Security

‘Canvas fingerprinting’ has a new enemy, and its name is Ghostery

Just two weeks after news broke about a new, seemingly unstoppable method for tracking consumers online, we’ve heard about a way of stopping it.

Canvas fingerprinting is a new method for tracking your every move on desktop and mobile devices as you hop from site to site. It is hard to block, resides on your browser without your knowledge, and has become a unique identifier that many sites use to log your web history as you jump from site to site.

Critically, canvas fingerprinting cannot be blocked by refusing or deleting browser cookies, which is what most tracking tools use. Although canvas fingerprinting works on both desktop and mobile, it thrives in the former, because the technology is older.

Enter Ghostery. Used by some former and current U.S. intelligence officials in their private browsing lives, Ghostery is a tool that helps protect consumers’ privacy by blocking the various trackers that advertisers and brand websites use to follow them around the web.

Ghostery chief Scott Meyer

The New York-based startup claims its software is anathema to canvas fingerprinting, enabling users to safely keep their browsing history private.

“Ghostery’s script blocking app sits in your browser, and canvas fingerprinting won’t work if it’s there,” said Ghostery founder and chief executive Scott Meyer.

“Consumers,” Meyer added, “need tools to keep up with information on how they’re being tracked, and how to maintain control.”

Ghostery launched in 2009. Now, five years later, 40 million consumers are using the software, Meyer says.

Malwarebytes head intelligence guru Adam Kujawa summarized canvas fingerprinting like this:

“Utilizing a script to execute the algorithm from multiple websites can create a new method of tracking users without using cookies. Canvas fingerprinting is the act of extracting information from a user’s browser and using it paint a semi-unique identifiable token. The method requires the use of HTML5, which is a commonly used standard today, being used from making web apps to games.”

The researchers who first discovered canvas fingerprinting estimate that it is used by 5.5 percent of major websites. Most canvas fingerprinting scripts (95 percent of the ones found by the researchers) come from Addthis, based in Virginia, although a few other companies also use the technique. A company spokesperson did not respond to VentureBeat for comment.

While desktop cookies have greatly aided marketers with intel on your browsing habits on the desktop, cookies don’t exist on mobile apps and are of limited usefulness on mobile browsers.

Instead of cookies, marketers track you on mobile by creating a personal identifier, or PI, to try to correlate browsing patterns. Canvas fingerprints are one such PI — and while they can’t be tied directly to an individual’s personal identity, they do provide marketers with data they can correlate: This person visited eBay, then Amazon.com, then Warby Parker, and so on.

Analytics players providing consumer data to clients rely on this information for highly personalized marketing and app download pushes.

“Ghostery is on my shortlist of privacy tools to use online, and is used by everyone at my company. It has the ability to not only let you know how sites are tracking and analyzing your behavior, but it also lets you block any tracker you wish with the flip of a switch,” a former National Security Agency official told VentureBeat.

Meyer said consumers need to understand that the development of tracking tools is moving at such a pace that canvas fingerprinting will likely be usurped by a new software tracking program sooner rather than later.

“Media consumption and time spent on mobile is growing much faster than on desktop,” Meyer said. “I expect new ad targeting technology to shift to a mobile-first model, as opposed to today’s desk-centric model.”

Although Meyer believes technology makes it easier for people to be virtually hoodwinked, technology, like his, keeps people better informed, he said.

“As an industry,” he said, “it’s essential that we continue to give consumers as much transparency and control as possible.”

More information:

Powered by VBProfiles


Mobile developer or publisher? VentureBeat is studying mobile app analytics. Fill out our 5-minute survey, and we'll share the data with you.
5 comments
Jeremy E. Simpson
Jeremy E. Simpson

I guess if you want to use a tool for pedophilia...but that's a reflection of the user, not the tool...

Adam Sculthorpe
Adam Sculthorpe

TOR is a honeypot for pedophiles. If you actually believe you can be anonymous in 2014 you're delusional.

Marcus Greenwood
Marcus Greenwood

Canvas fingerprinting is about as accurate as saying everyone with the same make and model of car is the *same* person except that it works for graphics cards - so by this logic, everyone with the same type of computer/tablet/mobile is the same person.