Privacy Badger 1.0 ships with super-cookie and fingerprinting detection

Martin Brinkmann
Aug 7, 2015
Internet
|
37

Privacy Badger launched more than a year ago as a browser extension for Mozilla Firefox and Google Chrome to inform users about online tracking and with options to block certain trackers from doing their work.

The EFF has released an update to Privacy Badger today which improves the extension further. Available for both Firefox and Chrome, it ships not only with new functionality but also interface improvements and new languages.

The core functionality that Privacy Badger offers remains the same though. It adds an icon to the browser's main toolbar that indicates if trackers have been detected on the active site.

If that is the case it highlights the number of found trackers in red, if not, the number is shown in green. A click on the number lists connections the sites made when it was loaded in the web browser. This list is divided into trackers at the top and other connections below that.

Sliders are provided next to each domain name that you use to change cookie behavior for it. You can switch permission from allowing cookies over blocking them to blocking the entire domain.

The main difference between blocking the entire domain and blocking the cookies it sets is that blocking the entire domain may break page functionality while blocking cookies only usually does not.

Privacy Badger includes the Do Not Track header automatically when it is installed, and supports the new Do Not Track policy announced last week by the EFF and partners.

The options of the extension list previously detected trackers, or domains that the extension suspects are used to track Internet users. These domains may get blocked automatically by the extension if they are detected on at least three different sites you connect to.

This means that the extension learns while you are browsing the Internet in the browser but also that all third-party connections, even those tracking you, are allowed in the beginning.

The extension ships with a whitelist option to allow certain domains no matter what, and an option to handle its social widget setting. This works in conjunction with the "disable Privacy Badger for this site" button of the frontend interface.

Privacy Badger replaces certain social buttons on websites, the Facebook Like button for instance, with a static version that does not phone back automatically. Users interested in liking a site can still do so, but need to click one more time for that.

Privacy Badger is not an ad-blocker, even though it can be configured to block certain kinds of advertisement.

Additional information about the new Privacy Badger version are provided on the official EFF Deeplinks blog.

Summary
Privacy Badger 1.0 ships with super-cookie and fingerprinting detection
Article Name
Privacy Badger 1.0 ships with super-cookie and fingerprinting detection
Description
A review of Privacy Badger 1.0, the new version of the popular privacy extension for Google Chrome and Mozilla Firefox.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. chesscanoe said on December 8, 2016 at 12:33 pm
    Reply

    It seems Privacy Badger was updated today on my Windows 10 Home laptop. Chrome 55 disabled it as it wanted new permissions such as download manager, OS security settings change, etc.. EFF URL makes no mention of a new version, so I deleted the extension. Chrome 55 vertical ellipsis changed to an orange circle warning me of this change. The Chrome Webstore does reference 2016-12-07 new 16.12.7.2 Privacy Badger. I did install that.

  2. AJ North said on August 10, 2015 at 6:43 pm
    Reply

    Greetings Martin,

    D o you have a current “short list” of recommended add-ons that bestow [at least “reasonable”] security & privacy, and which play well together (I am using Firefox)?

    Should this question already have been asked and answered, then would you please point me to it (and perhaps a few others, as well…).

    Again, many thanks for ALL you do.

    Cheers,

    AJ

  3. Kevin said on August 10, 2015 at 5:22 pm
    Reply

    Does any one know if this statement is true for Mozilla Firefox, if it’s true Disconnect would be redundant (found on reddit).

    “Find privacy.trackingprotection.enabled and set to true. It’s a built in Firefox tracking protection. It also speeds up page loading by 20-40%. This option replaces Disonnect extension and it may be removed after enabling this fix.”

  4. Skrell said on August 9, 2015 at 5:12 pm
    Reply

    Anyone know if Privoxy does anything to remove the ad frames from within browser or do they just show up as “blank areas”?

    1. GunGunGun said on August 12, 2015 at 6:49 am
      Reply

      Yes, it is almost like Greasemonkey, but you will use Privoxy to do that task, you will need to inject tag into webpage and then write javascript code to detect “blank areas” and remove them.

      Sorry, but at this time I don’t have this filter, but once day I will write it and share it, now I have only idea.

      1. Skrell said on August 16, 2015 at 4:13 pm
        Reply

        When you do eventually write it please post it on http://greasyfork.org/ :)

    2. GunGunGun said on August 9, 2015 at 6:24 pm
      Reply

      Privoxy don’t have that feature, but we can simulate this feature using Javascript to detect “blank areas” and hide or remove them.

      1. Skrell said on August 12, 2015 at 2:09 am
        Reply

        Can you provide any more information for doing this? Are you referring to using greasemonkey to do it?

  5. Hans van Aken said on August 9, 2015 at 3:56 pm
    Reply

    If you are running the add-on QuickJava you have to enable cookies there (“C” set to blue),
    otherwise Privacy Badger 1.0.0 won’t work. Sent a compatibility report.

  6. Hy said on August 8, 2015 at 4:44 pm
    Reply

    @wybo: “This add-on is pretty good too as there is nothing to do than installing it” [RequestPolicy Continued]

    You are right that RequestPolicy Continued (and the original RequestPolicy) are excellent add-ons, and highly recommended. By default they block most or all cross-site requests, although the user can choose from several pre-set whitelists immediately following installation during first use.

    But I’m not sure what you mean by “there is nothing to do than installing it.”

    A few remarks for anyone trying it for the first time:

    Once installed and running, most pages will not display correctly or fully until you click on RP’s red flag icon and allow the necessary requests, usually to content delivery networks (cdn, such as bootstrapcdn, etc., e.g.) or to other related sites (wsj.com–>wsj.net, Mozilla.org–>mozilla.net, etc.).

    So after installing be prepared for some clicking and learning which other requests are necessary to display the sites you visit. Do a search on anything you are unsure of. Users of add-ons like NoScript and PrivacyBadger, etc., who are already used to seeing these behind-the-scenes names can spot the good/necessary from the bad/unnecessary (scorecardresearch, optimizely, doubleclick, and on and on) more quickly, but for first-time users it may take a little longer to get the hang of it and feel comfortable with it. I know one user who didn’t and he gave up and uninstalled it, but really, it’s quick and easy enough to master.

    One thing to consider doing if you’re going to give add-ons like RequestPolicy, and NoScript, etc., a try is to have at least one other browser at the ready which does not have those add-ons installed—then if you simply cannot get a page to display correctly even after all your tinkering, or if you are just in a hurry to get that bus schedule site or train ticket site or whatever it may be to just display and work immediately, you can quickly access that site in your secondary browser, but still leave your primary browser more secured, and come back to it when you have time.

    A final note: questions often come up about RequestPolicy and NoScript. They do different things, and yes, they can be run together. In fact, it is often recommended to do so.

  7. wybo said on August 8, 2015 at 1:03 pm
    Reply

    Now that “Privacy Badger also has super-cookies detection. Does this mean I can uninstall the add-on “Better Privacy”. which is a super-cookie safeguard.

    Thanks

  8. A different Martin said on August 8, 2015 at 12:50 am
    Reply

    The new version of Privacy Badger is no longer compatible with Pale Moon. It installs but offers no control interface (toolbar button). I don’t know if it’s doing any default stuff in background. The incompatibility has been reported to both the Electronic Frontier Foundation and Pale Moon. (Compatibility is still listed as “fixed” on Pale Moon’s extension page, but I expect they’ll get around to updating the page soon.)

    1. LimboSlam said on August 8, 2015 at 4:44 am
      Reply

      I apologize in advance if I say something upsetting as I will speak the truth and say what’s exactly on my mind, really I do. :)

      @A different Martin: I have reported this (as well as on github) and so has someone else already on our forum, but with the release of Pale Moon v26.0 pb1 (Goanna) and other business with add-on devs, I haven’t gotten around to it really to bring it up to their full attention. But in my opinion all we need to do is add modification to the chrome.manifest or bootstrap.js to the hard-coded GUID, though this was before the missing icon, so maybe another little fix too? Now I’m not saying I know how to fix this or anything, because I don’t with the little coding/programing skills I have, maybe you can get in contact with squarefractal (the dev who forked HTTPS Everywhere and brought us Encrypted Web) and see if he can help?

      1. Skrell said on August 23, 2015 at 3:27 am
        Reply

        what exactly did you update? I wanted the latest features that came with v1.0.1 did you somehow add them to 0.2.6.1 ?

      2. LimboSlam said on August 22, 2015 at 10:56 pm
        Reply

        @Skrell:

        Just is case you didn’t hear news concerning your issue, I have found the last compatible version of Privacy Badger (v2.6.1) for Pale Moon and uploaded it to our forums as an XPI, you can get your copy here: http://forum.palemoon.org/viewtopic.php?f=16&t=9097

    2. Skrell said on August 8, 2015 at 3:44 am
      Reply

      NOOOOOOOOOOOOOOOOOOOOO!!!!!! :(((((

  9. DonGateley said on August 7, 2015 at 10:46 pm
    Reply

    For FF if clicking the install link at https://www.eff.org/deeplinks/2015/08/privacy-badger-10-here-stop-online-tracking results in you getting a message about being unable to download, right click on the link and “Save As” to wherever you store .xpi files. Then drop it on a FF window. If you get an error message about it not being verified go to about:config and set xpinstall.signatures.required to false and drop the .xpi again.

  10. Dave said on August 7, 2015 at 8:38 pm
    Reply

    I can’t keep up with all these privacy extensions.

    These days I use uBlock Origin and subscribe to their anti-everything lists, along with Self-Destructing Cookies and Priv3+. Firefox itself its told not to share cookies, and other tracking tech is turned off. This seems to work well.

    1. Skrell said on August 14, 2015 at 8:26 pm
      Reply

      what are you considering the “anti-everything” lists ?

      1. Skrell said on August 15, 2015 at 8:01 pm
        Reply

        that is EXACTLY what i’m asking ;;)

      2. Hy said on August 15, 2015 at 1:09 pm
        Reply

        Dave: “These days I use uBlock Origin and subscribe to their anti-everything lists”

        Skrell: “what are you considering the “anti-everything” lists ?”

        Not sure if this addresses what you are asking, but in Firefox, if you go to Add-ons and then the options for uBlock Origin, then “Show Dashboard,” uBlock Origin’s settings will open in a new browser tab. There, on the second tab of the settings, “3rd-party filters,” you will find the lists.

        Of course, if you’re asking which specific lists Dave subscribes to, we’ll have to hope he posts back… :)

      3. GunGunGun said on August 15, 2015 at 9:44 am
        Reply

        I cannot get you question, but with Privoxy, yeah, if you spend you time to fix a tracking site then 100% sure you can remove their tracking.

    2. GunGunGun said on August 8, 2015 at 6:37 am
      Reply

      With blocking ads and Self-Destructing Cookies, Priv3+, I have a bad news for you that this is not enough, website’s admins had their own trump card for a long time ago. It is webbugs.
      They can generate 1×1 pixel (webbugs) image with your information to track you, for example:
      http://tracker.tracker/1×1.jpg?=useragent=firefox&ip=0.0.0.0&screensize=???

      But not only images, they can use iframe, object, everything as webbugs…

      Big example: Everywhere.
      Solution: No.

      1. GunGunGun said on August 9, 2015 at 12:03 pm
        Reply

        I think the only way to stop webbugs from tracking us:
        – 100% block Javascript
        – Allow only HTML and maybe CSS, block images, iframes, objects, embeds…

        And plus:
        – Authentication headers (does not need JS) – Privoxy can melt this
        – ETags – Easy easy with Privoxy
        – Referrers – Privoxy’s +hide-referer
        – Tab Name and Tab History can also leak – It is hard but possible with overriding window.name and history.back and forward if I remember correctly
        – Canvas Fingerprinting – Privoxy can, a monster user did that http://www.prxbx.com/forums//showthread.php?tid=2223&pid=18507#pid18507

        Anway, just install TorButtons, this addon can block most tracking method.

      2. Pants said on August 8, 2015 at 6:58 pm
        Reply

        Privoxy can stop web bugs

        But you are correct – it’s still not enough – there are:
        – Authentication headers (does not need JS)
        – ETags
        – Referrers
        – Tab Name and Tab History can also leak
        to name but a few

    3. fokka said on August 8, 2015 at 2:02 am
      Reply

      you are right, it’s getting complicated. in the past it seemed so simple with only an adblock extension and maybe do not track set to active. but in the end i think you just can’t have perfect privacy and perfect comfort at the same time. that’s why i’m using ublock origin and privacy badger only for now. other extensions like https everywhere or self destructing cookies would be a good idea as well, but things like noscript are simply too much for me.

      i think everybody has to find their own balance between privacy and comfort and accept that you just can’t have everything. but in the end even one addon like ublock can make a big difference, even if it alone is not perfect.

      if anyone has a better idea, please let me know.

      1. wybo said on August 8, 2015 at 12:55 pm
        Reply

        This add-on is pretty good too as there is nothing to do than installing it
        https://requestpolicycontinued.github.io/

  11. Hy said on August 7, 2015 at 8:10 pm
    Reply

    I didn’t know about this. Thanks for the great news!

    Any update on whether the occasional incompatibility problems between Privacy Badger and Self-Destructing Cookies still exists?

    1. Hy said on August 15, 2015 at 3:30 am
      Reply

      Thanks for letting me know! I think I may try the two of them again soon myself. Hopefully the problem really is fixed!

    2. paulderdash said on August 14, 2015 at 3:59 pm
      Reply

      Would also like to know this (if incompatibility problems between Privacy Badger and Self-Destructing Cookies still exists) …

      1. paulderdash said on August 14, 2015 at 5:41 pm
        Reply

        Hy – been running the two together these last few days without any apparent problems.

      2. Hy said on August 14, 2015 at 5:04 pm
        Reply

        Thanks for the info! I had given up and uninstalled PB last year because if using it with SDC then my cookie permissions were being changed without my interaction to “Allow first-party only” cookies on some sites such as Google, YouTube, and others. I was unaware of the Github discussion of this you linked to.

        Have you tested using PB and SDC together yet and can you confirm that the problem seems to be fixed? Thanks for letting me know!

      3. paulderdash said on August 14, 2015 at 4:10 pm
        Reply

        Actually – it seems to be fixed: https://github.com/EFForg/privacybadgerfirefox/pull/425

  12. flo said on August 7, 2015 at 2:53 pm
    Reply

    So then which one is it? :)
    ublock, disconnect or PB?

    1. fokka said on August 8, 2015 at 1:55 am
      Reply

      according to the privacy badger faq, you should be good without disconnect:

      https://www.eff.org/privacybadger#faq-How-does-Privacy-Badger-handle-social-media-widgets?

      i’m not an expert on the matter though.

  13. wybo said on August 7, 2015 at 2:49 pm
    Reply

    Excellent news for an add-on I have been using for quite a while now. Although the old versions icon disappeared months ago and I cannot find it anywhere.
    I guess I will uninstall the old version and start over.

    Thanks for the article about this great add-on.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.