The Facts About Our Use of a Canvas Element in Our Recent R&D Test

A recent test, which was labeled in an article as “canvas fingerprinting,” caused concern among our users and people around the web. Our community is critically important to us, and we want to address your concerns.

We conducted this research project from February to mid-July. We’re constantly testing, and this was a preliminary initiative to evaluate alternatives to browser cookies. Many other companies are working on cookie alternatives, and we wanted to see if this approach worked before deciding whether or how we’d use it. The test was completed, the code has been disabled, and this data was never used for personalization or targeted advertising.

We use cookies to power our anonymous personalization and audience technology with non-personally-identifiable (PII) information. We don’t identify individuals. This is a core philosophy we take to heart and we honor user opt-out preferences any time we act on our data.

Being the largest provider of website tools on the Internet, we have responsibilities to our publishers and their visitors. We adhere to industry standards, and have an opt-out process that complies with our membership in the NAI and the DAA. We honored our opt-out policy during this test, and the data was only used for internal research.

We take your feedback very seriously and we understand your concern. Moving forward, we’re going to change the way we run tests, and we’ll provide you with more information about the tests before we activate them. We want you, our community, to be involved in the development of our tools, and our efforts to provide you with the best service for your site.

As always, we want to keep the communication lines open. We’re working on an open standard to give users transparency and control of online personalization. We’re looking for feedback and partners, so please subscribe to this email list to receive announcements in the coming weeks.

  • Steven James Burks

    Hi Rich – Why is a canvas element even considered a security or privacy risk? It does not contain PII, either.

  • Rich L

    Hi James. The concern is that it could be used as a fingerprint to tie anonymous browsing behavior to a specific client (browser) or device – similar to how cookies are used, but without the ability to opt-out and/or clear them. In our test, we found that it was very unreliable for that use. Had it actually been good, we would have kicked off a whole new investigation (including working with industry groups and regulatory bodies) to see if we could use them in a transparent and user-controllable way. But given the results, we’re halting the project.

  • Wiki-Truths

    Halted until you forget about us and we get more ca$h.

  • http://www.wmwebdesign.co.uk/ Keith Davis

    Hi Rich
    A lesson to us all in being up front and keeping people in the picture.
    Nice one.

  • Rich L

    Hi Phil. The code was deployed across our network. This was not beta code – which suggests that it was unstable or would impact publisher site performance or security. This was production-quality code designed to conduct an R&D test and had no negative publisher impact. We update our code on publisher sites all the time in an attempt to bring them additional functionality and insights, and we have a long track record of reliable releases.

    It’s impractical to run elective deployment tiers across 13 million sites worldwide. But as we mentioned in the blog post, we will be notifying publishers of significant tests being run across the network in the future and incorporate feedback.

    Regarding the actual data, we do separate specific sensitive data out as it comes into our servers. We follow the NAI and DAA principles for sensitive content and either filter the data out as it comes in, or treat the data differently based on the subject matter. We do not target on adult data, for example, and even if the code is installed in a SSL-enabled finance site, we are never exposed to any data that could identify an actual person or their account.

  • Steve Smith

    why do I have to install a cookie from you to block you from tracking me?

  • Rich L

    Hi Steve. This is a great question because it’s so counter-intuitive.

    The industry standard answer to this is to set a constant ID instead of a normal random UID to indicate that you’re opted out. We’ve chosen all zeroes as that constant ID. As a result, everyone who opts out all look like the same browser to us, and when we see the zeroed cookie, we cannot use the data for personalization or targeting your browser.

    Here’s a little behind the nuts and bolts of this.

    The main thing cookies do is let us know if we’ve seen your browser before. We do this by storing a long string of random numbers (UID) to look at each time we see the browser load a page.

    Please keep in mind that this UID has nothing about you yourself or anything about your computer or browser in it. It’s a combination of random numbers and an encoded timestamp.

    If we do not set this UID, every time you visit a page with AddThis on it, you look like a new browser (or a browser that cleared its cookies). So we don’t know you’ve opted out. This is where that industry standard fixed ID comes into play.

  • Rich L

    Hi Steve. This is a great question because it’s so counter-intuitive.

    The industry standard answer to this is to set a constant ID instead of a normal random UID to indicate that you’re opted out. We’ve chosen all zeroes as that constant ID. As a result, everyone who opts out all look like the same browser to us, and when we see the zeroed cookie, we cannot use the data for personalization or targeting your browser.

    Here’s a little behind the nuts and bolts of this.

    The main thing cookies do is let us know if we’ve seen your browser before. We do this by storing a long string of random numbers (UID) to look at each time we see the browser load a page.

    Please keep in mind that this UID has nothing about you yourself or anything about your computer or browser in it. It’s a combination of random numbers and an encoded timestamp.

    If we do not set this UID, every time you visit a page with AddThis on it, you look like a new browser (or a browser that cleared its cookies). So we don’t know you’ve opted out. This is where that industry standard fixed ID comes into play.

  • http://www.propelgrowth.com Candyce Edelen

    I understand the need to do R&D, but this approach seems a bit like the Facebook decision to experiment on their user base without obtaining user consent. In addition, I get the sense that your experiment violated the privacy assurance that your clients have to deploy on their websites in order to comply with various global privacy regulations. We take visitor privacy very seriously on our site, and realizing that our providers might be experimenting on our visitors without our consent is disturbing.

  • Rich L

    Hi Candyce. Performance testing through personalization is a critical tool for website publishers and content producers of all types. One of the promises of the web over traditional media is that you can tune experiences through testing and data-driven personalization. User see different versions of many websites as a part of this process. The primary expectation from users is that it should be relevant, and should be the “latest and greatest” experience those companies can offer.

    That said, we believe that consumers should be more aware of the ways their experience is being personalized. See point #2 in this blog post where we discuss a point made by Martin Abrams in an essay titled “Boxing and Concepts of Harm”.

    While publishers are being empowered with personalization and testing, we want to empower users to understand and control the ways their personalization is happening. So please subscribe to this email list, as we’re announcing an open transparency and control initiative we’ve been working on for a while.

    Regarding our testing, we performed no action that violated our terms of service with our publishers. Please keep in mind that we were taking no action on the data collected in this test. Neither users who were opted-out nor opted-in would have seen their web experience changed due to this project. If we decided to move forward, we would have looked for solutions to user transparency and choice, and would have taken extra steps to ensure our publishers knew we were going to be taking action on this data.

  • http://www.propelgrowth.com Candyce Edelen

    Rich – thanks for your transparent response. I am a marketer and support the ability to provide targeted results for visitors. But tracking visitors across their entire internet activity is something I’d consider invasive. I’ll look forward to hearing how you handle user transparency and choice. Who knows. Maybe you’ll be able to influence industry standards in a positive way. Perhaps Google and Facebook would pay attention?