info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
The tracking device that's virtually impossible to block
20 views
Skip to first unread message
slate_leeper
Jul 22, 2014, 6:51:08 AM7/22/14
to
From another user group:
Meet the Online Tracking Device That is Virtually Impossible to Block
ProPublica ^ | 21 July 2014 | Julia Angwin
A new kind of tracking tool, canvas fingerprinting, is being used to
follow
visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.
First documented in a forthcoming paper by researchers at Princeton
University and KU Leuven University in Belgium, this type of tracking,
called canvas fingerprinting, works by instructing the visitor's Web
browser
to draw a hidden image. Because each computer draws the image slightly
differently, the images can be used to assign each user's device a
number
that uniquely identifies it.
Like other tracking tools, canvas fingerprints are used to build
profiles of
users based on the websites they visit - profiles that shape which
ads, news
articles, or other types of content are displayed to them.
But fingerprints are unusually hard to block: They can't be prevented
by
using standard Web browser privacy settings or using anti-tracking
tools
such as AdBlock Plus.
The researchers found canvas fingerprinting computer code, primarily
written
by a company called AddThis, on 5 percent of the top 100,000 websites.
Most
of the code was on websites that use AddThis' social media sharing
tools.
Other fingerprinters include the German digital marketer Ligatus and
the
Canadian dating site Plentyoffish. (A list of all the websites on
which
researchers found the code is here).
Rich Harris, chief executive of AddThis, said that the company began
testing
canvas fingerprinting earlier this year as a possible way to replace
"cookies," the traditional way that users are tracked, via text files
installed on their computers.
"We're looking for a cookie alternative," Harris said in an interview.
Harris said the company considered the privacy implications of canvas
fingerprinting before launching the test, but decided "this is well
within
the rules and regulations and laws and policies that we have."
(Excerpt) Read more at propublica.org ...
--------------------------------------------------------------------------------
http://gizmodo.com/what-you-need-to-know-about-the-sneakiest-new-online-tr-1608455771
What You Need to Know About the Sneakiest New Online Tracking Tool
Kate Knibbs
Profile
Kate Knibbs
What do the White House and YouPorn have in common? Their websites
both use
canvas fingerprinting, a newer form of online tracking designed to
make it
hard to hide. ProPublica investigated the pervasive shadowing method,
developed as an insidious alternative to cookies so websites can keep
tabs
on where their visitors browse online.
The Princeton and KU Leven University researchers who first uncovered
canvas
fingerprinting titled their paper about it "The Web Never Forgets,"
and
estimate that 5 percent of the top 100,000 websites use this method to
trace
user movements online, including Whitehouse.gov, Perez Hilton,
PlentyOfFish,
Rap Genius, CBS, and yep, YouPorn.
So how does it work?
Canvas fingerprinting gets its name because it instructs web browsers
to
draw a hidden image, and each computer produces a slightly different,
unique
image. Like a fingerprint. A creepy fingerprint that wants to follow
you
online.
Once your browser draws the hidden picture, the information is relayed
to
the website. It uses your unique image to assign a number to your
computer
and develop a user profile to better sell targeted ads. Canvas
fingerprinting was invented in 2012, and a company called AddThis
developed
code used in 95 percent of the cases.
Don't want to get fingerprinted?
Canvas fingerprinting is an especially sinister form of online
tracking
because you can't use AdBlock Plus or your standard web browser
privacy
settings to get around them. Incognito mode is no match for canvas
fingerprinting, which is bad news for everyone trying to keep their
porn
viewing habits on the DL by clicking the Incognito button. They know
what
you've seen.
If you want to avoid canvas fingerprinting, ProPublica pointed out a
few
methods. You can use the Tor network to go online anonymously and
avoid all
sorts of tracking. You can use NoScript, a Firefox web extension, to
counter
tracking, although you'll have to look up which sites are kosher each
time
you want to unblock Java or another script they run, which will be
both
time-consuming and not entirely certain. There's a website that lists
all of
the top sites currently using canvas fingerprinting, so you could
check
sites against that, but it may not be updated frequently enough to
catch new
offenders.
You can also download Chameleon, a browser designed to avoid this kind
of
tracking, but it's still a low-key experiment, and not very
user-friendly
unless you're comfortable setting stuff up from Github. Another
option:
blocking JavaScript from your browser altogether. That's going to
seriously
mess up your experience on a lot of websites, so I don't recommend
doing
that.
If you've accepted your fate as The Tracked but don't want the data
used for
ad targeting and profile building, you can manually sign up for
opt-outs
from the businesses doing the tracking. AddThis would be the big one,
since
it does most of the known fingerprinting.
It's both telling and disturbing that the only real work-arounds are
inconvenient and incomplete. But until someone finds a way to step up
and
stop it, at least you can know which sites are violating the little
privace
you have left online. [ProPublica]
--
Protect your civil rights!
Let the politicians know how you feel.
Join or donate to the NRA today!
http://membership.nrahq.org/default.asp?campaignid=XR014887
Gun control is like trying to reduce drunk driving by making it tougher for sober people to own cars.
Virus Guy
Jul 22, 2014, 8:24:36 AM7/22/14
to
slate_leeper wrote:
> A new kind of tracking tool, canvas fingerprinting, is being used to
> follow visitors to thousands of top websites, from WhiteHouse.gov to
> YouPorn.
>
> First documented in a forthcoming paper by researchers at Princeton
> University and KU Leuven University in Belgium, this type of tracking,
> called canvas fingerprinting, works by instructing the visitor's Web
> browser to draw a hidden image. Because each computer draws the image
> slightly differently, the images can be used to assign each user's
> device a number that uniquely identifies it.
>
> A new kind of tracking tool, canvas fingerprinting, is being used to
> follow visitors to thousands of top websites, from WhiteHouse.gov to
> YouPorn.
>
> First documented in a forthcoming paper by researchers at Princeton
> University and KU Leuven University in Belgium, this type of tracking,
> called canvas fingerprinting, works by instructing the visitor's Web
> browser to draw a hidden image. Because each computer draws the image
> slightly differently, the images can be used to assign each user's
> device a number that uniquely identifies it.
>
> But fingerprints are unusually hard to block: They can't be prevented
> by using standard Web browser privacy settings or using anti-tracking
> tools such as AdBlock Plus.
But you won't mention the ease of blocking using HOSTS file entries now
> by using standard Web browser privacy settings or using anti-tracking
> tools such as AdBlock Plus.
will you?
> The researchers found canvas fingerprinting computer code, primarily
> written by a company called AddThis, on 5 percent of the top 100,000
> websites.
127.0.0.1 ct1.addthis.com
127.0.0.1 api.addthis.com
127.0.0.1 s7.addthis.com
127.0.0.1 ct5.addthis.com
127.0.0.1 www.addthis.com
127.0.0.1 addthis.com
127.0.0.1 l.addthiscdn.com
127.0.0.1 addthiscdn.com
127.0.0.1 cf.addthis.com
127.0.0.1 ds.addthis.com
127.0.0.1 m.addthis.com
127.0.0.1 m.addthisedge.com
127.0.0.1 su.addthis.com
127.0.0.1 api-public.addthis.com
127.0.0.1 q.addthis.com
And these amazonaws entries:
127.0.0.1 twitter-badges.s3.amazonaws.com
127.0.0.1 amazonaws.com
127.0.0.1 s3-1.amazonaws.com
127.0.0.1 alexa-sitestats.s3.amazonaws.com
127.0.0.1 ecommstats.s3.amazonaws.com
127.0.0.1 partner-us-east-1a-1806761701.us-east-1.elb.amazonaws.com
127.0.0.1 analytics-beacon-1354134853.us-east-1.elb.amazonaws.com
How many of them are in the current MVPS HOSTS file?
Am I missing any?
I also have many cloudfront.net and cloudflare.com entries.
> Other fingerprinters include the German digital marketer Ligatus
> and the Canadian dating site Plentyoffish.
> (A list of all the websites on which researchers found the code
> is here).
But seriously. These so-called technical journalists don't mention the
HOSTS file method of blocking these pieces of shit domains. Are they
that clueless? Or is it a conspiracy to protect the browser-addon
industry?
fred
Jul 22, 2014, 1:46:08 PM7/22/14
to
Virus Guy scribbled...
Not many. Only 3 of the addthis sites, and none of the amazonews.
So I've added your list to my Hosts.
So I've added your list to my Hosts.
0 new messages