1 in 18 of the world’s top 100,000 websites track users without their consent using a previously undetected cookie-like tracking mechanism embedded in ‘share’ buttons. A new study by researchers at KU Leuven and Princeton University provides the first large-scale investigation of the mechanism and is the first to confirm its use on actual websites.


The Web Never Forgets describes canvas fingerprinting as a type of browser or device fingerprinting technique that was first presented by Mowery and Shacham in 2012. The authors found that by using the Canvas API of modern browsers, one can exploit the subtle differences in the rendering of the same text to extract a consistent fingerprint that can easily be obtained in a fraction of a second without user's awareness.

Can users protect themselves against canvas fingerprinting? Acar and his colleagues studied the effect of ad-industry opt-out tools offered by the Network Advertising Initiative (NAI) and the European Interactive Digital Advertising Alliance. No websites included in the opt-lists stopped collecting canvas fingerprints after activating the opt-out option.

At present, only one browser, Tor Browser Bundle , can prevent canvas fingerprinting scripts, but this added security comes with major trade-offs in performance, functionality and content availability.

Source: Ku leuven.