Latest Privacy Badger removes Facebook's link tracking
The Electronic Frontier Foundation released a new version of Privacy Badger today for Chrome and Firefox that removes link tracking techniques that Facebook uses on its site to track outgoing link activity.
While Facebook knows exactly what its users do when they interact on the site, it would not know nearly as much about links to third-party sites that users interact with if it would not use a technique that is called link shimming.
The main idea behind link shimming is to use a wrapper around the original link so that all activity flows through Facebook servers first before the actual link target is loaded.
Facebook is not the only company that uses link shimming; many major Internet companies including Google or Twitter, use similar techniques.
The screenshot below demonstrates how skimmed links look like on Facebook. The link target is a page on Ghacks, but Facebook wrapped it around its own link target to track user activity.
Facebook runs a script on its site that manipulates skimmed links when users interact with those links. When you hover over an external link on Facebook, a script ensures that you see the right link target and not Facebook's link monstrosity.
Whether that is done to provide users with information about a link's destination or to hide the fact that Facebook redirects the link through its own servers is unclear.
The new version of Privacy Badger takes care of skimmed links on Facebook which the company uses to track users. The browser extension removes Facebook's link wrapper and blocks the tracking code; it does so automatically on Facebook and requires no user interaction for that.
The code is based on Facebook Tracking & Ad Removal, a browser extension for Firefox and Google Chrome that blocks tracking on Facebook's site and removes advertisement from Facebook as well.
Privacy Badger started to remove wrapped links to third-party sites on Twitter in 2017.
The new version of Privacy Badger blocks some of Facebook's tracking of third-party links. It should be clear that you cannot prevent all forms of tracking on Facebook if you use the site but that you can limit your exposure.
Privacy Badger blocks some tracking already, from Facebook but also other companies, and the EFF promised to keep on releasing updates for the extension to improve tracking protections further.
Now You: What do you do against online tracking?
Thanks Martin! Great info. I also install FBP extension as well. It cleans up the feed nicely. They recently added a quick cleaning feature. You go into settings /ads and it can wipe out all interests, ads, websites. I do this every few days to erase tracking.
Can this be done via ublock origin filters?
Depends of the lists you use for uBO; I don’t know if the default lists provided handle Facebook’slink shimming. If not Facebook dedicated lists exist, i.e.
Fanboy Annoyances List at https://fanboy.co.nz/
Social media filter at https://kb.adguard.com/en/general/adguard-ad-filters
I use them both to defeat Facebook’s intrusion on the Web but I ignore their Power on Facebook itself given I avoid social medias (except YouTube since it appears it’s considered as a social media).
My anti-tracking DoD includes, as far as Firefox is concerned, following extensions:
Of course the classical cookie management, here with Cookie Autodelete.
Firefox is set to honor First Part Isolation (privacy.firstparty.isolate = true).
Of course the Ghacks-userPref arsenal.
Am I forgetting something?
@Millenicide: good question. I too prefer to use uBo instead of an extension if poss. I am a bi in 2 minds about Privacy Badger: I have seen comments that say it is complementary to uBo, and I have seen comments that say if you use uBo you don’t need PB. Having installed uBo I recently removed PB, then reinstalled it.
To curb online tracking I use Privacy Badger, uBlock Origin, and based upon your recent review I’ve added Trace. So far, they appear to work well together and I’ve only encountered one website that didn’t load. In addition I’ve tweaked Firefox in several about:config recommendations as well. I also use Epic Privacy Browser (which has a built in VPN) and like that browser as well, but FF is becoming my â€œgo toâ€ primary browser now that I’m learning more about how to customize it.
Since I’m a relative novice I’ve learned quite a few tips from your blog, Martin. Many Thanks.
Thanks for the heads up. Been meaning to install this on Firefox.
A Version of Privacy Badger for Chrome, Firefox, and Opera newer than Version 2018.5.10 dated 2018-05-23 is not yet available yet in the US per https://www.eff.org/privacybadger . This may simply be a commonly seen delay in availability for a new version.
nevermind us. don’t see nothing in uk either for firefox or chrome.
Martin you should add that on Firefox there is a major bug that prevent to remove the tracking if you use the middle (scroll wheel) or right mouse buttons it will NOT prevent the Tracking on Firefox (It’s a Mozilla Bug/Feature). ðŸ˜‰
On Chrome/Chromium it work perfectly since there is NO bug ðŸ˜Š.
What do you do against online tracking?
Well, I don’t use Twitter, Facebook or Google. I do use Privacy Badger.
Martin, I am posting comments but they don’t appear. I have noticed some other people have the same problem.
Klaas, are all comments visible now? Send me a message if you want an account on this site to see if it helps.
Martin: yes they are visible now, thanks.
Re an account: what does it mean, how would it help?
Accounts eliminate all ads and bypass caching.
I already have ads filtered out by uBo. Would an account add further value?
What do i need to do to have an account? I don’t see a button to open an account.
@Klaas Vaak, you cannot open an account right from here on Ghacks. If you ask Martin via the contact form/page (link at bottom of this page) to open an account, he will ask you an email to open the account, you’ll then receive an email from WordPress with a link to a first login and the availability to modify a default password which is advised. From there on you’ll be able to login to Ghacks via a dedicated Ghacks link. Login offers as often elsewhere to stay logged in (off by default). Cookie is set. If session only cookie (if you logged in with checking “Remember me”) you’ll have to login again on new sessions as well of course if you’ve logged out or deleted the cookie. All options remain accessible via your personal GHacks Dashboard (VIP, styled, lounge feeling).
Big advantage is that your comments get posted immediately and that you mustn’t be naughty (not excessively that is!) otherwise : Raus! (I think it means “Out!” in German).
Come to where the pleasure is, come to the Ghacks Account, international passport to commenting pleasure.
Ouf. I did it.
Hey Tom, thanks for jumping in and clearing this up for me. I’ll sure go ahead and ask Martin to open an account.
I won’t get naughty with my comments – have not insulted anyone thus far, I think ;-)
BTW, I always enjoy reading your comments because I learn from some of them too. Cheers.
I appreciate on my side reading your comments. We indeed get to learn quite a lot here, with the articles but also within the users’ dialogs, which is also why a quasi real-time commenting environment is so welcomed.
Editing my above comment where I of course made a slight logical inversion/mistake:
“If session only cookie (if you logged in with checking â€œRemember meâ€)”
“If session only cookie (if you logged in without checking â€œRemember meâ€)”
Let’s have a commenting party! (I never know how to end a comment smoothly, like in all correspondence!)
Tom, I got your 2nd reply through my email inbox, but it does not appear here. Strange.
Anyway, thanks to 1 of your comments in another thread I decided a few months ago to give Waterfox a try and it is now my default browser – very happy.
In about:config I have amended cookie behaviour as follows:
network.cookie.lifetimePolicy changed from 0 to 2 (the cookie expires at the end of the session (when the browser closes))
So, once I get my account, I’ll see how the cookie setting will affect it.
Talk to you soon.
“Tom, I got your 2nd reply through my email inbox, but it does not appear here.”
All these delays disappear with an account. Of course in this case it’s the comment of someone who has an account (me) which is delayed on a display for a user who hasn’t got one (you) and I’m surprised, but I assume it wouldn’t occur if both have an account. This is a new scenario for me.
“network.cookie.lifetimePolicy changed from 0 to 2 (the cookie expires at the end of the session”
That means all cookies vanish when closing Firefox EXCEPT those you’ve set as an exception.
To set an exception, two possibilities:
1- On the site where the cookie applies -> Right-click View Page Info
In Page Info / Permissions / Set Cookies, uncheck on the left ‘Use Default’ and check on the right ‘Allow’ (or ‘Block’ to refuse all cookies, which is not our aim here)
2- In Firefox / Options / Privacy & Security / Cookies and Site Data, click ‘Exceptions’ on the right and edit your cookie permissions. NOTE : if you create a cookie exception best is to set https:// rather than http:// because Firefox validates less secure but not more secure : if you make an exception for http://ghacks.net then the exception won’t handle https://ghacks.net, but the other way around it will.
P.S. Since Firefox 60 cookie exceptions apply to Sites’ data as well (hence the title ‘Cookies and Site Data’)
See you later!
@Tom Hawack: thanks Tom, that little tutorial is very useful. I never looked at the “View page info” box, but will use it more now. Cheers.
Y’all might want to check out https://filterlists.com
I think I’m going to submit a complaint to the European Data Protection Board about this. It can’t be right that Facebook is doing this behind users backs. I’ll use your article as a reference if that’s OK with you Martin. Might as well get the ball rolling by making use of the GDPR to see how it works.
The general EDPB’s site is this one: https://edps.europa.eu/ but users have to go through their own local authority to submit a complaint. Since I live in the Netherlands, that’ll be the Autoriteit Persoonsgegevens: https://autoriteitpersoonsgegevens.nl/nl
Be interesting to see how they respond.
Haven’t used FB since the day Cambridge Data Breach news broke… ðŸŒš
…. I ain’t missing much! ðŸ¤¤
Haven’t used FB since the day Cambridge Data Breach news broke… ðŸŒš
…. I ain’t missing much! ðŸ¤¤
An extension more ?!
Is it not included in Easy Privacy (by default in uBlock origin and Opera) ?
still nothing. they must have pulled it or something.