Block online tracking with Privacy Badger for Firefox and Chrome

Martin Brinkmann
May 2, 2014
Updated • Aug 22, 2018
Internet
|
22

Privacy Badger is a new browser extension for Firefox and Chrome by the EFF that can block spying ads and trackers on websites.

Tracking users is essential to online marketing today. Tracking occurs on the Internet in many forms, from third-party cookies that are set by advertising or tracking scripts to social media buttons and sophisticated tracking via Flash cookies, fingerprinting and other means.

Good news is that it is relatively easy to block many of the different tracking methods in web browsers. This is especially true for third-party tracking methods.

Think of first-party as the company or individual running the domain you are on, e.g. ghacks.net, and third-parties as everything that is loaded from other web servers and sites when you visit the site.

Updates:

Privacy Badger

The Privacy Badger extension has been designed to analyze websites that you visit in the browser it is installed in to detect and block contents that track you in"an objectionable, non-consensual manner".

The extension adds an icon to the browser which you can click on to display all detected tracking urls and scripts. For each url or script, it offers three states that you can change easily in the interface.

  • Allow the script to run.
  • Block cookies set by the script but allow it to run.
  • Block the script so that it cannot set cookies.

Privacy Badger will block scripts automatically if they appear to track without permission, for instance by using cookies with unique identifiers.

If a script identified this way is used for site functionality, e.g. the display of a map or fonts, then only its cookies will be blocked while the script continues to run.

According to the EFF, some advertisers and third-party domains will not be blocked by the extension if they make a "strong commitment" to respect Do Not Track.

While the extension works automatically, you can make changes to what is allowed to run and what is blocked manually at all times. These changes are remembered , so that the script or domain is still handled this way on consecutive visits and on other domains it is loaded on as well.

The page is automatically reloaded when you make a change to the configuration.

Note that the alpha release of Privacy Badger concentrates solely on third-party tracking. While you may be able to use it to block some first-party tracking attempts as well, for instance if a script is loaded from a subdomain, it is usually not possible to block all tracking on first-party sites using extensions.

Comparison to other blocking extensions

  • Disconnect 2 for Chrome - The browser extension blocks third-parties from tracking you. It blocks over 2000 third-party sites this way including major social networking scripts, and allows you to whitelist sites or individual scripts.
  • Do Not Disturb for Chrome - This extension concentrates on annoyances such as data miners and surveys rather than third-party scripts or domains. It is less likely to break a website while running as a consequence.
  • Ghostery - blocks trackers automatically and gives you control over what is allowed to run and what is not.
  • NoScript for Firefox - The Firefox extension blocks all third-party connections by default which in turn blocks the majority of ads and all third-party tracking attempts by default.

Closing Words

Privacy Badger does not display all third-party domains that a website connects to on load. Only those that it has identified as trackers are displayed by it so that you can block or allow them in the interface.

While that is a limitation, especially if you are used to work with NoScript which puts you in full control, it is easier to handle and maintain on the other hand.

The developers plan to integrate new features in future versions, including one that prevents browser fingerprinting. Definitely one to keep an eye on.

Summary
software image
Author Rating
1star1star1star1stargray
no rating based on 0 votes
Software Name
Privacy Badger
Software Category
Browser
Landing Page
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Jose said on October 27, 2015 at 4:39 pm
    Reply

    Seems like a real pain in the ass. I guess it’s easiest to just walk away and leave your data. I kind of think that all the fuss and actviity of covering up creates it’s own new data set somehow, so it’s counter-intuitive. But I like that going through all of that effort feels like some sort of 21st century Situationist art project. Also, how does anyone know that this hard-way strategy can even be successful? It seems like it might be some kind of masochistic and absurd joke, and even after all that effort there could still be a crumb somewhere. It also really relates to the Borges story the Library of Babel, where nuggets of meaning are absolutely lost in this almost infinite sea of disinformation.

  2. Bert said on August 7, 2015 at 5:37 pm
    Reply
  3. Geek said on April 2, 2015 at 9:20 am
    Reply

    Privacy Badger refuses to block “wikia-beacon.com” for some reason. I slide it to red and it snaps back to yellow?

  4. Pants said on May 4, 2014 at 1:35 pm
    Reply

    Now I’m not bashing Badger here … and clearly the average everyday user is a different breed of human to me (and probably most of us who frequent ghacks) .. but

    1. Big Ugly Arsed Icon (no small icon) :)
    2. It hasn’t (for me, so far) added ANY extra protection. Although I am not sure of the exact order in which my extensions apply, here’s an approximation (and none of my extensions seem to interfere with each other)
    a) my local privoxy has rules (you name it, it’s in there and activated .. tighter than a nun’s ass)
    b) note: ALL cookies are denied. About 10 sites are allowed a 1st party cookie, another few sites are allowed a session cookie. And nothing is allowed DOM storage.
    c) RequestPolicy (rules that govern origin, destination and origin-destination of sites .. i.e domain-3rdparty)
    d) RefControl (although referrals are not scripts or cookies, it is/can be tracking – set to forge except about 5 sites)
    e) NoScript
    f) AdBlock Plus
    g) Ghostery
    h) DoNotTrackMe

    And I won’t mention any other extensions, measures for now. Now I’m not your everyday average user, so I can work around ALL of these in order to get a website I regularly visit to function (eg Disqus comments on Torrentfreak, or images to display at Discogs etc) .. suffice to say, that if anything gets past my proxy, it has to deal with RequestPolicy, if I let it thru there, it has to deal with NoScript, then Ghostery and DoNotTrackMe (Adblock is more about adverts than other tracking reasons). And some sites I have special greasemonkey scripts (not to mention 100s of custom userstyles just to hide cr*p).

    Badger does nothing for me (yet). However, from experience, I know just how much sites can break with a blanket approach, and if the EFF can make it easier for most people and also help change developers’ behaviour – it’s all good.

  5. iron2000 said on May 3, 2014 at 6:12 am
    Reply

    These kind of extensions always seem to slow down browsing and break web pages.
    Used to use HTTPS Everywhere, Disconnect, DoNotTrackMe etc but disabled it due to those reasons.
    The advanced stuff is too destructive and I don’t want to tinker with them all the time to find some compromise.

    Now I only have ABP on.

  6. Blue said on May 2, 2014 at 9:51 pm
    Reply

    Adblock /Plus will only block ad related junk and in some cases it can’t block some types of ads. Ghostery on the other hand does more than just ads. It also blocks: Analytics, Beacons, Privacy, and Widgets. As of current Ghostery blocks over 1930 types of trackers. Not all of them are bad and some you must turn off (uncheck) to allow some sites to work, but at least it shows you what type of components are on the sites you visit and more information on the type component.

    NoScript is the ultimate blocker but I personally find the GUI confusing at best because they don’t break the components down by name/company but instead break them down by type/function. I found them to block ads on my 256b encrypted account pages but also block the account login widgets. There seemed to be no way to block just the ad type tracker but no way to let the login widget to work. Or it would block the online chat function on some sites but also block the shopping cart check out widgets. Ghostery to the rescue. Ghostery identifies what component is active, what each does and gives me the option to whitelist, block, temporary, one time access the individual component or the whole site and more.

  7. Alex said on May 2, 2014 at 4:22 pm
    Reply

    And how does this compare to disconnect?

    1. SnakePlissken said on May 2, 2014 at 6:29 pm
      Reply

      Comparative benchmarks against widely used blockers (HTTP Switchboard vs ABP vs Ghostery vs Disconnect vs Privacy Badger)

      https://github.com/gorhill/httpswitchboard/wiki/Comparative-benchmarks-against-widely-used-blockers:-Top-15-Most-Popular-News-Websites#may-2-2014

      1. gorhill said on May 3, 2014 at 8:29 pm
        Reply

        Actually the result above for NoScript-like setup is not correct, I forgot to factor in the built-in whitelist of hostnames in NoScript. Now I am too lazy to redo the benchmark, so the above results are what one would get with NoScript *without* any whitelisting, so I expect the real life results would show more hits to 3rd-party domains.

      2. gorhill said on May 3, 2014 at 1:09 am
        Reply

        @Martin I tried the above setup, and these are the results — allowing for the fact that the sites benchmark may have had their content changed since I released the results earlier:

        NoScript-like setup
        Domains: 47 / 48
        Hosts: 76 / 109
        Scripts: 0 / 0
        Outbound cookies: 21 / 29
        Net requests: 724 / 1,289

      3. Martin Brinkmann said on May 3, 2014 at 7:37 am
        Reply

        Thanks, I appreciate it!

      4. gorhill said on May 2, 2014 at 11:55 pm
        Reply

        > Would love to see NoScript in that list

        I suppose I could set up HTTPSB to mimic pretty well NoScript, i.e.:

        – Remove all preset blocked hosts
        – Add all preset whitelist hostnames in NoScript to HTTPSB’s ubiquitous whitelist rules
        – Allow all from everywhere
        – Blacklist scripts from everywhere
        – Blacklist frames from everywhere (is this default in NoScript?)
        – Ensure plugins are set to click-to-play

        This way, results should pretty much reflect what one would get with NoScript.

      5. Martin Brinkmann said on May 2, 2014 at 6:32 pm
        Reply

        Interesting. Would love to see NoScript in that list.

  8. Oxa said on May 2, 2014 at 3:15 pm
    Reply

    How does this compare to DoNotTrackMe?

    1. Martin Brinkmann said on May 2, 2014 at 3:22 pm
      Reply

      DoNotTrackMe is limited to 600 tracking companies, this one seems to support more than that.

  9. David said on May 2, 2014 at 3:03 pm
    Reply

    I tried this immediately, but it only got one tracker when Ghostery got 12

    1. Martin Brinkmann said on May 2, 2014 at 3:22 pm
      Reply

      Well not everything that Ghostery recognizes needs to be a tracker.

      1. Maelish said on May 2, 2014 at 3:39 pm
        Reply

        But you can whitelist certain things in Ghostery. So you can manage that. :-)

  10. wayatt said on May 2, 2014 at 12:35 pm
    Reply
  11. Ray said on May 2, 2014 at 9:40 am
    Reply

    I don’t really understand the difference between using a tracker blocker like Privacy Badger or Ghostery when you can just use Adblock Plus and the numerous subscription lists dedicated to protecting privacy.

    See this comparison chart for more info:
    http://www.areweprivateyet.com/

    Disclaimer: That site is made by the guys that made Ghostery. However, that site shows that Adblock Plus with a few optimal subscription lists beats a ton of tracker-blocking addons.

    1. Martin Brinkmann said on May 2, 2014 at 9:42 am
      Reply

      Ray, I guess some users don’t mind ads but still want their privacy protected. If you want full protection, NoScript is the way to go anyway.

      1. tuna said on May 2, 2014 at 7:37 pm
        Reply

        And when you need to temp disable NS on a page, Sandboxie* does a great job of containing & eradicating the flotsam.

        *Sandboxie is under new management. Congrats to Ronen, he earned his payout! Time will tell if the new owners ruin it, however.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.