Some of the Web's top sites, including porn sites and educational ones, are tracking their users' browsing habits through a technique that fools standard privacy software, says a Princeton study.
Termed 'canvas fingerprinting', this undocumented tracking tool was conceived just two years ago.
Many sites aren't even aware that they are collecting 'fingerprints' when they incorporate services that use the code into their web pages.
Users' digital signatures are created when a website secretly asks their browsers to render a captcha-like image (generally used to detect spam) based on the unique specifications of their computer that include the operating system functionality and system hardware.
Tying the browser more closely to these specifications means that websites have more access to these resources. Browser behaviour varies depending on the behaviour of these resources.
By extracting a visitor's print and checking which other sites have captured the same one, a browsing history of the browser is created. This is then used by sites to target advertising.
The concern is that these fingerprints are generated without users being aware of it. They even work if cookies have been turned off.
Princeton computer scientist Christian Eubank, who co-authored a new examination of canvas fingerprinting, equates a computer's unique specifications with a human's handwriting.
The CEO of AddThis, which sells canvas fingerprinting software to websites, told ProPublica that the company was looking at the technique as a "cookie alternative."
According to the Princeton study, more than 5% of the 100,000 most-visited websites (as ranked by Alexa) now use canvas fingerprinting.