X
Tap here to go to the mobile version of the site.

Support Forum

Why is FireFox allowing "Canvas Fingerprinting" to track me?

Posted

Since "Canvas Fingerprinting" seems to be the new way of tracking one. How does one TURN IT OFF! ---

A New Form of Online Tracking: Canvas Fingerprinting

http://yro.slashdot.org/story/14/07/22/0140256/a-new-form-of-online-tracking-canvas-fingerprinting --- Posted by Unknown Lamer on Tuesday July 22, 2014 @08:06AM from the subverting-features-for-evil-and-profit dept. New submitter bnortman (922608) was the first to write in with word of "a new research paper discussing a new form of user fingerprinting and tracking for the web using the HTML 5 <canvas> ." globaljustin adds more from an article at Pro Publica: Canvas fingerprinting works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it. ... The researchers found canvas fingerprinting computer code ... on 5 percent of the top 100,000 websites. Most of the code was on websites that use the AddThis social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. ... Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace cookies ...

Since "Canvas Fingerprinting" seems to be the new way of tracking one. How does one TURN IT OFF! --- A New Form of Online Tracking: Canvas Fingerprinting http://yro.slashdot.org/story/14/07/22/0140256/a-new-form-of-online-tracking-canvas-fingerprinting --- Posted by Unknown Lamer on Tuesday July 22, 2014 @08:06AM from the subverting-features-for-evil-and-profit dept. New submitter bnortman (922608) was the first to write in with word of "a new research paper discussing a new form of user fingerprinting and tracking for the web using the HTML 5 <canvas> ." globaljustin adds more from an article at Pro Publica: Canvas fingerprinting works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it. ... The researchers found canvas fingerprinting computer code ... on 5 percent of the top 100,000 websites. Most of the code was on websites that use the AddThis social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. ... Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace cookies ...

Chosen solution

Based on the Pro Publica article, to date, this technology isn't especially accurate by itself. Nevertheless, maybe it could be combined with other information to uniquely identify your browser.

The JavaScript canvas feature is useful for animations and is now used by Google to draw spreadsheets. Disabling it -- if there were a convenient way to do that -- would need to allow for site-specific exceptions so you could use canvas where it's useful. I'm not aware of any specific feature or add-on for this.

Perhaps someone could create an add-on that would cause the canvas to have a certain degree of randomness, so that each time you visit a site it is just a bit different, and therefore the site doesn't know it's the same browser each time. Obviously you wouldn't want this to ruin the useful of canvas, so it would need to be subtle.

In the short run, have you considered using the NoScript extension? Most tracking that bothers people (tracking of your browsing across sites) is performed by scripts served from "third party" servers. If you keep scripts from those servers disabled to the greatest extent possible, then you can limit the ability of ad networks or others to follow you around.

Read this answer in context 3

Additional System Details

Installed Plug-ins

  • Shockwave Flash 11.2 r202
  • The IcedTea-Web Plugin executes Java applets.
  • Version 2.1.4 Rincewind, copyright 1996-2012 VideoLAN and Authorshttp://www.videolan.org/vlc/
  • This plug-in detects the presence of iTunes when opening iTunes Store URLs in a web page with Firefox.
  • DivX Web Player version 1.4.0.233
  • The Totem 3.0.1 plugin handles video and audio streams.
  • This plugin provides integration with Gnome Shell for live extension enabling and disabling. It can be used only by extensions.gnome.org

Application

  • User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0

More Information

jscher2000
  • Top 10 Contributor
8435 solutions 68838 answers

Chosen Solution

Based on the Pro Publica article, to date, this technology isn't especially accurate by itself. Nevertheless, maybe it could be combined with other information to uniquely identify your browser.

The JavaScript canvas feature is useful for animations and is now used by Google to draw spreadsheets. Disabling it -- if there were a convenient way to do that -- would need to allow for site-specific exceptions so you could use canvas where it's useful. I'm not aware of any specific feature or add-on for this.

Perhaps someone could create an add-on that would cause the canvas to have a certain degree of randomness, so that each time you visit a site it is just a bit different, and therefore the site doesn't know it's the same browser each time. Obviously you wouldn't want this to ruin the useful of canvas, so it would need to be subtle.

In the short run, have you considered using the NoScript extension? Most tracking that bothers people (tracking of your browsing across sites) is performed by scripts served from "third party" servers. If you keep scripts from those servers disabled to the greatest extent possible, then you can limit the ability of ad networks or others to follow you around.

Based on [http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block the Pro Publica article], to date, this technology isn't especially accurate by itself. Nevertheless, maybe it could be combined with other information to uniquely identify your browser. The JavaScript canvas feature is useful for animations and is now used by Google to draw spreadsheets. Disabling it -- if there were a convenient way to do that -- would need to allow for site-specific exceptions so you could use canvas where it's useful. I'm not aware of any specific feature or add-on for this. Perhaps someone could create an add-on that would cause the canvas to have a certain degree of randomness, so that each time you visit a site it is just a bit different, and therefore the site doesn't know it's the same browser each time. Obviously you wouldn't want this to ruin the useful of canvas, so it would need to be subtle. In the short run, have you considered using the NoScript extension? Most tracking that bothers people (tracking of your browsing ''across sites'') is performed by scripts served from "third party" servers. If you keep scripts from those servers disabled to the greatest extent possible, then you can limit the ability of ad networks or others to follow you around.
jscher2000
  • Top 10 Contributor
8435 solutions 68838 answers

For a programmer or programmer-to-be who might want to propose a patch to Firefox or create an extension, here is a link to the patch that was incorporated into the Tor browser to manage site-specific permissions to read the generated canvas:

https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0021-Add-canvas-image-extraction-prompt.patch

For a programmer or programmer-to-be who might want to propose a patch to Firefox or create an extension, here is a link to the patch that was incorporated into the Tor browser to manage site-specific permissions to read the generated canvas: https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0021-Add-canvas-image-extraction-prompt.patch