Tracking is the holy grail of the online advertising industry. Randomly throwing advertising at users has a very low success rate. The better advertisers can predict what a user will be interested in, the more likely they are to serve advertising that gets more clicks that convert to more sales. To target advertising, networks need to develop profiles of users, and the most common way to do that is with cookies. A cookie is placed in the user’s browser containing a unique identifying number, and whenever a browser visits a site that belongs to the advertising network, code on the page looks at the cookie. In this way, advertising networks can track users across the web — and if those users are logged in to a service like Google or Facebook, the tracking can be all the more accurate, because they can associate it with much richer data.
But not everyone is happy with being tracked across the web, and, as web users become more savvy to the privacy implications of tracking, many are choosing to block the third-party cookies used by advertising networks. That’s bad news for advertisers and for publishers, who are seeking alternative methods of tracking, one of which is browser fingerprinting.
Fingerprinting doesn’t rely on a cookie, instead it uses a combination of features associated with a browser (version numbers, installed plugins, operating systems, etc) to build up a relatively unique identity.
If the same hash is produced on lots of sites focused on high-end watch reviews, then showing the user Rolex advertising has a greater chance of paying off han if they were shown advertising for kitty litter.
Fingerprinting with HTML5 Canvas isn’t impossible to block, but it’s more difficult than simply blocking third-party cookies, and blocking has the potential to damage user experience.
Of course, this is all predicated on the assumption that HTML5 Canvas fingerprinting is accurate enough to identify individuals, and the evidence is that on its own, it may not be. It’s nowhere near as accurate as cookies, which can reliably be associated with the same browser, but for an advertising industry worried about declining revenue and user suspicion, it’s better than nothing.