Featured Research

from universities, journals, and other organizations

Computer privacy: Share button may share your browsing history, too

Date:
July 22, 2014
Source:
KU Leuven
Summary:
One in 18 of the world’s top 100,000 websites track users without their consent using a previously undetected cookie-like tracking mechanism embedded in ‘share’ buttons. The researchers traced 95 percent of canvas fingerprinting scripts back to a single company.

The researchers traced 95 percent of canvas fingerprinting scripts back to share buttons provided by AddThis, the world’s largest content sharing platform.
Credit: Image courtesy of KU Leuven

One in 18 of the world's top 100,000 websites track users without their consent using a previously undetected cookie-like tracking mechanism embedded in 'share' buttons. A new study by researchers at KU Leuven and Princeton University provides the first large-scale investigation of the mechanism and is the first to confirm its use on actual websites.

The mechanism, called "canvas fingerprinting," uses special scripts -- the coded instructions that tell your browser how to render a website -- to exploit the browser's so-called 'canvas', a browser functionality that can be used to draw images and render text.

When a user visits a website encoded with canvas fingerprinting software, a first script tells the user's browser to print an invisible string of text on the browser's canvas. Another script then instructs the browser to read back data about the pixels in the (invisibly) rendered image.

These data contain important information about the user's browser type, graphics card, system fonts and even display properties. Because this grouping of data is highly likely to be unique for each user, it can be reliably associated to individual users, like a fingerprint.

Once a website has determined a device's fingerprint, it can easily recognize the user on subsequent site visits, much in the same way cookies do.

But while unwanted cookies can be flagged or blocked to enhance a user's online privacy, there is no available solution for doing so with fingerprints.

In this study, the researchers used automated 'crawlers' to scan the world's top 100,000 websites for canvas fingerprinting scripts. They found canvas fingerprinting scripts on 5,542 of the Internet's top 100,000 websites, a prevalence of 5.5 percent.

Previous studies on related browser fingerprinting techniques reported a prevalence of 0.4 percent and 1.5%, respectively, although they are not directly comparable to the current study since they measured different types of fingerprinting techniques.

While researchers demonstrated the feasibility of canvas fingerprinting as a tracking mechanism in 2012, this is the first time it has been observed on real websites and traced back to specific provider domains. Analyses of the real-world scripts reveal that fingerprinters are going beyond the techniques known by the academic research community.

Surprisingly, the researchers traced 95 percent of canvas fingerprinting scripts back to a single company: AddThis. AddThis is the world's largest content sharing platform and provides free website plugins such as share buttons, follow buttons and content recommendation features. The company reaches an estimated 97.2% of Internet users in the United States and receives 103 billion page views each month.

Can users protect themselves against canvas fingerprinting? Acar and his colleagues studied the effect of ad-industry opt-out tools offered by the Network Advertising Initiative (NAI) and the European Interactive Digital Advertising Alliance. No websites included in the opt-lists stopped collecting canvas fingerprints after activating the opt-out option.

At present, only one browser, Tor, can prevent canvas fingerprinting scripts, but this added security comes with major trade-offs in performance, functionality and content availability.

Many websites, including sensitive sites such as health and government websites, unknowingly contain canvas fingerprinting -- by using one of AddThis' free plug-ins for example.

The researchers are concerned by the growing prevalence of canvas fingerprinting , says Gunes Acar, the first author of the study: "This is an advanced tracking mechanism that misuses browser features to enable the circumvention of users' tracking preferences. We hope that our results will lead to better defenses, increase accountability for companies deploying sticky tracking techniques and an invigorated and informed public and regulatory debate on increasingly resilient tracking techniques."


Story Source:

The above story is based on materials provided by KU Leuven. Note: Materials may be edited for content and length.


Journal Reference:

  1. G. Acar, C. Eubank, S. Englehardt, M. Juarez, A. Narayanan, C. Diaz. The Web never forgets: Persistent tracking mechanisms in the wild. (Under submission), 2014 [link]

Cite This Page:

KU Leuven. "Computer privacy: Share button may share your browsing history, too." ScienceDaily. ScienceDaily, 22 July 2014. <www.sciencedaily.com/releases/2014/07/140722091427.htm>.
KU Leuven. (2014, July 22). Computer privacy: Share button may share your browsing history, too. ScienceDaily. Retrieved October 21, 2014 from www.sciencedaily.com/releases/2014/07/140722091427.htm
KU Leuven. "Computer privacy: Share button may share your browsing history, too." ScienceDaily. www.sciencedaily.com/releases/2014/07/140722091427.htm (accessed October 21, 2014).

Share This



More Science & Society News

Tuesday, October 21, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

CDC Revamps Ebola Guidelines After Criticism

CDC Revamps Ebola Guidelines After Criticism

Newsy (Oct. 21, 2014) The Centers for Disease Control and Prevention have issued new protocols for healthcare workers interacting with Ebola patients. Video provided by Newsy
Powered by NewsLook.com
Robots to Fly Planes Where Humans Can't

Robots to Fly Planes Where Humans Can't

Reuters - Innovations Video Online (Oct. 21, 2014) Researchers in South Korea are developing a robotic pilot that could potentially replace humans in the cockpit. Unlike drones and autopilot programs which are configured for specific aircraft, the robots' humanoid design will allow it to fly any type of plane with no additional sensors. Ben Gruber reports. Video provided by Reuters
Powered by NewsLook.com
WHO: Ebola Vaccine Trials to Start a in January

WHO: Ebola Vaccine Trials to Start a in January

AP (Oct. 21, 2014) Tens of thousands of doses of experimental Ebola vaccines could be available for "real-world" testing in West Africa as soon as January as long as they are deemed safe in soon to start trials, the World Health Organization said Tuesday. (Oct. 21) Video provided by AP
Powered by NewsLook.com
Portable Breathalyzer Gets You Home Safely

Portable Breathalyzer Gets You Home Safely

Buzz60 (Oct. 21, 2014) Breeze, a portable breathalyzer, gets you home safely by instantly showing your blood alcohol content, and with one tap, lets you call an Uber, a cab or a friend from your contact list to pick you up. Sean Dowling (@SeanDowlingTV) has the details. Video provided by Buzz60
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Science & Society

Business & Industry

Education & Learning

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins