The mechanism, called "canvas fingerprinting," uses special scripts — the coded instructions that tell your browser how to render a website — to exploit the browser's so-called 'canvas', a browser functionality that can be used to draw images and render text.

First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor’s Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it.

It is worthwhile to note that these methods do preserve the same origin policy — if an image from a different origin has been drawn on this canvas, they will throw a SecurityError exception instead of returning pixel data. Therefore, our <canvas> fingerprints must only contain image resources that are under our control.