Canvas Fingerprinting Is More Invasive Than Cookies. But Should You Worry About It?

The Citizen's Guide to the Future
July 24 2014 5:59 PM

Canvas Fingerprinting Is More Invasive Than Cookies. But Should You Worry About It?

cookies2
AddThis is lurking among the YouTubes and Pinterests of the cookie world.

Screencap from whitehouse.gov.

Cookies have been around since the ’90s Internet, so it’s not surprising that after all these years there’s a new game in town. But it’s concerning that the new tracking apparatus, canvas fingerprinting, was called “virtually impossible to block” by ProPublica's Julia Angwin. And now the Internet is responding.  

Lily Hay Newman Lily Hay Newman

Lily Hay Newman is lead blogger for Future Tense.

Canvas fingerprinting uses a script to render an extra and invisible part of a webpage along with the regular site you’re looking for. The extra piece is there specifically to evaluate minor things about your computer that your system reveals in the process of loading the site. They're little things like which browser you’re using and which version of it you're running, but when enough of them are put together, says Angwin, they can turn into a unique profile or fingerprint, and then companies can use this identifier to track your browsing.

Advertisement

A service called AddThis is primarily responsible for the advent of canvas fingerprinting, and according to ProPublica, certain high-traffic sites—even WhiteHouse.gov—use AddThis. Many of them probably didn't even really know what AddThis did before the ProPublica story. Since publication of the piece, YouPorn, another big site that used AddThis, has already said that it has discontinued using the tracking service. And the Electronic Frontier Foundation points out that AddThis's functionality violates the White House's own cookie-related privacy policy.

But maybe it’s not even worth fighting canvas fingerprinting. Internet filtering company AdBlock Plus, which was mentioned in the ProPublica article, posted a blog post by lead developer Wladimir Palant on Wednesday that argues that canvas fingerprinting is doomed to fail because sheer volume of users should stymie the approach. He explains that canvas fingerprinting uses available information about users' graphics drivers, browsers, operating systems, and other parameters to identify them on different sites based on their system's unique combination of attributes. But he notes that even if a tracker looks at tons of criteria, it’s pretty likely that groups of people will have the same combinations. Palant says,

All this taken into account, my guess is that canvas fingerprinting can work to identify users on smaller websites with a fairly stable community. However, as soon as you start talking about millions of users (e.g. if you want to track users across multiple websites), it is just too likely that different users will have exactly the same configuration and won’t be distinguishable by means of canvas fingerprinting.

Palant also cites problems with canvas fingerprinting that the ProPublica article itself brings up, like the fact that canvas fingerprinting doesn’t work so well for tracking mobile users. Even AddThis is skeptical  continuing to use the approach. But if that doesn’t satisfy your concerns about canvas fingerprinting, Palant suggests using AddBlock Plus (naturally) and its EasyPrivacy filter list as a way of ensuring anonymity. The Electronic Frontier Foundation says that its Privacy Badger plugin can also help you go off the canvas fingerprinting grid.

Angwin says that Palant isn’t quite getting the point. “I don't think you should dismiss every threat just because it doesn't seem effective,” she said. If companies are tracking you, it’s worthwhile to know how, and what you can do about it, instead of passively allowing it. But Angwin says she is heartened by the large response to her piece. “It reminded me that people still do care about this stuff,” she said.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Foreigners

More Than Scottish Pride

Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself. 

What Charles Barkley Gets Wrong About Corporal Punishment and Black Culture

Why Greenland’s “Dark Snow” Should Worry You

Three Talented Actresses in Three Terrible New Shows

Why Do Some People See the Virgin Mary in Grilled Cheese?

The science that explains the human need to find meaning in coincidences.

Jurisprudence

Happy Constitution Day!

Too bad it’s almost certainly unconstitutional.

Is It Worth Paying Full Price for the iPhone 6 to Keep Your Unlimited Data Plan? We Crunch the Numbers.

What to Do if You Literally Get a Bug in Your Ear

  News & Politics
Weigel
Sept. 16 2014 7:03 PM Kansas Secretary of State Loses Battle to Protect Senator From Tough Race
  Business
Moneybox
Sept. 16 2014 2:35 PM Germany’s Nationwide Ban on Uber Lasted All of Two Weeks
  Life
The Vault
Sept. 16 2014 12:15 PM “Human Life Is Frightfully Cheap”: A 1900 Petition to Make Lynching a Federal Offense
  Double X
The XX Factor
Sept. 15 2014 3:31 PM My Year As an Abortion Doula
  Slate Plus
Slate Plus Video
Sept. 16 2014 2:06 PM A Farewell From Emily Bazelon The former senior editor talks about her very first Slate pitch and says goodbye to the magazine.
  Arts
Brow Beat
Sept. 16 2014 8:43 PM This 17-Minute Tribute to David Fincher Is the Perfect Preparation for Gone Girl
  Technology
Future Tense
Sept. 16 2014 6:40 PM This iPhone 6 Feature Will Change Weather Forecasting
  Health & Science
Science
Sept. 16 2014 1:39 PM The Case of the Missing Cerebellum How did a Chinese woman live 24 years missing part of her brain?
  Sports
Sports Nut
Sept. 15 2014 8:41 PM You’re Cut, Adrian Peterson Why fantasy football owners should release the Minnesota Vikings star.