Privacy Badger 1.0 ships with super-cookie and fingerprinting detection
Privacy Badger launched more than a year ago as a browser extension for Mozilla Firefox and Google Chrome to inform users about online tracking and with options to block certain trackers from doing their work.
The EFF has released an update to Privacy Badger today which improves the extension further. Available for both Firefox and Chrome, it ships not only with new functionality but also interface improvements and new languages.
The core functionality that Privacy Badger offers remains the same though. It adds an icon to the browser's main toolbar that indicates if trackers have been detected on the active site.
If that is the case it highlights the number of found trackers in red, if not, the number is shown in green. A click on the number lists connections the sites made when it was loaded in the web browser. This list is divided into trackers at the top and other connections below that.
Sliders are provided next to each domain name that you use to change cookie behavior for it. You can switch permission from allowing cookies over blocking them to blocking the entire domain.
The main difference between blocking the entire domain and blocking the cookies it sets is that blocking the entire domain may break page functionality while blocking cookies only usually does not.
Privacy Badger includes the Do Not Track header automatically when it is installed, and supports the new Do Not Track policy announced last week by the EFF and partners.
The options of the extension list previously detected trackers, or domains that the extension suspects are used to track Internet users. These domains may get blocked automatically by the extension if they are detected on at least three different sites you connect to.
This means that the extension learns while you are browsing the Internet in the browser but also that all third-party connections, even those tracking you, are allowed in the beginning.
The extension ships with a whitelist option to allow certain domains no matter what, and an option to handle its social widget setting. This works in conjunction with the "disable Privacy Badger for this site" button of the frontend interface.
Privacy Badger replaces certain social buttons on websites, the Facebook Like button for instance, with a static version that does not phone back automatically. Users interested in liking a site can still do so, but need to click one more time for that.
Privacy Badger is not an ad-blocker, even though it can be configured to block certain kinds of advertisement.
Additional information about the new Privacy Badger version are provided on the official EFF Deeplinks blog.
Excellent news for an add-on I have been using for quite a while now. Although the old versions icon disappeared months ago and I cannot find it anywhere.
I guess I will uninstall the old version and start over.
Thanks for the article about this great add-on.
So then which one is it? :)
ublock, disconnect or PB?
according to the privacy badger faq, you should be good without disconnect:
i’m not an expert on the matter though.
Careful with the “Yellowlist” allowed trackers though.
I didn’t know about this. Thanks for the great news!
Any update on whether the occasional incompatibility problems between Privacy Badger and Self-Destructing Cookies still exists?
Would also like to know this (if incompatibility problems between Privacy Badger and Self-Destructing Cookies still exists) …
Actually – it seems to be fixed: https://github.com/EFForg/privacybadgerfirefox/pull/425
Thanks for the info! I had given up and uninstalled PB last year because if using it with SDC then my cookie permissions were being changed without my interaction to “Allow first-party only” cookies on some sites such as Google, YouTube, and others. I was unaware of the Github discussion of this you linked to.
Have you tested using PB and SDC together yet and can you confirm that the problem seems to be fixed? Thanks for letting me know!
Hy – been running the two together these last few days without any apparent problems.
Thanks for letting me know! I think I may try the two of them again soon myself. Hopefully the problem really is fixed!
I can’t keep up with all these privacy extensions.
These days I use uBlock Origin and subscribe to their anti-everything lists, along with Self-Destructing Cookies and Priv3+. Firefox itself its told not to share cookies, and other tracking tech is turned off. This seems to work well.
you are right, it’s getting complicated. in the past it seemed so simple with only an adblock extension and maybe do not track set to active. but in the end i think you just can’t have perfect privacy and perfect comfort at the same time. that’s why i’m using ublock origin and privacy badger only for now. other extensions like https everywhere or self destructing cookies would be a good idea as well, but things like noscript are simply too much for me.
i think everybody has to find their own balance between privacy and comfort and accept that you just can’t have everything. but in the end even one addon like ublock can make a big difference, even if it alone is not perfect.
if anyone has a better idea, please let me know.
This add-on is pretty good too as there is nothing to do than installing it
With blocking ads and Self-Destructing Cookies, Priv3+, I have a bad news for you that this is not enough, website’s admins had their own trump card for a long time ago. It is webbugs.
They can generate 1×1 pixel (webbugs) image with your information to track you, for example:
But not only images, they can use iframe, object, everything as webbugs…
Big example: Everywhere.
Privoxy can stop web bugs
But you are correct – it’s still not enough – there are:
– Authentication headers (does not need JS)
– Tab Name and Tab History can also leak
to name but a few
I think the only way to stop webbugs from tracking us:
– Allow only HTML and maybe CSS, block images, iframes, objects, embeds…
– Authentication headers (does not need JS) – Privoxy can melt this
– ETags – Easy easy with Privoxy
– Referrers – Privoxy’s +hide-referer
– Tab Name and Tab History can also leak – It is hard but possible with overriding window.name and history.back and forward if I remember correctly
– Canvas Fingerprinting – Privoxy can, a monster user did that http://www.prxbx.com/forums//showthread.php?tid=2223&pid=18507#pid18507
Anway, just install TorButtons, this addon can block most tracking method.
what are you considering the “anti-everything” lists ?
I cannot get you question, but with Privoxy, yeah, if you spend you time to fix a tracking site then 100% sure you can remove their tracking.
Dave: “These days I use uBlock Origin and subscribe to their anti-everything lists”
Skrell: “what are you considering the “anti-everything” lists ?”
Not sure if this addresses what you are asking, but in Firefox, if you go to Add-ons and then the options for uBlock Origin, then “Show Dashboard,” uBlock Origin’s settings will open in a new browser tab. There, on the second tab of the settings, “3rd-party filters,” you will find the lists.
Of course, if you’re asking which specific lists Dave subscribes to, we’ll have to hope he posts back… :)
that is EXACTLY what i’m asking ;;)
For FF if clicking the install link at https://www.eff.org/deeplinks/2015/08/privacy-badger-10-here-stop-online-tracking results in you getting a message about being unable to download, right click on the link and “Save As” to wherever you store .xpi files. Then drop it on a FF window. If you get an error message about it not being verified go to about:config and set xpinstall.signatures.required to false and drop the .xpi again.
The new version of Privacy Badger is no longer compatible with Pale Moon. It installs but offers no control interface (toolbar button). I don’t know if it’s doing any default stuff in background. The incompatibility has been reported to both the Electronic Frontier Foundation and Pale Moon. (Compatibility is still listed as “fixed” on Pale Moon’s extension page, but I expect they’ll get around to updating the page soon.)
I apologize in advance if I say something upsetting as I will speak the truth and say what’s exactly on my mind, really I do. :)
@A different Martin: I have reported this (as well as on github) and so has someone else already on our forum, but with the release of Pale Moon v26.0 pb1 (Goanna) and other business with add-on devs, I haven’t gotten around to it really to bring it up to their full attention. But in my opinion all we need to do is add modification to the chrome.manifest or bootstrap.js to the hard-coded GUID, though this was before the missing icon, so maybe another little fix too? Now I’m not saying I know how to fix this or anything, because I don’t with the little coding/programing skills I have, maybe you can get in contact with squarefractal (the dev who forked HTTPS Everywhere and brought us Encrypted Web) and see if he can help?
Just is case you didn’t hear news concerning your issue, I have found the last compatible version of Privacy Badger (v2.6.1) for Pale Moon and uploaded it to our forums as an XPI, you can get your copy here: http://forum.palemoon.org/viewtopic.php?f=16&t=9097
what exactly did you update? I wanted the latest features that came with v1.0.1 did you somehow add them to 0.2.6.1 ?
Now that “Privacy Badger also has super-cookies detection. Does this mean I can uninstall the add-on “Better Privacy”. which is a super-cookie safeguard.
@wybo: “This add-on is pretty good too as there is nothing to do than installing it” [RequestPolicy Continued]
You are right that RequestPolicy Continued (and the original RequestPolicy) are excellent add-ons, and highly recommended. By default they block most or all cross-site requests, although the user can choose from several pre-set whitelists immediately following installation during first use.
But Iâ€™m not sure what you mean by â€œthere is nothing to do than installing it.â€
A few remarks for anyone trying it for the first time:
Once installed and running, most pages will not display correctly or fully until you click on RPâ€™s red flag icon and allow the necessary requests, usually to content delivery networks (cdn, such as bootstrapcdn, etc., e.g.) or to other related sites (wsj.com–>wsj.net, Mozilla.org–>mozilla.net, etc.).
So after installing be prepared for some clicking and learning which other requests are necessary to display the sites you visit. Do a search on anything you are unsure of. Users of add-ons like NoScript and PrivacyBadger, etc., who are already used to seeing these behind-the-scenes names can spot the good/necessary from the bad/unnecessary (scorecardresearch, optimizely, doubleclick, and on and on) more quickly, but for first-time users it may take a little longer to get the hang of it and feel comfortable with it. I know one user who didnâ€™t and he gave up and uninstalled it, but really, itâ€™s quick and easy enough to master.
One thing to consider doing if youâ€™re going to give add-ons like RequestPolicy, and NoScript, etc., a try is to have at least one other browser at the ready which does not have those add-ons installedâ€”then if you simply cannot get a page to display correctly even after all your tinkering, or if you are just in a hurry to get that bus schedule site or train ticket site or whatever it may be to just display and work immediately, you can quickly access that site in your secondary browser, but still leave your primary browser more secured, and come back to it when you have time.
A final note: questions often come up about RequestPolicy and NoScript. They do different things, and yes, they can be run together. In fact, it is often recommended to do so.
If you are running the add-on QuickJava you have to enable cookies there (“C” set to blue),
otherwise Privacy Badger 1.0.0 won’t work. Sent a compatibility report.
Anyone know if Privoxy does anything to remove the ad frames from within browser or do they just show up as “blank areas”?
Can you provide any more information for doing this? Are you referring to using greasemonkey to do it?
Sorry, but at this time I don’t have this filter, but once day I will write it and share it, now I have only idea.
When you do eventually write it please post it on http://greasyfork.org/ :)
Does any one know if this statement is true for Mozilla Firefox, if it’s true Disconnect would be redundant (found on reddit).
“Find privacy.trackingprotection.enabled and set to true. It’s a built in Firefox tracking protection. It also speeds up page loading by 20-40%. This option replaces Disonnect extension and it may be removed after enabling this fix.”
D o you have a current “short list” of recommended add-ons that bestow [at least “reasonable”] security & privacy, and which play well together (I am using Firefox)?
Should this question already have been asked and answered, then would you please point me to it (and perhaps a few others, as well…).
Again, many thanks for ALL you do.
It seems Privacy Badger was updated today on my Windows 10 Home laptop. Chrome 55 disabled it as it wanted new permissions such as download manager, OS security settings change, etc.. EFF URL makes no mention of a new version, so I deleted the extension. Chrome 55 vertical ellipsis changed to an orange circle warning me of this change. The Chrome Webstore does reference 2016-12-07 new 188.8.131.52 Privacy Badger. I did install that.