Nice. It works well with other extensions i.e. adblockers - Privacy Badger can significantly increase your privacy online because Adblock does not block invisible trackers by default; via FAQ.
Another fantastic extension from the EFF team with collaboration from The Tor Project, is HTTPS Everywhere, get it here https://www.eff.org/https-everywhere
ublock is great software (it didn't exist when we started work on PB!) and so there are only a few things PB will catch that it doesn't. But there are some. For instance, PB will replace widgets such as Tweet and Facebook like buttons with locally hosted, non-tracking variants. And PB may catch new trackers faster than ublock because it uses algorithmic detection rather than requiring a blocklist.
You can use Privacy Badger on sites that you want to support with ad views (as long as those adds don't track you).
A good example of this is many of the webcomics I read. Many of the adds on those sites are for other webcomics, I've found a couple of good new webcomics that way.
Any idea what's the difference between Privacy Badger and Self Destructing Cookies addon? I would think SDC will also stop any tracking by deleting the cookies?
Privacy Badger currently detects tracking via regular cookies, HTML5 local storage 'cookies', and canvas fingerprinting, with more methods aimed to be supported in future releases
What other tracking methods does Privacy Badger plan to block in future releases? One can always test against evercookie.[0] And perhaps EFF could host a trustable demo site, along the lines of Panopticlick. I do get that this is an arms race, and that proprietary methods may be running under the radar, as Verizon's UIDH did for two years.[1]
According to EFF's Panopticlick[0], the biggest thing making my browser unique is the list of plugins that I am running. Short of disabling JavaScript, I don't know of a way to prevent that. Can this hypothetically be solved with Privacy Badger and are there plans to do so?
If you use firefox you can go into about:config and set `plugins.enumerable_names` to nothing. It might make flash unavailable on some sites, so you might wan't to leave that inn.
Unfortunately, the plugins.enumerable_names feature was disabled and later removed (by me, sorry). [1] There was no way Firefox would be able to ship that feature because it broke too many websites for the minor reduction in fingerprinting. Even with your plugins "hidden", websites could still use Flash to enumerate all your system fonts.
The navigator.plugins array is now sorted alphabetically [2] to avoid an issue documented in Jonathan Mayer's thesis [3]. Gecko and WebKit sorted the navigator.plugins array by the plugins' "last modified" time. Users with the same plugins installed can still have unique fingerprints because it is unlikely that they installed their plugins in the same order.
Thank you for your hard work on Firefox, Chris. Mozilla has made many good decisions with it, keeping it clearly superior to Chrome/IE in my view.
That said, I find it difficult to agree with the decision to remove features like this. So what if it can break websites? Isn't that what the "This might void your warranty!" warning is for? It seems far better to give users the option of viewing the web the way they want to view it, rather than protecting them from some broken websites at the expense of their privacy.
Or use the opportunity to kick flash off your system. I'm surfing without flash for probably 2 to 3 years now. These days it's really not a problem. Most sites work with html5 and those that don't have alernatives that do.
This is yet another benefit to whitelisting JavaScript. Faster page load, more lightweight pages, less advertising and spying and crapware, less information going out.
I agree that this is better. Unfortunately, whitelisting is tedious so I often resort to enabling all JS when I quickly need to use a site or five that require it. Many don't have the patience to keep doing this, so disabling plugin enumeration might be a nice middle ground for them.
Security/privacy doesn't have to be all-or-nothing.
We should be able to make "Security Groups" where we can apply less-restrictive settings (JS on, cookies) to trusted sites.
The Internet Explorer security model has 4 levels (Internet, Local Intranet, Trusted Sites, Restricted Sites) and you can choose a preset security settings package, or build your own, for each level.
Maybe Chrome/FF/Safari need something more similar to that, where we can specify different groups or levels, and then assign those to websites we visit.
The biggest problem with the IE method is that the UI is more tedious to add a site to a zone in IE11, than to add a site to the JS whitelist on Mobile Chrome.
NoScript is a great extension. Even if you never used it to block anything, it is a real eye-opener on just how much stuff is being loaded when you visit a website.
Since NoScript is open source, I assume that people are keeping a closer eye on the code after these incidents. The author has to be aware that if he tries something like this again, people could fork the code and move on without him (like what Adblock Edge did to Adblock Plus).
This may be exactly what I want. I don't actually mind ads that respect my privacy and my attention. If ads didn't track my every move and didn't disrupt my workflow by making noises without permission or otherwise stealing my attention and time, I would have zero use for an ad blocking tool.
Of course, this doesn't say anything about stopping those invasive noisy ads or ads that block content, so I may still have to keep using uBlock. Maybe in some future ideal world, advertisers will learn that if they want me to see their ads, at all, they have to respect my privacy, my time, and my attention.
Maybe someone needs to make a "show only ads from people who aren't assholes" plugin.
The backing company eyeo blackmails advertisers into paying eyeo 30% of revenues from users with adblock installed [1]. While adblockplus may not inherently be evil, I see no possibility that they don't so turn when more ads goes straight to their bottom line.
Good point. I know EFF has a mission versus the one-man show that is ABP, but isn't this mostly identical otherwise? Is Privacy Badger just APP with a political statement attached?
Maybe there's something to be said for that...put your money where your browser is and support the web you want. You could also just donate to the EFF, I guess.
ABP's default blocklist only blocks visible ads. Although there are also tracking-related ABP lists, they are manually-curated, which is different from Privacy Badger's attempts to detect trackers algorithmically.
ABP is not a one-man show, it's now developed by a company (Eyeo GmbH) that makes a lot of money getting companies like Google to buy into their "acceptable ads" scheme.
ABP also considers ads that track people (such as Google's) to be acceptable and whitelists them by default.
If you make a modern-looking long-scrolling article that has an ad somewhere in the middle, it's not "acceptable". If you get a crappy CMS that splits every article into 9 pages with an ad at top and bottom, then it is.
The main weird thing is that 3rd-party tracking is "acceptable" (!)
I would be interested in some kind of feature chart that showed which extensions handled which threats, so you could see overlaps/duplication or blank spots. I don't have time to read up on all the different extensions and privacy leak vectors.
Far, FAR less than the page- and cpu- weight of the crap they block. As in, it's a hugely transformative experience for web browsing, even for many "normal" sites that aren't merely social media click-farms.
I'll add to the list: Uninstall Flash completely. For much of the crowd here, that's probably a no-brainer after the recent spate of Flash zero-days, but still.
I suspect that depends entirely on the site you are visiting. This one for example loads almost nothing so running additional plugins will indeed add overhead.
Many of the sites that I use the most load very little unneeded resources and I tend to leave lots of tabs open while working.
Granted, I am not a "normal" web user, but so far all of the responses to my question have brushed it off as unimportant. My suspicion is then that they don't know the answer, which makes the brush off unconvincing.
> I suspect that depends entirely on the site you are visiting.
Yes, that's obviously true. But for my part, whatever overhead these tools do add is low enough that, even for no-crap sites like HN, if I can notice it at all it's within the page-load-latency noise threshold. Moveover, the increased browser stability, laptop battery life, etc. is an overwhelming win.
FWIW, I just fired up Chrome on HN and messed around with the dev tools a bit to see if there was any obvious overhead. Without taking the time for anything like rigorous analysis, loading HN with all extensions disabled vs. uBlock Origin and Privacy Badger had no immediately obvious effect on page load+render times. The superficial results agreed with my intuition: I'd have to collect data and run an analysis to uncover any added page load latency.
I use Privacy Badger with Ghostery and have been really happy so far.
I rarely run into situations where I need to fiddle with both to unblock a script or embedded video, but for the most part the combination is pretty reliable.
I also like seeing the long lists of adware Ghostery is blocking as the page is loading. You'd never know some pages have 50-60 scripts getting loaded to track what you do. It was an eye opener the first month I was using it.
I got a new computer and was browsing around, and it seemed that the entire web suddenly got much slower and ad-ridden. It was horrible, until I remembered I forgot to install Ghostery.
Why do you use both, though? Aren't they pretty much perfectly overlapping?
They do, albeit in different ways. I use them both since there's stuff that Ghostery misses that Privacy Badger picks up and vice versa.
Plus with Privacy Badger, it gets better the longer you use it:
The salient difference between Privacy Badger and the other extensions is that Privacy Badger’s blacklist is generated through heuristic blocking, which means it gets better the longer it is used. Out of the box, Privacy Badger won’t block nearly as many third-party requests as the commercial options, but as you use it more, it will learn more and more hosts to block
There might exist some other fingerprints that can lead to the knowledge of what browser you're using (the existence or non-existence of some feature, etc). If your User-Agent contradicts those others fingerprints, you become very easy to identify. It's really difficult to consistently pretend having a given configuration unless you are, well, actually running this configuration.
More generally, the more you use technologies to protect your privacy, the more you increase your fingerprint entropy, that is, the more it's easy to identify you.[1]
I wouldn't advice those "spoofing" tools, but rather to use the browsers' settings at the maximum of their capabilities (disable third-part cookies, delete cookies when closing the session, set Flash to 'Ask to activate', etc) and just the minimum extensions set to block third-part requests in a first-place (Disconnect, etc).
An offline analogy might be "I didn't want to stand out in a crowd, so I had a friend carefully embroider a custom mask that was thoroughly different in every respect from my normal appearance, and I started wearing randomly-chosen items of clothing bought at thrift shops every day".
Tor Browser Bundle is working on this: "Design Goal: All Tor Browser users MUST provide websites with an identical user agent and HTTP header set for a given request type. We omit the Firefox minor revision, and report a popular Windows platform"
I understand that spoofing one's user-agent can be very effective at fooling malware designed to for specific browsers. However, in practice I have ran into strange problems when doing this. Is there a generic user agent string I could use that would hide my browser vendor and make all sites display content designed for evergreen browsers?
I was using Privacy Badger, Ghostery, Disconnect, AdBlock Edge or uBlock. Nowadays I just use uMatrix[0] & Self-Destructing Cookies to have a whitelist browsing experience rather than a blacklist experience.
Perhaps when Privacy Badger does more for detection of first party stuff, then I'll add it back again.
I would be interested in an easy-to-use local packet sniffer that attempted to give me hints on what I was leaking - what isn't via https from all apps on my machine, for example.
Obviously wireshark would get you 50% of the way there - to add to that then, a pretty UI focussed on scaring users with what information is being leaked - hostnames for SSL sites they're visiting for example.
This is a great project idea. A challenge is in classifying all of the elements of every protocol dissector as interesting or uninteresting. For example, TCP sequence numbers are high-entropy but low-consequence. MAC addresses are high-severity but normally not propagated to an ISP or a remote site operator.
There are also tensions between trying to identify leaks to a network eavesdropper and trying to identify leaks to a remote site (or ad network). In many people's analysis, the network eavesdropper is worse because you didn't mean to communicate with them at all, so any information they derive whatsoever is a pure loss of communications security. But for projects like Tor Browser and Privacy Badger, it counts as a loss of privacy if different sites can recognize you as the same user, even if you intentionally communicated with those sites.
Using HTTPS will prevent a sniffer from recognizing that some tracking cookies or identifiers are being sent, so you simultaneously get a true improvement against the network adversary and a false negative measuring privacy against the ad networks.
Considering that digital electric meters have been compromised, and that the one I studied had dual-band radios including WiFi spectrum, it may be best to assume that there may be unexpected data pathways that could use a MAC address.
Note that the WiFi of many routers broadcasts the wired MAC addresses on the LAN as well as the wireless clients.
You're right about false-negatives with sniffers. If you read the source on pages you visit, you'll see https analytics data mining, so don't assume that every outgoing https connection is okay. (and some browsers don't use your normal DNS / hosts settings, so sites you think are blocked may not be)
I've been messing with a little kernel module to do that by logging all new IP connections. Having it there lets you watch all your applications for unwanted traffic. You could layer a policy/reporting/blocking layer in userspace.
Surely there's already something to do this aside from a full sniffer?
Sure, something like LittleSnitch on the Mac is an interactive and easy-to-use firewall. But I'm really after something that is looking for things you could write easy filters for:
- Tell me whenever something that looks like an email address is sent in the clear
- Tell me whenever my name/postcode/other user-specifiable text is sent in the clear
- Tell me when I'm connect to an SSL site but the hostname is leaked
- Keep a list of DNS entries that I'm leaking
The real challenge will not be to capture everything, it'll be trying to show up items of interest.
> in fact Privacy Badger is based on the ABP code!
This makes me sad. They should have based it on uBlock. ABP is very bloated, and really caused issues for my browsing experience. Not sure if I want to try it after reading that.
Only the Chrome extension of Privacy Badger uses ABP code. And it only uses it for managing the blocklists it creates. Most of the function of Privacy Badger is run separately from the ABP code, and to be honest my first task for the next version is to get rid of ABP completely :)
Privacy from OS creators is likely outside of the scope of your project, but I thought I'd pass along recently observing that filtering using the hosts file on older Intel OS X which works for other browsers does not seem to be effective for Safari. I'd long ago read of MS using their own DNS for IE, perhaps Apple is doing something similar? It could be done for performance reasons, but it certainly has privacy implications.
I hope you consider things like blocking loading of webpage icons, and something to deal with data being appended to redirects or even CSS calls when cookies are disabled. I'd read about detecting caching of slightly different colored versions of icons and beacons. Sneaky offsite https accesses (analytics etc) are commonly bundled in a pages JS and NoScript doesn't alert to that. Also, some browsers seem to make accesses to a number of sites on startup, before even going to open a page.
Widening the view from "advertisers" to data-mining contractors that even do drive-bys, it might also be worthwhile to study what could block local data broadcasts by code designed to modulate r.f. noise leaking from our machines. Tune across the A.M. broadcast band on a nearby battery operated radio. I've noted that sometimes there's much more pulsed/bursty noise that doesn't seem to be tied to any obviously more demanding content.
Some of the insideous Ad-Choices content seems to go beyond Flash for hiding data. From the plugin being called when there wasn't any visible content needing it, I think even Quicktime is being used to cache data.
It would really help if scripts from one tab could not be accessed by another, and were killed on closing the parent tab. I guess the litterboxing would best be done by a trusted browser? Bring on the worming tablets!
> filtering using the hosts file on older Intel OS X which works for other browsers does not seem to be effective for Safari
Could you clarify this point? I may well simply be misunderstanding, but a quick check of a hosts-blocked site using Safari, in El Capitan, does indeed not resolve (or rather, resolves to localhost, as specified).
PB has value for people who only want to block trackers and not non-tracking ads. Believe it or not, some people like supporting sites through ads. They just don't like being tracked.
Personally I use uBlock and Privacy Badger. I'm not sure if it's entirely redundant, but I have not had any bad experiences with using both.
"supporting sites through ads" is like supporting your local grocery store through buying bottled water there.
Blocking ads and using reusable water bottles are socially responsible, positive behaviors. Anyone encouraging ads or encouraging bottled water (or worst: encouraging bottled water ads) should be ashamed of the harm they're doing to the world.
I've also been using it for about a year and am generally happy with it. One caveat is that it does sometimes end up breaking site functionality when it blocks a script from loading, occasionally in confusing ways. Usually you can fix this by overriding a few of the blocked things in the dropdown list, but it takes a little bit of technical savvy to figure out what needs to be allowed. I had to disable it on my parents' computer because they got frustrated by sites breaking.
This is mostly with an earlier version; I just upgraded to 1.0 today.
You have to enable JavaScript on that page just to read the text in a sane manor, otherwise it's mostly white on a light gray background and barely legible. (Firefox / OS X)
That's exactly what I thought. Interesting that they're so hostile to non-JS people.
There's another trick that works on many sites, including this one. Keep JS disabled but do View/Page Style/No Style. IMO the site looks better that way than with JS enabled.
Edit: one other trick I use frequently in Firefox for sites with poor contrast. Preferences/Content/Colors/Override the colors .../Always. Kind of a hassle to traverse so many menus. I'm sure there are ways to make that easier to do, but I'm a muggle when it comes to this stuff.
EFF team. Grats on having this out for almost a year now. Any stats from this that you're willing to share? Like for instance have any advertisers noticed this yet and stopped tracking people so ads can be displayed? I've got widgets on my website for disqus, twitter, facebook, etc and each of these are blocked by PB. This upsets me as the website owner that content I want my user to see is being blocked. Any word from them about this?
Privacy Badger is for people who want to use someone else's curated list of what to block. You can accomplish the same manually by using other extensions to block by default third-party requests and third-party cookies.
Does anyone know if this includes a database of tracking hosts or if its self learning? Because for me on Reddit it counts all the CDN's as tracking domains and the actual tracking domains as the non-tracking ones [1].
"It's self learning! Things above the that divider are things that are reading or writing cookie, html5 local storage, or canvas data. Below are third parties that are not. You can manually change any of them, and if one of those domains is blacklisted via another site it will appear above that divider in the future."
Privacy Badger is governed by EFF's Privacy Policy for Software.
In the privacy policy you have this:
Software Downloads: If you download and install software from EFF's web site, we may collect information about your visit to our site. Once installed, our software may also connect automatically to our site to attempt to determine if updated versions are available. As a result, our site may log information related to the software downloads, such as your computer's IP address. Our collection, anonymization, and use of that data is described our web site privacy policy.
Web site privacy policy has this to say about the collected information:
Disclosure of Your Information
While EFF endeavors to provide the highest level of protection for your information, we may disclose personally identifiable information about you to third parties in limited circumstances, including: (1) with your consent; or (2) when we have a good faith belief it is required by law, such as pursuant to a subpoena or other judicial or administrative order.
So as a start you might want to disable automatic updates
"Nope! Privacy badger does not send any information about your browsing to the EFF. The only way EFF will get information from you is if you choose to report a broken site, in which case it will only send information about the site you're reporting on, and that information is governed by the standard EFF privacy policy."
Privacy Badger inspects the target domain and then pulls out requests to 3rd party domains. If you go to cnn.com and it makes additional request from your browser for resources at say facebook.com. Those 3rd party requests can be allowed, block cookies from the 3rd party or blocked entirely (so the request is not made). The really nice bit, is if Privacy Badger see's requests to the same 3rd party across multiple places, it'll filter it down automatically.
It still seems odd. Most users who install the extension aren't going to carefully read an obscure GitHub page, they will wrongly assume that they are now protected, while the 'yellow' list of very common sites is still allowing many big companies to continue to track them. That seems wrong to me.
I've sent "Do Not Charge" signal to the cashier on my way out of the store. He said I need Charge Badger, but it's not available until 2017. I've tried also "Do Not Track", but he refused to close his eyes. He charged me. Damn.
Another fantastic extension from the EFF team with collaboration from The Tor Project, is HTTPS Everywhere, get it here https://www.eff.org/https-everywhere