Browser fingerprinting does not work for geofencing. Browser fingerprinting and IP geotags work, but fingerprinting just tells you if a user is the same person, on a different IP address. I run a website to monitor bot traffic, and really all something like a Picasso fingerprint can get you is visibility into who's spoofing their IP.
You get a hash value that's roughly unique to the browser-device configuration. You don't know from that hash where the user is located. You have to pair the hash up with geolocation services to get that info. Once you do that though, you get a decent idea of if the person is changing their IP, but there's still no way to tell what the 'real' IP is. You just end up with a unique ID that's associated with a handful of different IP addresses.
You get a hash value that's roughly unique to the browser-device configuration. You don't know from that hash where the user is located. You have to pair the hash up with geolocation services to get that info. Once you do that though, you get a decent idea of if the person is changing their IP, but there's still no way to tell what the 'real' IP is. You just end up with a unique ID that's associated with a handful of different IP addresses.