Privacy Badger
How it works,
where we are taking it,
& what challenges we face
BLU Lighting Talks 2018
April 18th 2018
A project of the Electronic Frontier Foundation
What is Web tracking?
- Web tracking is collecting everything you do online.
- Trackers are parts of pages you visit. For example, Facebook Like buttons.
- If you click a Like button, we can call that "active" tracking.
- If you don't, you still get tracked. Let's call that "passive" tracking.
How do I track thee? (on the Web)
Client-side
- Standard HTTP Cookies
- Local Shared Objects (Flash Cookies)
- Silverlight Isolated Storage
- Storing cookies in PNGs
- Storing cookies in Web History
- Storing cookies in HTTP ETags
- Storing cookies in Web cache
- window.name caching
- Internet Explorer userData storage
- HTML5 Session/Local/Global Storage
- HTML5 Database Storage via SQLite / IndexedDB
How do I track thee, pt. 2
Server-side: Device/browser fingerprinting
-
Server creates fingerprint based on browser request signals and script queries
- User Agent
- Screen Size
- Fonts
- Browser plugins
- IP address
- ...
- Hard to detect
- Can effectively persist across browsers/devices
- Already an industry: BlueCava, ThreatMetrix, ReputationManager, ...
Detection by URL matching
- Intercept requests
- Compare request URLs to known tracker URLs
- Cancel requests matching blocked trackers
- No request, no tracking
- Adblock Plus, Ghostery, ...
Heuristic-based detection
-
Intercept activity
- Cookies
- HTML5 local storage
- Canvas fingerprinting
- ...
- Apply heuristic
- Cancel requests matching offending domains
- No request, no tracking
- Privacy Badger, Safari's Intelligent Tracking Protection
The goal
Set and forget on anybody's computer