Online 'fingerprinting' stalking web users, nearly impossible to block

22 Jul, 2014 04:00 / Updated 10 years ago

At least five percent of the internet’s top 100,000 websites are using a new kind of online tracking system – one which essentially takes a “fingerprint” of your computer via its web browser.

What’s more, the software – known as canvas fingerprinting – is nearly impossible to block using conventional privacy tools.

According to a new report by ProPublica, the curtains over canvas fingerprinting will officially be lifted in a forthcoming paper authored by researchers at Princeton University and Belgium’s KU Leuven University.

Here’s how it works: When you visit a website that features such tracking technology, the site asks your browser to “draw a hidden image.” Since every computer renders the image in a different way, that drawing is used to label your device with a unique number that allows trackers to keep an eye on your browsing activity across the internet.

Although there is more than one type of canvas fingerprinting, the most widely used software is developed by AddThis, and is reportedly used on popular websites like Whitehouse.gov, online dating site PlentyOfFish, CBS, and even YouPorn (a list of known sites using the software can be found here).

An AddThis spokesperson also said that it did not inform the websites in question when it put its tracking technology in place. After ProPublica’s original article was published, a YouPorn spokesperson said the website was unaware the app was tracking users and has removed AddThis functionality.

AddThis chief executive Rich Harris stressed that the company does not use canvas fingerprinting for anything other than ad targeting and personalization, and that users can stop their data from being used for advertising or marketing by installing a specific opt-out cookie on their computers. This would not stop AddThis from collecting data, however; it would simply stop them from using it to custom-tailor ads for you.

The company also said it does not use any data it gathers from government websites. So far, it claims to have only used data for “internal research and development.”

Still, the fact that all users have to rely on is a promise from AddThis “is not the best privacy assurance,” said Princeton computer science professor Arvind Narayanan, who helped lead the research team responsible for uncovering the system.

If opting out is not a satisfactory option on its own, you’re left with a few different possibilities. You could download the Tor browser, which helps users avoid numerous types of online tracking, or you could block JavaScript from loading in your browser, which ProPublica notes could make many websites not work properly.

There’s also a browser in the works called Chameleon, which is specifically designed to block fingerprinting, but at this stage is only recommended for “tech-savvy users.”

AddThis is reportedly contemplating ending its test of the tracking tech soon because "it's not uniquely identifying enough."