The topic of the moment appears to be ‘Canvas Fingerprinting’ with a number of articles available on the web. It is the latest development in use for tracking the movement of users on the web. You do not need to click on a widget to be tracked, just visiting the site is sufficient. It exploits the subtle differences in the rendering of the same text to extract a consistent fingerprint that can easily be obtained in a fraction of a second without the user being made aware.
A research paper concluded that code used for canvas fingerprinting had been in use earlier this year on 5,000 or so popular websites, unknown to most of them. Most but not all the sites observed made use of a content-sharing widget from the company AddThis.
The mechanism: Canvas Fingerprinting works in a similar way to cookies, by keeping a record of which sites are visited. When a browser loaded the AddThis widget, JavaScript that enabled canvas fingerprinting was sent. The script used a capability in modern Web browsers called the canvas API that allows access to the computer’s graphics chip, which is intended for use with games or other interactive content.
An invisible image is sent to the browser, which renders it and sends data back to the server. That data can then be used to create a “fingerprint” of the computer, which could be useful for identifying the computer and serving targeted advertisements.
But of several emerging tracking methods, canvas fingerprinting isn’t the greatest: it’s not terribly accurate, and can be blocked. The Electronic Frontier Foundation (EFF) recommend their own ‘Privacy Badger’ or the Disconnect add-on.
The list of sites that still track you is at this address.
So much for privacy.