This is where canvas fingerprinting comes in. According to researchers at Princeton University and KU Leuven University in Belgium canvas fingerprinting works by making a web browser identify itself as a unique entity on the internet. It does this by making the browser “draw” a hidden image. In theory each computer will draw this a little different which establishes the fingerprint of the device through a unique ID number.
With this a service can track that unique ID around the internet to build up a profile on any user. This information can be sold to advertising companies or used internally to make sure you get the most relevant ads possible. Right now the company that is the leading developer for this is called AddThis. They have been working on testing this new racking method as an alternative to cookies and feel that their application is well within current regulations.
Interestingly AddThis is now saying they are going to end their testing of this fingerprinting technology because it is not unique enough. Again, we have a hard time buying that and feel that the exposure of this has more to do with it. This is highlighted by the fact that they rolled this out to 13 million websites without letting any of them know about it
Of course privacy advocate insist that simply trusting AddThis is not in the best interest of consumers and would like to see a little more transparency. Currently no standard browsers alert users to this tactic. This means that, unlike Cookies, a user on the internet has no way of knowing that they are being tracked. In some places this does violate privacy laws as a user does not have the knowledge to make a choice to allow this or not. AddThis does say a user can download a cookie that will prevent data collection, but we wonder if that Cookie will still allow some form of tracking based on its presence on a system.
The TOR Project did add a notification feature to its browser in June to protect users. It works through alerting and also by sending a blank canvas back to the requesting site. This helps to mitigate tracking as a blank image should not be recognizable from another blank image. The fact that the TOR Project was able to add this in means that other major browser developers can as well.
There are methods to avoid this type of monitoring, but all have their downside too. Most of these involve the removal of Java Script or running a Script Blocker like NoScript. They work, but often break websites and are also not for the vast majority of users. Be safe out there.
If you want to see what sites have this installed you can head over here. You might be surprised at the sites on the list (especially if you like Internet Porn...)
Source Material for this article was found at Propublica.org
Tell us what you think in our Forum