Websites tracking users and their online behaviors is nothing out of the ordinary, in fact, cookies are one of the elementary methods to track the users browsing preferences. Apart from the host of the legit options some of the websites use fingerprinting techniques for tracking users. The Canvas Fingerprinting technology gained visibility after it was mentioned by researchers from Princeton University in 2014 but the same has apparently been in use from long before.
Canvas Fingerprinting and its Repercussion
Ideally, the websites identify your browser by referring to the cookie, which is a temporary token like element with your recent browsing trends. However, the Canvas fingerprinting tracks and identifies visitors by using HTML5 canvas element instead of the traditional browser cookies. The websites are made to extract data from the HTML elements without the explicit permissions of the users.
Firefox 58 is the first major browser to have incorporated a feature that will explicitly ask users for consent before identifying their browsers. With the Fingerprinting in place, the websites are capable of mining information about your version number, operating system, screen resolution, language, list of browser plugins and also the list of fonts you use.
As far as Canvas Fingerprinting technique is concerned the browser will be asked to fetch something by using a hidden canvas element. The result is then passed through a hashing function and is ideally stored against an ID. The Fingerprinting technique varies from browser to browser, but the essentials remain the same. More complex the Fingerprinting method, easier it is to mine your browser data, including settings and preferences.
Every browser and its settings differ from each other, and this serves as a premise for Canvas Fingerprinting technique. The more customised/personalized your browser is, the easier it is to identify the same. Needless to say, the abuse using Canvas Fingerprinting is on the rise, and the detail of personal data that can be mined from this method is unnerving.
The Other Side
In the meanwhile squashing the Fingerprinting technique in totality is not going to help either. There have been many apps and plugins that use the data from Fingerprinting to better their services. It is for this reason that Firefox has adopted an opt-in approach which will ask permissions from the user before allowing websites to fetch the data from HTML “<Canvas>” elements. The Canvas Fingerprinting technique is also being used by enterprises to add an additional layer of security, one that helps in verifying the ID of their employees. It is good to see that Firefox has found a way to combat Canvas Fingerprinting Technique and I personally hope that all the other major browsers follow suit.