Stay on Top of Emerging Technology Trends Get updates impacting your industry from our GigaOm Research Community

It would be great if internet users could tell the websites they visit that they don’t want to be tracked by advertising groups unrelated to the webpage they’re viewing. In fact, in 2009, a group wrote a standard so that web browsers could do just that. But the standard was poorly adopted because many of the biggest advertising companies on the internet aren’t crazy about such an idea. There wasn’t a real enforcement mechanism — until the Electronic Frontier Frontier released Privacy Badger, which lets users opt out of tracking across the internet.

Privacy Badger, an extension for Firefox and Chrome, disallows cookies from certain third-party domains. When someone clicks on a site, they request information from domains that aren’t necessarily the site they asked to visit; that’s just the way hypertext — the “HT” in “HTTP” — works. For instance, if a blog has an embedded Facebook Like button, that widget makes it so you can easily like that page, but it’s also tracking your activity across the internet. That’s what privacy wonks like to call a “third-party request,” and it’s what Privacy Badger seeks to block.

Privacy Badger is different from other blockers, however, and not just because it’s developed by a nonprofit. Previously, blockers have used a centralized blacklist approach. Blockers download a list of bad domains from a remote location out of the box, which is the blacklist most users settle on. Privacy Badger’s blacklist is user-generated: instead of blocking sites, Privacy Badger blocks objectionable behaviors. As you browse, if it detects the same third-party domain tracking you across three different sites, it blocks it.

Aren’t there already several ad blocking extensions?

There are several companies and people actively developing privacy tools for web browsers. Some of these are called ad blockers, which is more of a marketing distinction than anything. The end user hears about the tangible benefit — they don’t have to look at annoying ads on the web — as opposed to the more nebulous concept of privacy protection. Because most invisible third-party scripts and cookies are from advertisers, many of these extensions effectively block most ads.

Ad blockers are widely downloaded. Adblock claims it is the most downloaded extension on the Chrome Web Store, and both it and Adblock Plus have millions of downloads.

Ghostery makes money by tracking the trackers while blocking them and selling data about third party trackers, which it calls Ghostrank. Disconnect takes a pay-what-you-want approach, but it is still developed by a for-profit company founded by a former Google engineer. Adblock is donation-supported, but many users confuse it with Adblock Plus, which has generated controversy for having advertisers pay to land on a whitelist. While Adblock and Adblock plus allow users to add upload their own blacklists and whitelists, Ghostery and Disconnect do not even allow users to add new filters.

The salient difference between Privacy Badger and the other extensions is that Privacy Badger’s blacklist is generated through heuristic blocking, which means it gets better the longer it is used. Out of the box, Privacy Badger won’t block nearly as many third-party requests as the commercial options, but as you use it more, it will learn more and more hosts to block, although it does come with a built-in whitelist for things like Google Maps and Paypal, which are needed to browse the web normally. This approach is a major change.

What’s the best blocker?

The difference between Privacy Badger and the other blocker extensions is not an issue of effectiveness. For the most part, all the blockers currently on the market do a pretty good job of blocking third-party requests. Developer Raymond Hill, who has been working on a excellent privacy-oriented developer extension called HTTP Switchboard, is able to run what he calls a “browser session benchmark,” checking to see how many requests get past the various blockers.

His methodology is to visit 15 well-trafficked sites several times, and average the number of requests that slip through.

As you can see, the Ghostery and Adblock numbers are very similar, with Disconnect trailing slightly behind. Privacy Badger is run on a fresh installation, and does not block nearly 3rd-party requests as the commercial extensions, but that’s by design. A benchmark run on a well-primed Privacy Badger should have significantly lower numbers.

It’s about the principle of the matter

The key to Privacy Badger is that it is run by the EFF, a well-funded non-profit dedicated to “defending civil liberties in the digital world.” Considering that blocking tracking cookies and third-party requests is as much about the principles at hand — your browsing history shouldn’t be collected by companies you’ve never heard of — as eliminating annoyances from the web, it’s unlikely that the EFF would ever reduce its effectiveness because of commercial considerations.

Adblock Plus has been accused of extortion-like practices because of its Acceptable Ads program, which reportedly has companies offer money in exchange for preferential whitelist treatment. According to the Guardian, Google pays for this treatment, and shortly after Twitter’s IPO, Adblock Plus posted an open letter to Twitter inviting the company to get in touch. And while Adblock Plus released an “Acceptable Ads Manifesto” earlier this month, it does not mention privacy or data leakage at all. This doesn’t necessarily mean Adblock Plus is a bad tool; Privacy Badger is based on the Adblock Plus source code.

Ads are the backbone of many digital business models, and if everyone blocked all third-party requests there would be a lot of sites in trouble. The EFF understands that there’s a balance to be struck, and they’ve made it clear to website publishers how to whitelist their ads: publishers must respect Do Not Track guidelines, effectively allowing Privacy Badger users to opt-out from tracking. It’s an enforcement mechanism for DNT, which is a great idea but has had significant difficulties with adoption.

An uncertain future for privacy blockers

It’s heartening to see the EFF produce its own privacy blocker, because it makes me hope they’ll tackle blocking on mobile devices, which faces several challenges. Considering the metadata transmitted from a phone could be more personal than that from a laptop, as the volume of mobile browsing overtakes browsing on the desktop, the inability of smartphone users to meaningfully block third-party requests will become even more glaring.

It’s difficult to imagine Apple allowing enough access to iOS to ever implement any kind of privacy blocking on the iPhone or iPad. But Google isn’t opening the floodgates either. Google removed AdBlock Plus from the Google Play store last year, forcing users to sideload it. But this deters most users from considering installing it, and even after it is installed it is hamstrung by restrictions built into the Android APIs.

It’s understandable from a business standpoint that Google wants to restrict Adblock Plus on Android — it’s made by a for-profit company providing a way for users to evade Google’s primary business. But to remove an ad blocking extension from a nonprofit, like EFF, would be a clear signal of hostility towards blockers in general. The lack of respected privacy blockers on Android has also led to a proliferation of low-rent alternatives, many of which do not work as promised, and may actually be compromising user privacy.

Privacy Badger isn’t perfect; it’s in beta, and it breaks a lot of websites, including some of the most popular news sites on the web. But its interface is very user-friendly, and it clearly lists all third-party requests — blocked or not. If you’d like to to know more about a third-party tracker, its color-coded sliding bars makes it easy to identify which domains are blocked, and even unblock them if desired.

Considering that using a blocker is somewhat of a political statement about privacy — users don’t opt-in to third-party tracking, and by running Privacy Badger can they opt out — it’s more than good enough, and its relative “purity” compared to the others on the market should make it the cypherpunk’s choice.

Top image by Robert Nelson/Creative Commons