We have discussed browser fingerprinting in some depth before. It is one of the sneakier means being developed by websites and third party analytics and advertising domains to track and uniquely identify web users in order to deliver ever more targeted advertising, and is a response to people becoming much more aware of the dangers to privacy posed by more traditional (HTTP) cookies.
Canvas fingerprinting is a special form of browser fingerprinting developed and used primarily (over 95 percent) by web analytics firm AddThis, although other companies such Plenty of Fish and German digital marketer Ligatus are also guilty.
It is a script that works by asking your browser to draw a hidden image, and uses tiny variations in how the image is drawn to generate a unique ID code, which can then be used to track you. At present there is no effective way to block this, although users can install the AddThis opt-out cookie, to opt out of targeted advertising. This does however mean that you have to trust AddThis to keep their keep their word over not targeting you for ads, and does not anyway protect you from actually being fingerprinted.
Notable websites running the AddThis canvas script include Whitehouse.gov and YouPorn.com, although a YouPorn representative contacted Pro Publica (who broke the story together with Mashable) to say that it was ‘completely unaware that AddThis contained a tracking software that had the potential to jeopardize the privacy of our users.’ Ligatus have also said that it no longer uses the script, but we seriously doubt that the Whitehouse will make any such similar statement.
The researchers at Princeton University discovered that 5.5 percent of the top 100,000 sites they crawled were running the canvas script, and ‘although the overwhelming majority (95%) of the scripts belong to a single provider (addthis.com), we discovered a total of 20 canvas fingerprinting provider domains, active on 5542 of the top 100,000 sites.’