
Do privacy studies help? A Retrospective look at Canvas Fingerprinting - randomwalker
https://freedom-to-tinker.com/blog/englehardt/retrospective-look-at-canvas-fingerprinting/
======
randomwalker
There's a follow-up to this post here: [https://freedom-to-
tinker.com/blog/englehardt/the-web-privac...](https://freedom-to-
tinker.com/blog/englehardt/the-web-privacy-problem-is-a-transparency-problem-
introducing-the-openwpm-measurement-tool/)

And here's our open-source tool that we've been using to do all these privacy
measurements:
[https://github.com/citp/OpenWPM/](https://github.com/citp/OpenWPM/)

We'd love to see pull requests or just other people using our tool for new
interesting findings.

~~~
fitzwatermellow
Kudos to the Princeton team on yet another interesting find! I recently
submitted the work on de-anonymizing programmers from binary signatures using
machine learning that was also fascinating (not to mention a bit scary)

But I confess I'm perplexed as to how a canvas render can yield a consistent
unique fingerprint? Even allowing for subtleties in font anti aliasing
implementations amongst drivers, wouldn't two machines with identical gpu
hardware and drivers be identical down to the last pixel? And what about
browsers using software rendering?

My interest is purely academic of course ;)

------
mirimir
These are great posts!

I've recently discovered
[https://www.browserleaks.com/](https://www.browserleaks.com/) which has tests
for several sorts of browser fingerprinting.

Edit: The follow-up post cites the W3C draft on fingerprinting: "elimination
of the capability of browser fingerprinting by a determined adversary through
solely technical means that are widely deployed is implausible". But there is
a simple strategy. Just compartmentalize online activity, such that everything
that a particular persona does can be safely linked by adversaries. And it's
fun!

~~~
jakeogh
One to add (HSTS):
[https://news.ycombinator.com/item?id=10895933](https://news.ycombinator.com/item?id=10895933)

