Overview
Monocle is a free, lightweight, captcha-like JavaScript utility that passively identifies traffic from commercial VPNs, anonymizing datacenter proxies, and even residential proxies, while also delivering contextual risk insights to site owners.
How Monocle Works
- You add a
<script>tag to your website or other JavaScript-enabled application. - Visitors to your website will then fetch an encrypted Monocle Assessment from Spur.
- That's it! You can view the proxy and VPN usage stats for your users in the Monocle Dashboard.
- Optionally, your application may include the encrypted Monocle Assessment alongside some user action, like a sensitive form submission, whereupon your backend application can take action based on the context of the Monocle Assessment.
Why use Monocle
Device/Session Level Fields:
Because Monocle runs on an individual device and user session, it can include fields that are critical to assessing user risk. Monocle can:
- Identify residential proxies or other proxied connections at a device level, not just at an IP level.
- Identify connections from tunnels like VPNs and datacenter proxies using Spur data.
- Classify IP spaces commonly used for anonymizing traffic.
- Provide other contextual insights into user connections, such as datacenter origination and geographic location.
These insights are all passive and require no user interaction like traditional captchas.
Simple Integration:
Including Monocle in your website or application is similar to adding any popular analytics utility. Simply add a <script> tag or use one of our wrappers for popular front-end frameworks such as React.
Quick Insights:
Upon integrating the client-side Monocle script, you can view insights about your users' connections in the Monocle Dashboard.
Taking Action:
The encrypted Monocle Assessment can be sent to your web server (via form submission or AJAX call) to be decrypted and evaluated server-side. There, your web application can make decisions based on the user's connection data or simply log it for further in-depth aggregation and analysis.
Critical Session Context:
We are the anonymizing infrastructure experts. Here are some of the reasons Monocle delivers what other bot detection and user-risk frameworks can't:
- Uses Spur's extensive anonymous infrastructure knowledge.
- Leverages unique client analysis techniques.
- Focuses on zero-trust architectures.
- Augments existing client behavior-based captcha service assessments.
- Is easy to integrate into popular web frameworks.
Key Terms
- Monocle Assessment - The encrypted assessment payload received from Spur that accompanies any Monocle-enabled form submission or protected page.
- Monocle Application - A Monocle deployment implemented by a user. Each Monocle Application will have 3 tokens and keys associated with it:
- Publishable Key - The public token generated for a Monocle Application and included along with the
<script>tag, identifying the user and deployment. - Secret Key - The token that must be sent in an auth header along with the encrypted Monocle Assessment via an HTTP POST request to the Monocle Decryption API to retrieve the raw bundle contents.
- Private Key - The private key that you may use on your backend to directly decrypt the Monocle Assessment without requiring any further API calls (making the Secret Key obsolete, though requiring a more complex backend integration).
- Publishable Key - The public token generated for a Monocle Application and included along with the
- Decryption API - An optional, free API used in conjunction with your Secret Key to decrypt the Monocle Assessment.