Meet the Online Tracking Device That is Virtually Impossible to Block

Using different VMs via different VPNs and/or Tor should do it

 

Ah! Ok, that explains a lot then. I've been noticing a few of those notifications.

 

Yep, TOR submits a blank canvas on your behalf unless you manually override it.

 

That's interesting. But if a person is using Sandboxie and wipes the remenants with each session, how can they gather this information?

 

Server-side storage of each session.

 

Who's server? The tracker server? If so then how do they identify you the next time you visit, if it relies on the webpages, ads and that sort of thing? None of that would persist.

 

So any methods to block it outside of using Tor? Would Noscript block it?

 

Yes. The original article lists some other methods.

 

IP Address, MAC address, user agent, etc.

 

That list is heavily populated with uɹ0d sites.

How would this actually be deployed?

 

Oh, it's on the side. It took me like 3 re-reads till I spotted it.

Anyway, for anyone else curious:

Also Privacy Badger looks like one day it'll also have a feature to block it (or it, along with a bunch of other methods:

https://www.eff.org/privacybadger#does_it_prevent_fingerprinting

 

If it's HTML, it can be blocked, filtered, or altered. Proxomitron would be capable of dealing with it once a specific filter is written.

 

Yet again complete nonsense hype about "virtually impossible to block".

Block "AddThis" in ABP and tada. Damn that was hard... Install the anti-social list when prompted to in ABP and it's already done for you.

I guess that wouldn't attract as many clicks.

EDIT: Article has been removed or the link is wrong. Here is a working link: http://www.theverge.com/2014/7/21/5...new-way-to-track-your-movement-across-the-web

Also...

Panic over.

 

Just read this article on ghacks and I thought id share. Has anyone here on Wilders ever used such an extension or has some knowledge about these form of techniques?? Opinions?

"Browser fingerprinting refers to methods to profile a browser based on information transferred automatically when connections are made to websites or services, or generated with the help of scripts and technologies.

It is unclear how widely browser fingerprinting is being used on the Internet but it is clear that it is used by some companies to track users online."

Source;

http://www.ghacks.net/2014/07/22/chameleon-highlights-protects-browser-fingerprinting-chrome/

Canvas Fingerprinting

"Traditional ways of tracking users have come under fire in recent years. Cookies and other small snippets of data that get saved on user systems may not be available forever to many companies.

That's why many have invested resources in finding other means to track users on the Internet. Fingerprinting is popular but not that reliable due to several factors"

Source;

http://www.ghacks.net/2014/07/21/companies-use-canvas-fingerprinting-track-online/

 

Here is a discussion about this type of profiling: https://www.wilderssecurity.com/thr...ally-impossible-to-block.366298/#post-2393012

I don't know how widespread this method is but apparently it's not very accurate. I hope that when it becomes more widespread we we also get effective tools to fight against it.

 

Ah right thanks for pointing me to that thread. Must of missed it.

Definitely very interesting, worth keeping an eye on it to see how it develops in the future both from an advertising and privacy point of view.

regards.

 

http://www.welivesecurity.com/2014/07/22/online-privacy/

 

Note: the referenced academic paper covers more than just canvas fingerprinting.

 

http://threatpost.com/thousands-of-...practically-unblockable-fingerprint-mechanism

 

Of course the same IP could be used. But I don't think websites can see your mac address.

 

https://www.eff.org/deeplinks/2014/...que-non-cookie-tracker-despite-privacy-policy

So it looks like Privacy Badger would help then.

 

They don't have to get your MAC address. They have enough of other data.
As an example you can test your browser fingerprint here: https://panopticlick.eff.org/ You will see how unique your browser is. My is one in two millions, so when I visit a site with not many daily visitors they can almost 100% identify me just by collecting this data.

 

I don´t get it, so if you block this with a script-blocker then this "attack" is stopped?