A newer kind of web tracking is almost impossible to stop

Kaido · Jul 22, 2014

Canvas fingerprinting:

http://www.engadget.com/2014/07/22/canvas-fingerprint-web-tracking/

Chiefcrowe · Jul 22, 2014

Great!

I hope countermeasures are developed soon!

Alex C · Jul 22, 2014

Wouldn't this stop it?

https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer/

fleshconsumed · Jul 23, 2014

I'm not sure I understand the concept behind Canvas Fingerprinting. Sure, the text might be rendered slightly different on different machines based on monitor resolution, windows scaling, and ClearType. However, is that really enough to identify a specific computer out of millions? I would imagine there isn't that many possible combinations of settings to uniquely identify the user? Or do I not understand something here?

Knowing · Jul 23, 2014

It's javascript.

This is the original paper and it describes some countermeasures.

fleshconsumed · Jul 23, 2014

I saw that page, and I still don't get how there can be enough hardware/software differences to uniquely identify one computer out of billions.

In any case, I run noscript in firefox, and I've never bothered to enable addthis domain, so I guess I'm safe? At least from addthis scripting attempts.

lxskllr · Jul 23, 2014

fleshconsumed said:
I'm not sure I understand the concept behind Canvas Fingerprinting. Sure, the text might be rendered slightly different on different machines based on monitor resolution, windows scaling, and ClearType. However, is that really enough to identify a specific computer out of millions? I would imagine there isn't that many possible combinations of settings to uniquely identify the user? Or do I not understand something here?

Checkout Panopticlick...

https://panopticlick.eff.org/

You might be more unique than you think. In any case, it's a statistics game. They just need to be right more than they're wrong for it to be a useful tool.

John Connor · Jul 23, 2014

You want Privacy Badger. https://www.eff.org/privacybadger

http://en.wikipedia.org/wiki/Canvas_fingerprinting

ringtail · Aug 2, 2014

Kaido said:
Canvas fingerprinting:

http://www.engadget.com/2014/07/22/canvas-fingerprint-web-tracking/

Whats the payoff for the websites that go to such extensive lengths to identify visitors?
What do they get out of pinpointing your identity?

lxskllr · Aug 2, 2014

ringtail said:
Whats the payoff for *the websites that go to such extensive lengths to identify visitors?
What do they get out of pinpointing your identity?

Not websites in the singular sense. Websites in a consortium of related sites, or related ad networks. Profiling users makes ads more valuable and effective. It's also valuable to the government when they get that data from private companies.

Chiefcrowe · Aug 2, 2014

This is the first i've heard of it. How is it, have you used it much yet?

John Connor said:
You want Privacy Badger. https://www.eff.org/privacybadger

http://en.wikipedia.org/wiki/Canvas_fingerprinting

John Connor · Aug 3, 2014

I just installed it when I read this thread and did some research. It has blocked a few sites.

lxskllr · Aug 3, 2014

John Connor said:
I just installed it when I read this thread and did some research. It has blocked a few sites.

I saw this when it first came out, and rejected it for being redundant. For kicks, I just installed it, and so far I'm not getting anything. I aggressively block scripts, and privacy intrusions as well as delete all cookies on tab close aside from a handful of whitelisted sites. I don't think this'll do anything for me, but I'll keep it for a couple days, and see what happens.

John Connor · Aug 3, 2014

Go to YouTube and it should block apis.google.com's cookies. If you read the wiki link I linked to it talks about privacy badger. I too use NoScript. I also have Gostery, secretagent, refcontrol, Betterprivacy, self destructing cookies, and several other privacy/security add-ons. I also have Firefox and Pale Moon set to delete everything on exit. I do use Sandboxie though so nothing touches the computer. Well, when I'm using it if not I wipe with Ccleaner.

lxskllr · Aug 3, 2014

John Connor said:
Go to YouTube and it should block apis.google.com's cookies. If you read the wiki link I linked to it talks about privacy badger. I too use NoScript. I also have Gostery, secretagent, refcontrol, Betterprivacy, self destructing cookies, and several other privacy/security add-ons. I also have Firefox and Pale Moon set to delete everything on exit. I do use Sandboxie though so nothing touches the computer. Well, when I'm using it if not I wipe with Ccleaner.

The wiki link says it blocks canvas requests from third party servers, but not from the originating site. Better than nothing, but that still leaves the big trackers(google, facebook, yahoo...) free to use the technique.

I guess I'll keep it. It's easy enough to use, and unobtrusive, but I'd like to see something that gives the user control, and perhaps randomizes the image rendered by introducing defects every time.

Chiefcrowe · Aug 3, 2014

Thanks guys... let us know how it is after about a week's use. I'm also going to test it out when I have a moment

Dude111 · Aug 3, 2014

Its good to have SCRIPTS DISABLED as much as possible these days

Search

A newer kind of web tracking is almost impossible to stop

Kaido

Elite Member & Kitchen Overlord

Chiefcrowe

Diamond Member

Alex C

Senior member

fleshconsumed

Diamond Member

Knowing

Golden Member

fleshconsumed

Diamond Member

lxskllr

No Lifer

John Connor

Lifer

ringtail

Golden Member

lxskllr

No Lifer

Chiefcrowe

Diamond Member

John Connor

Lifer

lxskllr

No Lifer

John Connor

Lifer

lxskllr

No Lifer

Chiefcrowe

Diamond Member

Dude111

Golden Member

TRENDING THREADS