Trace blocks multiple tracking techniques in Firefox and Chrome - gHacks Tech News

Trace blocks multiple tracking techniques in Firefox and Chrome

Trace is a privacy add-on for Mozilla Firefox and Google Chrome web browsers designed to block several tracking techniques used to track Internet user activity.

The extension is available for Chrome and Firefox officially but it may run on Chromium or Firefox based web browsers such as Vivaldi or Opera.

User tracking is a big privacy issue on today's Internet. Marketing companies, web publishers, software publishers, and advertising companies use numerous techniques to track users that go beyond dropping cookies on user systems.

Some techniques use, or abuse, new web technologies that browsers support while others track users using functionality that browsers supported for many years.

Trace

trace anti-tracking

Trace is an anti-tracking extension for Firefox and Chrome that protects against the following tracking techniques:

  • Canvas Fingerprinting
  • Audio Fingerprinting
  • WebRTC Leaks
  • User-Agent Tracking
  • Browser plugin fingerprinting
  • Beacon Requests
  • Bad Top Level Domains
  • Hyperlink Auditing
  • HTTP Referrer Headers
  • Chrome Header Tracking
  • E-Tag Tracking
  • JavaScript Crypto Mining
  • URL Tracking Cleaner (experimental)
  • Trace Page (injects code into sites to disable certain functions)

A soon-to-be-released version will protect against specific tracking cookies and URL parameters on top of that.

Trace works right after installation. The browser extension adds an icon to the browser's main toolbar that you can click on to open the Settings or display statistics about the extension's blocking activity.

The Settings are divided into Trace Features, Advanced Features, Browser Settings, and Options. The first three list the available anti-tracking features and options to enable or disable each individually.

Some come with configuration options. If you click on WebRTC Protection for instance, you will notice that Trace blocks the leaking of the local IP address but does not disable RTCPeerConnection, RTCDataCahnel, and RTCRtpReceiver JavaScript objects by default. You can enable those but it may break sites and services that use WebRTC functionality.

anti tracking extension trace

A click on a protective feature displays a short summary of what it does; useful as you may not know right away what enabling Web Request Controller does

Many features that Trace supports, especially those listed under advanced, require that users know what disabling certain techniques has for consequences. While you could use trial and error to find out if enabling a feature breaks certain web functionality, you may prefer to know what disabling a feature does before you configure it.

The following options are provided for instance if you enable Audio Fingerprint Protection:

  • Disable Audio Channel Functions
  • Disable Audio Data Functions
  • Disable Offline AudioContext Object
  • Disable Main AudioContext Object

You can check the developer website for information on all supported protective features. The website links to several fingerprinting and privacy tests as well to test the browser with and without Trace enabled.

Trace comes with whitelisting functionality so that sites may use blocked functionality; you may want to whitelist a site if it is broken after installing Trace and if you need to access it.

Trace is provided as a free extension with a basic blocklist. You can support development by donating three British Pounds; this gives you a premium code that you may enter to gain access to the premium blocklist as well.

Closing Words

Trace is a powerful privacy enhancing browser extension for Chrome and Firefox. Its interface is big and bright, and that is probably something that some users don't like at all. It would be great if the developer could integrate a compact interface next to the default one.

The functionality that Trace provides is what counts, on the other hand. Trace offers numerous anti-tracking and fingerprinting features. The developer is very active and new features are added to the extension regularly.

Update: Firefox users can download it from this URL: https://addons.mozilla.org/firefox/addon/absolutedouble-trace/

Related articles

Summary
software image
Author Rating
1star1star1star1star1star
4.5 based on 15 votes
Software Name
Trace
Software Category
Browser
Landing Page

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Denizhan said on May 12, 2018 at 10:40 pm
    Reply

    This is actually good stuff. I dont mind ads if they are not malware and tracking me.

  2. Oxa said on May 12, 2018 at 11:17 pm
    Reply

    How does Trace compare to Privacy Badger?

  3. Rourke said on May 12, 2018 at 11:24 pm
    Reply

    … looks interesting, but Trace does not seem compatible with Firefox derivatives like PALE MOON

    (also, user can’t config change General User Agent in newer versions of Pale Moon… which is a huge fingerprint)

    1. Richard Allen said on May 13, 2018 at 4:41 pm
      Reply

      Trace is only available as a webextension and webextensions do not work in Pale Moon but then you saw that. ;).

      I have Pale Moon v27.9.1 installed and the useragent can be changed globally and per website, both at the same time if wanted. Right-click on the about:config page and choose “New String” and name it: general.useragent.override

      Then add the useragent you want to use globally.:

      Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.9) Gecko/20100101 Firefox/52.9
      or
      Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
      or
      Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170

      The possibilities are endless. :)

      In about:config you will also see examples of the “Names” used to change the useragent per website e.g. “general.useragent.override.youtube.com”.

  4. Isn't It Ironic? said on May 12, 2018 at 11:56 pm
    Reply

    It’s interesting that Privacy Badger detected 2 trackers on this page promoting anti-tracking software!

    1. Richard Allen said on May 13, 2018 at 3:57 pm
      Reply

      I completely understand how some people will see it as ironic but I for one don’t because when there are ads on a website and then I also see trackers involved, that is not unexpected, it is in fact expected behavior. I’m not aware of one website that has ads that does not also have trackers invited to the party. When a website contracts with an ad network, trackers are part of the package.

      Which explains why Trace, Privacy Badger, Ghostery and Firefox Tracking Protection end up blocking ads which is just a side effect of blocking trackers. I wish it was possible to whitelist websites without exposing myself to the trackers but it can’t be done.
      Peace! ;)

  5. Richard Allen said on May 13, 2018 at 5:06 am
    Reply

    Nice! It looks to be another really good choice for those wanting added privacy protection. Some of what it offers is available in flags and command line switches (Chrome), and in about:config (Firefox) but it does make it easy for those that don’t want to dig around.

    I currently have “Trace” installed in Chrome Dev and “Privacy Possum” in Chrome Stable. Surprisingly, even though Trace does more it uses less memory than Privacy Possum but I don’t see either one being a problem in that regard. In the short time I’ve used Trace today I’ve had to whitelist zdnet and pcworld, it blocked some images from being loaded on the zdnet home page and I noticed images blocked on an old bookmark “https://www.pcworld.com/article/3160936/browsers/10-frustrating-google-chrome-irritations-and-how-to-fix-them.html”.

    With “Trace” if you have to whitelist a website then you end up having to disable all of the protection it offers. The same thing goes for Privacy Possum but I have yet to see it break a website, for the most part Privacy Possum is only dealing with referer and etag headers. Also, “Trace” will block most if not all ads, at least I haven’t seen any so far in my short time using it. I even saw an ad block whiner on androidcentral when using Trace by itself. Goes to show how much ads and trackers are intertwined.

    Right now I’m not using either one in my Firefox based browsers. I’m using uBO, No-Script Suite Lite, Tracking Protection and I do use Canvas Defender but even with that I only enable Canvas Defender every 4-8 weeks and leave it enabled for a week or so. Canvas Defender is currently enabled in all of my browsers except Chrome Dev. In my experience, most privacy extensions have the ability to break websites and Canvas Defender is certainly capable of doing so, as is Trace, Tracking Protection, Ghostery and others.

    I really like Trace and the only thing I think it lacks is the ability to disable a specific function for individual websites. That said, are there any security and privacy related extensions that even have that ability? Still in the testing phase but right now Trace looks to be a keeper. Appreciate the heads up Martin and a “Well Done” to the dev.

    1. AbsoluteDouble said on May 14, 2018 at 12:53 am
      Reply

      Thank you very much for this feedback!

      Whitelisting certain protections is high on my priority list and will be coming very soon, I’m just trying to figure out the best way to implement it.

      If you have any more feature requests, or issues, please don’t hesitate to email me.

      1. Richard Allen said on May 14, 2018 at 5:31 pm
        Reply

        Appreciate your response. I have one last request, could you clarify how the etag blocking in Trace works?

        E-Tag header blocking as far as I know is for 3rd-party e-tags. That’s what Privacy Possum states and comparing it to Trace in the dev tools in Chrome Dev and Chrome Stable (Privacy Possum) they both appear to be working in a similar manner. The only 3rd-party e-tags I saw were for a cdn, twitter and facebook. I was looking at androidcentral and only spent a few minutes comparing the two.

        Also, the cache needs to be cleared to get rid of any old e-tags when installing something like Trace or Privacy Possum. Anyway, I intentionally use a small cache size (100MB) in all of my browsers hoping it will be replaced most everyday and I clear the cache once or twice a week also. To be honest, I’m still doing research trying to figure out this whole e-tag blocking functionality.

        Privacy Possum statement found on github:

        We detect and block third party etags as follows:

        The first time you see a request to a 3rd party url with an etag, strip the etag header and store its value.
        The second time you see a 3rd party request to this url, compare the new etag you get with the old one.
        If they are the same, this is not a tracking etag, allow etags for this url now and in the future.
        If they are different, do not allow etags for this url now or in the future.

        Chrome withholds the if-none-match headers from onBeforeSendHeaders (https://developer.chrome.com/extensions/webRequest#Life_cycle_of_requests). So we can’t prevent the browser from revealing some data via sending cache information, we are only able to intercept incoming etags from “sources that are not already cached”.

        What are the differences with etag blocking in Trace compared to Privacy Possum? Thanks!

  6. Anonymous said on May 13, 2018 at 10:54 am
    Reply

    Not open source.

    1. yogaisevil said on May 13, 2018 at 6:49 pm
      Reply

      It is conceivable. . Ghostery is not trusted by hardcore foil hats but atleast they went open source.

    2. AbsoluteDouble said on May 14, 2018 at 12:47 am
      Reply

      Hi, I’m the developer of Trace. I do plan on making it Open Source very soon, initially this was just a small project but it appears it’s now getting quite a bit bigger than that

      1. Rad said on May 14, 2018 at 3:27 pm
        Reply

        you should merge your addon with Privacy Possum

      2. Raid said on May 14, 2018 at 3:55 pm
        Reply
  7. Weilan said on May 13, 2018 at 12:18 pm
    Reply

    Thanks, I will test it.

  8. yogaisevil said on May 13, 2018 at 6:45 pm
    Reply

    It covers a lot, some features are good (audio fingerprint, plugin hide, etag) which aren’t covered by other addons but some choices are questionable and actually stupid!!

    Like canvas blocking (change every minute??), ref control (remove completely?) and random user agent (change every 15 seconds???). That aggressive nature actually make you even more identifiable!!!! Don’t use these!

    It’s better to use ‘smarter’ addons made for a specific task like like Referrer Control (spoof third party only!), Canvas Blocker (fake readout-persistent/constant) , and any ua switcher which offers configuration!

    Also does E-Tag blocking not work for anyone else?

    1. AbsoluteDouble said on May 14, 2018 at 12:51 am
      Reply

      Hi, I’m the developer of Trace. Thank you for the feedback! Recently I changed the canvas fingerprinting logic and forgot to update the description, it now causes the fingerprint to be randomly generated on each request (if I am remembering correctly).

      Also, I am planning on enhancing the referer header control, at the moment it just changes a browser setting but I am going to make it so Trace has more control over the header, thus giving more control back to you, the end user.

      I agree with your statement on the user-agent header and will add more options for configuration in a future version.

      1. Rad said on May 14, 2018 at 3:36 pm
        Reply

        Could you do the interface smaller? and not that ugly?, something elegant and simple, no offense.
        Maybe something like Ublock, where there is space for everything, even descriptions.
        Or something like add0n.com/privacy-settings.html
        https://addons.mozilla.org/es/firefox/addon/privacy-settings/

  9. gordon said on May 13, 2018 at 11:13 pm
    Reply

    @Richard Allen said: ” I have Pale Moon v27.9.1 installed and the useragent can be changed globally and per website…”

    — Yes, you can indeed (apparently) change the global user agent in about:config — BUT that does NOT actually change the user-agent string transmitted to the world by Pale Moon 27.9.1 (or recent versions ! (it’s either a glitch or intentional by MoonChild ?)

    If you connect to a web IP checker site — it reads/displays the default Pale Moon user agent string rather than whatever ‘new’ string you thought you changed in about:config. That default Pale Moon string is a rare fingerprint since only a tiny percent of web users employ Pale Moon browser.

    I see the 2016 “Secret Agent” extension for user-agent spoofing is still listed on the Pale Moon Add-ons site. Is that extension still valid and safe with latest Pale Moon versions?

    1. CLM said on May 14, 2018 at 12:30 pm
      Reply

      User agent overider on PM 27.9 working fine on my end!

      1. CLM said on May 14, 2018 at 12:31 pm
        Reply

        Also by any chance does any one knows where is the link of Trace firefox extension! the website posted above only takes you to chrome store!

      2. Cigologic said on May 14, 2018 at 9:43 pm
        Reply
    2. Richard Allen said on May 14, 2018 at 4:29 pm
      Reply

      “If you connect to a web IP checker site — it reads/displays the default Pale Moon user agent string rather than whatever ‘new’ string you thought you changed in about:config.”

      Sorry, I’m not seeing that. I tried nine different websites and could not verify what you are seeing. I changed the ua in about:config to show that Pale Moon is on Win 10 x64 and that it is FF v62 (Nightly), and that is what all nine websites showed. Some of the websites will need javascript enabled to work.

      “https://panopticlick.eff.org/”
      “https://www.iplocation.net/find-ip-address”
      “https://www.askapache.com/online-tools/whoami/”
      “https://www.whoishostingthis.com/tools/user-agent/”
      “https://www.whatismybrowser.com/detect/what-is-my-user-agent”
      “http://www.whatsmyip.org/”
      “http://www.whatsmyua.info/”
      “http://www.useragentstring.com/”
      “http://browserspy.dk/useragent.php”

      Screenshot: “https://s31.postimg.cc/4yvqohy6j/Pale_Moon_Useragent.png”

      I’ve never used an extension to change the useragent. In Pale Moon and Waterfox I’ve always used the about:config entry.

      1. CLM said on May 14, 2018 at 7:56 pm
        Reply

        I just tried the first five websites you mentioned all returned with the fake agent im using!

        Palemoon is not the problem, Waterfox is my second browser and the same thing only showing the fake user agent!

        Try
        https://addons.mozilla.org/en-US/firefox/addon/user-agent-overrider/versions/?page=1#version-0.2.4.1-signed
        Install “Version 0.2.4.1-signed”,
        make sure its on the tool bar, and click on it to turn it on, and choose whatever user agent you want from the the drop down menu, and check again, if the user agent overrider is hiding your user agent, then only one string in “about:config” is not enough!!

        Also the best extension that works for both PM and waterfox is “Secret Agent” https://www.dephormation.org.uk/?page=81 but it tends to brake some website and for some reason java script is turned off all the time!

  10. rickxss said on May 14, 2018 at 2:17 am
    Reply

    The extension is available for Chrome and Firefox officially but it may run on Chromium or+++++” Firefox based web browsers such as Vivaldi or Opera.”

    joking right ?

  11. ddk said on May 14, 2018 at 5:36 am
    Reply

    Martin, much thanks for writing about this, currently testing it out & so far pretty much working as expected. There does appear to be quite a lot of disk and mouse cursor activity while this is running. Cursor keeps displaying the hour glass icon randomly and SSD is always flickering whereas it’s pretty quiet when Trace isn’t running. However no noticeable slowdowns while browsing with it.

    Using Windows 8.1 & Google Chrome Stable 64 bit.

  12. Dave said on May 14, 2018 at 5:34 pm
    Reply

    I like it. It does the job of several addons I’m using on ESR.

    I just setup FF60 last night, I’ve been using only ESR since FF killed all my extensions.

    I’m only using 3 extensions now, Trace, NoScript, and Cookie Auto-Delete and FF60 has passed the initial round of privacy/tracking/advert testing.

    I’m also using the Ghacks User.js but my motivation for doing so is asthetics. Why does everyone want my PC to look like a $100 phone? I’ve got enough CPU/GPU to lauch a mars missiong ffs, I want crap to use resources and look 3D.

  13. CLM said on May 14, 2018 at 8:00 pm
    Reply

    Where is the link of the firefox extension!!!

  14. Kalalo said on May 18, 2018 at 11:51 am
    Reply

    Looks promising…
    But I personaly will wait till it’s opensource and has more control over the features. Better minimalistic UI would be great too.

    1. AbsoluteDouble said on May 18, 2018 at 6:32 pm
      Reply

      You’ll have to stay tuned, lot’s more control is coming soon! As well as UI Customisation which is under active development.
      I am going to be opensourcing the extension soon also.

      1. alfie69 said on June 18, 2018 at 12:17 pm
        Reply

        great addon! only question i have about it is does it conflict with other addons like ubO and privacy badger? am running all 3 but disabled webrtc in ubo as your addon seems to have the same function?

        cheers for protecting us from these nosy trackers!

  15. burks said on May 20, 2018 at 4:52 pm
    Reply

    Richard Allen said on May 14, 2018 at 4:29 pm
    Reply

    “If you connect to a web IP checker site — it reads/displays the default Pale Moon user agent string rather than whatever ‘new’ string you thought you changed in about:config.”

    Sorry, I’m not seeing that. I tried nine different websites and could not verify what you are seeing. I changed the ua in about:config to show that Pale Moon is on Win 10 x64 and that it is FF v62 (Nightly), and that is what all nine websites showed. Some of the websites will need javascript enabled to work.

    “https://panopticlick.eff.org/”
    “https://www.iplocation.net/find-ip-address”
    “https://www.askapache.com/online-tools/whoami/”
    “https://www.whoishostingthis.com/tools/user-agent/”
    “https://www.whatismybrowser.com/detect/what-is-my-user-agent”
    “http://www.whatsmyip.org/”
    “http://www.whatsmyua.info/”
    “http://www.useragentstring.com/”
    “http://browserspy.dk/uRichard Allen said on May 14, 2018 at 4:29 pm
    Reply

    “If you connect to a web IP checker site — it reads/displays the default Pale Moon user agent string rather than whatever ‘new’ string you thought you changed in about:config.”

    Sorry, I’m not seeing that. I tried nine different websites and could not verify what you are seeing. I changed the ua in about:config to show that Pale Moon is on Win 10 x64 and that it is FF v62 (Nightly), and that is what all nine websites showed. Some of the websites will need javascript enabled to work.

    “https://panopticlick.eff.org/”
    “https://www.iplocation.net/find-ip-address”
    “https://www.askapache.com/online-tools/whoami/”
    “https://www.whoishostingthis.com/tools/user-agent/”
    “https://www.whatismybrowser.com/detect/what-is-my-user-agent”
    “http://www.whatsmyip.org/”
    “http://www.whatsmyua.info/”
    “http://www.useragentstring.com/”
    “http://browserspy.dk/useragent.php”

    Screenshot: “https://s31.postimg.cc/4yvqohy6j/Pale_Moon_Useragent.png”

    I’ve never used an extension to change the useragent. In Pale Moon and Waterfox I’ve always used the about:config entry.seragent.php”

    Screenshot: “https://s31.postimg.cc/4yvqohy6j/Pale_Moon_Useragent.png”

    I’ve never used an extension to change the useragent. In Pale Moon and Waterfox I’ve always used the about:config entry.

    1. Isn’t that ironic? Those websites want me to enable javascript! That is idiotisme.

    2. I change my UA every minute.

  16. Roche Labs said on May 27, 2018 at 10:30 pm
    Reply

    Dave said: I want crap to use resources and look 3D.

    No problems for your browser. Google, Amazon and many other CDNs as Akamai will make thousand of connections to track, fingerprint and send you “tailored” ads.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.