A new breed of tracking technology called canvas fingerprinting seeks to replace traditional web browser cookies in a totally invasive, sneaky way. In essence, canvas fingerprinting tells a user’s web browser to draw a hidden image of the user, which it then attaches a number identifier to. As the user goes from website to website, canvas fingerprints construct profiles on these users based on their viewing and browsing histories.
Sound like a serious invasion of privacy? We agree.
Here’s what your business needs to know about canvas fingerprinting, along with some tips how to get better consumer data without taking intrusive measures.
How it Works
A device fingerprint works on the premise that every computer’s hard drive is different: They contain different software, default settings, and more. When computers connect to one another over the Internet, they automatically broadcast these differences to each other. With it becoming easier for users to erase their cookie histories, tracking companies sought to use the fingerprint method to uniquely identify devices for ad retargeting and other advertising purposes.
In May 2012, researchers discovered that a programming feature called “canvas” could enable a new type of fingerprint by pulling in different attributes than a typical device fingerprint. A year later, Russian programmer Valentin Vasilyev picked up the study and added a canvas feature to the fingerprint code. Since then, the code has gained popularity, attracting the attention of tracking companies for its incognizant features.
Why We Wish it Didn’t Work
Unlike its predecessor, the cookie, canvas fingerprinting brings Internet tracking to an entirely new level of invasiveness. For one, canvas fingerprinting is performed without the user’s prior knowledge or consent, and it’s extremely difficult to know when and where you’re being tracked online. To make matters worse, canvas fingerprinting is incredibly complicated and inconvenient to disable on the user’s end.
For the user that’s fiercely determined to circumvent canvas fingerprinting, ProPublica outlines five suggestions, all of which hardly seem simple or convenient enough for the average user to perform confidently.
- Use the Tor browser (Warning: can be slow)
- Try the experimental browser extension Chameleon that is designed to block fingerprinting (Warning: only recommended for tech-savvy users at this point)
- Install opt-out cookies from known fingerprinters such as AddThis (Warning: fingerprint will likely still be collected, companies simply pledge not to use the data for ad targeting or personalization)
Why it Doesn’t Actually Work (For Marketers)
Vasilyev even admits that his own company ended up not using canvas fingerprinting because they found that it only provided accurate data 90% of the time. Not only that, but canvas fingerprinting doesn’t track mobile users. With mobile usage steadily climbing and even overtaking desktop usage, it’s clear that this sort of technology is far too outdated to provide a holistic view of today’s cross-channel consumer.
In the words of Vasilyev himself, “The fingerprint itself is a number which is no way is related to a personality.” In other words, fingerprints don’t equate to true customer profiles. Ultimately, the fingerprint is just an identity code used to infer and draw hypotheses about anonymous users.
What Marketers Should Do Instead
As user privacy protection becomes a greater issue among corporations and consumers, your business should make it a point to uphold a firm commitment to protecting your users’ sensitive information and clearly communicate this to them. Not only does this assure your users that you care about their personal rights, it also paves the way for you to collect accurate, profile and behavior data that paints a comprehensive picture of your customer. And once you actually know your users, you can easily tailor your marketing communications to each user to provide relevant experiences that convert.
Nike, for instance, invites its users to authenticate their existing Facebook identities to register for a site account. Once a user chooses to register and log in to Nike with their Facebook profiles, a dialog lists out exactly what the user will be sharing with Nike, making the data sharing process completely transparent to the user.
Not only that, but when users authenticate their social accounts, Nike gains permission to access necessary social profile data, including their full names, email addresses, friend graphs, interests, and more, giving it a fully accurate view of its customer.
True Customer Insights Require Permission-Based Data
The key to understanding your customers doesn’t mean sneakily trying to piece together bits and pieces about them to form an incomplete picture. Rather, it requires integrity and transparency through asking for explicit permission to access their information in a mutually beneficial way. After all, your users are actual people, not ID numbers.
By Emma Tzeng