Posted on 07/23/2014 7:30:12 PM PDT by null and void
The researchers traced 95 percent of canvas fingerprinting scripts back to share buttons provided by AddThis, the world’s largest content sharing platform.One in 18 of the world’s top 100,000 Web sites track users without their consent using a previously undetected cookie-like tracking mechanism embedded in ‘share’ buttons. A new study by researchers at KU Leuven and Princeton University provides the first large-scale investigation of the mechanism and is the first to confirm its use on actual Web sites.
The mechanism, called “canvas fingerprinting,” uses special scripts — the coded instructions that tell your browser how to render a Web site — to exploit the browser’s so-called ‘canvas,’ a browser functionality that can be used to draw images and text.
When a user visits a Web site with canvas fingerprinting software, a first script tells the user’s browser to print an invisible string of text on the browser’s canvas. Another script then instructs the browser to read back data about the pixels in the (invisibly) rendered image.
These data contains important information about the user’s browser type, graphics card, system fonts and even display properties. Because this grouping of data is highly likely to be unique for each user, it can be reliably associated to individual users, like a fingerprint.
Cookies
Once a Web site has determined a device’s fingerprint, it can easily recognize the user on subsequent site visits, much in the same way cookies do.
But, while unwanted cookies can be flagged or blocked to enhance a user’s online privacy, there is no available solution for doing so with fingerprints.
In this study, the researchers used automated ‘crawlers’ to scan the world’s top 100,000 Web sites for canvas fingerprinting scripts. They found canvas fingerprinting scripts on 5,542 of the Internet’s top 100,000 Web sites, a prevalence of 5.5 percent.
Previous studies on related browser fingerprinting techniques reported a prevalence of 0.4 percent and 1.5 percent, respectively, although they are not directly comparable to the current study since they measured different types of fingerprinting techniques.
While researchers demonstrated the feasibility of canvas fingerprinting as a tracking mechanism in 2012, this is the first time it has been observed on real Web sites and traced back to specific provider domains. Analyses of the real-world scripts reveal that fingerprinters are going beyond the techniques known by the academic research community.
AddThis
Surprisingly, the researchers traced 95 percent of canvas fingerprinting scripts back to a single company: AddThis. AddThis is the world’s largest content sharing platform and provides free Web site plugins, such as share buttons, follow buttons and content recommendation features. The company reaches an estimated 97.2 percent of Internet users in the United States and receives 103 billion page views each month.
Can users protect themselves against canvas fingerprinting? Acar and his colleagues studied the effect of ad-industry opt-out tools offered by the Network Advertising Initiative (NAI) and the European Interactive Digital Advertising Alliance. No Web sites included in the opt-lists stopped collecting canvas fingerprints after activating the opt-out option.
At present, only one browser, Tor, can prevent canvas fingerprinting scripts, but this added security comes with major trade-offs in performance, functionality and content availability.
Many Web sites, including sensitive sites such as health and government Web sites, unknowingly contain canvas fingerprinting — by using one of AddThis’ free plug-ins for example.
The researchers are concerned by the growing prevalence of canvas fingerprinting, says Gunes Acar, the study's lead author: “This is an advanced tracking mechanism that misuses browser features to enable the circumvention of users’ tracking preferences. We hope that our results will lead to better defenses, increase accountability for companies deploying sticky tracking techniques and an invigorated and informed public and regulatory debate on increasingly resilient tracking techniques.”
Big Brother is watching. Why i ditched f-book
Nut-job Conspiracy Theory Ping!
To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...
“Big Brother is watching. Why i ditched f-book”
It is amazing to me how many people assume that devices or programs that can track them or record their behavior wouldn’t be doing just that.
Why do they think the capability exists?
If Edward Snowden had exposed Bush II with his revelations, the left would be hailing him as a hero. Because he exposed Obama as the totalitarian he is with his revelations, he is instead shunned by them.
A lot of people don’t understand that the primary product being sold by television is the audience (to advertisers, who in turn attempt to sell them products).
Oh wait, that's only what they originally promised...
In my area plenty of cable channels have commercials (I don’t have any premium channels); I guess that is the price of no commercials...
He's not "down for the struggle."
it’s “Shhhtttrrruuggle” FYI
OK, one more time folks. Turn off JavaScript, the root of most evil on the web. In Firefox, use NoScript, it ain’t rocket science.
Oh, that is so true!
The instant you click “Ok” with your credit card number in the ISP shopping cart checkout, you are in the NSA database.
And you all thought those encryption backdoors were for “security” reasons.
they know all
Have you sent your NSA dude a cyber hug today?
Cyber hug? Is that the new name for a goatsie?
This falls into the category my kids identify with, “Well, duh, Dad!” It amazes me how ignorant people are.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.