaker evidence. Together they corroborate. The Anonymity Signals page lists every signal and its weight.
Description is a human-readable label for visibility and logging. Branch on the Score and each entry’s Value, not on the label text, which can change.
Up to 99%, never higher. The verdict is corroborated, but no detection is perfect, so decide on the Score plus its Details plus your own context, never on a guarantee of certainty.

Counts are estimated

Both layers report estimates, not exact figures. Identity is inferred from the browser environment, and anonymity is inferred from corroborating signals, so the right way to read any count is as a strong estimate.
  • Visitor counts are estimated. The dashboard labels them as estimates because identity is derived, not assigned by you.
  • A verdict is a probability, not proof. A high Risk Score means a visit looks anonymous or abusive, not that fraud is confirmed.
  • You own the action. ShieldLabs surfaces the score and the reasons. Your own code decides allow, challenge, review, or block.

Honest limits

Accuracy claims only hold inside their boundaries, so here is where each layer stops.
  • A legitimate user can look anonymous. A corporate proxy, a VPN, or a privacy browser all raise the Risk Score without any wrongdoing. Decide on Score plus Details plus the sensitivity of the action, never on the number alone.
  • Estimates, not exact counts. Identity-based and traffic counts are estimated. Treat them as a precise-enough signal for decisions, not as a ledger.
Tune your thresholds gradually against real traffic. A score that should block a withdrawal may be fine on a blog read, so let the action context, not the raw number, drive the rule you write.

Next steps

Identification

The six identifiers, why the DeviceID is durable, and when the VisitorID resets.

Anonymity Signals

Every signal that can fire, its weight, and the connection-type label behind it.

Risk Scoring

The explainable 0 to 100 score and its bands: Clean, Low, Medium, High.