Internet Security

Canvas Fingerprinting Will Track You Everywhere You Go. Here’s Why You Should Be Worried

Matthew Hughes 26-07-2014

There’s a new way for advertisers to track you. And there’s almost nothing you can do to stop it.


It’s called Canvas Fingerprinting, and it can be found on almost five percent of the top 100,000 websites, from, to dating site Plenty Of Fish.

It allows websites to ‘fingerprint’ the browsers of their users, and then uniquely identify (within a significant margin of error. We’ll talk about this later) and track them How Exactly Websites Track and Stalk You With Their Ads Privacy, privacy, privacy. The Internet is known for its anonymity. Without personal privacy, it would be a very dangerous place. But are these companies infringing on privacy rights? How exactly does a website track its... Read More without the use of browser cookies.

The privacy concerns surrounding Canvas Fingerprinting are many, and severe. Perhaps the biggest concern surrounding it is how it can easily defeat the ‘do not track’ features baked in to many modern browsers.

Canvas Fingerprinting is evil. Here’s everything you need to know about it, and why you should be worried about this latest piece of tracking technology.

How Canvas Fingerprinting Works

The way it works is simple. It takes advantage of the HTML5 Canvas Element (you can learn more about this in MakeUseOf’s guide to HTML5 Get Started With HTML5 You’ve heard of HTML5. Everybody is using it. It's being heralded as the savior of the Internet, allowing people to create rich, engaging web pages without resorting to using Flash and Shockwave. Read More , written by yours truly). Whenever a user visits a site running a Canvas Fingerprinting tracker, it draws an invisible line.



The specific configuration of your computer – graphics card, graphics driver used, browser and operating system – create small, unique changes in how this line is drawn. A fingerprint of those discrepancies is generated, and shared across advertising parties.

As a result, it becomes possible to identify a user across multiple, unrelated websites.

‘… But That Doesn’t Sound Very Unique!’

Well, I suppose you are correct. There will be (I imagine) a lot of overlap, especially when one considers the the criteria for identifying a user.


Take for example, the laptop used to write this article. I’m using a 2012 model 13″ MacBook Pro. I’m using the latest version of OS X Mavericks, as well as the latest drivers for the built-in Intel HD4000 Graphics.


I imagine there are a lot of people running that configuration of computer. After all, the millions of units of that particular computer were shipped around the world, and I imagine the majority will be running the latest software.

With that in mind, is it possible to meaningfully identify a person based upon how their browser renders a line using the HTML5 Canvas API? They seem to think so, especially when you add other potential sources of identifiable information.


There’s a lot of information about your computer that is leaked when using the Internet. Going along with the example of my laptop. I live in the UK. That narrows down the amount of potential hardware matches significantly, going on my timezone alone.

Then, take in to account that the language on my machine is US English. There are likely even less people with that particular hardware configuration in that timezone using that particular language.

We leak a lot of information about ourselves when we browse the Internet. We do it without even thinking about it. And this information is a vital part of what makes Canvas Fingerprinting useful.

‘… But What Does Canvas Fingerprinting Mean For Me?’

That depends, really. It’s still a small minority of sites actually packing the ‘do-not-track’ resistant code. The vast majority are either using traditional tracking measures, or nothing at all.



But if you’re one of the millions of people ruining the Internet using advertisement blocking software Please Whitelist MakeUseOf In Adblock: A Plea From a Former Adblock Filter Developer It’s no secret that we’re not huge fans of Adblock here at MakeUseOf. But we know that some of you won’t let go of Adblock until it’s pried out of your cold, dead hands. If... Read More , it means that there’s a new way to track you, and to serve semi-personalized advertisements based upon your browsing history. And there’s not much to do

‘… But There’s A Way To Mitigate Against It, Right?’

Well, yes, and no.

If you look at the source code to any website which monetizes its content with adverts (such as MakeUseOf), you’ll see that the adverts are served from a different domain name to the one you’re browsing right now.


This is usually because adverts are served by specialized companies, each running powerful content distribution networks How to Set Up CDN the Right Way and Avoid SEO Problems Read More which can serve adverts rapidly without slowing down the user’s browsing experience.

As a result, advertisement blocking software works by blocking these content distribution networks, and preventing them from injecting adverts into pages. No CDN. No injection. No adverts.

This is (and will be) the achilles heel of Canvas Fingerprinting. The code used to generate the lines has to come from somewhere. Likewise, the results of the fingerprinting have to go somewhere.

As a result, mitigating against the most pernicious form of Canvas Fingerprinting – the form that tracks you across the Internet – is possible, and serious moves are being made in order to counteract it.

Canvas Fingerprinting also has another major achilles heel. It depends on a modern browser that can render Canvas elements. Canvas elements require JavaScript to work, and can easily be defeated by deactivating JavaScript in your browser, although it’s worth adding that most websites aren’t worth a damn without JavaScript. You’d effectively be transporting your browsing experience back to 1994.

Should You Be Worried?

Well, yes and no.

Canvas Fingerprinting is resilient, it’s innovative, and mitigating against it is hard, although is certainly possible.

It’s also incredibly rare. As previously mentioned, only five percent of the top 100,000 websites actually use it. Traditional tracking methods seem to still be the tool-de-jour of targeting advertisements.

Are you worried? Are you a site operator and are tempted to start using Canvas Fingerprinting? Tell me about it. The comments box is below.

Photo Credits: Children Slook by Henrick Oprea (Map Of The Urban Linguistic Landscape)HTML Code (Marjan Krabei) 8OO years (David J Morgan)

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. android underground
    August 1, 2014 at 11:06 am

    What's all that whining about ad blocking being unethical and akin to theft?

    If ad blockers kill sites with ads, then the market has spoken and sites like MUO will need to think of a new business model, just like restaurants will need to think of new ways to pay their waiters if we stop tipping.

  2. Rob H
    July 31, 2014 at 11:40 am

    @Matthew H
    There's nothing very clever in there, just PHP looking at $_SERVER['HTTP_USER_AGENT'] the IP comes from $_SERVER['REMOTE_ADDR'] then a public API converts IP to location and ISP. Could get more info with a bit more effort but I just wanted to see how easy it would be to annoy the Apple disciples. Frankly I'd be amazed if there aren't loads of sites using this technique. I did read that an hotel accomodation site was using something of the sort to direct Apple users to the more up-market venues. When challenged they said something like: as Apple users are discriminating consumers they were helping them by highlighting the hotels best suited to that target demographic.

  3. CJ Cotter
    July 31, 2014 at 2:08 am

    1) A toll road is like a pay-for website. 2) We all pay our ISPs to use the internet as we all pay taxes to use the roads. 3) On the physical highway and the internet highway, merchants can set up shop along the way in an attempt to attract our business.

    But STOP secretly recording our every move, and STOP standing out in the MIDDLE of the road with your ads, impeding our access! Didn’t your parents teach you when you were a kid, that if you stand out in the middle of the street, you’ll get run over?

    Matthew, maybe I don't understand the economics of running a website, but my metaphor DOES work! Just cave and admit it.

  4. CJ Cotter
    July 29, 2014 at 6:34 pm

    Matthew, You are mixing apples with oranges in your logic. When you create a website, you need to define what it is. Is it a free website or a pay-for website? If it is a pay-for website, who is going to do the paying and how? A restaurant is a different creature altogether and a bad example of your argument. Here’s a better one:

    When I drive down the intestate, there are billboards. I do not object to them, as I do not object to ads on the web pages I visit on the internet superhighway. However, the tactics being used by websites are equivalent to the following:

    How would you feel if those billboards are set up like railroad crossings along the interstate, where, every few blocks, they stop you so that you have to get out of your car, and press an acknowledgement button?

    How would you like to have secret cameras mounted along much of the interstate, that pick up your license plate, monitor everything you do, every place you stop, every merchant you patronize, and put all of this in a database who-knows-where without your permission?

    If you WANT to be a pay site, then BE a pay site. Newspaper and tech websites often allow limited viewing, until a blocking screen pops up and asks for payment.

    If you DON’T want to be a pay site, then stop WHINING when people ignore your ads, and STOP using strong-arm tactics to FORCE us to look at them.

    I DON’T care what your financial problems are. Give it to me free or make me get out my credit card. Make up your mind!

    • Steve
      July 30, 2014 at 6:57 am

      The above comment wins the internet imo

    • Matthew H
      July 30, 2014 at 5:08 pm

      You do realize that there are other revenue models than having consumers directly paying for things, right? You can still have a commercial, profit-driven websites that are still free for the end users. That is what MakeUseOf (and countless other sites) are. That's what we've chosen to be, as it allows us to engage with larger audiences, whilst still allowing us to be financially rewarded for our efforts.

      I'm genuinely not sure you understand the economics of running a website.

      And your example is nonsensical. Billboards don't pay for roads. Taxpayers do. Sure, there are toll roads, but they're *not* ad supported. Your metaphor doesn't work.

    • JimPas
      July 30, 2014 at 8:29 pm

      @CJ Cotter... That was a great example for the way Internet advertisers work. I chuckled some as I read it, but all-in-all, you hit it right on the head!

    • Public Citizen
      August 16, 2014 at 3:41 am

      Another part of the driving-the-car analogy :
      The websites that plaster adds all over the screen obscuring content are the same as some guy comming along and trying to glue an advert on your windscreen. You have to stop what you are doing and remove the anoyance,
      You guys that are trying to make a living selling advertising space on your website need to take a course on the economics of print advertising. A newspaper or magazine only gets purchased if there is enough content that the patron is willing to pay for that content. The advertising pays the overhead costs of publication. Website operators have extremely low costs of publication by comparison. The majority of your publication costs are already being borne by the people who vist your site through the cost of the hardware they have purchased and the bandwidth that they pay for on a weekly/nmonthly/yearly basis. When ~you~ start fronting the money for peoples hardware and bandwidth then you will have a case for complaining about people "stealing" your product. Until then, man up and recognize that you are trying to con yourself and the public when you complain about theft.
      You are an ~invited guest~ on every single computer that is viewing your website. Please don't think that the invitation gives you Carte Blanche to act in a boorish fashion. Software to block advertising was developed in response to advertisers who ave abused their guest privledge and gone from welcome visitor, to tolerated anoyance, to unwelcome trespasser and the people who are paying the freight have every right to determine the bounds of acceptable behaviour.
      Why do you find it necessary to use Eight Separate Trackers on this site? Isn't ONE method of placing advertisements sufficient if you are running a reputable business?

  5. Shore Patrol
    July 29, 2014 at 2:04 pm

    Everything on the net has a reason to exist whether for good or nefarious reasons. Only the user can decide if it is good for them. I personally pay for the use of a VPN and Hushmail and sometimes use the TOR network. If you want someone to pay for your services then you should offer a product that is unique or has some other attributable aspect. Why do you think that a VPN does not limit your visibility? I can route my computer through different servers in different cities and timezones and TOR should add another layer, right. I believe your organization like many others tries to be everything to everyone, although I enjoy reading it, and therefore does not exhibit the uniqueness that would cause people to pay for. I am not trying to diminish your website but only give you food for thought.

    • Matthew H
      July 30, 2014 at 5:21 pm

      >Why do you think that a VPN does not limit your visibility?

      Addressing this, because it's a good point. I don't not think that using a VPN obfuscates your identity. However, with Canvas Fingerprinting, the issue lies in the information leaked by browser headers. To use the OSI Model analogy, this isn't a layer 3 issue, but rather a layer 7 issue.

    • ShorePatrol
      August 4, 2014 at 9:45 pm

      Matthew, I must thank you for opening my proverbial eyes to the OSI platforming layers. I had only a vague idea of what they are but after your commenting on mine I found the SANS institute of the model explained it in a manner readily understood . Now I get busy trying to defeat it, if one does exist. Thank You

  6. Kevin Maher
    July 29, 2014 at 12:33 pm

    I checked wit AddBlockPLus and there is a way to block this......

  7. CJ Cotter
    July 29, 2014 at 4:40 am

    @ bben are you some kind of sob sister for the advertisers? The financial problems of the web sites I visit are NOT my concern. DON'T push YOUR problem on ME with the irritating ads you permit!

    • Matthew H
      July 29, 2014 at 11:00 am

      Er, if you consume the content, it's massively unethical to effectively skip out on paying by using adblocking software. Writers, programmers and graphics designers do not work for free. For many of, this is our main line of work. It's what we love. And right now, the advertising supported model is the only way that allows us to reach a large audience, whilst still being financially rewarded for our work.
      It's a bit like going to a restaurant, ordering a meal and skipping out on paying, and telling the waiter 'The financial problems of the restaurants I visit are NOT my concern. DON’T push YOUR problem on ME with by asking me to pay for my food!'

      • hardly
        February 10, 2017 at 4:15 am

        Your restaurant analogy is not analogous. Websites are by default not pay-for-service. Websites are run on a “come in a feel free to browse” department stores. Visitors can choose to spend an entire day browsing the store contents without buying anything, entertaining any sales approaches, or reading any adverts or responding to promotional enticements. Any store that employs sales staff who harrass patrons at every turn and brand visitors as thieves for enjoying the sights and contents without reciprocating, is a store that eventually goes out of business. The store is entitled to track visitor actions with security cameras and entice visitors to opt in as members to enjoy better deals. But these actions are to be stated upfront and fully disclosed to visitors. Surrepticious, camouflaged and undisclosed intrusion into patrons’ rights to privacy and freedom to choose, are not ethical business practices.

        The department store’s challenge is to offer a sufficiently wide range of contents and prices and customer service quality to attract visitors’ interest to patronise frequently in order to increase the chance that they will make purchases often enough, or participate in partner promotions often enough to provide revenue to offset costs.

        With hundreds of competing stores out there, any store that wishes to thrive has to figure out a unique formula to gain and retain loyal patrons while remaining profitable. Patrons who have no loyalty to a store have no empathy for the store’s problems. Patrons with loyalty to a store but who find their trust betrayed will turn unsympathetic.

  8. pmshah
    July 29, 2014 at 3:30 am

    I am pretty happy with Sysinternal's Power Defrag utility. It does a file by file defragging. Works in the background. Never had a problem with it.

    In reality till date no one has come close to the original defragging utility that was included with Norton utilities. Too bad PCTOOLS bought Peter Norton out and the company simply died.

  9. Christopher W
    July 29, 2014 at 2:52 am

    A lot of this is in your browser headers. I didn't realize so many hardware details got set-and I did the Panoptik site above.

    I do have the nuclear option as far as ads (as opposed to canvass. I use a hosts file blocker. For MakeUseOf, I removed Punchtab.

    I go back and forth on this. Yes, I know sites depend on ad revenue. But I get a little squeamish about being the product.

    There's also the bandwidth issue. I'm paying for that...and by disallowing the IPs from ad sites to connect, my speed is a little faster. (I'm on a 12 MB/s DSL connection that is pretty high latency due to old equipment and a fairly long distance (about 2 miles) to the Central Office.

    I still feel like an ingrate, though. :(

    • Matthew H
      July 30, 2014 at 5:15 pm

      It's a tough one. For what it's worth, I can see both sides of the argument. There are a lot of adverts that are obnoxious. I'm talking about the really horrendous auto-play video adverts. Yes, I'm looking at *you*, IBTimes.

      As someone who works as a technology journalist, and for whom this is the only income I have, I kinda see ad blocking as a direct affront. I mean, if people are willing to consume content, they shouldn't also skip out on paying it with by not viewing advertisements.

      There should be a happy medium. I think appropriate, privacy conscious advertisements that aren't obnoxious is the way forward. Consumers don't get harassed, and content creators get paid. And everyone's happy.

  10. Chris
    July 28, 2014 at 9:09 pm

    I don't understand how people can say that they suffer greatly when they disable adblock. I don't have it installed on my netbook and I only have 2 GB of RAM, yet I have never run out (because of my browser) even when running Windows, which uses about twice as much RAM on idle as my Linux Mint install does.

    I do understand people complaining about intrusive ads, but to say that MUO is terrible about it is unreasonable in my opinion. I didn't even notice how many ads were there until it was pointed out. I always see the ones at the bottom of the article before the comment section, but it takes up less than one screen of space and I'm already scrolling past it by the time I get there. As far as the side of the screen goes, I don't even look at it. Oh, and while I'm thinking about it, I've never actually scrolled below the box to add a comment, but there are some ads down there too.

    Since I didn't even notice more than 25% of them, I would say that MUO is FANTASTIC about how they manage their ads.

    • Matthew H
      July 30, 2014 at 5:16 pm

      Thanks man. Thanks for being honest, and thanks for supporting the site. And thanks for your comment!

  11. Rob H
    July 28, 2014 at 8:50 pm

    You may enjoy a little test page I made to show how information about your computing environment can be misused by a web site
    [Broken Link Removed]
    (I may not leave it active for long).

    • Matthew H
      July 30, 2014 at 5:18 pm

      That's really interesting. Thanks man! Presumably that's all from browser headers?

      Would be interested in hearing how you went about making that from a technological standpoint.

  12. Eric B
    July 28, 2014 at 7:13 pm

    I tried unblocking makeuseof several different times after hearing pleas on the site to do so. The ads on the site are so intrusive and annoying that I can't even use the site . If makeuseof wants me to unblock them, they will have to rethink their advertizing.

    Also, something I've always wondered... How much do people make from website advertising anyway? I never click on ads on websites even when not using adblock. How many people actually click on ads?

  13. P.f. B
    July 28, 2014 at 6:41 pm

    Here's why I don't think adblocking is evil.

    Yes, it means I don't view the advertisements that support the sites whose ads I block. And yes, it even means that since most sites now use iframes quite a lot, I'm loading a very large blacklist (somewhere around 4MB) into RAM for each frame a site loads. That builds up quickly.

    However, I disabled AdBlock Plus for a month on my main box, a Macbook Pro 15" (late 2012) running OS X 10.9.4 and (at the time) Firefox 28.0.1. It got very crashy very fast, because advertisers don't seem to give a rip how much RAM their godawful ads take up. It was definitely worse than having AdBlock Plus loaded.

    So I'll disable it on sites that only display pictures, text, SMALL animations, and the like. Sites that display massive interstitials, autoplay videos (inline or otherwise), and similar memory hogs get AdBlock Plus until they get the message. End of line.

    • Eric B
      July 28, 2014 at 7:30 pm

      I agree completely. I have unlbocked makeuseof again to see what their ads are like and they are still using inline ads. They put ads at the top of the page in the content, 2-3 in the sidebar and sometimes as many as 4 inline in the content. I will admit that makeuseof is good with ads compared to some sites since they block videos and the like, but I won't remove adblock on a site as long as there are ads in the middle of the content.

    • Matthew H
      July 29, 2014 at 11:07 am

      Er, advertising by itself shouldn't cause your laptop to crash. Programs which us a large amount of RAM shouldn't cause your laptop to crash, as it'd just page to virtual memory.

      It's probably something else. Faulty driver? Faulty hardware? Some other software related problem? Might be worth paying the Apple Store a visit.

  14. AJ North
    July 28, 2014 at 5:51 pm

    The EFF have an application, the Privacy Badger extension which they claim will help mitigate against Canvas Fingerprinting -- . That, along with judicious use of NoScript (and perhaps Adblock Plus with the addition of their EasyPrivacy filter list -- should afford useful protection for the vast majority of users.

  15. Petew
    July 28, 2014 at 5:24 pm

    tool-de-jour = tool-du-jour!
    I think you ought to have said something about the use of VPNs

    • Matthew H
      July 29, 2014 at 11:09 am

      Awkward, especially given that I speak French fluently, and used to live in France and French-speaking Switzerland.

      I didn't mention VPNs because this is not a network issue. Not really. It's an information leakage issue, for the most part. Browser headers are very leaky. Mixed that with canvas fingerprinting, and you have a very identifiable computer.

  16. Jim L
    July 28, 2014 at 5:22 am

    Steve Gibson debunked Canvas Fingerprinting (again) on his Security Now podcast:

  17. Bob Myers
    July 27, 2014 at 9:42 pm

    My black list grows, as I'm sure others do. I had my sites for certain types of information, When I get annoying interruptions to a site, I find a new, and often better, site for the information and block the old one.

    It's a pain in the back of my lap, but it forces me to find the different, better, sites. Chasing the culprits down helps me learn a bit more about how the internet works.

  18. Cris
    July 27, 2014 at 7:22 pm

    I find this discussion interesting. I use ghostery, which supposedly does not allow any tracking and other innocuous cookies from sending back information from my computer to the offending parties. The only trouble is: It blocks me from seeing some content that I do wish to see. Sure the little ghostery images show up, on which you're supposed to click to view a site one time or many times, but often, nothing happens when I click on them, no matter how many times I click on them.

    I haven't read your "AdBlock, NoScript & Ghostery - The Trifecta of Evil" yet, but I do intend to. I'm not sure what to expect there, as above, Bob touts the advantages of ghostery over disconnect, and your "Trifecta" title doesn't sound as if it's going to place ghostery on any kind of pedistal. So, I am looking forward to reading that.

    • Matthew H
      July 28, 2014 at 9:27 am

      Would love to hear your thoughts once you do read it!

  19. Jeanne T
    July 27, 2014 at 3:00 pm

    I find it ironic that this post appears on a site that has gone to great lengths to *prevent* users from using ad-blocking software. I remember several articles insisting that such software basically amounted to stealing your content. Perhaps someone at MakeUseOf is beginning to understand why users try to avoid ads and the tracking they involve, and why that may seem more important than getting ads "tailored" to our interests.

    • Matthew H
      July 27, 2014 at 7:11 pm

      You can think that ad-blocking is theft, whilst simultaneously believing canvas fingerprinting is unacceptable. There's no hypocrisy there.

  20. bben
    July 27, 2014 at 11:48 am

    The advertisers have poisoned the well , and now want to blame the users for using blockers. Most users don't mind an ad if it is tastefully done and behaves itself by staying out of the way of what they are trying to do. But the advertisers are just not satisfied with that - to them the entire reason you have a computer is so they can advertise to you - to them nothing else matters. So - POP UPS, floating ads that move across what you are trying to do , and ads that take up most of the screen. Then multiple advertisers are all doing the same things - making you computer experience both stressful and aggravating. I tend to instantly close any site that throws up an ad that covers what I came to read. And that makes them try even harder to make my computer experience worse.

    • Rama
      July 27, 2014 at 12:47 pm


      Not true! I don't want ads (even if they are "...tastefully done...") and I do not believe "...most users don't mind...". When I visit a site, it's to obtain something specific, I don't need ads shoved in front of me. Ads on website are akin to me walking down a street and strangers jumping in front of me to sell stuff - Annoying (is an understatement). On another tack, web visitors seem to forget that advertisers are using our bandwidth for free - I don't buy ISP services so advertisers can use my bandwidth, to serve me advertising content I do not want - They should be paying us to advertise!

    • Rama
      July 27, 2014 at 12:58 pm

      Firefox, AdBlock Plus blocks / disrupts canvas fingerprinting:

    • bben
      July 27, 2014 at 3:27 pm

      @Rama you seem to have missed the reason most sites allow advertising. That advertising is what supports the site. Did you really think that FREE sites don't COST the owner something? Without the advertising, there will be NO free sites - NONE!!! Do you work for nothing? The site owners don't either. The option is to make each site that is not supported by advertising a PAY site. Where you have to pay to see what they have there. I'll take the tasteful advertising - and still keep blocking the JERKS that throw advertisements in my face.

  21. Chinmay S
    July 27, 2014 at 4:17 am

    I have dynamic external ip, so how will fingerprint tracking affect me?

    • Matthew H
      July 27, 2014 at 11:01 am

      The fingerprinting is based upon unique traits about your computer configuration and your browser.

  22. Steve Sanchez
    July 27, 2014 at 1:45 am

    "Whenever a user visits a site running a Canvas Fingerprinting tracker, it draws an invisible line."

    "The specific configuration of your computer – graphics card, graphics driver used, browser and operating system – create small, unique changes in how this line is drawn. A fingerprint of those discrepancies is generated, and shared across advertising parties."

    This sounds like BS. What is the mechanism for this invisible line being generated? I have never heard of this.

  23. Testuser
    July 27, 2014 at 1:03 am

    This article lacks a few things and is a little misleading. Yes, you can't block it up to 100% everywhere, but something like 99% is pretty much possible at the moment. Just use the addon NoScript in Firefox and Disconnect (the safer and non-spying alternative to Ghostery). Also, you can check if you are unique or not with the help of a website from EFF: Without NoScript, it said that I'm unique!

    • Bob
      July 27, 2014 at 9:16 am

      Agree that the article is sensationalist.

      Why do you say that Ghostery spies? I find it more feature rich and effective than Disconnect. There is an option to submit usage data to Ghostery, but this is disabled by default. Most that I have read on Ghostery indicates that there is no other data sent to them.

    • Matthew H
      July 27, 2014 at 10:59 am

      Oh, you're right. It's fundamentally dependent on JS to work. Disable JS, you can't be tracked with Canvas fingerprinting.

      Although, I think I mentioned that in my post. ;)

  24. Anonymous
    July 27, 2014 at 12:55 am

    Run a program to add random data and that should work as a mask

  25. Mark T
    July 26, 2014 at 10:34 pm

    lol @Joseph

    bah existing ad blockers prevent JS insertion so why would this be a new problem??

    I agree I think the article is hyper-sensationalising the fact ad companies are starting to change tactics, all of which rely on JS injection, which can easily be stopped.

  26. Joseph
    July 26, 2014 at 9:33 pm

    total nonsense, you are just sensationalizing , there is absolutely no way this can uniquely identify me or track me EVERYWHERE I go.

    but if you don't believe me, I provide a service to block this kind of tracking, it only costs $5 for 100 years of protection, and if you act now, you can purchase an additional 100 years for as little as $1 more.

    • Matthew H
      July 27, 2014 at 11:00 am

      Unless you disable JavaScript, you're probably wrong about that.

    • Mark Hansen
      August 15, 2014 at 11:42 pm

      I'm surprised about the things not mentioned can be used to identify users. While I have no qualms about this and are in no way worried about it, then I must admit finding a unique visitor is not entirely impossible, although unlikely in some market groups.
      But I at least would be easily identifiable, I imagine. First, there's the things mentioned in the article: OS, hardware, drivers and the browser. To this I would add that there's also different versions of the same operating systems and different browser versions. Though I would assume the majority to use the most recent versions of both, it still helps narrow it down. For example, my browser's plugin details are only used in 1 in 4.443.658. The fonts installed on my system is identical to 1 in 2.221.829.
      These single 2 details would already make me pretty damn unique, and there's a hundred more that could be put together with this information. Now, I'm sure there are many less-seasoned computer users than me, who does not have several plugins, not using an 6 year old computer and only runs default fonts because they've never dabbled in graphic and digital design. But considering how many factors there are trackable, I believe the margin of error for canvas fingerprinting could easily be very low if properly or mischieviously used.

      As I said in the beginning, I feel safe from the effects of being tracked, but don't kid yourself with thinking you're actually safe from being tracked by it if you're not doing anything to prevent it.

    • Joseph
      September 4, 2014 at 12:29 pm

      Cookies can remember you and log you into a site automatically, should link-bait bloggers be writing articles about this MASSIVE Security Breach, Leak, Tracking technology?

      If the problem is running JavaScript, well we already knew that years ago, so writing articles about a new way to track you or steal your information is not new. But it gets guys like us to post about how much bullshit is on the Internet, when this website or this author does it to often, they will get a reputation and people will just ignore them.

  27. Paul Harris
    July 26, 2014 at 9:11 pm

    I use Private Internet Access (VPN). Does this give me any protection against this ?

    • Matthew H
      July 27, 2014 at 11:00 am

      I don't see how a VPN could help you here. Sorry.