Privacy Badger gives teeth to Do Not Track

The Electronic Frontier Foundation (EFF) has released a browser add-on called Privacy Badger that repurposes the familiar "ad-blocking extension" concept to filter and block out web-tracking tools, rather than advertisements. Privacy Badger detects a number of behavior-tracking methods, attempting to block those that are either loaded invisibly or otherwise operate without the user's consent. In addition to its emphasis on privacy protection, though, it also offers several controls that distinguish it from ad-centric blockers like AdBlock Plus. Perhaps more interestingly, the extension is accompanied by an EFF policy through which sites can be whitelisted by adhering to privacy-respecting rules.

Privacy Badger was announced on May 1, with builds available for Firefox (although not Firefox for Android) and for Chrome/Chromium. The stated purpose of the extension is to help users combat "intrusive and objectionable practices in the online advertising industry, and many advertisers' outright refusal to meaningfully honor Do Not Track requests."

Do Not Track (DNT), of course, is an HTTP header intended to let users specify that they wish to opt out of web-tracking mechanisms. DNT was designed to be a voluntary mechanism that advertisers and data collectors would use as a means of self-regulation. Those businesses have done their best to undermine DNT, however, as many privacy advocates predicted they would.

Among other tactics, various advertising associations devised their own "interpretations" of DNT that, predictably, still involve tracking DNT users. On April 30, Yahoo's "Privacy Team" publicly announced that the company will start ignoring DNT completely, on the grounds that there is no "single standard" about the meaning of DNT. With the voluntary-self-policing loop now neatly closed, it should probably come as no surprise that the EFF followed up with a technical solution—although the timing of events could still be coincidental.

Privacy Badger does care

Privacy Badger is based on a fork of the AdBlock Plus engine; it blocks certain HTTP requests, but rather than blocking ads, the blocked content is limited to third-party requests (scripts, cookies, images, or other embedded resources) that are believed to be used as a user-tracking mechanism. These third-party resources are what Privacy Badger regards as "trackers;" they tend to be invisible to the user, but they allow the third-party domain to follow the user across multiple sites by logging the HTTP requests (usually setting a cookie containing some form of identifying string). Not requesting these resources in the first place prevents the remote party from tracking the user; the majority of these trackers emanate from the domains of third-party services, but some come from sites that otherwise contribute functionality to the page. Since blocking all third-party resources would break functionality of many sites, the extension attempts to distinguish between necessary resources and unnecessary ones. The EFF collected data prior to the release of the extension and created a whitelist of patterns that Privacy Badger will not block.

For third-party trackers not on the whitelist, however, Privacy Badger starts off by giving each site the benefit of the doubt. It includes the DNT header with each request, and does not block the tracker when it is first encountered. But if the tracker is encountered on another, unrelated site, that is regarded as evidence that it is violating the user's privacy, and it is added to the block list.

The status of the current page can be examined by opening the Privacy Badger menu (which, on Firefox, is placed in the "Add-on Bar"). All trackers detected in the current page are shown, color-coded to indicate their blocking state. Green means that the tracker is being allowed, yellow means it is a cross-domain tracker on the whitelist (that is, it is being permitted to prevent the site from breaking), and red means it is being blocked. The very first time a user employs Privacy Badger, all of the trackers will be either green or yellow, but the privacy-violating ones quickly get recognized and turned red after visiting just a few sites.

For the whitelisted tracker domains, Privacy Badger loads the resources (e.g., scripts or images), but it still blocks user-tracking cookies from the domain, which should provide some measure of privacy protection. It is not always possible to determine whether a given cookie is used for user tracking purposes or not, of course; the heuristic used allows cookies that have some other clear purpose (such as setting the preferred language), but the EFF notes that more work on the problem would be helpful.

Tracker go home

In practice, the Privacy Badger menu is a nice visualization aid. It shows only the domain name of the tracker, whereas AdBlock Plus and similar extensions generally present lengthy URLs and the full regular expressions used to match them. That means skimming through it is a lot easier.

In addition, the green/yellow/red status of each tracker also has a slider (albeit one that has just three discrete positions), so users can easily toggle between the settings for every tracker if they so desire. That is probably most useful for enabling a blocked tracker that is hampering site functionality, but it can be employed for other tasks, too (like seeing how many yellow trackers one can disable and still have a functioning browser session). Here, again, the ad-blocking extensions tend to expose a significantly less usable interface: if a blocked item is breaking page functionality, one must usually hunt through the blocked-items window, enabling and disabling specific expressions in hopes of finding it.

To be perfectly fair, though, ad blockers have a broader scope of content to try and match against, so it is only natural that they have more complicated tools with which to tune the results. The EFF goes to great lengths to explain that Privacy Badger is not, fundamentally speaking, an ad blocker. It will, as a matter of blocking third-party trackers, block third-party-tracker-laden ads, but users interested in reducing their exposure to advertising will need to find another extension to handle the task.

There are two other important categories of tracker that Privacy Badger does not protect against: "first-party" trackers and trackers that rely only on browser fingerprinting techniques. First-party trackers means tracking elements sent by the domain of the main URL itself. As is the case with whitelisted domains domains mentioned earlier, a concern with blocking resource requests too aggressively would be breaking the site's functionality; nevertheless the EFF notes that it hopes to be able to implement some level of first-party tracker blocking in a subsequent release.

Browser fingerprinting is a different beast entirely. The technique relies on gathering specific information about the user by recording information from the browser's User-Agent string, installed plugins, local time zone, accepted HTTP headers, and other system data that can be queried remotely. The EFF's Panopticlick demonstrates just how much data is leaked in this manner. As with first-party trackers, the Privacy Badger project says it hopes to add fingerprinting countermeasures in a future release, but those countermeasures will certainly involve techniques beyond tracker blocking.

Getting on the straight and narrow

As mentioned earlier, Privacy Badger includes the DNT header in each HTTP request; consequently, sites that respect the header and do not return user trackers do not get blocked. The EFF is using this approach as a means to promote DNT adoption. Specifically, advertisers (and other tracker-using sites) that specify a DNT-respecting policy will, in future versions of Privacy Badger, automatically be unblocked.

The EFF has written a proposed DNT policy as part of the initiative. The plan is that a site would store the policy document in plain text at a well-known location (https://example-domain.com/.well-known/dnt-policy.txt in the current draft), where Privacy Badger and other programs could locate it automatically and take the appropriate action in response (such as whitelisting the site). The hope is that if DNT policy statements become widespread, as robots.txt files are for search-engine exclusion, tracker-blocking programs like Privacy Badger can dispense with the built-in whitelist approach currently in use.

But dispensing with the hand-crafted whitelist is only part of the goal. The ultimate point is for sites to respect the DNT header. For that to happen, Privacy Badger and related tools will have to be deployed in significant enough numbers for advertisers to take notice. The EFF notes on the DNT policy page that it is open to having further discussions about the wording of the DNT policy document. If that policy document does take off, it would in essence be the de-facto standard interpretation of DNT's meaning—which would mean, in turn, that there is a consensus around DNT, which would eliminate the "no one agrees on what DNT means" argument espoused recently by Yahoo.

Of course, if that argument is really a spurious claim only tossed out to provide cursory justification for what the company wants to do anyway, then Yahoo and other tracker-using sites will find another argument and continue to track users. It is hard to handicap the chances that Privacy Badger has for making a significant impact on user-tracking behavior. It may remain a useful tool that only a few users employ (as is the case with ad-blocking extensions and other EFF privacy tools like HTTPS Everywhere). On the other hand, browser makers could take the concept to heart and build it into future releases, changing the game significantly.

For now, Privacy Badger is an alpha release, and much more work is still to come. But it is an easy-to-use tool, and it both offers protection against web trackers and sheds light on just how pervasive web-tracker deployment is; both are useful outcomes. The mobile versions of Chrome and Firefox are on the agenda for future releases, as is Opera support; on the project site, the EFF asks for developers interested in working on Safari and Internet Explorer extensions to make contact. There is no telling how well the project will fare as a DNT enforcement tool, but it may be the best option currently available.