Stop “clearing your cookies.”
The classic advice for protecting yourself from internet tracking doesn’t work very well against the newest breed of sophisticated snoopers who are spying on you using everything from your iPhone’s battery status level to the kinds of fonts installed on your browser, Princeton researchers say in a massive new analysis of 1 million web sites, the largest of its kind.
The “trackers” find out what kind of person you are, and then serve you targeted ads. If you visit those sites, data about you is gathered up and resold to other marketers. You read the news for free (sometimes) and someone gets paid to write it, and funny cat picture sites get their server costs covered.
But the trackers are also used to build profiles of consumers over which they have no control.
“Several features of the web…are being used or abused, depending on how one looks at it, by these tracking companies and various entities in the ad tech ecosystem,” said study co-author Arvind Narayanan, an associate professor of computer science at Princeton. “They’re being used in sneaky ways to track where users are going across the web.”
While consolidation in the ad market is understandable, security professionals were alarmed by the more “esoteric” methods of tracking they uncovered.
These new techniques form a kind of “browser fingerprinting.” Even if you’re doing your best to clear your cookies and always fill out online forms using the name “Sir Fluffius Hottentot,” sites can still identify you using these more discrete markers.
The exact list of fonts you’ve installed can be a data point. How exactly your browser processes audio data can be another. If you always size your browser window to a certain size can be another tell, and even your battery status level.
The researchers found instances of a kind of graphics function tracking called “Canvas Fingerprinting” on 14,371 sites, font list fingerprinting on 3,250 sites, audio fingerprinting trackers on 579 sites, and battery level tracking in two different programs.
“A combination of your browser version, OS version, Flash version, amount of RAM, etc. is a surprisingly accurate way of tracking users on the web,” said Chester Wisniewski, principal research scientist at security firm Sophos.