The latest ad tracking tricks and what to do about them
The Adobe Variant
An Adobe online service offers a different method for removing Flash cookies from your system. Go to the Setting Manager on the Macromedia website [11], click the Global Storage Settings tab, and disable the options Allow third-party Flash content to store data on your computer and Store common Flash components to reduce download times. Also, delete any existing LSO cookies below Website Storage Settings (Figure 5).
Conclusions
Although the advertising industry is doing somersaults to spy on unsuspecting web surfers, free developers are investing at least as much time and energy to guarantee data protection even against highly complex spyware. You do not need to rely on multiple browser add-ons to remove annoying pests from your system, but you can redirect these intrusion attempts to a black hole with just a few clicks.
Whatever the circumstances, it is always advisable to keep the system clean with a combination of add-ons and the Bleachbit tool, because a cleaner system means fewer loopholes for Evercookies.
Canvas fingerprints can be effectively and easily misled using the Firefox FireGloves add-on. Therefore, the advertising industry will need to come up with somewhat more sophisticated mechanisms in the future to spy on users of free software.
Interview: Canvas Fingerprinting and Evercookies
Canvas fingerprinting and Evercookies are two relatively unknown methods for spying on the surfing habits of Internet users. We asked Florian Drechsler, eCommerce expert, web designer, and co-owner of headtrip.io GbR from Nuremberg, Germany, [12], for his assessment of future developments and how to best protect yourself as an Internet surfer.
Linux Magazine: Canvas fingerprinting on web pages first attracted greater attention last summer, when researchers at the universities of Leuven and Princeton provided evidence of this tracking method on almost six percent of all surveyed web sites. Since then, public interest in this technique has again waned somewhat. Based on your experience, are there signs that canvas fingerprints are increasingly being used to identify surfers and their surfing habits on the Internet?
Florian Drechsler: Definitely, yes. The registered percentage of affected websites at that time was attributed to a large extent to advertising service provider AddThis, who apparently used canvas fingerprints to deliver personalized ads. But, AddThis quickly responded to the criticism and removed the canvasing code. In my experience, canvas fingerprinting has definitely spread – simply because many eCommerce companies and advertising platforms see it as a possibility to boost conversion rates through personalized content.
LM: The Tor Browser warns users about canvas fingerprints on many web pages. Often, also the Firefox CanvasBlocker extension indicates that canvas elements are trying to extract image files that could be used for spying on surfers. Analysis of the source code on most affected web pages show that the canvas code causing the alert was attributable to a small script introduced in WordPress 4.2 that checks to see whether emojis are available. Do such extensions that allow visitors to websites to be spied on cause any real danger?
FD: The Emoji script itself is harmless. Instead, the danger lies in the fact that the user approves this innocuous usage of the canvas element, and thus allows other potentially malicious elements.
LM: How can surfers tell, when they are notified of canvas fingerprints, whether those elements are used for tracking?
FD: If you cannot analyze the code yourself, your only option – as is so often the case in Internet security – is to rely on common sense. To do this, however, you need to know how a canvas element works. Canvas elements are used by websites for drawing, say, 3D animations or for browser games. In case of doubt, you should block the canvas element and then try to use the site: Are you missing some elaborate graphics? If so, switch the canvas back on. But if the site works without a canvas element, then it was at least superfluous, or it was actually used to track users.
LM: Evercookies are a tracking method that is as difficult to control as canvas fingerprints. How can I protect myself against Evercookies?
FD: By installing the Firefox BetterPrivacy [13] extension, which deletes Flash cookies and runs the browser in private browsing mode. If you do not need plugins like Silverlight and Flash, you should turn them off – and not only because of the Evercookies. The safest method, however, is the use of a specially hardened Linux distribution such as Tails [14].
LM: How do you see future developments: Are Evercookies and canvas fingerprints likely to spread?
FD: The final version of HTML5 is now only a few months old, and it might take some time until all clients can use canvas elements at all. The more frequently canvas elements are used, the more attractive options for using canvas fingerprinting will become. Evercookies have been around for over five years and are still in active development. Other methods that allow storage of user data might also arise through exploiting new browser technologies. Online traders, in particular, benefit from Evercookies and canvas fingerprinting, which let them trace the surfing behavior of potential customers. I would assume this option is used by increasing numbers of eCommerce companies.
Infos
- Flash cookie: https://en.wikipedia.org/wiki/Local_shared_object
- Evercookies: https://en.wikipedia.org/wiki/Evercookie
- Tor Browser: https://www.torproject.org/projects/torbrowser.html.en
- CanvasBlocker: https://addons.mozilla.org/en-us/firefox/addon/canvasblocker/
- CanvasFingerprintBlock: https://chrome.google.com/webstore/detail/canvasfingerprintblock/ipmjngkmngdcdpmgmiebdmfbkcecdndc
- Wordpress 4.2 "Powell": https://wordpress.org/news/2015/04/powell
- Disable Emojis: https://wordpress.org/plugins/disable-emojis
- FireGloves: http://fingerprint.pet-portal.eu/?menu=6
- Bleachbit: http://bleachbit.sourceforge.net/
- Ghostery: https://www.ghostery.com/our-solutions/ghostery-add-on
- Deleting Flash cookies: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
- headtrip.io GbR: http://headtrip.eu (in German)
- BetterPrivacy: https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/
- Tails: https://tails.boum.org
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Gnome Fans Everywhere Rejoice for the Latest Release
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.