You are likely being tracked online by a sneaky, new technology that works without your consent, and can track you even if you use anti-tracking toolbars or strict privacy settings.

How is this possible?

Historically, to track you, a website sent cookies or files to your computer, or examined various properties of your device. Anti-tracking systems, therefore, block these types of activities. The new tracking system, however, does not transmit cookies or files, and does not need to read unique properties; to web browsers – and to anti-tracking tools – its mechanism appears to operate like that of a normal webpage.

So how does it work?

When you visit a website that employs Canvas Fingerprinting, as the new sneaky system is known, the site sends your web browser a request to generate a hidden image consisting of some text. Because individual computers have operating system versions, browsers, fonts, graphics adapters, etc. that vary from one to another, there are slight variations between the way text appears in an image on one computer from the way it does on the next. The images of text, are, therefore, like computers’ fingerprints; by analyzing them and tracking what type of image a particular computer generates, different websites utilizing the same tracking system can track a user from site to site – even if he or she is using Incognito Mode, strict browser privacy settings, or an anti-tracking tool.

Strictly speaking, it’s actually the computers that are being tracked – not the people using them. But that’s still quite scary – especially since many people are the sole users of their computers and mobile devices, and because once other information is added into the mix, the identification and tracking can often be refined down to the actual human user level.

Who is doing the tracking?

Social-bookmarking provider AddThis is believed to have begun using canvas fingerprinting earlier this year. Websites that are believed to have utilized canvas fingerprinting from AddThis range from the White House to YouPorn. (YouPorn claims to have turned off canvas fingerprinting after being made aware of its presence in AddThis; the White House has made no such claim – even though the use of canvas fingerprinting seems, at least to me, to be a violation of its own privacy policy.)

What does this mean? Am I being tracked?

Even if you are using Incognito mode, anti-tracking toolbars, or strict privacy settings in your web browser, you can be tracked, and there is a pretty good chance that you are being tracked. That means that when you visit any particular website the operator of that site could know what other sites you have visited in the past – even if you don’t want them to know.

Is device fingerprinting new?

While canvas fingerprinting gained public awareness in 2012 and became a practical problem recently, device fingerprinting technologies in general go back many years. Authentication systems (such as the one I designed for Green Armor) and anti-fraud solutions have used various forms of fingerprinting for over a decade. But that fingerprinting was, and is, used to prevent unauthorized parties from accessing people’s private accounts or stealing their money and data; it was not used for surreptitiously tracking a user’s actions between websites or to target the user for advertising. Even when such systems were ultimately leveraged by marketers, anti-tracking systems that masked browser properties remained generally effective.

The use of advanced fingerprinting technologies, such as canvas fingerprinting, for purposes of tracking people who wish not to be tracked is a different situation and highly problematic.

How can I avoid being tracked?

One can argue that you should always assume that you are being tracked; there is no foolproof way to fully anonymize anything on the Internet, and there is no way to know if some new tracking system is tracking you in an, as of yet, undetectable and/or unblockable way (as was the case with canvas fingerprinting until recently). There are some ways to improve your odds, however, if you are willing to sacrifice some convenience; you should be aware, however, that it is possible that your efforts will not actually succeed in stopping the tracking. Here are some possibilities:

Privacy Badger is a new tool that claims to block canvas fingerprinting (it is new – so time will tell…)
You can use Tor web browser (which may seem complicated for some people)
You can use the Chameleon web browser which is designed to block tracking (although it is not simple to install and use like the major browsers)
You can turn off JavaScript in your browser (although that will likely cause various websites not to work properly)
You can use a very old web browser (although that may introduce other security risks that may be far worse than being tracked)

What To Do About Our Cybersecurity Problems

1 of 11

Attackers come from all over

When it comes to digital attacks happening online, it’s hard to draw clear battle lines. Attackers come from all over and target all over. Forbes asked ten cyber-experts to offer up their best ideas for stemming the threats we face when it comes to digital security. Note: Almost every one of them muttered something about there being no silver bullets.