'Canvas fingerprinting' tracking is sneaky but easy to halt
At least two browser extensions can stop the tracking method, which was in wide use earlier this year
By Jeremy Kirk | Published: 02:19, 25 July 2014
A method for tracking users across the Internet called "canvas fingerprinting" is simple to stop, but average Internet users may not know how to do it.
A research paper concluded that code used for canvas fingerprinting had been in use earlier this year on 5,000 or so popular websites, unknown to most. Most but not all the sites observed used a content-sharing widget from the company AddThis.
The researchers, from KU Lueven in Belgium and Princeton University, described how companies are looking for new ways to track users in order to deliver targeted advertising and move away from cookies, which can be easily deleted or blocked.
"The cookie is dead," wrote Rob Shavell, a cofounder of Abine, a company that develops privacy tools, via email. Advertising and data collection businesses need to evidence that their targeting is working for paying clients, he wrote, but most users are unaware of how they're being tracked in new ways.
Following media coverage, AddThis admitted it ran a five-month test using canvas fingerprinting within its widget but said the canvas fingerprinting code was disabled earlier this month. Acknowledging privacy concerns, the company said it would provide more information on such tracking tests before starting one.
An invisible image was sent to the browser, which rendered it and sent data back to the server. That data can then be used to create a "fingerprint" of the computer, which could be useful for identifying the computer and serving targeted advertisements.
But of several emerging tracking methods, canvas fingerprinting isn't the greatest: it's not terribly accurate, and can be blocked.
Canvas fingerprinting may work best on smaller websites with stable communities, wrote Wladimir Palant, creator of AdBlock Plus browser extension, in a blog post. But it is less effective on a larger scale.
"As soon as you start talking about millions of users (e.g. if you want to track users across multiple websites) it is just too likely that different users will have exactly the same configuration and won't be distinguishable by means of canvas fingerprinting," he wrote.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk