Canvas Fingerprinting Is More Invasive Than Cookies. But Should You Worry About It?
Cookies have been around since the ’90s Internet, so it’s not surprising that after all these years there’s a new game in town. But it’s concerning that the new tracking apparatus, canvas fingerprinting, was called “virtually impossible to block” by ProPublica's Julia Angwin. And now the Internet is responding.
Canvas fingerprinting uses a script to render an extra and invisible part of a webpage along with the regular site you’re looking for. The extra piece is there specifically to evaluate minor things about your computer that your system reveals in the process of loading the site. They're little things like which browser you’re using and which version of it you're running, but when enough of them are put together, says Angwin, they can turn into a unique profile or fingerprint, and then companies can use this identifier to track your browsing.
But maybe it’s not even worth fighting canvas fingerprinting. Internet filtering company AdBlock Plus, which was mentioned in the ProPublica article, posted a blog post by lead developer Wladimir Palant on Wednesday that argues that canvas fingerprinting is doomed to fail because sheer volume of users should stymie the approach. He explains that canvas fingerprinting uses available information about users' graphics drivers, browsers, operating systems, and other parameters to identify them on different sites based on their system's unique combination of attributes. But he notes that even if a tracker looks at tons of criteria, it’s pretty likely that groups of people will have the same combinations. Palant says,
All this taken into account, my guess is that canvas fingerprinting can work to identify users on smaller websites with a fairly stable community. However, as soon as you start talking about millions of users (e.g. if you want to track users across multiple websites), it is just too likely that different users will have exactly the same configuration and won’t be distinguishable by means of canvas fingerprinting.
Palant also cites problems with canvas fingerprinting that the ProPublica article itself brings up, like the fact that canvas fingerprinting doesn’t work so well for tracking mobile users. Even AddThis is skeptical continuing to use the approach. But if that doesn’t satisfy your concerns about canvas fingerprinting, Palant suggests using AddBlock Plus (naturally) and its EasyPrivacy filter list as a way of ensuring anonymity. The Electronic Frontier Foundation says that its Privacy Badger plugin can also help you go off the canvas fingerprinting grid.
Angwin says that Palant isn’t quite getting the point. “I don't think you should dismiss every threat just because it doesn't seem effective,” she said. If companies are tracking you, it’s worthwhile to know how, and what you can do about it, instead of passively allowing it. But Angwin says she is heartened by the large response to her piece. “It reminded me that people still do care about this stuff,” she said.
Inside Wisconsin’s Mayfly Hell
If you don’t like bugs, stop reading this now. What follows can only be described as a horror movie come to life.
This weekend, millions of mayflies took over a stretch of the Mississippi River. In the span of a few short hours, the riverside town of La Crosse, Wisconsin, was overwhelmed.
You’ve surely heard of storm chasing, but what about mayfly chasing? For meteorologist Tim Halbach, nightmares became reality on Sunday night:
Mayfly chasing. Just west of the Cass St bridge in La Crosse. pic.twitter.com/uW9quXTJeg— Tim Halbach (@TimHalbach) July 21, 2014
Mayfly hatch in Trempealeau from Saturday night. Thanks to Kelly for the picture! pic.twitter.com/e9wxuOlXLY— Michelle Poedel (@news8michelle) July 21, 2014
There were so many bugs, they actually showed up on weather radar, with the equivalent reflectivity of a moderate thunderstorm. A thunderstorm of bugs, that is:
The National Weather Service in La Crosse, where Halbach works, launched an explainer page devoted to the massive hatch, which they say resulted in “swarming and piles of mayflies” (emphasis theirs). Piles?! Eeesh. I’ll give them the benefit of the doubt on that one.
Mayflies have the ultimate boom-and-bust life. The bugs have spent the better part of their roughly year-long lifespan in aquatic nymph form, and they get to take flight for only a few hours—which is what happened Sunday. These hatches become wild aerial sex frenzies, after which the adults die in a blaze of glory. According to PBS, mayflies have the shortest adult phase of any known insect, just five minutes for one species.* Wired described them as “gonads with wings.” But why Wisconsin? Why now? From the NWS:
While the emergence of mayflies from their river bottom mud dwelling can occur at various times through the warm season depending on the species, this particular emergence was that of the larger black/brown Bilineata species.
Adult Hexagenia Bilineata live for about a day. They can’t eat. (Seriously, they don’t even have working mouths.) Their annual emergence is synchronized so as to provide the best chance of finding a mate. A citizen science project coordinated by the U.S. Fish and Wildlife Service in Onalaska, Wisconsin (PDF) has helped link the annual event to cumulative weather conditions during the spring and early summer.* Since this year’s been colder than average along the Upper Mississippi River, the mayfly hatch came later than normal.
I called Halbach at his office to get to the bottom of this entomological abhorrence.
I’m afraid to ask: How was it?
Mayflies are the latest buzz around here. (Everyone in the office gagged a little bit when I told that joke.)
But seriously, we were watching radar that evening, between 8:30 and 9, and it really started to pick up. The algorithm started showing that we were getting rainfall. We took a look more closely, and were like, nope, that’s bugs. Winds were from the south, and you could watch the swarms being pushed gradually northward.
Watching from radar is one thing, but what on earth inspired your mayfly chase?
After my shift ended at midnight, I decided to drive back and forth to see what I could find. Maybe I’m just morbid that way. I’ve gone through some bug hatches in the past with the cicadas in D.C. and Chicago, with the same general sense of just being thoroughly disgusted.
Sunday night, I went to the Mississippi River bridge to see where the main mayflies were. The biggest swarm I found was just to the west of the main bridge, on an island in the Mississippi.
Coming back, I was low on gas and was going to fill up. I saw the lights of the gas station were off, and thought they were closed. In hindsight, they probably just switched off the lights to try to get rid of all the bugs.
When I finally stopped for gas, it was enough that in the few seconds of opening the door, a bunch of them had climbed in. When I got back in my car, you could hear them buzzing around inside. They’re harmless, though. It was definitely a self-inflicted annoyance.
Just how rare is something like this?
Pretty much every summer we get a pretty big one that shows up. The last big one like this was in 2012. It’s something we see on radar pretty often this time of year, but maybe not normally to the size we had the other night.
It’s a good sign for the river that it’s healthy. Some of the fishermen might not be as happy, though. The fish don’t bite as well after eating so many bugs.
We’ve seen them hatch multiple times per year in the past, so this might not be the only one this year.
Any advice from a veteran mayfly chaser for someone who’s interested in joining your ranks?
Be prepared to have mayflies all over you. And bring a shovel. I regret not having my better camera with me, too. Look for anywhere that has lights, they seem to congregate there. Knowing the wind direction in advance will help you find the clusters. As this event showed, you can use the radar images for that as well.
Since they mate and die in one day, there will be piles of them the morning after. That’s what the shovel’s for.
*Update, July 24, 2014: This sentence was updated to clarify the role a citizen science project has played in tracking mayfly hatchings.
*Correction, July 24, 2014: A previous version of this article incorrectly implied some mayflies have a lifespan of only five minutes. Their lifespan is actually roughly a year; it's the adult phase that's only minutes long in some species.
Pizza Hut is Making a Real-Life TMNT Pizza Thrower, and It Sounds Awesome
Just when I thought Michael Bay was going to irredeemingly desecrate the Teenage Mutant Ninja Turtles of my childhood in one fell, explosion-laden swoop, in comes the unlikeliest of heroes to save the day. Pizza Hut—the cheese-in-crust purveyors and, now, my favorite company in the world—is making a real-life version of the Turtles' iconic pizza thrower.
Per the Hollywood Reporter, the life-size model of the Best Toy Ever is being constructed by Syyn Labs, as a part of a promotional partnership between Paramount Pictures and the global pizza chain. Featuring a 16-foot-long rotating cannon, the TMNT vehicle will debut at this year's Comic-Con, where it will delight fanboys and girls in attendance by shooting (fake) pizzas at the enemies of Michelangelo and Co. If the thought of that doesn't bring back memories of the countless afternoons spent firing half-dollar-sized discs at your pets and siblings, then I don't know what will.
Of course, in the grand scheme of food-based technology, this pales in comparison to things like the NASA-funded pizza-making 3-D printers. The pizzas here are fake and, well, NASA is 3-D printing food. But in a universe in which we're on the verge of the Ninja Turtles being Michael Bay'd, it's one of the coolest things that I've seen in a long time. Cowabunga, indeed.
Internet Father Vint Cerf Explains How We Keep Web Addresses Straight
In March, there was a lot of news about the Internet Corporation for Assigned Names and Numbers (ICANN) and how the U.S. was planning to relinquish its power over the organization. Now, with Republicans angling to delay the transition, Google has released an explainer video about why it thinks the process is positive. The video is charming, informative, and features dad jokes from Internet inventor Vint Cerf. What could be better?
Cerf, who is currently a VP and “chief Internet evangelist” at Google, starts with the basics to explain how you navigate to websites online. The video goes through how things used to be and where the need for ICANN arose from in the first place, which gives some good context for why it’s really important now that a balanced group of stakeholders continue to be in charge of the organization.
Cerf also argues that the U.S. isn’t just “giving away its authority,” but actually completing a positive, and long-planned, transition to a maximally democratic ruling body for the Internet. Republicans have been vocal opponents of the ICANN transition away from U.S. control, because they worry that without the U.S.’s authority backing the organization, ICANN will struggle to resist pressure from groups that want to limit Internet freedom.
We checked the IP address example in the video, 18.104.22.168, to see if it was an Easter egg and belonged to someone funny. Sadly, it’s just a normal Google IP, but there are some jokes in the final utopian future scene of the video, including Vint Cerf riding on Grumpy Cat and the man in the moon being replaced by Doge. Who says you can't do Internet policy education and also have a little fun?
Australians and Canadians Are Turning to Virtual Private Networks to Access U.S. Netflix
Perhaps we should thank the intractable cable TV providers of Canada and Australia. Because of their stranglehold over film and television rights, which continue to block decent streaming services like Netflix, Canadian and Australian Breaking Bad fans may, accidently, be some of the securest people online.
Netflix operates in Canada, but because of rights deals, Canadians can’t access the same amount of content as U.S. customers (4,000 titles compared with the American Netflix’s 10,000 or so—with popular shows missing, like the American version of The Office and 30 Rock). Australia has some homegrown streaming option but no Netflix, and people have to pay much more overall, often double the price, than the U.S. for music, film, and television. And yet recent reports suggest that there are an estimated 200,000 Australian Netflix customers and plenty of Canadians who are somehow getting past the geographically determined barriers around U.S. Netflix. So, how are these members of the Commonwealth freely perusing “witty workplace comedies”? All through the power of virtual private networks.
Yelp’s New Data Tool Is the Best Thing Since Cronuts Surpassed Sliced Bread
To celebrate its 10th birthday, Yelp has released a tool that will finally tell us exactly when craft beer surpassed PBR, ombre overtook Brazilian blowouts, and macarons began to take a bite out of cupcakes.
Yelp Trends is sort of like Google Ngrams for customer reviews instead of books. Enter up to three keywords, then choose your city and business category, and it will plot a graph showing the terms’ relative frequency in Yelp reviews over time.
Are macarons really the new cupcakes? Not quite, it seems:
Remember when Ritual was San Francisco’s frothiest coffee roaster? Blue Bottle steamed ahead in about 2008, and Philz followed a few years later.
Now Sightglass and Four Barrel are right there with it:
The rise of ombre hair color in Los Angeles tracks pretty well with the fall of Brazilian blowouts:
Watch Chicagoans switch from Scotch to bourbon:
San Franciscans know exactly when their favorite vegetables are in season:
Angelenos just eat them any old time:
And who says you can’t compare apples to oranges?
Feel free to try it yourself and share your results in the comments.
Previously in Slate:
Now There Are Two Weird Holes in Siberia
Late last week, helicopter video of a mysterious hole emerged in a remote part of northern Siberia, sending conspiracy theorists into a tizzy worldwide.
Theories ranging from a possible UFO landing to a large meteor striking the earth. http://t.co/5oKcjWcsbY— Lori McDonald (@alienufoart) July 17, 2014
OK....I'd like to hear any and all theories on this one. My guess is flatulence in its most extreme form... http://t.co/vYl2rJGAhF— Teddy Miranda Jr (@TeodolfoJr) July 16, 2014
(Spoiler alert: Turns out, that last theory isn’t so far off.)
Now, a second hole has been found.
From the Moscow Times:
Reindeer herders in Russia's Far North have discovered yet another mysterious giant hole about 30 kilometers away from a similar one found days earlier.
Located in the permafrost of the subarctic Siberian region of Yamal, which means “end of the earth” in the local Nenets language, both craters appear to have been formed in recent years and have icy lakes at their bases.
A new video released by the Siberian Times on Friday shows a brief glimpse inside the first hole as an impromptu scientific expedition visited last week.
According to a Siberian Times interview with the scientists, there’s a clear connection with climate change:
Anna Kurchatova from the Sub-Arctic Scientific Research Centre thinks the crater was formed by a water, salt and gas mixture igniting an underground explosion, the result of global warming.
Gas accumulated in ice mixed with sand beneath the surface, and that this was mixed with salt—some 10,000 years ago this area was a sea.
Global warming, causing an “alarming” melt in the under soil ice, released gas causing an effect like the popping of a Champagne bottle cork, she suggests.
It’s as if the Earth is celebrating. Soon, no more humans!
Around the time the first crater is estimated to have formed—2012 or 2013—temperatures were unusually high for that part of Siberia. In general, the whole Arctic region is the fastest warming place on the planet, warming about twice as fast as global averages. A study published last year said the Arctic hasn’t been this warm in at least 120,000 years.
As permafrost melt accelerates across the Arctic, there’s increasing concern that the natural release of methane and other greenhouse gases will also accelerate. Arctic permafrost in Alaska, Canada, and Russia holds more frozen carbon (in the form of both carbon dioxide and methane) than currently exists in the entire atmosphere. Methane is more than 20 times more potent at trapping heat in the atmosphere than carbon dioxide. Some studies have linked massive releases of methane to the biggest mass extinctions in Earth history.
Needless to say, it’s a region that scientists are following closely. It’s not likely that there will be a rapid, catastrophic release of methane from Arctic permafrost, but gradual methane farts (of the sort that this hole represents) could gradually escalate in the coming years due to global warming. The thing is, the Arctic is so remote that it’s difficult to get good numbers on how much methane is being released. For that reason, the Arctic continually surprises scientists, just like last week.
One leading theory says that a pingo—an uplift of frozen ground linked to ancient Arctic lakes—may be at work here. This unique type of landform appears only in permafrost regions.
In this case, the holes could have been caused by an unusually large pingo, which have been known to explode, thanks to melting permafrost. This theory was put forth by an Australian polar scientist before the Russian team arrived at the first hole. From the Sydney Morning Herald:
“We’re seeing much more activity in permafrost areas than we’ve seen in the historical past. A lot of this relates to this high degree of warming around these high arctic areas which are experiencing some of the highest rates of warming on earth,” Chris Fogwill told the Sydney Morning Herald.
In short, more global warming means more pingos. Apparently, exploding permafrost is now a thing. Thanks, climate change!
Netizen Report: Censorship and Social Media Sneakiness Abound in Southeast Asia
Global Voices Advocacy’s Netizen Report offers an international snapshot of challenges, victories, and emerging trends in Internet rights around the world. This week’s report begins in Southeast Asia, where writers and activists across the region are feeling the chill of government restrictions on digital expression.
The Thai military junta has escalated its media war, now banning media organizations from publishing anything that “could create resistance against the junta”—the order specifically prohibited interviews with academics and civil servants who might distort the junta’s image. News organizations that defy the order could face immediate suspension. After a meeting with military officials, Thai media executives expressed guarded optimism that the edict would be toned down.
Adding to the growing trend of censorship of Facebook in Southeast Asia, the accounts of at least 30 leading political activists in Vietnam have been suspended—not by a widespread ban, but due to the alleged exploitation of Facebook’s “report abuse” function by Vietnamese government “opinion shapers.” The government appears to have given up on its failed attempts at a total ban in favor of a more targeted approach.
And a new Brunei-based chat application Chrends (a hybrid of “chat” and “trends”) claims to provide an anonymized platform for discussion of topics that may be considered taboo for citizens in the country, which recently implemented Sharia law.
Free Expression: Comment is not free in Colombia
A Colombian man was sentenced to 18 months in prison for posting a comment on ElPais.com mocking an administrative bureau of the federal government. In a post on Fundacion Karisma’s blog, free expression advocate and lawyer Carolina Botero expressed concern that if courts continue to process cases like this under the penal code, they will overshadow the tensions between fundamental rights in play.
Thuggery: Zone 9 bloggers charged with terrorism in unfair trial
Ethiopia’s Lideta High Court charged nine bloggers and journalists, including four members of Global Voices, with terrorism and related activities. The bloggers, who were arrested on April 25 and 26, had no legal representation present when the charges were issued, and their attorneys and families were given no prior notice about the hearing. The anti-terrorism law under which they have been charged was also used to jail journalists Eskinder Nega and Reeyot Alemu, who have been in prison since 2011. In the lead-up to their trial, set for Aug. 4, the Zone9ers’ Trial Tracker blog will post updates and provide a platform for those who wish to give support.
Omani activists Noah Saad and Muawiyah Al-Rawahi were arrested for blogging about human rights violations in their country. Saad, who was arrested in 2011 for similar “offenses,” was arbitrarily detained by Oman’s national security intelligence agency and is reportedly being held incommunicado. Observers believe Al-Rawahi was targeted over a recent blog post in which he criticized the repressive practices of Omani authorities in response to a teacher strike in late 2013.
Internet Governance: African NGOs lead regional Internet rights declaration
A group of civil society organizations across Africa are sourcing contributions to a proposed African Declaration of Internet Rights and Freedoms. The process is now in a public consultation phase, which will run until Aug. 4.
Surveillance: In Snowden’s wake, new laws reassert state security powers
The U.K. House of Commons, the lower chamber of Parliament, approved the emergency Data Retention Investigative Powers bill that will allow Britain’s security agencies to access citizens’ phone and electronic communication records, despite the European Court of Justice’s ruling against data retention last April. The bill was strongly opposed by civil liberties organizations, Internet law academic experts, and the Global Network Initiative. Several members of the House of Lords criticized the decision to rush this kind of legislation through the Parliament.
Australia’s attorney general proposed a new bill that would increase the powers of the Australian Security Intelligence Organisation. The law extends criminal penalties for leaks of sensitive state information to private contractors. A leading criminal lawyer and spokesperson for the Australian Lawyers Alliance worried openly about what he called the “Snowden/Assange/Guardian/New York Times clause,” which could make journalists reporting on intelligence leaks liable for criminal prosecution and up to 10 years in prison. Even worse, the bill effectively condones illegal conduct by intelligence officers by granting them legal immunity for any actions taken during so-called “special intelligence operations.” The bill will be debated in the Australian Parliament in September.
Public records reveal links between the daughters of Azerbaijan’s president Ilham Aliyev and its largest mobile phone business, Azercell, raising serious concerns about surveillance, free expression, and communications security within the country. The Aliyev family now appears to control nearly three-quarters of all mobile communication providers in the country, and thus has widespread capacity to monitor phone calls and Internet traffic.
Privacy: Europe Wrestles with Right-to-Be-Forgotten Fallout and Food Blogger Blues
Microsoft joined Google in removing links upon request from its Bing search engine, which holds 2.5 percent of the search market in Europe, under the new “right to be forgotten” ruling, which allows individuals to request that search engines remove certain kinds of results that are outdated or portray them in a negative light.
A French court ordered food blogger Caroline Doudet to change the title of a negative restaurant review she had written, with the goal of diminishing its prominence in search results. Ms. Doudet said the decision established a “new crime of being too highly ranked [on a search engine].” Bloggers in France believe the judge presiding over the case unfairly favored the plaintiff in the case.
Industry: Apple and China—hypocrites without borders?
China’s CCTV labeled the iPhone a threat to national security for its invasive location-tracking features. Apple responded with a statement detailing the iPhone’s privacy attributes.
Apple launched improved encryption measures in its iCloud email services this week. Though it has yet to make a formal announcement, the changes can be seen via Google’s transparency website. German-language publication Heise claims the company is using the minimally secure RC4 encryption, which is believed to have already been cracked by state security services.
Photographer Deni Bechard provides a close look at Kabul’s multimillion-dollar surveillance system, which includes 108 high-resolution camera feeds that are monitored 24 hours a day—a modern version of Jeremy Bentham’s panopticon.
Publications and Studies
- “The Right to Privacy in the Digital Age”—Office of the United Nations High Commissioner for Human Rights
- “Global Opposition to U.S. Surveillance and Drones, but Limited Harm to America’s Image”—Pew Research Center
- “Are India’s Internet laws ready for the digital age?”—Global Network Initiative
Drones Really Do Find People in Search-and-Rescue Missions
Though drones are controversial, they can definitely do good sometimes. Last week a Colorado man went to visit his girlfriend in Wisconsin and brought with him a drone, which he uses to film snow sport videos. And according to Gigaom, he ended up finding a missing person after offering to assist in a search-and-rescue effort.
David Lesh accidentally made a good argument for why consumer drones can be positive by being in the right place at the right time with his ski drone. He told NBC, “I never thought that I would be using it to find somebody.” The missing person was 82-year-old ophthalmologist Guillermo DeVenecia, who Lesh's drone spotted in a 200-acre bean field. The search and rescue had gone on for three days and had already involved dogs, hundreds of people, and a helicopter.
The rescue lends support to a movement against the FAA's strict commercial drone regulations, which essentially ban their use for organized search and rescue groups. The Texas-based company EquuSearch has been clashing with the FAA for months over drone bans and decided last week that it would simply ignore the FAA's warnings to stop using drones. A favorable ruling from a federal appeals court last week motivated EquuSearch to resume using its drones.
We already know why drones can be creepy and threaten privacy, but it’s hard to ignore the good side of their functions. The crucial thing here is just to avoid building a centralized, all-seeing eye of Sauron. I think we can all agree that that wasn't a good solution.
Unlock Your Phone With Your Tattoo
Locking your smartphone is important for securing your data in case of loss or theft, but lots of people don't do it. Why? Because it’s annoying. Entering a pin or drawing a design gets old when you check your phone a million times a day, which you do. So Google wants to make it easier. What if you could have a tattoo that unlocked your phone?
It sounds great but also scary. Is it an implanted chip like in every sci-fi movie ever? Is it a tattoo drawn with really metallic ink? Time to chill out—it’s a temporary tattoo. It sticks on! Based on super thin and flexible electronics like VivaLnk’s eSkinTM tech, the tattoos use the same near-field communication that you might have heard about in mobile payment systems to unlock your Moto X. They stick on anywhere and are about the size of a nickel. They adhere for roughly five days through showers, workouts, and anything else, and Motorola employees say they’re actually comfortable (though it'll be good to hear from impartial testers).
The tattoos are available from VivaLnk in 10 packs for $9.99, so it'll cost $80 to cover a whole year of tattoo unlocking. Motorola says it takes average users 2.3 seconds to unlock their phones, and they do it 39 times a day, so if your time is valuable enough, tattoos may actually be a bargain. At the very least it's a good conversation starter that isn't quite as ... aggressive as Google Glass. Or as permanently laughable as a QR code tattoo.