Latest in Security

Image credit: Engadget

What you need to know about Apple’s war on ‘digital fingerprinting’

The sites, they are watching you.
234 Shares
Share
Tweet
Share
Save
Engadget

Most everyone is aware of how tracking cookies work (or if you're not, you should be). They're little pieces of data added to your browser that track your behavior on the web. Usually, you notice them when you search for something like basketball and every ad you get for the next few days is about basketball.

At its annual WWDC keynote Apple announced that it would work on blocking another way sites and advertisers track you: canvas fingerprinting. If you haven't heard of it before, don't feel too bad. But actually do feel bad because it's helping advertisers keep an eye on you based on your digital, well, fingerprint.

Canvas fingerprinting actually recognizes your browser of choice based on its configuration. Information about the browser, operating system, fonts and other pieces of data are combined to create a unique profile. Once the profile is built, it can be shared with other sites and ad networks. In other words, you can be tracked without using cookies.

It's a bit like if you wore the same clothes to visit a couple stores. Those initial stores could call other stores and tell them what you're wearing so as soon as you walk into future establishments, they may not know your name but they know exactly who you are.

Apple says that Safari for macOS Mojave will stop this type of tracking by limiting the browser data that sites can access. By doing this, instead of a site creating a unique profile of a visitor, it'll only (theoretically) see exactly the same information it gleaned from another person using Safari.

In other words, everyone that visits the site with Safari will look the same. It's like everyone wearing the same black pants, black hoodie and dark sunglasses in a store. If everyone looks alike, it's tough to track their movement both in the establishment and once they leave.

"Previously you had to opt-out for these things not to track out. Now they're saying if you want it if you want this you have to opt-in," said FireEye senior analyst, Parnian Najafi Borazjani.

If you're curious if you're being tracked (you probably are) the EFF's Panopticlick will test your browser. The foundation also has the helpful Privacy Badger extension to help block trackers you encounter.

Meanwhile, Firefox also has some substantial privacy features but doesn't go quite as far as the upcoming Safari. "Mozilla is working with the TOR project to add a number of privacy and security features to the shared codebase that both Mozilla and TOR use to produce Firefox and TOR browser respectively. Canvas Fingerprinting is one such feature, however it is disabled by default and we have no current plans to ship Canvas Fingerprinting in Firefox beyond the Nightly channel," Selena Deckelmann, senior director of engineering, Firefox runtime told Engadget.

Apple and other browser-building companies can't block every type of tracking out there. There's a ton of money to be made watching you surf the internet and selling that information to advertisers. That cash incentive means we'll see more elaborate systems meant to see exactly what you're interested in.

Like all things privacy and security based, it's an arms race between the makers of tools that'll keep folks from sharing or leaking too much information and the people that want to gather as much data as possible from us to make a profit. Safari's upcoming feature is just another weapon for the consumer to stay anonymous out there while shopping for new shoes.

Follow all the latest news from WWDC 2018 here!

From around the web

ear iconeye icontext filevr