请输入您要查询的百科知识:

 

词条 Canvas fingerprinting
释义

  1. Description

     Uniqueness 

  2. Mitigation

  3. History

  4. See also

  5. References

  6. External links

{{Merge to |Device fingerprint|date=July 2018 }}Canvas fingerprinting is one of a number of browser fingerprinting techniques for tracking online users that allow websites to identify and track visitors using the HTML5 canvas element instead of browser cookies or other similar means. The technique received wide media coverage in 2014[1][2][3][4] after researchers from Princeton University and KU Leuven University described it in their paper The Web never forgets.

Description

Canvas fingerprinting works by exploiting the HTML5 canvas element. As described by Acar et. al. in : {{quote |text=When a user visits a page, the fingerprinting script first draws text with the font and size of its choice and adds background colors (1). Next, the script calls Canvas API’s ToDataURL method to get the canvas pixel data in dataURL format (2), which is basically a Base64 encoded representation of the binary pixel data. Finally, the script takes the hash of the text-encoded pixel data (3), which serves as the fingerprint ...}}

Variations in which graphics processing unit (GPU) is installed or the graphics driver cause the variations in the fingerprint. The fingerprint can be stored and shared with advertising partners to identify users when they visit affiliated websites. A profile can be created from the user's browsing activity allowing advertisers to target advertising to the user's inferred demographics and preferences.[3][8]

Uniqueness

Since the fingerprint is primarily based on the browser, operating system, and installed graphics hardware it does not uniquely identify users. In a small-scale study with 294 participants from Amazon's Mechanical Turk, an experimental entropy of 5.7 bits was observed, but the authors of the study suggest more entropy could likely be observed in the wild and with more patterns used in the fingerprint. While not sufficient to uniquely identify users by itself, this fingerprint could be combined with other sources of entropy to provide a unique identifier. It is claimed that because the technique is effectively fingerprinting the GPU, the entropy is "orthogonal" to the entropy of previous browser fingerprint techniques such as screen resolution and browser JavaScript capabilities.[9]

Mitigation

Tor Project reference documentation states, "After plugins and plugin-provided information, we believe that the HTML5 Canvas is the single largest fingerprinting threat browsers face today."[1] Tor Browser notifies the user of canvas read attempts and provides the option to return blank image data to prevent fingerprinting. However, Tor Browser is currently unable to distinguish between legitimate uses of the canvas element and fingerprinting efforts, so its warning cannot be taken as proof of a website's intent to identify and track its visitors. Browser add-ons like Privacy Badger,[12] DoNotTrackMe[13] or Adblock Plus[2] manually enhanced with EasyPrivacy list are able to block third-party ad network trackers and will block canvas fingerprinting provided that the tracker is served by a third party server (as opposed to being implemented by the visited website itself).{{cn|date=April 2017}}

History

In May 2012, Keaton Mowery and Hovav Shacham, researchers at University of California, San Diego, wrote a paper Pixel Perfect: Fingerprinting Canvas in HTML5 describing how the HTML5 canvas could be used to create digital fingerprints of web users.[3][9]

Social bookmarking technology company AddThis began experimenting with canvas fingerprinting early in 2014 as a potential replacement for cookies. 5% of the top 100,000 websites used canvas fingerprinting while it was deployed.[12] According to AddThis CEO Richard Harris, the company has only used data collected from these tests to conduct internal research. Users will be able to install an opt-out cookie on any computer to prevent being tracked by AddThis with canvas fingerprinting.[3]

A software developer writing in Forbes stated that device fingerprinting has been utilized for the purpose of preventing unauthorized access to systems long before it was used for tracking users without their consent.[2]

As of 2014 the technique is widespread in all sorts of websites with at least a dozen of high-profile web ads and user tracking suppliers using it.[3]

See also

  • Evercookie – a type of browser cookie that is intentionally difficult to delete
  • Local shared object – a persistent browser cookie also known as a Flash cookie
  • Web storage – web application software methods and protocols used for storing data in a web browser

References

1. ^{{Cite web|url=https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability|title=The Design and Implementation of the Tor Browser [DRAFT]|website=www.torproject.org|access-date=2018-05-25}}
2. ^{{cite web|last1=Smith |first1=Chris |title=Adblock Plus: We can stop canvas fingerprinting, the ‘unstoppable’ new browser tracking technique |url=http://bgr.com/2014/07/23/how-to-disable-canvas-fingerprinting/ |website=BGR |publisher=PMC |deadurl=yes |archiveurl=https://web.archive.org/web/20140728014705/http://bgr.com/2014/07/23/how-to-disable-canvas-fingerprinting/ |archivedate=July 28, 2014 }}
3. ^{{cite web |url=http://webcookies.org/canvas-fingerprinting/ |title=Websites using HTML5 canvas fingerprinting |publisher=WebCookies.org |accessdate=2014-12-28 |deadurl=yes |archiveurl=https://web.archive.org/web/20141228070123/http://webcookies.org/canvas-fingerprinting/ |archivedate=2014-12-28 |df= }}
4. ^{{cite web | url=https://www.forbes.com/sites/josephsteinberg/2014/07/23/you-are-being-tracked-online-by-a-sneaky-new-technology-heres-what-you-need-to-know/ | title=You Are Being Tracked Online By A Sneaky New Technology -- Here's What You Need To Know | date=July 23, 2014 | publisher=Forbes | accessdate=November 15, 2014 | author=Joseph Steinberg | authorlink=Joseph Steinberg }}
5. ^{{cite web | url=https://gizmodo.com/what-you-need-to-know-about-the-sneakiest-new-online-tr-1608455771 | title=What You Need to Know About the Sneakiest New Online Tracking Tool | publisher=Gizmodo | date=July 21, 2014 | accessdate=July 21, 2014 | author=Knibbs, Kate}}
6. ^{{cite web | url=https://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block | title=Meet the Online Tracking Device That is Virtually Impossible to Block | publisher=ProPublica | date=July 21, 2014 | accessdate=July 21, 2014 | author=Angwin, Julia}}
7. ^{{cite web | url=http://www.pcworld.com/article/2456640/stealthy-web-tracking-tools-pose-increasing-privacy-risks-to-users.html | title=Stealthy Web tracking tools pose increasing privacy risks to users | publisher=PC World | date=July 21, 2014 | accessdate=July 21, 2014 | author=Kirk, Jeremy}}
8. ^{{cite web | url=http://www.pcworld.com/article/2458280/canvas-fingerprinting-tracking-is-sneaky-but-easy-to-halt.html | title='Canvas fingerprinting' online tracking is sneaky but easy to halt | publisher=PC World | date=July 25, 2014 | accessdate=August 9, 2014 | author=Kirk, Jeremy}}
9. ^{{cite web | url=http://www.mediapost.com/publications/article/230430/eff-says-its-anti-tracking-tool-blocks-new-form-of.html | title=EFF Says Its Anti-Tracking Tool Blocks New Form Of Digital Fingerprinting | publisher=MediaPost | date=July 21, 2014 | accessdate=July 21, 2014 | author=Davis, Wendy}}
10. ^{{cite web | url=https://www.ieee-security.org/TC/W2SP/2012/papers/w2sp12-final4.pdf | title=Pixel Perfect: Fingerprinting Canvas in HTML5 | accessdate=March 22, 2018 | author=Mowery, Keaton | author2=Shacham, Hovav}}
11. ^{{cite web |url=http://spectrum.ieee.org/computing/software/browser-fingerprinting-and-the-onlinetracking-arms-race |title=Browser Fingerprinting and the Online-Tracking Arms Race |last1=Nikiforakis |first1=Nick |last2=Acar |first2=Günes |date=2014-07-25 |website=ieee.org |publisher=IEEE | accessdate=October 31, 2014}}
[4][5][6][7][8][9][10][11]
}}

External links

  • [https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf Academic research paper describing canvas fingerprinting]
  • [https://multiloginapp.com/sites-track-canvas/ Partial database of websites that have used canvas fingerprinting]
  • [https://www.browserleaks.com/canvas Page which shows your own fingerprint as detected, along with uniqueness and identity information inferred by the fingerprint.]
{{DEFAULTSORT:Canvas fingerprinting}}

3 : Fingerprinting algorithms|Internet privacy|Web analytics
随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/9/23 4:39:07