Update: 2019-06-27

We’ve been working on a lot behind the scenes and wanted to give an update here. On Stack Overflow specifically the ads are delivered directly through us or relayed through specific 3rd party providers. The latter is where the fingerprint issue lies.

We are trying to address this on a few fronts:

We have contacted Google for assistance in what features they provide to address this. (We use them as our ad server, that’s why we’re in contact with them).

We are testing deployment of Safe Frame to all ads. It’s on most ads now, but we’re putting control on our rendering side to enforce this safety mechanism.

We are trying to deploy the Feature-Policy header to block access to most browser features from all components in the page.

While Feature-Policy is the browser feature most meant to address this, we’re hitting issues in practice. I’ve reached out to several experts and the Google Chrome security team and we’ve filed a bug in the Chrome tracker. A minimal test version of the header is deployed on Stack Overflow now to help the browser teams investigate what we’re hitting.

We know the audio/fingerprinting issue is not isolated to Stack Overflow, but external sites as well. Our goal is to fix it at the third party layer if possible and add any protections we can to directly our network/pages.

We are not turning off these ad campaigns as a knee-jerk reaction because we need a repro to confidently fix the issues. We would much rather put in protections for long-term guards than playing whack-a-mole with issues as they arise. We are working on those stronger long-term protections now.

We are open to help fixing this. If you have more information, suggestions, can help with the Chrome bug above, or anything else: we welcome it. We are trying to do the right thing and get this fixed and fixed well ASAP.

I’ll update this post as we have more info.

Original Response: 2019-06-26

Thanks for letting us know about this.

We are aware of it. We are not okay with it.

We're trying to track down what is doing it and get that mess out of here. We've also reached out to Google to enlist their support. I'll be honest: it's late in the day and we're unlikely to get this resolved today. But we've reached out and hope to get it fixed ASAP.

Note: this is not related to ads being tested on the network - it's a distinctly separate issue. Programmatic ads are not being tested on Stack Overflow at all.

I'm also sorry it took a bit to respond. We had a completely unrelated SQL issue earlier causing production issues that stole a lot of our attention.