Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Why is FireFox allowing "Canvas Fingerprinting" to track me?

more options

Since "Canvas Fingerprinting" seems to be the new way of tracking one. How does one TURN IT OFF! ---

A New Form of Online Tracking: Canvas Fingerprinting

http://yro.slashdot.org/story/14/07/22/0140256/a-new-form-of-online-tracking-canvas-fingerprinting --- Posted by Unknown Lamer on Tuesday July 22, 2014 @08:06AM from the subverting-features-for-evil-and-profit dept. New submitter bnortman (922608) was the first to write in with word of "a new research paper discussing a new form of user fingerprinting and tracking for the web using the HTML 5 <canvas> ." globaljustin adds more from an article at Pro Publica: Canvas fingerprinting works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it. ... The researchers found canvas fingerprinting computer code ... on 5 percent of the top 100,000 websites. Most of the code was on websites that use the AddThis social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. ... Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace cookies ...

Since "Canvas Fingerprinting" seems to be the new way of tracking one. How does one TURN IT OFF! --- A New Form of Online Tracking: Canvas Fingerprinting http://yro.slashdot.org/story/14/07/22/0140256/a-new-form-of-online-tracking-canvas-fingerprinting --- Posted by Unknown Lamer on Tuesday July 22, 2014 @08:06AM from the subverting-features-for-evil-and-profit dept. New submitter bnortman (922608) was the first to write in with word of "a new research paper discussing a new form of user fingerprinting and tracking for the web using the HTML 5 <canvas> ." globaljustin adds more from an article at Pro Publica: Canvas fingerprinting works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it. ... The researchers found canvas fingerprinting computer code ... on 5 percent of the top 100,000 websites. Most of the code was on websites that use the AddThis social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. ... Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace cookies ...

Chosen solution

Based on the Pro Publica article, to date, this technology isn't especially accurate by itself. Nevertheless, maybe it could be combined with other information to uniquely identify your browser.

The JavaScript canvas feature is useful for animations and is now used by Google to draw spreadsheets. Disabling it -- if there were a convenient way to do that -- would need to allow for site-specific exceptions so you could use canvas where it's useful. I'm not aware of any specific feature or add-on for this.

Perhaps someone could create an add-on that would cause the canvas to have a certain degree of randomness, so that each time you visit a site it is just a bit different, and therefore the site doesn't know it's the same browser each time. Obviously you wouldn't want this to ruin the useful of canvas, so it would need to be subtle.

In the short run, have you considered using the NoScript extension? Most tracking that bothers people (tracking of your browsing across sites) is performed by scripts served from "third party" servers. If you keep scripts from those servers disabled to the greatest extent possible, then you can limit the ability of ad networks or others to follow you around.

Read this answer in context 👍 3

All Replies (2)

more options

Chosen Solution

Based on the Pro Publica article, to date, this technology isn't especially accurate by itself. Nevertheless, maybe it could be combined with other information to uniquely identify your browser.

The JavaScript canvas feature is useful for animations and is now used by Google to draw spreadsheets. Disabling it -- if there were a convenient way to do that -- would need to allow for site-specific exceptions so you could use canvas where it's useful. I'm not aware of any specific feature or add-on for this.

Perhaps someone could create an add-on that would cause the canvas to have a certain degree of randomness, so that each time you visit a site it is just a bit different, and therefore the site doesn't know it's the same browser each time. Obviously you wouldn't want this to ruin the useful of canvas, so it would need to be subtle.

In the short run, have you considered using the NoScript extension? Most tracking that bothers people (tracking of your browsing across sites) is performed by scripts served from "third party" servers. If you keep scripts from those servers disabled to the greatest extent possible, then you can limit the ability of ad networks or others to follow you around.

more options

For a programmer or programmer-to-be who might want to propose a patch to Firefox or create an extension, here is a link to the patch that was incorporated into the Tor browser to manage site-specific permissions to read the generated canvas:

https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0021-Add-canvas-image-extraction-prompt.patch