Linked by Thom Holwerda on Tue 22nd Jul 2014 08:49 UTC
Internet & Networking

A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com.

First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor's Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user's device a number that uniquely identifies it.

Advertising companies will become increasingly... 'Creative' to find some way of tracking us that circumvents known laws and technological barriers. However, I doubt you have to worry about the small fish - worry about what the biggest internet advertising company in the world has cooking in its labs.

Thread beginning with comment 593075
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Noscript blocks this
by BushLin on Thu 24th Jul 2014 14:03 UTC in reply to "RE: Noscript blocks this"
BushLin
Member since:
2011-01-26

Ghostery does nothing about ajax.googleapis.com and the referrers / fingerprinting they collect, the developers have been notified and queried about it; their responses have varied from dismissive, rude and arrogant.

Needless to say I have not trusted Ghostery for some time, even if you ignore the buy out by a marketing company.

Reply Parent Score: 3

RE[3]: Noscript blocks this
by Alfman on Thu 24th Jul 2014 18:31 in reply to "RE[2]: Noscript blocks this"
Alfman Member since:
2011-01-28

BushLin,

That's true, but so far I haven't found any better alternatives that I'd feel comfortable installing for non-savvy users. For such user's, ghostery provides a fairly comprehensive (though not 100% as you point out) database of tracking scripts. And it even removes scripts in such a way that page dependencies are not broken. This gives normal users a much better balance of privacy and functionality than they'd get with no-script without lots of fiddling around.

Still, I agree with you, ghostery should be better, if you know of any superior alternatives that are also maintenance free, then I'd like to hear about them.

Reply Parent Score: 3

RE[4]: Noscript blocks this
by BushLin on Fri 25th Jul 2014 11:13 in reply to "RE[3]: Noscript blocks this"
BushLin Member since:
2011-01-26

I'm afraid I struggle for recommendations for even the most tech savvy of users these days.

I've heard reputable people recommend NoScript and Adblock as all you need but these only stop the content from displaying or scripts from running, you still end up downloading most content which means you still send referrers and fingerprints to all the marketeers but with the false feeling of privacy.

For anyone looking to remove leakage I'd recommend pulling out your network cable before first launch or after installing an upgrade so you don't connect to Google amongst others.
Install add-ons locally after downloading elsewhere, disabling "safe-browsing" which shows twice in options>security as 'block reported...', disable search suggestions and remove the search box, show a blank page at startup, disable all the options in "data choices", have your cookies and cache automatically deleted on exit and if you must run flash, disable everything in its config tool.

in about:config set:
extensions.blocklist.enabled false
extensions.getAddons.cache.enabled false
extensions.update.enabled false

Restore ability to disable add-on compatibility checks:
https://addons.mozilla.org/en-US/firefox/addon/checkcompatibility/

Only manually allow 3rd party content using RequestPolicy, this is the best cure I've found for Noscipt's shortcomings.
https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/

Noscript but with CSS and ABE disbaled (CSS is covered by RequestPolicy and ABE is a leak), also disable "display release notes on updates"
https://addons.mozilla.org/en-US/firefox/addon/noscript/

Disallow 3rd party referrers by default with refcontrol
https://addons.mozilla.org/en-US/firefox/addon/refcontrol/

I'm sure there's something else I've forgotten but the best solution is to monitor the traffic out of your system and see if you're happy.

Reply Parent Score: 2