Privacy Badger

How it works,
where we are taking it,
& what challenges we face

BLU Lighting Talks 2018

April 18th 2018

A project of the Electronic Frontier Foundation

What is Web tracking?

  • Web tracking is collecting everything you do online.
  • Trackers are parts of pages you visit. For example, Facebook Like buttons.
  • If you click a Like button, we can call that "active" tracking.
  • If you don't, you still get tracked. Let's call that "passive" tracking.

How do I track thee? (on the Web)


  • Standard HTTP Cookies
  • Local Shared Objects (Flash Cookies)
  • Silverlight Isolated Storage
  • Storing cookies in PNGs
  • Storing cookies in Web History
  • Storing cookies in HTTP ETags
  • Storing cookies in Web cache
  • caching
  • Internet Explorer userData storage
  • HTML5 Session/Local/Global Storage
  • HTML5 Database Storage via SQLite / IndexedDB

How do I track thee, pt. 2

Server-side: Device/browser fingerprinting

  • Server creates fingerprint based on browser request signals and script queries
    • User Agent
    • Screen Size
    • Fonts
    • Browser plugins
    • IP address
    • ...
  • Hard to detect
  • Can effectively persist across browsers/devices
  • Already an industry: BlueCava, ThreatMetrix, ReputationManager, ...

Detection by URL matching

  • Intercept requests
  • Compare request URLs to known tracker URLs
  • Cancel requests matching blocked trackers
  • No request, no tracking
  • Adblock Plus, Ghostery, ...

Heuristic-based detection

  • Intercept activity
    • Cookies
    • HTML5 local storage
    • Canvas fingerprinting
    • ...
  • Apply heuristic
  • Cancel requests matching offending domains
  • No request, no tracking
  • Privacy Badger, Safari's Intelligent Tracking Protection


Blocks too much

Doesn't block enough

The goal

Set and forget on anybody's computer

How YOU can help