Previous Page
PCLinuxOS Magazine
Article List
Next Page

The New Cookie Monster: Privacy Badger

by Paul Arnote (parnote)

As if obtrusive online ads and illegal internet spying weren't enough, we now have a new form of tracking to worry about. Called "canvas fingerprinting," it's a sneaky trick that some websites use to track their users' internet activity.

Here's how it works. When a browser loads the page code, embedded JavaScript code leverages the canvas API that is now included in most modern browsers. This API accesses the graphics chip on the user's computer. The website asks your browser to then render a hidden image. Since each computer will render the image differently, partially dependent on the hardware in that computer, that returned image is assigned a unique number, which can then be used to track that particular user as they travel around the internet.

Advertisers and others who want to track users across the internet are wanting to get away from using cookies. Cookies can be blocked by the end user, and cookies can also be physically deleted by the end user. Such activities render cookies useless for tracking a user, especially when attempting to send targeted advertising to that particular user.

Canvas fingerprinting is much more stealthy. NOTHING is stored on the user's computer, so it's a lot harder for the average user to detect. In fact, most users probably aren't even aware that they are being tracked, much less that canvas fingerprinting even exists.

Unfortunately, canvas fingerprinting has infiltrated sites that you would never suspect, such as the White House website. One tracking "widget" that especially notorious for implementing canvas fingerprinting is called AddThis. The makers of AddThis insist that the canvas fingerprinting code was removed from their widget in early July, but admitted to experimenting with it during a five month test run. Of course, none of this was divulged to the average internet user, and all tracking activity occurred without the knowledge of the users it was tracking. At one point, over 5,000 high profile sites were using the AddThis tracking widget. As the image above shows, the White House website is still using it.

So, what can a user do to protect his/her privacy? Well, you can thank the Electronic Frontier Foundation. They have created Privacy Badger. Privacy Badger eats cookies for breakfast, lunch, dinner and late night snacks. Blocking canvas fingerprinting is a feature that they are looking to add in future versions. Currently, the notorious AddThis widget is blocked, because of their failure to honor users' "Do Not Track" requests.

Here is the description for Privacy Badger, from its download page:

Privacy Badger blocks spying ads and invisible trackers. It's there to ensure that companies can't track your browsing without your consent.

This extension is designed to automatically protect your privacy from third party trackers that load invisibly when you browse the web. We send the Do Not Track header with each request, and our extension evaluates the likelihood that you are still being tracked. If the algorithm deems the likelihood is too high, we automatically block your request from being sent to the domain. Please understand that Privacy Badger is in beta, and the algorithm's determination is not conclusive that the domain is tracking you.

Our extension has three states. Red means Privacy Badger believes this domain is a tracker, and has blocked it. Yellow means the domain is believed to be both a tracker and necessary for the functioning of the page, so Privacy Badger is allowing it but blocking its cookies. Green means that Privacy Badger believes this is not tracker. You can click on the Privacy Badger icon in your browser's toolbar if you wish to override the automatic blocking settings. Or, you can browse in peace as Privacy Badger starts finding and eating up web trackers one by one.

Nothing can stop the Privacy Badger from eating cookies when it's hungry!

Privacy Badger is a project of the Electronic Frontier Foundation.]

Privacy Badger "report" on The PCLinuxOS Magazine website.

Currently, Privacy Badger is available for the Firefox and Chrome web browsers. Installation is easy, and follows the same procedure you would use to install any browser extension or add-on. You can control the activity of individual trackers by sliding the slider control to allow (green), allow but block cookies (yellow), or block entirely (red) the selected tracker.


The fervor over illegal government internet spying on common citizens is far from over. I suspect that it hasn't even begun to reach it heights. The last thing the common "netizen" needs is another threat to their privacy. Plus, privacy on the internet and our other modern forms of communication (cell phones, for example) is at the forefront of the public consciousness.

If you run NoScript, then you **should** be relatively safe from the canvas fingerprinting scheme, as NoScript should be able to prevent the JavaScript code from executing and creating that unique fingerprint. For the rest of us, it's nice to see something like Privacy Badger, where trackers are managed automatically and in the background. Given the EFF's passion for all issues related to privacy, I can think of no one I trust more to help manage my privacy and internet "footprint."

Previous Page              Top              Next Page