I found this on Bruce Schneier’s blog:
Fingerprinting Computers By Making Them Draw Images
Here’s a new way to identify individual computers over the Internet. The page instructs the browser to draw an image. Because each computer draws the image slightly differently, this can be used to uniquely identify each computer. This is a big deal, because there’s no way to block this right now.
I glanced at the paper and it is a bit interesting. By getting your computer’s hardware to produce an image they can identify the machine with a high degree of accuracy. Of course, one would presume that that level of hardware access would be blocked by the browser sandbox, but they found a clever way to step around that limitation. This approach will, of course, be quickly blocked by many of the browser writers (I am sure that the Firefox developers are almost done with a patch), but there is a HUGE amount of money out there for products such as these and I have no doubt that variations on a theme will be blasting out soon. It is interesting to me, though, that the very success with tools such as these puts a hard lifetime on their success. There are quite a few groups out there that are ultra paranoid about every byte that traverses their networks and they work to identify the source for each and every one, so something that becomes successful will rapidly rise into the targeting aperture of these organizations and be stomped on. It is interesting to observe the cat and mouse game (where ‘cat’ and ‘mouse’ switch roles from time to time) from the sidelines, I am quite happy to not put in 36 hour days figuring out some of these things.