Privacy Possum is Privacy Badger on Steroids
Privacy Possum is a new open source browser extension for the Mozilla Firefox and Google Chrome web browser by a former developer of the EFF's Privacy Badger extension.
The extension focuses on blocking data that companies may use to track you across the Internet. Tracking has gotten way out of hand on today's Internet thanks to a growing list of technologies that companies may use to track users and the financial incentives.
Tracking happens in the background most of the time; while you may notice that some company must have been tracking you if all sites start to display product ads after you looked at the product on a single site, it is often the case that there is no indicator that you are being tracked by companies.
Internet users may install browser extensions that improve privacy, and Privacy Possum looks to be a good choice in that regard.
Privacy Possum is available for Google Chrome and Mozilla Firefox. Like most privacy extensions, it adds an icon to the main toolbar that acts as an indicator of blocking activity and control panel when clicked on.
The current version of the extension blocks four different tracking methods:
- blocks referer headers that may reveal the browsing location.
- blocks etag headers to block browser caching tracking. Privacy Possum strips and stores etag header data and compares it with third-party requests to the URL to determine whether the header is used for tracking or not.
- blocks (all third-party) cookies that are used to track users.
- blocks some browser features that may be used to fingerprint users. If a site mixes first-party fingerprinting code with code necessary to run the site, Privacy Possum won't block but will dilute the data by injecting random data to "spoil the fingerprint".
Privacy Possum runs automatically; it blocks elements automatically and there is nothing that you need to do.
The extension indicates blocking activity by adding a number to its icon. A click on the icon reveals how many tracking related elements it blocked and the type of the blocked elements.
Privacy Possum is a promising new browser extension for Chrome and Firefox that improves your privacy while you browse the Internet. It offers more protective features than Privacy Badger and is certainly an extension that privacy-conscious users may want to try out or at least keep an eye on to see how it evolves over time.
Now You: do you use privacy extensions?
- Facebook Container extension prevents Facebook tracking in Firefox
- Privacy Extension for Firefox, Priv3
- Privacy Guard for Chrome assigns risk categories to extensions and apps
- The ultimate Online Privacy Test Resource List
- Why I'm using multiple web browsers
I’m actually running Chrome + uBlock origin. I wonder if Privacy Possum con be added as an extra privacy layer. Any advice appreciated, thanks.
Just like Mario, I wonder if this extension adds any new filtering functionality on top of what is already provided when you use uBlock origin.
Not really. uBlock Origin gives you the most complete protection if you know how to use & tweak it correctly.
Replace Chrome with Chromium or Waterfox. Install uMatrix or NoScript along with uBlock Origin = complete protection.
Complete Protection what a laugh. Thanks for the Laugh. Come on Dark make me laugh again about your complete Protection from your browser.
And yet as you read this your credit card, banking information, social security number, password all has been compromised. Using Port 80, 53 or 443.
Keep telling yourself that you have total protection.
Tell us again to Switch To Linux, or use Simplewall.
For the Lulz..
You seem to know what you are talking about but instead of giving useful advice, you spew hate and negativity. Maybe it’s time to sharpen your people skills.
More Fake News From WhiteHat The Hacker !!
I’m glad to see you’re not letting your education get in the way of your ignorance.
But then again. Why is it acceptable for you to be an idiot but not for me to point it out?
But thanks for playing the game.
Anon, get over yourself.
Can’t believe i got owned from Anonymous. I’m just waiting around to be a Troll Victim again.
You are completely clueless and you hide behind anonymity. If you are such a security expert, make yourself known.
My name is Paul S. Can’t believe you never heard of me before.
I”m hiding behind my anonymity. Why yes I’m Clueless to understand what port 80, 53 or 443 does. Should i make myself know here?!?
@Paul S said on March 9, 2019 at 6:45 am, “Should i make myself know here?!?”
That’d be a splendid idea. Don’t forget your birth date.
Clue for ports : search engines.
Someone should make a system-wide proxy like this. Ideally a firmware for home routers. Tomato, DD-WRT have IPtables and basic domain blocking but messing with router scripts is a bit much for the average user.
You mean something like this? — https://pi-hole.net/
(Not on the router but on any Linux system, in particular a Raspberry Pi)
This sounds great, could replace 3 of my extensions with it, if it works well.
Hi Martin, it’s now been some time I follow your website and I have to say I really enjoy it and its content. The articles sound very professional and the themes are quite unique.
There’s only one thing i’d like to see more often : I think it’d be interesting if you’d add, Everytime you talk about a software, what kind of software it is (free software, freeware, partially free, etc.) As for a lot of softwares, especially the ones concerning privacy, I’m very careful about its kind : I’ll always choose the open source one over the others. It would be even better if you would share the license.
Thanks for your work anyway.
Thanks. I mentioned that the extension is open source in the first paragraph. I will do my best to make this clearer in the future.
Sorry if I missed it. If you added it, thanks a lot. :D
> Privacy Possum runs automatically; it blocks elements automatically and there is nothing that you need to do.
Not a good thing; user should still be able to control blocking behavior – a simple disable-enable isn’t good enough
Not a good thing?.. What you say does not apply to the article. Perhaps you should read and comprehend the article before commenting limited and extreme claims.
and you can still change what it blocks in its settings, all that that means is that it blocks trackers that need to be blocked without you having to manually add them to a list of trackers to block. If you had to allow or block every tracker it would take you like an hour to load youtubes home page and a lot of additional time to load an individual video – assuming that you know what every link is and does. This simplifies that process by detecting trackers and automatically blocking them – and you can even manually change which trackers it blocks in the settings if you want to
I’m currently relying on uBlock, uMatrix, HTTPS Everywhere, Neat URL and Decentraleyes on Firefox for my privacy needs. Adding that extension as well would be redundant, right? Genuinely asking.
Some features of Privacy Possum are not available in any of the extensions you mentioned.
Awesome. I’ll add it right now. Thank you for a great article.
I’m wondering if HTTPS Everywhere is redundant nowadays in Chrome and Firefox?
Is it? I’d love to be enlightened, if it’s not a bother.
uMatrix HTTPS Everhwhere and Decentraleyes are all redundant
I’m using Chrome + uBlock Oriign/Decentraleyes/HTTPS Everywhere/CookieAutoDelete. Was using Privacy Badger too but may swap for this.
For windows I use ExpressVPN/Windows Defender/Malwarebytes Premium.
Gorhill has a very proven track record and appears to me seriously genuine. I’m not for a minute saying this extension is not good, but I believe we all have be tread carefully with new releases like this, especially if they are not open source. We also don’t want to add ‘sameness’, and bog the browser down, when it might not be adding anything significantly new…
Just a little caution, that’s all.
Sophie, its open source. Also wondering why Gorhill comes into this equation, did he say something somewhere?
Hi Pants, apologies if I missed that it was open source. I only mentioned Gorhill because a lot of things might be covered by extentions such as his, and other similar. He didn’t say anything about this, to the best of my knowledge, but anything I’ve read him say seems to resonate a lot with me.
You are allowed to publish closed source extensions to AMO? I wasn’t aware of this. The kind of mad world we live in… tsk tsk
I thought Pants said that this was in fact Open Source?
I was refering in general, the idea of a closed source extension on an open source browser, it is kind of unsettling.
@Yuliya What are you talking about? Even GNU/Linux have tons of proprietary software and drivers. This is nothing new.
@Sophie So basically you just had to comment without understanding or wanting to understand. You only had to read the first sentence to see it’s open source, you didn’t even get that far.
@ Crambie – yes, you’re right here. I normally read Martin’s articles very closely, but in this case I was too hasty. But note that Yuliya seems to have made the same mistake.
Apologies! My bad.
Is it correct to say, that when using this extension, Header Editor is no more needed to remove ETAg header?
Privacy Possum at first sight seems to be the extension to have. Unfortunately the extension’s Github page shows several issues concerning blocked websites (blocked in that they are not displayed even if they are accessed). For instance Qwant and DuckDuckGo are reported as blocked and, concerning the former at least, even when disabling Privacy Possum for that site Qwant remains blank (to be noted: clicking on Privacy Possum’s toolbar button doesn’t disable the extension as a whole but only for the opened site/domain – No idea if it’s the site only or the domain, by the way).
A promising extension but which seems to need polishing.
How about that by Github advice (on the Privacy possum page) ( https://github.com/desktop/desktop) that its quite smart to download alongside privacy possum the “community-supported package manager Chocolatey” (https://chocolatey.org/) to maintain Github software from who Github is saying “Chocolatey is the most reliable when software is included in the package, but can also easily download resources.”?
Is it a software who privacy wise I cant trust that they do not use main information and that Chocolatey will also maintain the latest build from installed software of main system (Like privacy possum) correctly?
I like the goals of EFF and Privacy Badger, but I can guess why they are not interested in incorporating the Privacy Possum philosophy into their product. Nevertheless, I think PP has merit and benefit for the user. PP may not survive as it becomes more popular, but I hope it does.
Privacy Possum seems to work well with Windows 10 x64 1803 using Chrome x64 beta, Opera, and Avast Secure browsers.
I have experience using “privacy badger” .
But now it is a combination of uBlock Origin and uMatrix.
Among other things, uMatrix is â€‹â€‹a mandatory extension for me as it has complete control.
I also use the UBO scope to evaluate the website.
The search engine I use is limited to DuckDuckGo.
I am using Firefox and Vivaldi.
Also, as an alternative to duckduckgo, recently learned about searx.me
@ auninfl, Thanks for the Reply.
Because it is from Japan, there was a time difference (day and night) and work situation, the reply was delayed.
I did not know searx.me.ï¼ˆhttps://searx.me/ï¼‰
This search engine is an application of an open source project led by Adam Tauber (Budapest, Hungary), is not it?
I tried searx.me.
searx.me was also full of convenient functions such as privacy protection being thorough and display in category can be done.
It is an impressive application.
I made this awesome search engine the default setting.
Below are reference examples for the question.
Privacy protection and security
ï¼žGuidanceï¼šSURVEILLANCE SELF-DEFENSEï¼ˆhttps: //ssd.eff.org/enï¼‰
A uMatrix guide for Firefoxï¼ˆhttps://www.ghacks.net/2017/11/28/a-umatrix-guide-for-firefox/ï¼‰
ãƒ»uMatrix GitHub pageï¼ˆhttps://github.com/gorhill/uMatrixï¼‰
Very good to know there’s yet another resource available for our privacy concerns browsing the web. Something to have in consideration (extracted from the GitHub page): “We prioritize costing tracking companies money over protecting you.”
Probably this doesn’t really mean that they don’t focus on privacy as much as Privacy Badger does, but just thought it’s worth pointing it out. So as far as I can tell I’ll continue to use other extensions for now until there’s some proven record on how well this performs overall.
I noticed that the developer is “Anonymous user a17b94”. I don’t know if there’s any cause for concern there, but I’d prefer an actual name even if it is a pseudonym.
concern? what concern? you can use nickname as you like, don’t you want to respect the author’s privacy?
It has nothing to do with respect: I just consider it a bit odd that a developer would choose to be anonymous that’s all.
There’s been a whole host of “anonymous user (random alphanumeric)” reviews on the AMO site just lately usually trashing good extensions and purporting to show that a bad one is better and seeing your handle with the same name triggered those events in my mind.
Martin has listed similar reviews for films which have appeared (I don’t have the link to those right now) on there over the past six months or so.
It might also account for the fact that only 17 users have installed your extension even though it’s been on the site for a couple of months now.
You seem to be using a different pseudonym on the Github site so why not use that one for your extension as well?
“I just consider it a bit odd that a developer would choose to be anonymous thatâ€™s all.”
I don’t think this is odd at all — it’s not the most common case, but it’s far from rare that developers remain anonymous. Usually they pick more ordinary-sounding pseudonyms, but that’s a difference in style rather than substance.
Let’s just agree to disagree on the subject shall we?
@TelV: â€œAnonymous user a17b94â€ is a pseudonym, so I’m not sure what your objection here is…
It can be as it may also be the automatic AMO pseudonym given to users who have closed their account because their comments/ratings remain.
It would be funny that a new user deliberately chooses a pseudonym structured the same way as those provided to closed accounts :=)
Concerning the developer of ‘Privacy Possum’, named ‘Anonymous user a17b94’ on AMO, he appears more distinctively on his GitHub page: cowlicks at [https://github.com/cowlicks/privacypossum]
Hi, I am the developer. I didn’t intend to be anonymous. I think I accidentally originally uploaded the extension anonymously sorry for the confusion. The project is on my github here: https://github.com/cowlicks/privacypossum
Did you delete my post Martin? It was here a minute ago… ???
Oh, never mind..I see it now.
@ Anonymouse a17b94,
Here’s the link I referred to earlier re: trash reviews: https://www.ghacks.net/2018/04/09/another-wave-of-spam-add-ons-hits-mozilla-firefox-amo/
Anyway, looks like some bug killer needs to be applied. :)
I should have mentioned that I saw the above on FFv60rc2. Since then I’ve tried it in Waterfox with the same results as above. It does look to be working fine in Chrome.
I’ve decided to lower my FF disk cache back down to 100MB from 175MB with the thought that most if not all of my cache will be replaced everyday and it gets deleted a couple times a week also. I think for my use it’s not necessary at this time.
I don’t see the value proposition of this (o)possum feature. In fact, I worry that it may breed a false sense of security.
“blocks (all third-party) cookies that are used to track users.”
I also don’t know whether the (parentheses) are present in THEIR description, or were just added in the article here. Reading that, one wonders: Wait, it blocks all 3p cookies… or all 3p cookies are used to track users… or it blocks ONLY those (enumerated, in a blacklist maintained by the EFF) 3p cookies which, ala DisconnectMe, have been deemed to be “bad” ?????????
The native browser already has a “disallow 3rd-party cookies” preference… and ublock, requestpolicy, and similar extension already have disallow 3p requests by default.
Unless the http request to 3rd-party is blocked, the connection request provides a loggable pingback/beacon signal anyhow, so (sez me) attending to “just cookies” is worthless as a feature.
I’m “all ears”: What value does extension purportedly provide beyond the functionality provided by my choice of one/several existing, well-established, similar extensions?
Hi, I’m the Privacy Possum developer. The project is based on heuristics, we do not maintain any blacklist or whitelist to determining what is bad. We do use mozilla’s public suffix list, and privacy badger’s multi-domain-first-party list to determine what domains are third party in relation to each other.
You are correct that this extension does not offer total un-circumventable privacy. Instead we are trying to develop a tool that gives you privacy that is not cost-effective to commercial trackers to circumvent. Which isn’t perfect, but is still extremely useful because it impacts tracking companies bottom line.
It’s reported on Firefox Add-ons reviews that the latest version 7th May 2018 breaks DuckDuckGo which I always use. 1st release was on 21st March 2018 but, I’ll definitely revisit this extension at a later date to test once initial bugs are ironed out.
IOW I’ll give PP a bit longer to mature.
Thanks again for the article Martin
The DDG fix has been released :) This is my first big wave of new users, so I’m not surprised something broke. Thanks for you checking it out!
Thanks! I installed it and uninstalled it after DDG wouldn’t work. Came back and saw your comment and it works fine now.
The disable feature didn’t function on the earlier install, but so far I have not encountered a situation where Privacy Possum interfered with any sites (2 banking sites and Amazon worked fine) so I have no input about that feature.
Oops – it breaks Intellicast and disable does not help.
What part of intellicast is it breaking? Would you mind creating an issue here so I can track it better?
For a while I thought PP and PB were working together in a useful complimentary way in Chrome x64 beta, until I got this error:
This extension failed to modify the response header “set-cookie” of a network request because the modification conflicted with another extension (Privacy Possum).
Any suggestions on how to proceed re PP?
Thanks for posting this. It’s blocking a lot of stuff Badger didn’t even know was there.
I’m having problems with ‘Privacy Possum’ (latest release and earlier) installed on Firefox (ver. 61.0.1, 32. bits) and Linux. After clicking on an icon, there is a short information only (on every website):
“Nothing to do”.
It’s very strange, because e.g. ‘Privacy Badger’ blocks some trackers on various websites but ‘Privacy Possum’ doesn’t. (Of course, ‘Privacy Badger’ was disabled before ‘Privacy Possum’ installation process). What could be the reason and what can I do in such situation?
I was going to make a donation via paypal but was asked for a Â£1.99($2.57) fee on top, which I wasn’t prepared to pay. What is that all about? I have never been asked to pay a donation fee before and I’m not gonna start now. Keep up the good work though, much appreciated.