Help EFF Test a New Tool To Stop Creepy Online Tracking

An anonymous reader writes "EFF is launching a new extension for Firefox and Chrome called Privacy Badger. Privacy Badger automatically detects and blocks spying ads around the Web, and the invisible trackers that feed information to them. You can try it out today."

Ghostery

Ghostery does a great job of this already... However, the problem with these types of tools is they frequently break some type of (needed) functionality on the site.

7 caught on Slashdot right now.

Re:Ghostery

[CRCulver]

Ghostery is under a proprietary license and Evidon, the company that owns it, is involved in the online advertising industry. I trust the EFF a lot more.

FWIW, though, you can get many of the same benefits of Ghostery without installing that plugin by simply processing its lists through a Privoxy filter (the conversion is fairly easy to script and then automate), so Privoxy zaps all those IPs before they even get to the browser.

Re:Ghostery

[ArmoredDragon]

As of very recently though, Ghostery takes a step further by providing surrogate scripts that replace the function needed by these websites, only without the tracking. It's really nice because you very rarely need to pause it or add exceptions now.

Re:Ghostery

[mysidia]

However, the problem with these types of tools is they frequently break some type of (needed) functionality on the site.

I imagine if any plugin gets /really/ popular, the tracking bugs will get modified so they work again, OR publishers/advertisers may start modifying their content to include tests to ensure the health of the tracking bug, before allowing the visitor to view content.

Maybe you just get half a sheet of text, or the first 1.3 windowfuls, then the site will pick up on the tracking bug being broken, and stop rendering content -- while displaying an error about the need to disable such and such plugin to use the site, or waiting until "countermeasure against tracker bug blocking" succeeds.

Re:Ghostery

[djsmiley]

theres enuf sites that we can go else where.

Re:Ghostery

[PopeRatzo]

Maybe you just get half a sheet of text, or the first 1.3 windowfuls, then the site will pick up on the tracking bug being broken, and stop rendering content

That makes it really easy to determine which web sites I should never visit because the sites purveyors are hostile to my best interests.

I wish sites that are using creepy tracking bugs would act in a manner that made them unusable. It would make life so much easier.

Re:Ghostery

[mwvdlee]

Slashdot uses creepy tracking bugs.
How come you're commenting here if you never visit this site?

Re:Ghostery

[Wootery]

I imagine if any plugin gets /really/ popular, the tracking bugs will get modified so they work again

Maybe, but even an incredibly popular Firefox plugin is still only there for a small percentage of an average page's visitors.

Re:Ghostery

[Sir_Eptishous]

This is why I love slashdot. I had no idea Ghostery had such a conflict of interest. Thanks for that info.
From WP:
"Evidon, the company owning Ghostery, plays a dual role in the online advertising industry. Ghostery blocks sites from gathering personal information. But it does have an opt-in feature named GhostRank that can be checked to "support" them. GhostRank takes note of ads encountered and blocked, and sends that information, though anonymously, back to advertisers so they can better formulate their ads to avoid being blocked.[4]"

What's the difference

[NapalmV]

How's this different or better than adblock / ghostery / flashblock / noscript / do not accept third party cookies ?

Re:What's the difference

[Mitreya]

How's this different or better than adblock / ghostery / flashblock / noscript / do not accept third party cookies ?

Maybe it can replace 2+ of them? That would be nice. Installing 4-5 tools for one task is a pain

Also, NoScript specifically breaks 3 out of 4 websites until you figure out which half-a-dozen domains must execute JavaScript for each damn website. I remember how chase.com had a most fraudulent looking domain in order to let me login to my checking account.

Re:What's the difference

[crow]

This monitors the behavior of web sites, not the function. So if there's a non-advertising site that just puts out tracking bugs, it will get blocked. If there's an advertising site that doesn't send tracking cookies, it won't be blocked. There's no blacklist--it's all based on observed behavior.

Re:What's the difference

[Mashiki]

Also, NoScript specifically breaks 3 out of 4 websites until you figure out which half-a-dozen domains must execute JavaScript for each damn website.

I think you mean website developers are so reliant on JS these days, that they think they can't write a site without such heavy use of it that sneezing at it will break their site.

Re:What's the difference

[sjames]

That's the best policy. The problem isn't sites using JS, it's sites sucking in random bits of JS from 5 otrhert domains that each suck in yet more bits from 3 or 4 additional domains.

Generally whjen I see that, I decide they're trying to convince me to just allow all witrhout seeing everything I'm allowing. That, in turn, tells me that that's is the last thing I should do so I leave the page and never go back.

Re:What's the difference

[Arker]

It sounds like a great idea. HTTPS Everywhere is a must have extension, and this looks set to join it. Thanks EFF!

And in a related note, both of these fine extension works fine in Pale Moon, but refuse to install in Seamonkey, which is a deciding factor in which one I am going to use in the future. I dont know why it breaks in Seamonkey but if anyone does please chime in. Is it just a matter of a bad compatibility check or is there more to it?

Re:What's the difference

[FuzzNugget]

It's not that websites shouldn't rely on JavaScript to function, it's that they shouldn't rely on *third-party* JavaScripts from jQuery, a thousand fucking ad servers, a plugin from here and there, Google tracking... that's why what should be a basic website takes forever to load: it's having to make requests to 50 different servers to load a single page.

JavaScript-dependent websites *can* be done properly. Most are not.

Re:What's the difference

[fermion]

not sure. I use a cookie blocker that by default rejects all cookies. I can manually accept cookies, first party cookies are pretty easy to enable, for the session or persistent. With this extension the badger complains it can't do it's job. The difference is that the cookie software shows about 30 third party cookies for slashdot, not sure if the tracking is historical or only for a single page, but the badger shows 5. The difference is that my cookie software rejects all these third party cookies by default, which is the behavior I want, but badger requires you to move a slider and turn off each cookie individually. The setting may be able to change this, I have not looked because any use of the badger reloads the page, thus giving the website more data. In any case, the default behavior should be to reject any third party cookie But cookies are only one way to track users. There are also things like web bugs. Badger says it only deals with tracking cookies. These are threats to privacy, but only one, and we can deal with it with existing technology. Camino, which was started 12 years ago, implemented cookie rejects several years ago.

Re:What's the difference

[Nemyst]

I disagree. If websites relied purely on a single javascript block, then filtering out the tracking, advertising and other bullshitting scripts would be a lot harder than it is now, where most of the external scripts are stuff you want to block. You can generally allow the site itself (and if it's big enough, perhaps a CDN and another domain or two) and you'll get the site without the shit.

Also, hosting relatively large scripts like jQuery on their own, static path helps a lot for caching. You have one copy of the script for dozens of sites, instead of dozens of copies of the same file.

What's somewhat funny about it

[Opportunist]

Install it and it will show you a page where you can link to Twitter, Facebook and Google+ to tell people about how awesome it is.

Is that supposed to be cynical or ... I don't know, I find it kinda funny. Isn't it supposedly blocking pages like that?

Problem Illustrated

Does it not illustrate the problem perfectly when you browse to the EFF site pushing an alpha version of a tool to block and the download page has a tracker on it?

Search engine optimization

[tepples]

Maybe you just get half a sheet of text, or the first 1.3 windowfuls, then the site will pick up on the tracking bug being broken

If a web server is configured to deliver only the abstract to viewers behind user agents that include tracking countermeasures, then it will deliver only the abstract to search engines. They tend to retrieve pages with no JavaScript, no Referer, and no cookies.

NAT and proxies

[tepples]

the tracking sites will just go to IP based tracking.

Good luck with IP address-based tracking when you have 10,000 different people behind one IPv4 address. This can happen with carrier-grade NAT, with ISP-wide caching proxies like those used by AOL and the ISP formerly known as Qtel, or with Tor exits.

Or did you mean the other kind of IP?

Re:NAT and proxies

[SuricouRaven]

Problem:
1. Man goes to kinkybondagesmut.com on his PC.
2. Seven-year-old daughter goes to ad-funded sillychildishgame.com on iPad.
3. Ad-network consult their profile and determine this IP address is currently in used by an adult male with an interest in pornograhy.
4. Family consults their local moral crusader organisation. Legal action is taken.

Does it block Piwik Analytics?

[EmagGeek]

Because this is the tracker the EFF has on the download page for "Privacy Badger."

Re:Does it block Piwik Analytics?

[Ford+Prefect]

Piwik is a self-hosted web analytics package. In other words, your visit to an EFF page is being tracked by the EFF.

Re:Does it block Piwik Analytics?

[lemur3]

when did being interested in user logs and usage info become "tracking" (which is, these days, almost universally considered bad)?

Re:Does it block Piwik Analytics?

you guys are aware that scraping the logs of the webservers also gives you some overview of the usage of the site? Is reverse dns-lookup also considered tracking?

my point: monitoring your own site to make it better is fair use, giving this data to other entities is not.

Re:Useless colors

It isn't that it's hard, people just don't know that some colours might be inconvenient. If you want to solve the problem, create an extension to remap the colors, either only on the webpage or the whole screen, into something visible. Not trivial, but certainly much easier than convincing web-designers that their colour-scheme isn't perfect.

Re:One example: Slashdot's owner, Dice Holdings

[PopeRatzo]

I'm guessing that most web sites are made by young women who fancy themselves to be graphic designers

Get the fuck out with your stupid techie misogyny.

If your "guessing" involves generalization to the point of an ugly absurdity, you should check yourself. You make it sound like you have a particular beef, maybe with a particular woman (or women) and now you believe that all bad web code is caused by women. It's a bad place to be.

If you want to say, "I have encountered some young women who fancy themselves graphic designers..." you would at least be on more reasonable ground, but then you need to ask yourself, "Does the fact that this group of people were women really have any impact on my statement?"

Now knock it off. People get skeeved out by misogyny and it's pretty easy to pick up on, so the next time you're looking for a job you might just walk away wondering, "That didn't seem to go well, it's probably because of that woman who interviewed me. They're all whores you know".

That's called cloaking

[tepples]

they can easily backdoor their countermeasures for search engines alone.

That's called cloaking, and search engines severely penalize cloakers as they become aware of them.

Re:That's called cloaking

[mysidia]

That's called cloaking, and search engines severely penalize cloakers as they become aware of them.

I see 'cloaking' like things all the time; where the real page comes up with a paywall if you try to access, and it is essentially never really penalized when done by the legitimate websites, so you're observation doesn't quite match reality.

Also it's technically not cloaking if the page content when viewed by a user (without alterations by 3rd party software such as bug blockers or Greasemonkey scripts) matches what the search engine sees.

Re:That's called cloaking

[ShieldW0lf]

Is there any good way to filter sites that offer teasers and paywall additional pages so you don't need to wade through them? Because google top ranks those pages a lot, and it's made it a very inefficient way to find information. It's always high profile sites that used to be big players in the print domain, and I know they're paying google for the exposure. I'd switch to a different search engine if they were uncompromising with those types of teaser-paywall websites. They're just noise, as far as I'm concerned.

Re:Far BETTER tool (Superior to browser addons)

[mmell]

Not sure I'd consider his stuff malware. APK's problem is that he expresses himself with all the eloquence of a drunken baboon with encephalitis.

Host files have their place - management of small networks, intranets, access to darknets, etc. APK is firmly convinced that his hostfile management system is somehow essential to fast, secure internet access. Again, if darknets are your thing, or DNS is somehow just way too insecure or unreliable for your tastes, or if something about RFC01035 is just wrong, give somebody else's product a look. APK makes it a point to threadjack every chance he gets, loads the board with unneeded invective and is in general a nuisance.

In closing - please don't feed the troll. They become dependent upon handouts and unable to function in the real world.

Unblocking will be abused

[danknight48]

If copies of Privacy Badger have already blocked your domain, you can unblock yourself by promising to respect the Do Not Track header in a way that conforms with the user's privacy policy. You can do that by posting a specific compliant DNT policy to the URL https://example.com/.well-know..., where "example.com" is all of your DNT-compliant domains.

So in other words, To exclude a website from Privacy Badger, all a website needs to do is:
- Copy and paste https://www.eff.org/files/dnt-... to https://mywebsite.com/.well-kn...

Give it a few weeks, let the advert sites copy and paste that file, plugin will be useless.

Re:Your response is about your anger, not about wo

[PopeRatzo]

I'm interested to know what theories other people have about the poor use of Javascript.

You mean other than, "Bitches, man, they just don't know how to code, you know? *fistbump*"

Self-Destructing Cookies

[Dr.+Manhattan]

I use the Self-Destructing Cookies add-on. It allows the cookies... but as soon as you move off the page, or close the tab, it dumps the cookies. Sure, I have to re-sign in to some places more, but so what? Add in "clear history when the browser closes" and it's pretty comprehensive.

About the only thing I've run into that it breaks is Disqus logins. But I use a separate browser - which also deletes everything on close - for that.