How to deal with new tracking techniques; Zombie cookies and Canvas fingerprinting

Canvas fingerprinting, and Zombie cookie trackers are nothing new; however, these methods are improved and have become notoriously effective over the time.

Recently, a study revealed that one in every four 10,000 most visited websites on the internet uses canvas fingerprinting to track the visitors with up to 99.9% accuracy. The tracking attempt to collect private information can be made to later create a profile of users with their visits, their habits and preferences and then be sold to third-party entities such as governments, advertisers, study groups, manufacturers, vendors, and even criminals.

Given the capabilities that big-data and machine-learning provide for each of these groups, the data collection activity might be critically damaging for common users over long periods of time.

Canvas fingerprinting

Canvas fingerprinting is a tracking method based on a capability within HTML5 that provide better customized visual experience to the end users. The same feature can be used to track users as GPU, or different GPU implementations inside end users’ devices, processes and sends visualized data differently.

Today, canvas fingerprinting combines a variety of collected data ranges from browser’s functions, customized settings, JavaScript APIs, sensors information, system clocks, HTTP headers such as user agents, etc. The collected information is combined with other methods such as personal IP addresses and browsers’ cookies to identify individuals across the web.

There are currently available plugins for both Firefox and Chrome users to ban JavaScript and flash and to prevent client-side attacks. Additional sets of plugins are required to create fake information for fingerprinting APIs and to block known third-party trackers.

WebRTC leakage

Some internet users install VPN on their devices to protect their privacy by hiding their real IP information; but they may not know that their browsers still leak their real IP information.

WebRTC is a feature in modern browsers that provide peer-to-peer audio and video communication. The same feature can be used to expose internal IP addresses. As a mitigation measure, a WebRTC blocker can be installed on Chrome or Firefox web browsers. A better secured method to prevent IP leakages is to always use Tor browser with more sensitive activities.

Zombie cookies

Like Canvas fingerprinting, cookie-based tracking methods are not new, but they get improved over time. The terms Zombie cookie coined for the first time in 2010 for a type of HTTP flash cookie that can be restored by itself and after it gets removed by the user.

Zombie cookie trackers are primarily stored in various places outside the browser storage and it would be difficult to find them all. As a vigilant measure, all flash cookies, like any other third-party cookies, can be blocked inside Firefox. Other cleaning applications such as CCleaner can be used to remove stored cookies. As adobe flash player is becoming depreciated, it would also be better not to install or run adobe-based plugins.

Permacookies

Permacookies are a type of zombie cookies used by Verizon and AT&T networks and cannot be removed by users or by using additional security software. Permacookies are in fact UIDH injected to each internet request based on the unique ID stored inside the device by manufacturers. The best way to prevent Permacookie tracking is to tunnel the entire traffic using a VPN and by changing DNS on Verizon and AT&T networks. Users may also want to change their browsers to Tor browser for more sensitive activities.