Canvas fingerprinting

from Wikipedia, the free encyclopedia

Canvas fingerprinting is a collective term for a number of user tracking techniques to clearly identify online users without the use of cookies . As soon as identification is possible, Internet usage behavior, for example, can be observed and analyzed. Canvas fingerprinting can only be prevented with difficulty with standard browser settings (status: July 2014) and is regarded as a non-erasable cookie successor.

A study by Princeton University and the Catholic University of Leuven found that 5.5% of 100,000 websites examined use this technology. Scripts from the web service providers Ligatus and AddThis are used .

functionality

Canvas fingerprinting exploits the effect that the display of text in canvas elements varies depending on the operating system, browser, graphics card, graphics driver and installed fonts. In order to create a specific fingerprint for the page visitor at the time the page is viewed, a hidden text is transferred to the browser for display. Only a few lines of JavaScript are required for this. Due to the unique display, the user can be recognized from this point in time with a high degree of probability and his surfing behavior can thus also be observed. A study by the Electronic Frontier Foundation was able to show that the study was 83.6% unambiguous. However, changing the fingerprint over a period of time is problematic, since the browser's fingerprint changes if, for example, a new font is activated in the browser.

Countermeasures

Current methods to prevent canvas fingerprinting are:

  • Block known fingerprinting scripts based on a blacklist.
  • Preventing the transmission of the canvas element rendered by the browser.
  • Making canvas elements unusable for fingerprinting by adding random data.
  • Disabling JavaScript makes canvas fingerprinting impossible. However, for many websites this makes them unusable.

Several browser add-ons prevent or falsify the reading of a unique fingerprint. In addition to dedicated addons, such as B. CanvasBlocker for Firefox , the Privacy Badger extension from the Electronic Frontier Foundation (EFF) also contains canvas fingerprinting protection. Adblock Plus also wants to prevent user tracking by preventing the transmission of the canvas graphic.

As of version 25.6, the Firefox-based browser Pale Moon has a function that makes canvas fingerprinting much more difficult.

Web links

Individual evidence

  1. a b Jo Bager: User Tracking: Advertising companies already frequently use "non-erasable" cookie successors. heise.de, July 22, 2014, accessed on July 24, 2014 .
  2. a b Canvas Fingerprinting: AddThis tracks users of YouPorn, kinox.to and Co. Archived from the original on April 24, 2013 ; accessed on January 14, 2019 .
  3. Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan, Claudia Diaz. The Web never forgets: Persistent tracking mechanisms in the wild. Draft . Retrieved July 28, 2014.
  4. Canvas Fingerprinting - BrowserLeaks.com. Retrieved January 19, 2019 .
  5. Canvas fingerprinting: Adblock Plus stops tracking. chip.de, July 24, 2014, accessed on July 24, 2014 .
  6. Peter Eckersley: How unique is your browser? (PDF) Electronic Frontier Foundation, accessed February 23, 2016 .
  7. ↑ Block fingerprinting with HTML5 canvas elements. In: Privacy manual. Retrieved January 18, 2019 .
  8. Süddeutsche de GmbH, Munich Germany: Canvas blocker provides tracking protection for the Firefox browser - knowledge news. Süddeutsche Zeitung , 23 August 2018 .;
  9. kkapsner: A Firefox Plugin to protect from being fingerprinted: kkapsner / CanvasBlocker. In: GitHub . January 19, 2019, accessed January 19, 2019 .
  10. Canvas fingerprinting: Adblock Plus stops tracking. In: CHIP Online. July 25, 2014, accessed February 15, 2017 .
  11. https://forum.palemoon.org/viewtopic.php?f=1&t=8943 Retrieved August 9, 2015.