Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / New Technology Defeats Privacy Efforts
New Web Tracking Technologies Defeat Privacy Protections
New Web Tracking Technologies Defeat Privacy Protections
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Recently developed Web tracking tools are able to circumvent even the best privacy defenses, according to a new joint study by researchers at Princeton University and the University of Leuven in Belgium. New technologies known as canvas fingerprinting, evercookies and cookie syncing are making it difficult for even sophisticated users to maintain their privacy, the study warned.

"A single lapse in judgment can shatter privacy defenses," the rfesearchers wrote. The paper, titled "The Web never forgets: Persistent tracking mechanisms in the wild," claims to be the first large-scale study of the three new tracking techniques.

New Weapons in Privacy Arms Race

These newly developed trackers are difficult to control, detect, or defend against. Canvas fingerprinting, for example, uses the browser's own Canvas API to draw invisible images and extract a persistent, long-term fingerprint without the user's knowledge or consent. Over 5 percent of the top 100,000 Web sites employ canvas fingerprinting as part of their efforts to watch visitors' Web surfing habits, according to Internet measurement firm Alexa -- although only one company, AddThis, is responsible for 95 percent of the instances of the canvas technique. AddThis said on its blog that it was testing the new technology, and that it has subsequently disabled the code.

Cookie syncing, meanwhile, is the practice of tracker domains passing pseudonymous IDs associated with a given user, typically stored in cookies, amongst each other.

"Cookie syncing can greatly amplify privacy breaches through server-to-server communication," the study's authors said. "While Web privacy measurement has helped illuminate many privacy breaches online, server-to-server communication is not directly observable. All of this argues that greater oversight over online tracking is becoming ever more necessary."

With the third technique, evercookies, multiple storage vectors are used that are less transparent to users and may be more difficult to clear, according to the paper. "Evercookies provide an extremely resilient tracking mechanism, and have been found to be used by many popular sites to circumvent deliberate user actions," the study said.

Difficult to Defend

Users can defend against tracking using tools such as AdBlock Plus and Ghostery, which block third-party content, or by disabling evercookie storage vectors such as Flash cookies. However, other storage vectors used by the new techniques such as localStorage, IndexedDB and canvas cannot be disabled without breaking core functionality.

The only software the researchers found that successfully defended against techniques such as canvas fingerprinting was the Tor browser, which returns an empty image from all canvas functions that can be used to read image data. Both the Tor Browser Bundle and the Electronic Freedom Foundation's Privacy Badger were effective in countering cookie syncing.

However, even with effective tools to block the new tracking techniques, the level of user sophistication and effort required to employ them is prohibitively high. Users will have to be meticulous in their use of existing tools, the study concluded.

"The rapid pace at which new tracking techniques are developed and deployed implies that users must constantly install and update new defensive tools," the study said. "It is doubtful that even privacy-conscious and technologically savvy users can adopt and maintain the necessary privacy tools without ever experiencing a single misstep."

Image credit: iStock/Artist's concept.

Tell Us What You Think


Posted: 2014-08-04 @ 3:36pm PT
This story is inaccurate. AddThis ran an internal R&D test and it's been over. There is not canvas fingerprinting on all those sites you list. You can get the facts from the AddThis blog:

Stop the BS:
Posted: 2014-07-22 @ 12:59pm PT
You do not need to "break core functionality." Just prevent tracking sites from running their consumer-hostile code on your machine. The RequestPolicy and NoScript extensions for Firefox are your friends, and Adobe Flash should have been considered consumer-hostile already many, many years ago (Steve Jobs was right).

Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.