Skip to main content

Specifically, the home page of Daily Kos, along with many of the most popular websites on the internet, including the home pages for NOAA, Starbucks, WhiteHouse.gov, Biblegateway.com, and too many porn sites to name, are, for lack of a  better word, infested with something called Canvas Fingerprinting.  What does Canvas Fingerprinting do?  Well, here's the short answer:

Canvas fingerprinting is a type of browser or device fingerprinting technique that was first presented by Mowery and Shacham in 2012. The authors found that by using the Canvas API of modern browsers, one can exploit the subtle differences in the rendering of the same text to extract a consistent fingerprint that can easily be obtained in a fraction of a second without user's awareness.

Confused.  Well, that's understandable.  Here's what canvas fingerprinting does in plain English:

[C]anvas fingerprinting, works by instructing the visitor’s Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it.

Like other tracking tools, canvas fingerprints are used to build profiles of users based on the websites they visit — profiles that shape which ads, news articles, or other types of content are displayed to them.

But fingerprints are unusually hard to block: They can’t be prevented by using standard Web browser privacy settings or using anti-tracking tools such as AdBlock Plus.

At least 5.5% of the top 100,000 websites, and possibly many more, include code for canvas fingerprinting, primarily written by a company called AddThis. The canvas fingerprinting code is mostly found on sites that use the social media tools developed by AddThis.  

So, if you have ever clicked on the homepages of DKos, NOAA, The Daily Caller, et cetera, et cetera, et cetera (and if you are reading this than you have) information about you is being collected without your permission  (and if you are reading this than your personal data has been compromised), and presumably that information might possibly be sold one day and used by  - well who knows who?  Anyone willing to pony up the money for access to what "canvas fingerprinting," and other advanced web-tracking mechanisms such as evercookies, might provide a information glutton, I suppose.

What kind of information about you can be obtained by these online tracking techniques?  Quite a lot, actually:

Like other tracking tools, canvas fingerprints are used to build profiles of users based on the websites they visit — profiles that shape which ads, news articles, or other types of content are displayed to them.
Of course, those profiles could be used in other ways than merely to determine which ads show up on your computer screen, tablet or smart phone.  And yet, the people whom are "fingerprinting" you on the internet and following you wherever you may go believe that what they are doing is all perfectly legal and above board, so to speak.
Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace “cookies,” the traditional way that users are tracked, via text files installed on their computers.

“We’re looking for a cookie alternative,” Harris said in an interview.

Harris said the company considered the privacy implications of canvas fingerprinting before launching the test, but decided “this is well within the rules and regulations and laws and policies that we have.”

Mr. Harris went on to add, that of course, his company is currently only using the information on you it collects for internal research and development.  He further indicated that you will be given the opportunity to opt out of having your information used for "ad targeting or personalization if users install the AddThis opt-out cookie on their computers..."  Well, ain't that grand.  Unfortunately, that information has already been collected on you and me, and until today I'd never heard of canvas fingerprinting, much less that I would have the right to opt out of my information being used (but not collected) by said Mr. Harris' company, who frankly I have no reason to trust or believe.  In light of the fact that my internet privacy has already been compromised, why should I trust him, or anyone at AddThis?

Plus, this technique for nosing around in yours and my personal business is not limited to one company.  Others have also been discovered using these data collection methods, including a German company, Ligatus and a Canadian dating site, PlentyofFish.  No doubt their are other companies and/or agencies who are either using canvas fingerprinting or seriously considering its use.

But never fear, your privacy is safe from - whomever.  Probably.  Maybe.  According to people who know about such things.  Or so "they" say:

[Last year] Russian programmer Valentin Vasilyev ... said that the company he was working for at the time decided against using the fingerprint technology. “We collected several million fingerprints but we decided against using them because accuracy was 90 percent,” he said, “and many of our customers were on mobile and the fingerprinting doesn’t work well on mobile.”

Vasilyev added that he wasn’t worried about the privacy concerns of fingerprinting. “The fingerprint itself is a number which in no way is related to a personality,” he said.

Sounds reasonable to me.  Why would a random Russian programmer have any reason to lie?  By the way, don't assume Markos is to blame for compromising your personal information (assuming Daily Kos uses AddThis "products").  Apparently AddThis didn't inform any of its customers when it embedded the canvas fingerprinting code onto their websites.  Because, why tell your customers that you plan to invade the privacy of people who visit their websites and get everyone all upset?
AddThis did not notify the websites on which the code was placed because “we conduct R&D projects in live environments to get the best results from testing,” according to a spokeswoman.

She added that the company does not use any of the data it collects — whether from canvas fingerprints or traditional cookie-based tracking — from government websites including WhiteHouse.gov for ad targeting or personalization.

Well isn't that nice - for WhiteHouse.gov and NOAA.  Unfortunately, no such assurances were given by AddThis about personal information collected from commercial sites (such as presumably Daily Kos) on which this so-called testing was done.
The company offered no such assurances about data it routinely collects from visitors to other sites, such as YouPorn.com. YouPorn.com did not respond to inquiries from ProPublica about whether it was aware of AddThis’ test of canvas fingerprinting on its website.

Well, it was all just harmless data mining.  Not even very useful if you want to know the truth, according to people who used it to stalk you on the world wide web.  Nothing to get all worked up over, I'm sure.  And if you believe that, well I have this friend in Nigeria who would like to just giveaway millions of dollars to you if you would only just first wire him a small sum, a mere pittance really, of ...

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

Meteor Blades, grytpype, Mimikatz, northsylvania, Jsea, Mogolori, grollen, Timaeus, glitterscale, Liberal Thinking, Phoenix Rising, madmsf, emal, Outsourcing Is Treason, DebtorsPrison, Shockwave, Pescadero Bill, cotterperson, genethefiend, OLinda, gjohnsit, hubcap, Creosote, Heart of the Rockies, missLotus, Babsnc, TracieLynn, whenwego, Agathena, ask, chuckvw, farmerhunt, sngmama, MadEye, Cedwyn, dksbook, kharma, psnyder, brainwave, Jujuree, penguins4peace, Chirons apprentice, Calidrissp, liberte, lcrp, riverlover, zerelda, jcrit, Black Max, oortdust, sawgrass727, Brecht, davidincleveland, G2geek, Bluesee, radarlady, Farlfoto, jrooth, chimene, schumann, run around, Simplify, basquebob, dewtx, YucatanMan, reflectionsv37, eru, chancew, lotlizard, Ice Blue, most peculiar mama, Carnivorous Plantling, PinHole, Tool, Tunk, WisePiper, turdraker, the fan man, peacestpete, Alan Arizona, xaxnar, CJnyc, Philpm, Mother Mags, martini, kovie, esquimaux, emeraldmaiden, Prognosticator, AoT, KenBee, Lefty Coaster, blueoasis, MJ via Chicago, philipmerrill, The Hindsight Times, JVolvo, vivian darkbloom, onionjim, thenekkidtruth, IL clb, James Hepburn, Clive all hat no horse Rodeo, bstotts, markthshark, ammasdarling, old wobbly, hooper, hawaii2, camlbacker, ColoTim, FishOutofWater, Mary Mike, Richard Lyon, certainot, DWG, bnasley, Kentucky Kid, jayden, SeaTurtle, bobswern, Librarianmom, homerun, Don midwest, on the cusp, fb, CroneWit, Amor Y Risa, jack 1966, ChocolateChris, kimoconnor, GAS, zerone, Involuntary Exile, KJG52, CenFlaDem, RandomNonviolence, MrJayTee, Jeff Y, 3rdOption, Notreadytobenice, dmhlt 66, statsone, Celtic Merlin, maggiejean, prettygirlxoxoxo, dharmasyd, banjolele, CanyonWren, Nebraskablue, maryabein, mkor7, petral, elziax, Keith Pickering, ArthurPoet, Larsstephens, Railfan, sneakers563, Just Bob, serendipityisabitch, Susan Grigsby, gulfgal98, DerAmi, Nada Lemming, ZedMont, Wisdumb, Pakalolo, Onomastic, Bluefin, annominous, Lost Left Coaster, ozsea1, Oldowan, slowbutsure, stone clearing, FarWestGirl, Teiresias70, marleycat, Carolyn in Oregon, Wolf10, enhydra lutris, Daulphin, SouthernLiberalinMD, MichaelNY, No one gets out alive, Laurel in CA, DeadHead, IndieGuy, orestes1963, Eric Nelson, David54, Mr Robert, Robynhood too, Phoebe Loosinhouse, The Geogre, BobTheHappyDinosaur, flevitan, jbob, eyo, alice kleeman, leeleedee, howabout, Smoh, Hey338Too, boriskamite, Victor Ward, Capt Crunch, gnosticator, The Technomancer, betterdemsonly, Richard Villiers, hbk, BMScott, allie4fairness

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site