/ Browser

Privacy Badger eats super-cookies

Browser extensions like Adblock Plus, Ghostery and Disconnect can help you block online ads and some forms of online tracking.

They all share a flaw: these add-ons rely on predefined lists of domains and IP addresses to block.

Why blacklists are inefficient

The problem with these lists is that they aren't updated that often, while data mining companies and advertising agencies can change their methods anytime, leaving you exposed to the newest behaviour-tracking technologies.

Moreover, domain blocking can break important features on websites you visit, such as blog commenting. More often than not, the comments you see under articles on the web, in fact, loaded from third parties' servers, like Disqus or Livefyre. And it's the same story for those shiny Facebook and Twitter sharing buttons: they use social networks' API to work. Using the APIs, they send back your browsing habits to the social networks even if you don't share the pages you read.

A new solution : Privacy Badger 1.0

That's why the Electronic Frontier Foundation (aka EFF) created a browser addon called Privacy Badger.

Unlike traditional ad-blockers and anti-tracking solutions, Privacy Badger blocks trackers invading your online privacy based on their objectionable behaviour. There is no predefined list of domains to block. Instead, it blocks third-party scripts or images that seem to be tracking you even though you explicitly denied consent by sending a Do Not Track (DNT) header.

If a bit of a webpage is essential to the content (an embedded PDF, for example, versus a script loading an Adsense square), then it will remove all the tracking information and cookies attached to the embed, but allow connection to the content.

Privacy Badger also blocks the infamous supercookies that typically stay hidden in your web browser to identify uniquely yourself. These supercookies are even resistant to Incognito browsing in Chrome, and private window in Mozilla Firefox.

Supercookies explained

The irony with supercookies is they exist because of a feature originally designed to increase privacy and security on the web.

When you go to a website with the prefix https:// in the address bar, your browser will save a super cookie to remember to default to the secure https:// version of the website, instead of going first to the insecure http:// version.
But this super cookie will also allow advertisers and social network sharing buttons to remember you too.

Privacy Badger protects you from the 'Sneakiest Kinds of Online Tracking'

The new Privacy Badger 1.0 includes blocking of certain kinds of super-cookies and browser fingerprinting—the latest ways that some parts of the online tracking industry try to follow Internet users from site to site. -- EFF.org

Browser fingerprinting is another trick used by advertisers and data mining companies to track you.

Privacy Badger 1.0 has the ability to detect and block third parties that use browser canvas to identify and track you.

About sharing buttons, Privacy Badger uses a feature coming from the ShareMeNot project: it will replace sharing widget that track you with a stand-in version. As a consequence, you'll still see these buttons, and you'll be able to click on them. But they won't track the pages you visit, unless you click on them. For now, Privacy Badger can replace sharing buttons from:

  • Facebook
  • Google
  • Addthis
  • LinkedIn
  • Pinterest
  • Stumbleupon
  • Twitter

You can download PrivacyBadger now from the EFF's website.