
Meet the Online Tracking Device That is Virtually Impossible to Block - Libertatea
http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block
======
x0x0
can anyone explain how / why a canvas drawing should be unique? Doesn't that
defeat the point of canvas?

edit:

So here is poc canvas fingerprint code [1]. The upshot seems to be (1) the
process of turning the canvas drawing into an image (image processing, export,
compression, etc) leaks information, and (2) anti-aliasing and sub-pixel
rendering also leak information. But as near as I can tell, both of those are
essentially equivalent to information available in the user-agent string: os
version and browser version. There must be more here because, eg, for this to
be useful as a ios fingerprinting solution there are so few device + os
versions available this info is mostly useless. What am I missing?

[1] [https://www.browserleaks.com/canvas](https://www.browserleaks.com/canvas)

------
crisnoble
This seems like just one more thing to add to the list at broswerspy.dk, shown
in practice by the EFF:
[https://panopticlick.eff.org/index.php?action=log](https://panopticlick.eff.org/index.php?action=log)

------
ttctciyf
Not wanting to detract from linking to an interesting technique, I should say,
but NoScript seems to block it just fine.

~~~
crisnoble
I suppose using an old browser without canvas support would work too. But then
again you are opening yourself up to all sorts of other vulnerabilities.

[http://caniuse.com/#search=canvas](http://caniuse.com/#search=canvas)

------
lotsofmangos
Given we are dealing with a virtual impossibility, you can easily get around
it by linking the logic circuits of a Bambleweeny 57 Sub-Meson Brain to an
atomic vector plotter suspended in a strong brownian motion producer.

Alternatively, you could setup a VM to rejig all its browser settings and
fonts and stuff each time it is used and then browse from there.

~~~
x0x0
or, you can get around it by using an ios device: there is roughly 1 hardware
release / year plus a near-lockstep upgrading of the os + browser. Thus
fingerprinting techniques are nearly useless because you have the same
fingerprint as the other (rough guess) 40m US iphone-5 owners.

