HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 5 MINUTES AGO.
You are here: Home / Network Security / New Technology Defeats Privacy Efforts
Druva Endpoint Backup:
Enterprises Realize Simple Secure Backup with Druva
www.druva.com
New Web Tracking Technologies Defeat Privacy Protections
New Web Tracking Technologies Defeat Privacy Protections
By Jef Cozza / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
22
2014


Recently developed Web tracking tools are able to circumvent even the best privacy defenses, according to a new joint study by researchers at Princeton University and the University of Leuven in Belgium. New technologies known as canvas fingerprinting, evercookies and cookie syncing are making it difficult for even sophisticated users to maintain their privacy, the study warned.

"A single lapse in judgment can shatter privacy defenses," the rfesearchers wrote. The paper, titled "The Web never forgets: Persistent tracking mechanisms in the wild," claims to be the first large-scale study of the three new tracking techniques.

New Weapons in Privacy Arms Race

These newly developed trackers are difficult to control, detect, or defend against. Canvas fingerprinting, for example, uses the browser's own Canvas API to draw invisible images and extract a persistent, long-term fingerprint without the user's knowledge or consent. Over 5 percent of the top 100,000 Web sites employ canvas fingerprinting as part of their efforts to watch visitors' Web surfing habits, according to Internet measurement firm Alexa -- although only one company, AddThis, is responsible for 95 percent of the instances of the canvas technique. AddThis said on its blog that it was testing the new technology, and that it has subsequently disabled the code.

Cookie syncing, meanwhile, is the practice of tracker domains passing pseudonymous IDs associated with a given user, typically stored in cookies, amongst each other.

"Cookie syncing can greatly amplify privacy breaches through server-to-server communication," the study's authors said. "While Web privacy measurement has helped illuminate many privacy breaches online, server-to-server communication is not directly observable. All of this argues that greater oversight over online tracking is becoming ever more necessary."

With the third technique, evercookies, multiple storage vectors are used that are less transparent to users and may be more difficult to clear, according to the paper. "Evercookies provide an extremely resilient tracking mechanism, and have been found to be used by many popular sites to circumvent deliberate user actions," the study said.

Difficult to Defend

Users can defend against tracking using tools such as AdBlock Plus and Ghostery, which block third-party content, or by disabling evercookie storage vectors such as Flash cookies. However, other storage vectors used by the new techniques such as localStorage, IndexedDB and canvas cannot be disabled without breaking core functionality.

The only software the researchers found that successfully defended against techniques such as canvas fingerprinting was the Tor browser, which returns an empty image from all canvas functions that can be used to read image data. Both the Tor Browser Bundle and the Electronic Freedom Foundation's Privacy Badger were effective in countering cookie syncing.

However, even with effective tools to block the new tracking techniques, the level of user sophistication and effort required to employ them is prohibitively high. Users will have to be meticulous in their use of existing tools, the study concluded.

"The rapid pace at which new tracking techniques are developed and deployed implies that users must constantly install and update new defensive tools," the study said. "It is doubtful that even privacy-conscious and technologically savvy users can adopt and maintain the necessary privacy tools without ever experiencing a single misstep."

Tell Us What You Think
Comment:

Name:

FYI:
Posted: 2014-08-04 @ 3:36pm PT
This story is inaccurate. AddThis ran an internal R&D test and it's been over. There is not canvas fingerprinting on all those sites you list. You can get the facts from the AddThis blog: http://www.addthis.com/blog/2014/07/23/the-facts-about-our-use-of-a-canvas-element-in-our-recent-rd-test/#.U-AFS1ZRluY

Stop the BS:
Posted: 2014-07-22 @ 12:59pm PT
You do not need to "break core functionality." Just prevent tracking sites from running their consumer-hostile code on your machine. The RequestPolicy and NoScript extensions for Firefox are your friends, and Adobe Flash should have been considered consumer-hostile already many, many years ago (Steve Jobs was right).

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Forrester study shows 187% ROI with Druva Endpoint Backup: In a commissioned study conducted by Forrester Consulting on behalf of Druva, Forrester found that the costs and benefits for a composite organization with 3,000 inSync users, based on customer interviews, are: 1) 187% return on investment, and 2) Total cost savings and benefits of $3.8 million. Click here to access the study now.
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
The FBI is pointing the finger of blame for the Sony Pictures cyberattack directly at North Korea. The hackers stole confidential data and caused the movie giant to can its new comic film, "The Interview."

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.