Two years ago, the father of a teenage girl turned on the computer he shared with his daughter. As he surfed around he began seeing ads for pregnancy-related merchandise from Target, one of his daughter’s favorite stores. Turns out they knew she was pregnant before he did because of her on-line shopping habits.
If you think you’ve protected your privacy by deleting your cookies, installing the latest anti-virus software, and setting high browser security levels, you don’t know how determined some software developers are to track your every move.
The first large-scale study of advanced web tracking mechanisms, conducted by researchers at Princeton University and KU Leuven University in Belgium, reveals that people are unwillingly tracked online far more than previously thought.
The newly developed form of user tracking, called “canvas fingerprinting,” works like this: You click on a website and your web browser is automatically told to draw an image. It’s one you can’t see, and here’s the catch. Each person’s computer draws a slightly different image, with the variances being almost imperceptible differences in the font, graphics, or even the number of pixels. Then, that image can be used to give each user’s device a unique identity.
The fingerprinting can virtually happen in the blink of an eye. “This is another method of attempting to identify users uniquely,” said Steven Englehardt, a PhD student in Princeton University’s Department of Computer Science and one of the report’s researchers.
Those pieces of information are adding up. The report found this occurring on more than 5.5 percent of the most popular 100,000 websites today. Websites that run canvas-fingerprinting scripts on their homepages include well-known sites such as whitehouse.gov, nydailynews.com, Hilton.com, the blaze.com, cbslocal.com, twitpic.com, perezhilton.com, and starbucks.com. For each, a company called AddThis, which offers tools most of use on websites, including share buttons for social networks, was uncovered as the fingerprinting domain.
In fact, the vast majority of canvas fingerprinting scripts—nearly 95 percent—was traced back to AddThis. As it turns out, the undetected tracking mechanism is often embedded in 'share' buttons on sites that use social media sharing tools.
Pro Publica’s investigation found users essentially develop profiles overtime based on the sites they visit. And from these profiles, ads and various content can target them directly.
“Browser fingerprinting is being used in the hopes that even through cookies clearing, companies will still be able to identify users,” said Englehardt. “The argument the ad industry makes is that it allows them to better tailor their advertisements to users.”
The detail that sets canvas fingerprinting apart? It’s remarkably difficult to prevent. By design, it circumvents users’ online tracking preferences. Simply changing your computers privacy settings doesn’t make a difference.
Enter Privacy Badger, a tool from the Electronic Frontier Foundation, which released anti-tracking blocker yesterday. Privacy Badger is an add-on for Chrome and Firefox, which the EFF says “blocks spying ads and invisible trackers.” They claim it’s an “answer to intrusive and objectionable practices in the online advertising industry, and many advertisers’ outright refusal to meaningfully honor Do Not Track requests.”
Top Reads from The Fiscal Times: