I'd argue that collecting unique information from your browser does not necessarily make you "the bad guys". Lots of legitimate anti-fraud products used on bank/investment websites collect that information and detect/prevent account takeovers before fraudsters can steal money and identities, for example.
What can make it bad is:
1. What you do with that information.
2. Who or what you share it with.
3. How far your reach extends.
An ad network which can place that code on multiple websites can put itself in a position of power and track devices, and thus browsing habits, of individuals.
However, if you have fingerprinting code only on your own website, and don't share that information with any other people/companies/websites, and use it solely to detect malicious bots, users, and behaviors, then I don't really think it's bad. It's like the difference between a gas station owner pointing a closed circuit camera at the door and someone flying a surveillance drone over a whole state. Both are surveillance, but one kind is much less ethical.
What can make it bad is:
1. What you do with that information.
2. Who or what you share it with.
3. How far your reach extends.
An ad network which can place that code on multiple websites can put itself in a position of power and track devices, and thus browsing habits, of individuals.
However, if you have fingerprinting code only on your own website, and don't share that information with any other people/companies/websites, and use it solely to detect malicious bots, users, and behaviors, then I don't really think it's bad. It's like the difference between a gas station owner pointing a closed circuit camera at the door and someone flying a surveillance drone over a whole state. Both are surveillance, but one kind is much less ethical.