Breaking News

Canvas data fingerprinting: yet another way to track you on the web (and Firefox fighting back)

This post was originally published on this site

Share on Facebook Share

Share on TwitterTweet

Share on Google Plus Plus

There’s yet another way to fingerprint people online as they move between sites, and that list is getting long by now. This new vulnerability concerns a “canvas” in your browser, a technical way of showing you visual data and graphics. For once, browser makers are fighting back – but it is far from enough.

GHacks first reported on a bug in the Mozilla database with turned into a new feature, the ability to prevent Firefox 58 (and onward) from fingerprinting the way your browser draws on a canvas — a way for a browser to draw realtime graphics and similar things — and reporting that fingerprint back to the publisher for tracking purposes.

However, this is not enough.

To borrow a security analogy from XKCD, having Firefox have an advanced-user option to disable this back-reporting of canvas data to tracking databases is a little bit like a teacher stating they’re always wearing a condom while teaching: while it is better than the alternative, strictly speaking, it still immediately tells you that something is horribly wrong with the big picture.

There are so many different ways to track a user across sites by now, that having hidden options to turn them off one by one can’t possibly be seen as a way forward, or even a workaround. (And as we’re aware, the Do Not Track request from browsers is being happily, almost gleefully, ignored.)

To begin with, in the very request when your browser is asking for a resource (a page, an image of the page, a script on the page, et cetera), your browser provides its model and version number, gives a list of formats it accepts in return, and

Leave a Reply

Your email address will not be published. Required fields are marked *