General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsWhite House Website Includes Unique Non-Cookie Tracker, Conflicts With Privacy Policy
Yesterday, ProPublica reported on new research by a team at KU Leuven and Princeton on canvas fingerprinting. One of the most intrusive users of the technology is a company called AddThis, who by are employing it in shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com. Canvas fingerprinting allows sites to get even more identifying information than we had previously warned about with our Panopticlick fingerprinting experiment.
Canvas fingerprinting exploits the fact that different browsers have slightly different algorithms, parameters, and hardware for turning text into pictures on your screen (or more specifically, into an HTML 5 canvas object that the tracker can read1). According to the research by Gunes Acar, et al., AddThis draws a hidden image containing the unusual phrase Cwm fjordbank glyphs vext quiz and observed the way the pixels would turn out differently on different systems.
While YouPorn quickly removed AddThis after the report was published, the White House website still contains AddThis code. Some White House pages obviously include the AddThis button, such as the White House Blog, and a link to the AddThis privacy policy.
Other pages, like the White Houses own Privacy Policy, load javascript from AddThis, but do not otherwise indicate that AddThis is present. To pick the most ironic example, if you go to the page for the White House policy for third-party cookies, it loads the addthis_widget.js. This script, in turn, references core143.js, which has a canvas function and the tell-tale Cwm fjordbank glyphs vext quiz phrase.
more
https://www.eff.org/deeplinks/2014/07/white-house-website-includes-unique-non-cookie-tracker-despite-privacy-policy
canoeist52
(2,282 posts)You get to decide which trackers to allow. Been using it for a few years now with no problems.