> […] but being able to read pixel data out of a canvas is completely reasonable... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Freak_NL on May 19, 2016 \| parent \| context \| favorite \| on: Online tracking: A 1-million-site measurement and ... > […] but being able to read pixel data out of a canvas is completely reasonable. Not for every website. Most websites don't need canvas at all. One option would be to ask users to activate canvas support for a website that does need it, so users can judge for themselves if the request is legitimate. This is how the geo-location API works after all. I am not convinced that this will work very well though.

madeofpalk on May 19, 2016 [–]

Seems like just another vector to fingerprint that browser by :)

Freak_NL on May 19, 2016 | [–]

It is! But a disabled setting has a much lower entropy in terms of identifying bits than the hash generated with an active canvas.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact