Canvas fingerprinting

Source: Wikipedia, the free encyclopedia.

Canvas fingerprinting is one of a number of

KU Leuven University described it in their paper The Web never forgets.[6]

Description

Canvas fingerprinting works by exploiting the HTML5 canvas element. As described by Acar et al. in:[6]

When a user visits a page, the fingerprinting script first draws text with the font and size of its choice and adds background colors (1). Next, the script calls Canvas API’s ToDataURL method to get the canvas pixel data in dataURL format (2), which is basically a Base64 encoded representation of the binary pixel data. Finally, the script takes the hash of the text-encoded pixel data (3), which serves as the fingerprint ...

Variations in which the graphics processing unit (GPU), or the graphics driver, is installed may cause the fingerprint variation. The fingerprint can be stored and shared with advertising partners to identify users when they visit affiliated websites. A profile can be created from the user's browsing activity, allowing advertisers to target advertise to the user's inferred demographics and preferences.[4][7]

By January 2022, the concept was extended to fingerprinting performance characteristics of the graphics hardware, called DrawnApart by the researchers.[8]

Uniqueness

Since the fingerprint is primarily based on the browser, operating system, and installed graphics hardware, it does not uniquely identify users. In a small-scale study with 294 participants from

screen resolution and browser JavaScript capabilities.[9]

Much more unique identification becomes possible with DrawnApart, published in 2022, which was shown to boost tracking duration of individual fingerprints by 67% when used to enhance other methods.[8]

History

In May 2012, Keaton Mowery and Hovav Shacham, researchers at University of California, San Diego, wrote a paper Pixel Perfect: Fingerprinting Canvas in HTML5 describing how the HTML5 canvas could be used to create digital fingerprints of web users.[4][9]

Social bookmarking technology company

cookies. 5% of the top 100,000 websites used canvas fingerprinting while it was deployed.[10] According to AddThis CEO Richard Harris, the company has only used data collected from these tests to conduct internal research. Users will be able to install an opt-out cookie on any computer to prevent being tracked by AddThis with canvas fingerprinting.[4]

A software developer writing in Forbes stated that device fingerprinting has been utilized for the purpose of preventing unauthorized access to systems long before it was used for tracking users without their consent.[3]

As of 2014 the technique is widespread in many websites, used by at least a dozen high-profile web ads and user tracking suppliers.[11]

In 2022, the capabilities of canvas fingerprinting were much deepened by taking minute differences between nominally identical units of the same GPU model into account. Those differences are rooted in the manufacturing process, making units more deterministic over time than between identical copies.[8]

Mitigation

DoNotTrackMe,[13] or Adblock Plus[14] manually enhanced with EasyPrivacy list are able to block third-party ad network trackers and can be configured to block canvas fingerprinting, provided that the tracker is served by a third party server (as opposed to being implemented by the visited website itself).[citation needed] Canvas Defender, a browser add-on, spoofs Canvas fingerprints.[15]

The LibreWolf browser project includes technology to block access to the HTML5 canvas by default, only allowing it in specific instances green-lit by the user.

See also

  • Evercookie – a type of browser cookie that is intentionally difficult to delete
  • Local shared object – a persistent browser cookie also known as a Flash cookie
  • Web storage – web application software methods and protocols used for storing data in a web browser

References

  1. ^ Obaidat, Muath (2020). "Canvas Deceiver - A New Defense Mechanism Against Canvas Fingerprinting". Journal of Systemics, Cybernetics and Informatics. 18 (6): 66–74.
  2. ^ Knibbs, Kate (July 21, 2014). "What You Need to Know About the Sneakiest New Online Tracking Tool". Gizmodo. Retrieved July 21, 2014.
  3. ^ a b Joseph Steinberg (July 23, 2014). "You Are Being Tracked Online By A Sneaky New Technology -- Here's What You Need To Know". Forbes. Retrieved November 15, 2014.
  4. ^ a b c d Angwin, Julia (July 21, 2014). "Meet the Online Tracking Device That is Virtually Impossible to Block". ProPublica. Retrieved July 21, 2014.
  5. ^ Kirk, Jeremy (July 21, 2014). "Stealthy Web tracking tools pose increasing privacy risks to users". PC World. Retrieved July 21, 2014.
  6. ^ a b c
  7. ^ Nikiforakis, Nick; Acar, Günes (2014-07-25). "Browser Fingerprinting and the Online-Tracking Arms Race". ieee.org. IEEE. Retrieved October 31, 2014.
  8. ^
    ISBN 978-1-891562-74-7
    .
  9. ^ a b Mowery, Keaton; Shacham, Hovav. "Pixel Perfect: Fingerprinting Canvas in HTML5" (PDF). Retrieved March 22, 2018.
  10. ^ a b Davis, Wendy (July 21, 2014). "EFF Says Its Anti-Tracking Tool Blocks New Form Of Digital Fingerprinting". MediaPost. Retrieved July 21, 2014.
  11. ^ "Websites using HTML5 canvas fingerprinting". WebCookies.org. Archived from the original on 2014-12-28. Retrieved 2014-12-28.
  12. ^ "The Design and Implementation of the Tor Browser [DRAFT]". www.torproject.org. Retrieved 2018-05-25.
  13. ^ Kirk, Jeremy (July 25, 2014). "'Canvas fingerprinting' online tracking is sneaky but easy to halt". PC World. Retrieved August 9, 2014.
  14. ^ Smith, Chris. "Adblock Plus: We can stop canvas fingerprinting, the 'unstoppable' new browser tracking technique". BGR. PMC. Archived from the original on July 28, 2014.
  15. ^

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=Canvas_fingerprinting&oldid=1219709707"