Tracking your digital fingerprint online raises privacy issues

By Robert Merkel, Monash University

Just how much information we give away about ourselves as we browse the web has been raised again by a tracking device used in thousands of websites.


Researchers at Belgium’s University of Leuven have revealed the widespread use of a technique called “canvas fingerprinting” that tracks the activities of people on a website without their knowledge.

More than 5,600 websites were identified using the fingerprinting technique including Australian websites such as Australia Post, the Fairwork Ombudsman and the Sea Shepherd conservation group.

While this technique is relatively new, it represents another front in a very long battle to find out what users do online, and raises concerns about our ability to control our online privacy.

Here, have a cookie

Technical mechanisms for uniquely identifying web users date back to the introduction of the cookie in the Netscape browser in 1994.

When the user loads a webpage they get all the information necessary to display the page, such as the text, layout and images. But they also a small amount of “cookie” data sent along too, which is stored by the browser on the user’s computer.

When the user requests another page from the same website, the browser appends the cookie to the request to the server. In this way, the server hosting the website knows that the request came from the same computer.

Cookies are extremely useful and without them there would be no support for website logins.

But they can also be used to provide a complete record of a user’s use of a website. The use of “tracking cookies” allows this recording to extend across many, many websites, providing a comprehensive picture of a user’s browsing history to whoever controls the tracking cookie.

This becomes particularly intrusive if this browsing history can then be tied to any identifying data.

Privacy management

Understandably, many internet users aren’t terribly enthusiastic about their browsing history being so readily available to third parties. Tools to manage cookies have been incorporated into internet browsers and third-party privacy tools.

Deleting cookies, or controlling whether particular cookies are sent back to particular websites, gives the user more control over the extent of monitoring.

The technical response of browser developers has been combined with legal measures, such as the European Union’s privacy directive.

Under these rules, cookies used in a potentially privacy-invading manner must be disclosed to website visitors and explicit consent obtained.

Browser fingerprinting

Some internet companies have now turned to another ingenious technique for uniquely identifying and tracking users.

Rather than relying on browsers to send back a previously sent cookie, they collect enough information about the user’s browser environment to uniquely identify the user.

Modern computers have specialised hardware that greatly speeds up the computations needed to draw pictures on the screen. These graphics chips, made by companies such as NVidia, have made possible the amazing graphics of modern games, and speeded up your browsing and spreadsheets on today’s high-resolution monitors.

But the wide variety of such hardware, and the software used as “drivers” to control them, means that different computers will render such pictures in subtly different ways.

Images rendered by the graphics hardware (and thus subtly different on different computers) can be created from within a browser, analysed and sent back to a web server.

On its own, this is not enough to uniquely identify a user. But when combined with information such as the browser name and version number, and the list of fonts available on the system, it can provide a unique “fingerprint” of a user’s computer.

This provides a tracking mechanism that can be operated across many websites; a “super-cookie” that can’t be deleted as it is inherent to the computer it’s running on.

Again, this is most intrusive if it can be combined with personally identifying information. But even without this, it is very much against the spirit of the cultural norm (and the EU law) that requires internet sites to explicitly gain the consent of their users to enable tracking.

The University of Leuven research indicates that around 5% of the world’s top 1,000 websites make some use of this fingerprinting method, which was originally identified by University of California researchers in 2012.

Interestingly, however, the vast majority of websites using browser fingerprinting had done so by incorporating a third-party element into their website.

Free tools come with a hidden price

The primary product of AddThis is sharing tools – an easy-to-add component that website developers can incorporate on their sites that allow visitors to easily share the page they are viewing on social media such as Facebook and Twitter.


While AddThis charges for some use of some these components, others are available for free. Free and good-looking website components are to website developers what honeypots are to bears, so it’s not surprising that they have been widely adopted.

But AddThis extracts an additional quid pro quo – collecting browser data about those who visit sites usings their tools, much more than either the visitors, or the website owners, would have realised.

AddThis’s Rich LaBarca said it carried out a six month test using the fingerprinting and that any data collected was used for “internal research”. The code has since been disabled.

But the White House blog on the website of the US President didn’t realise that incorporating AddThis tools to its website violated its own privacy policy.

Taking what most of us give away anyway

As a computer geek from way back, I can’t help but grudgingly respect the ingenuity of those who perfect these privacy-invading tools, even as I deplore their ethics.

But my outrage is also tempered by the knowledge that these companies are taking by stealth what most of us choose to give away freely to other companies.

As media theorist Douglas Rushkoff observed, we – or, more precisely, our personal information – are “products” to many online companies such as Facebook, Google and AddThis.

The greatest fortunes of the 21st century have been founded on collecting and exploiting the personal information of billions of people, with a level of detail that companies such as AddThis can only dream of accessing.

And they’ve found that providing an easy way for us to share webpages of amazing cat videos and pictures is compelling enough that most of us will freely give them that information.

So what of ethics?

Do those who actually build these technologies – the programmers, analysts, testers and other IT professionals – have any obligation to consider the ethics of the tools they build? In theory, they do.

The two largest global professional bodies of the IT profession – the Association for Computing Machinery (ACM) and Institute of Electrical and Electronics Engineers Computer Society (IEEE-CS) – have jointly developed a Software Engineering Code of Ethics. The Australian Computer Society also has its own code of ethics.

Unfortunately – and unlike law, medicine or other fields of engineering – professional societies and their codes of ethics have virtually no influence within the information technology community.

Despite occasional efforts to set themselves up as gatekeepers through licensing, they have had little success. As such, however virtuous these codes of ethics may appear, they have no teeth.

Much as I would personally like it to be otherwise, it’s unlikely that attempts to violate the privacy of individuals will reduce through the self-regulation of IT professionals.

The financial incentives for companies to do so are likely to continue. Privacy protection will have to come through some combination of public pressure, legal means, and individual adoption of technical and behavioural countermeasures.

Robert Merkel receives has previously received Australian Research Council grants to investigate aspects of software testing and reliability.

Continue Reading →

FIFA rejects calls to strip Russia of WC


Russia’s alleged involvement in shooting down a Malaysia Airlines plane over Ukraine last week prompted calls from some lawmakers in Germany to review the country’s hosting rights.


On Friday, political pressure on Russia increased when the European Union moved to freeze assets and restrict travel for more individuals and businesses.

FIFA issued a statement saying it “deplores any form of violence” and would support only peaceful, democratic debate about the World Cup.

“History has shown so far that boycotting sport events or a policy of isolation or confrontation are not the most effective ways to solve problems,” FIFA said, adding that global attention on the World Cup “can be a powerful catalyst for constructive dialogue between people and governments.”

The conflict between Ukraine and pro-Russia separatist rebels escalated days after the World Cup ended in Brazil.

On July 13 in Rio de Janeiro, Russian President Vladimir Putin attended a World Cup hosting handover ceremony with Brazilian counterpart Dilma Rousseff. Both then sat next to FIFA President Sepp Blatter to watch the final at the Maracana Stadium, won by Germany.

FIFA, which has Russian sports minister Vitaly Mutko on its executive committee, said a World Cup in the country “can be a force for good.”

“FIFA believes this will be the case for the 2018 FIFA World Cup in Russia,” the governing body said.

Blatter already rejected calls to strip Russia of the tournament after it annexed the Crimea this year.

“The World Cup has been given and voted to Russia and we are going forward with our work,” Blatter said in March.

In a separate statement Friday, Mutko said a United States-led boycott of the 1980 Moscow Olympics had been a mistake.

“So there’s no sense in reacting to politicians trying to make names for themselves,” Mutko was quoted saying by Russian news agency R-Sport. “We’re preparing in a calm way, building facilities, getting ready for the World Cup.”

Russia has announced a $20 billion budget for building and renovating 12 stadiums, and other construction projects, for the first World Cup to be held in eastern Europe.

Restricting Russian financial institutions’ access to European capital markets was suggested to a meeting of EU ambassadors in Brussels on Friday. The 28-nation bloc is scheduled to further discuss the subject on Tuesday.

“FIFA has stated many times that sport should be outside politics,” Mutko said. “Hosting an event like this, we’re doing it for athletes from all over the world, for footballers, for the fans.”

Continue Reading →

Waite frustrates AFL Blues, Jamison says

Carlton key defender Michael Jamison says the Blues hope Jarrad Waite’s starring role in the club’s win over North Melbourne is a wake-up call for the talented forward.


Jamison says Waite’s inconsistency is frustrating, particularly as he’s such an important player in the side.

Waite kicked a season-high four goals and grabbed 11 marks last round in Carlton’s 23-point AFL win, which was their sixth in 17 games this season.

After kicking 27 goals in an injury-prone 2013 season, Waite has scored just 17 in 11 matches in 2014.

“You only have to look at last week how important Waitey is to us, when he comes back in the team after a couple of weeks out and kicks four goals,” Jamison told a media conference on Monday.

“It surely highlighted to him how important he is to us and how much we need him and also the things we need from him to be a good player.

“It’s now up to him to do that for the rest of the five weeks and stay in the side.

“It’s the same with any teammate who’s inconsistent and it’s only highlighted with Jarrad because his good is so good and so important to us.

“We get frustrated when anyone is up and down. But when someone is so good and so necessary for the side, it’s frustrating.

“But it’s countered by how good he is and how rapt we are when he’s up and about like he is at the moment.”

Waite was third in Carlton’s best and fairest in 2007, but the 31-year-old is coming out of contract and his future at the club is uncertain.

The Blues are out of finals contention and face a tough challenge on Thursday night in Perth against fourth-placed Fremantle.

Jamison says the Blues are determined to avoid having a season that’s a “full waste”.

“Against North, that was our best full game and it certainly does set a great platform. It sets a benchmark,” he said.

“We know we can do it now so that has to be the minimum expectations and we’ll certainly take those expectations in against Fremantle and for the month following that as well.”

Continue Reading →

Search and work: Government plans to overhaul dole scheme

The federal government says the unemployed should be out there looking for work every day as it prepares to make them search for 40 jobs a month and perform 25 hours of weekly community work.


Details of the government’s new three-year $5.1 billion job placement program, to be launched from July next year, was released on Monday.

Job service providers will be rewarded for getting people into short-term work for periods of four, 12 and 26 weeks.

Most job seekers will be required to look for up to 40 jobs per month and work for the dole will be mandatory for all jobseekers younger than 50.

Jobseekers younger than 30 would have to work 25 hours a week under the expanded program, while those between 30 and 49 will be asked to do 15 hours work a week, and those aged 50-60, 15 hours a week.

Wage subsidies will be expanded for mature age workers, and extended to young job seekers under 30 and the long-term unemployed.

Assistant Employment Minister Luke Hartsuyker says the new measures are the least the taxpayer expected of those on welfare.

“It’s not unreasonable to expect jobseekers to be out there looking for work, every working day,” he told ABC radio on Monday.

Labor accused the government of tearing apart the principles of the mutual obligation system.

The new arrangements will mean jobseekers under 30 will receive no welfare for six months but still be required to door-knock for jobs.

“They will not receive a cent, even if they look for work each day, each week, for six months,” opposition employment spokesman Brendan O’Connor told ABC radio.

“Yet now they’re having to keep their side of the bargain.”

Mr O’Connor supported the idea of removing red tape for job service providers, but only if it was done properly in consultation with industry.

The tough new dole requirements will set jobseekers up to fail, Greens leader Christine Milne says.

“We should stop demonising people who don’t have a job, and suggesting that every unemployed person doesn’t want to work,” she told reporters in Hobart.

Continue Reading →

Five dead in bombing of Nigerian church

At least five people are dead and eight have been injured in a bomb blast outside a church, one of two attacks prompting the cancellation of planned religious festivities in the northern Nigerian city of Kano.


The attack came shortly after the end of Sunday mass at the Saint Charles Catholic church, police say.

“We suspect an IED (improvised explosive device) that was thrown from across the road” at the church in Kano’s Sabon Gari district, which has suffered previous attacks by the Islamist group Boko Haram, police spokesman Frank Mba said.

Also in Kano on Sunday, a woman suicide bomber blew herself up outside a university after police prevented her carrying out an attack, injuring five officers.

“A female suicide bomber was isolated as she was walking towards the gate of the university,” Mba said, adding that she had hidden the bomb under her “long black hijab”.

“Police on duty isolated her” because she was behaving strangely.

They were about to ask a female colleague to frisk the woman when she detonated the bomb, killing herself and injuring the five police officers.

Police also said they had made safe a remote-controlled car bomb near a mosque and the home of a prominent Kano sheikh on Saturday.

“The police were alerted by some vigilant residents last night,” said Kano police spokesman Musa Magaji Majia. “Our bomb disposal personnel succeeded in defusing the IED.”

While Boko Haram, which is seeking to install an extremist Islamic state in Nigeria, has killed dozens during a recent spate of strikes in the far northeast, Kano has also seen two attacks in recent months.

Officials on Sunday moved to avert further violence, cancelling Eid festivities marking the end of the Muslim holy month of Ramadan next week.

“Given the critical situation we are in, the royal highness (of Kano state, Emir Sanusi Lamido Sanusi) has suspended all festivities associated with the eminence including the Durbar and other traditional events that are held during the Eid festival,” an aide to the emir, Aminu Ado Bayero, said.

Continue Reading →