Welcome to WebmasterWorld Guest from 54.166.117.130

Forum Moderators: DixonJones & mademetop

Canvas Fingerprinting User Tracking Is A Better Alternative to Cookies, and Difficult To Block

   
4:30 pm on Jul 23, 2014 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Now that is a concern. Getting of the grid is the only way, really.

A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites,...Canvas Fingerprinting User Tracking Is Very Difficult To Block [mashable.com]
The type of tracking, called canvas fingerprinting, works by instructing the visitorís web browser to draw a hidden image, and was first documented in a upcoming paper by researchers at Princeton University and KU Leuven University in Belgium. Because each computer draws the image slightly differently, the images can be used to assign each userís device a number that uniquely identifies it.

Like other tracking tools, canvas fingerprints are used to build profiles of users based on the websites they visit ó profiles that shape which ads, news articles or other types of content are displayed to them.

But fingerprints are unusually hard to block: They canít be prevented by using standard web browser privacy settings or using anti-tracking tools such as AdBlock Plus.
5:49 pm on Jul 23, 2014 (gmt 0)

10+ Year Member



As a marketer I like the technique. It is difficult to allocate funds to different advertising buckets if you can't track sales. To all those using the internet, Caveat Emptor! You best use a proxy service if you don't want to be tracked. Using the Internet is not anonymous. It never was, for the average user.
6:05 pm on Jul 23, 2014 (gmt 0)



As a marketer I like the technique. It is difficult to allocate funds to different advertising buckets if you can't track sales. To all those using the internet, Caveat Emptor! You best use a proxy service if you don't want to be tracked. Using the Internet is not anonymous. It never was, for the average user.

Other viewpoints, please.
6:17 pm on Jul 23, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Does this mean that MSIE<9 has now vanished off the face of the earth?

:: detour to caniuse dot com ::

83% US, 88.5% world (figures for support of "canvas" element).

They canít be prevented by using standard web browser privacy settings or using anti-tracking tools such as AdBlock Plus.

Right. Canvas-based methods can only be prevented by the obscure, little-used mechanism of turning off javascript.
6:28 pm on Jul 23, 2014 (gmt 0)

WebmasterWorld Administrator brotherhood_of_lan is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



>Other viewpoints

You might be relieved to know that there's effort involved by some browsers to detect this kind of thing and prevent fingerprinting.

Tor Browser can manage to reduce your uniqueness to 1 in 10,000 people. This is just one of many ways to uniquely identify people. I don't think the problem will go away any time soon.
9:44 pm on Jul 23, 2014 (gmt 0)

Top Contributors Of The Month



In case you're wondering how and why this works, roughly, the <canvas> element allows you, via javascript, to render a "picture" on the browser side by rendering some text in a specific font.

Because of the wide range of operating systems, browsers, installed fonts, installed video cards, local settings, etc...that picture has a high level of uniqueness. Enough that it can serve as a "fingerprint" of that specific device.

More detail here: [cseweb.ucsd.edu...]
11:43 am on Jul 25, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



If you really want to see tracking, install Google Earth (not maps) and then turn on the "traffic" layer, click on one of the green dots on a major highway and then click on the resultant dot explosion to see the real time speed (actually probably the velocity) of the individual automobiles. Google only shows data on major highways, but it's reasonable to believe Google can track all those vehicles to their "home" location and destination. And since, many, many, people have cable modems with static IP's, think of the information Google can extrapolate. Smartphone connects to modem through wifi, and then, let the correlations begin!
All because Google maps is installed in so many smartphones! I told a buddy about this who drives a good distance to work and he immediately deleted Google maps from his phone.

You best use a proxy service

I believe this canvas technique would defeat a proxy.
6:35 pm on Jul 25, 2014 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



I think it has been mentioned a few times above, but it doesn't hurt to say it once again: No javascipt, no canvas. All browsers (even the old ones) allow turning JS off. And a growing number of folks out there are getting a clue in this regard.
6:43 pm on Jul 25, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Canvas doesn't care what your IP is. It's essentially a javascript-based process.
6:49 pm on Jul 26, 2014 (gmt 0)

WebmasterWorld Senior Member planet13 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Question:

Wouldn't it then be easy to have a browser based plugin that draws a new image with randomizations to the image on each page reload?

Would that not defeat the canvas tracker while still allowing the user to keep javascript enabled?
12:34 pm on Jul 30, 2014 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Has anyone tried disabling javascript for any length of time? Does the internet still work?
1:22 pm on Jul 30, 2014 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Notice none of the stories (which the majority are reprints) don't detail the technology. This is a classic fear monger story that works on peoples privacy fears.

The "images" are all server from the same js from an ad or widget server. Block that server in adblock or other adblocking software and it is gone:
'Canvas fingerprinting' online tracking is sneaky but easy to halt
ďAs soon as you start talking about millions of users (e.g. if you want to track users across multiple websites) it is just too likely that different users will have exactly the same configuration and wonít be distinguishable by means of canvas fingerprinting,Ē he wrote.

Widgets such as AddThis can be entirely blocked with tools such as AdBlock Plus or DoNotTrackMe from Abine, both extensions that can block web trackers.


[pcworld.com...]
4:31 am on Aug 1, 2014 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Has anyone tried disabling javascript for any length of time? Does the internet still work?


About nine years, most recently with NoScript. Works fine! Web that is. On sites that demand JS I take a look. Most usually I do a gentle piss off and go elsewhere. That said...

I am NOT the average user. But I am the guy who is educating 10 to 15 every day. I suspect that two or three are enlightened by each of those and they are doing the same, multiplying... growing_.

Only time JS is really needed is to work a cart these days. For that to happen your product has got to be singular and compelling.

For me, the best part is the web is quiet... not targeted ads, no tracking, no canvas (see other here at WW in that regard)... Nice and clean, the way it SHOULD be...

YMMV
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month