Technology can be used for both good and bad depending on the intent of the developer. Canvas fingerprint is a recent example of technology misuse. It is used to track user’s online behavior and cannot be disabled by the user.
To deal with this problem, Firefox has taken a step to make users aware about the service by displaying a warning message. This will enable users to block canvas fingerprint and Firefox will be able to provide Tor like security to them.
Mozilla’s Firefox 58 which is expected to be released in January 2018, will handle this serious security issue. In this article we attempt to further understand HTML5 Canvas Fingerprint and how it works.
HTML5 Canvas Fingerprinting
The technology uses HTML5 element Canvas to collect all the information from the browser header, transferred during connection.
These fingerprints are then used to detect when a specific user visits affiliated websites and further create an exhaustive user profile describing individual browsing habits. This data is then shared with advertising partners to display targeted advertisements.
How Firefox 58 Will Work?
When a website uses HTML5 Canvas Fingerprinting, Firefox 58 will display a permission prompt to the user. It’s up to the user to allow or block it. Also, user can check the box next to “always remember my decision box”. This way he can save himself from the hassle of allowing or denying the notification each time it appears.
The message that Firefox displays is (subject to change):
“Will you allow [site] to use your HTML5 canvas image data? This may be used to uniquely identify your computer”.
How companies use it?
Img src: hackernews
Users are much alert today and can no longer be lured by traditional ways of advertising any longer. Therefore, companies use HTML5 Canvas Fingerprinting to collect data on the sly and show targeted ads to the users.
As this feature cannot be disabled by the user, therefore it is the most secure way to collect data. So far, no browser has taken an initiative to stop this tracking.
It is an illegitimate way to collect data and keep track of user’s digital footprints.
Alternate Ways to Block Canvas Fingerprinting:
There are several other ways to block tracking but they are not straightforward. Few of them are explained below:
- You can use the Tor browser which shows a message whenever a website tries to use HTML5 Canvas. Tor ensures that users are protected from this type of tracking.
- You can even use CanvasBlocker for Firefox which blocks canvas element in the browser.
Firefox 58 is also expected to remove the controversial WoSign and its subsidiary StartCom root certificated from Mozilla’s root store. Hope you remember how it was also used earlier in an attack. Firefox 58 will also add Progressive We Apps (PWAs)to home screen for Android user’s.
We hope we could simplify, how HTML5 Canvas Fingerprinting works and tracks your online activity. Till the time Firefox 58 is released you can try your hands on the alternate methods. Alternatively, you can even use the latest prerelease version of the browser i.e. Firefox Nightly.