
Help EFF test Privacy Badger, our new browser extension for privacy - schoen
https://www.eff.org/deeplinks/2014/04/privacy-badger
======
gorhill
I wish I had EFF's clout behind my work too[1]. In the last few months, I have
been _completely_ dedicated to write an extension which completely informs the
user about what a web page does, and gives the user full control over what web
sites do in his/her browser.

Spent hours after hours at not only making it work, but also making it _work
efficiently_ (wrote custom ABP engine from scratch which doesn't suffer the
real one's abuse of memory/CPU), and yet barely anyone is noticing it.

EFF is also one of the recipient I suggest for people who really want to
donate something for my work.

In any case, an important warning concerning any extension which modifies HTTP
headers on Chromium-based browsers: only _one_ extension is allowed to modify
the HTTP headers[2], and since EFF's badger does modify outbound request
headers, it will break any previously installed extension which relies on also
modifying these headers to work properly.

This means mine[1] is incompatible, one of the two extensions won't be able to
do what it says it does. This applies for any other extension modifying
outbound HTTP headers.

[1] [https://github.com/gorhill/httpswitchboard#http-
switchboard-...](https://github.com/gorhill/httpswitchboard#http-switchboard-
for-chromium)

[2]
[https://developer.chrome.com/extensions/webRequest#implement...](https://developer.chrome.com/extensions/webRequest#implementation)

~~~
handsomeransoms
> I have been completely dedicated to write an extension which completely
> informs the user about what a web page does, and gives the user full control
> over what web sites do in his/her browser.

That's awesome! At Mozilla we've been daydreaming about incorporating
something like that into the product. Especially with the proliferation of
both in-browser content policies (CSP, Mixed Content blocking, etc.) and out-
of-browser content policies (addons like Privacy Badger, ABP, Ghostery, etc.)
it's almost impossible to understand the root cause of what's breaking a page,
especially if you're not a technical user.

> but also making it work efficiently (wrote custom ABP engine from scratch
> which doesn't suffer the real one's abuse of memory/CPU)

For the Firefox version of Privacy Badger, we also eschewed the ABP engine in
favor of something we wrote ourselves. Don't get me wrong, ABP is a great tool
and we learned a lot from its code - but we wanted something as lean and
performant as possible. I'd be interested to see the approach you took!

> only one extension is allowed to modify the HTTP headers

> it will break any previously installed extension

That sounds like a shortcoming in Chrome's Extension API. Firefox is somewhat
better in that we do not restrict addons based on the behavior of other
addons, so multiple addons are allowed to modify a request's headers.
Unfortunately, the order in which the request is passed from handler to
handler is not guaranteed, so in practice this may not end up being so useful.

We're trying to improve this situation by rewriting the Gecko Content Policy
API [0], but that's a large project with no clear deadline.

[0]
[https://groups.google.com/forum/#!msg/mozilla.dev.platform/v...](https://groups.google.com/forum/#!msg/mozilla.dev.platform/veLFoy09ydg/2XcWUXSiVbEJ)

Generally I think your addon and Privacy Badger are targeted at different
audiences and have different use cases. It is too bad they are incompatible
with each other - I, for one, would like to have both installed. Perhaps we
can resolve this by talking to the Chrome devs about their Extension API?

\- One of the Privacy Badger devs

~~~
gorhill
I thought a bit more about the incompatibility, and it's not an all or nothing
situation. In the case of HTTPSB (can't speak for other extensions),
installing Privacy Badger _after_ will likely break some specific privacy-
related features of HTTPSB, but a user might find this acceptable, since
Privacy Badger will take over for some of the broken features. I explain in
more details where there are conflicts:
[https://github.com/gorhill/httpswitchboard/wiki/Compatibilit...](https://github.com/gorhill/httpswitchboard/wiki/Compatibility-
with-various-Chromium-based-browsers-and-other-extensions#privacy-badger)

------
cs702
I love it! By far the most important thing about Privacy Badger is that it's
_backed and controlled by the EFF_ , instead of some individual or business
that might be tempted in the future to betray users for profits.[1]

\--

[1] For example, consider what happened with Adblock Plus. For years, it
blocked all ads, but then in 2011 its developer announced it would allow
"acceptable ads" by advertisers who had partnered with Adblock Plus. (For the
details, see
[http://en.wikipedia.org/wiki/Adblock_Plus#Controversy_over_a...](http://en.wikipedia.org/wiki/Adblock_Plus#Controversy_over_ad_filtering_and_ad_whitelisting)
) The EFF is extremely unlikely ever to do something like that.

~~~
hackuser
The EFF is doing something similar, though I don't know if their standards are
different than Adblock Plus':

"Advertisers and other third-party domains can unblock themselves in Privacy
Badger by making a strong commitment to respect Do Not Track requests."

~~~
aspidistra
To be fair to EFF, it is explicit about what it considers that strong
commitment to be: publishing this DNT policy notice on the domain:

[https://www.eff.org/dnt-policy](https://www.eff.org/dnt-policy)

Quote:

 _What does the dnt-policy.txt promise mean?_

 _Posting the dnt-policy.txt file makes a promise to the users who interact
with their domain. We [EFF] believe it would be a false and misleading trade
practice to post the policy without the intent to comply in good faith.
However, EFF is not in a position to enforce this promise or monitor
compliance._

~~~
DerpDerpDerp
Can you still configure the plugin (manually) to not trust such sites?

I don't want it to be a negotiation between the EFF and a website as to the
state of my privacy - I want the final say in who is going to be trusted.

~~~
aspidistra
As I understand it, yes, you would still have final control.

When you click on the plugin icon in the browser toolbar, a popup box displays
all the trackers Privacy Badger has found. There is a slider next to each
tracker, with three states, green, yellow and red. Red means blocked.

As Privacy Badger works, it moves the slider for a tracker when it notices it
following you across domains. But you can still manually drag the slider
across to Red if you want.

------
furyg3
Yet another plugin to add to my privacy arsenal (opt-outs from Google,
AdBlock, Ghostery, Disconnect, and now Badger).

This really reminds me of the early years of antivirus on Windows, when you
needed at least two antivirus suites to catch everything. Just as vendors
eventually acknowledged (mostly) their responsibility for security on their
OSes, browsers need to step up and start implementing these features by
default, and innovating. It's crazy that, at the moment, I have to grant a
third party total and unlimited access to my browser and history in order to
protect my own privacy.

This should be on, by default, since most people are generally either
adamantly against being tracked or ignorant of it and their options.

The handful of people that have a hard-on for targeted marketing should be
ticking checkboxes in preference panels and installing plugins, not people who
would rather Neilson not know everything about them...

~~~
vvvv
How much would you pay for an independent, non-ad supported, privacy-focused
browser?

~~~
furyg3
Off the cuff? $40.

Of course my willingness would vary depending on the project, community,
features, stability, etc... but there's precedent. I've had no problem
donating similar amounts to browser projects in the past, or smaller amounts
(+/\- $10) to privacy plugins (Adblock, Disconnect).

As a mac user, it's Safari, Chrome, or Firefox. All three are to varying
degrees beholden to advertising powers who want my data, and aren't going to
challenge the status quo in a major way. That needs to change, and I'd be
willing to support that.

~~~
vvvv
Let's say $40 per annum, i.e. $3.33/month, to pay for a browser like we do for
an OS. I'd be willing to pay for an essential piece of software that needs to
be independent and look after me and my data.

Simplifying, 39% of the world's 7.1bn population is using the internet [1].
That's 2.8bn people. Opera, the least popular major browser, has a 1.8% market
share [2].

If the $40 browser could match that share, it'd be a $2bn p.a. business.

Why hasn't it happened already? Are we so enamoured with "free" software that
this couldn't get off the ground?

[1]
[http://en.wikipedia.org/wiki/Global_Internet_usage](http://en.wikipedia.org/wiki/Global_Internet_usage)
[2]
[http://www.w3schools.com/browsers/browsers_stats.asp](http://www.w3schools.com/browsers/browsers_stats.asp)

~~~
blueblob
Probably because you are thinking of yourself and as a representative sample
of the population that is interested in privacy. Hate to break it to you, but
if you _understand_ how you are tracked ata all, you are in the minority. HN
is quite possible the least representative population of the global internet
user population in terms of both amount of money that you have (and hence
amount you'd be willing to spend) and most people on HN have a pretty good
idea of _what_ is being tracked whereas a member of the general population
would not.

~~~
vvvv
Personally, I think there could be sufficient demand especially if you
consider this:

Microsoft has traditionally been in the business of developing and selling
user-centric (as opposed to advertiser-centric) software. Why wouldn't they
develop a user-centric browser and sell it like they do the Office products?
I'm genuinely wondering. Would it be hated by developers as it'd limit their
earning opportunities?

~~~
blueblob
I think that we are at the point in the game that people don't want to pay for
a browser unless they can get something significantly better than what they
get from a free browser. Keep in mind that in breaking into the market, you
have to overtake the competitors with features that aren't available. This
would likely be possible in the mobile market, but not the desktop market.

Opera's market share has been both increasing and decreasing over the last few
years[1] but it looks like it is taking market share from IE users and more
people are switching to chrome. So I would predict Opera's share would go down
in the future.

The big questions for me, would then be: What am I getting from a browser that
I pay for over a free one? Can I get the same features out of plugins for a
more widely adopted (and hence better supported or developed for) browser?

Microsoft is really business and student oriented with the majority of their
products. A browser only matches part of their design goals. They want people
to keep paying for their OS and don't want products to migrate to the web
where they have to compete with Google (Though they already have to do this to
some extent).

Don't get me wrong, I would be personally interested in something like this
but don't believe that many people outside of developers (and people doing
criminal things whether moral or not) would be.

Not sure what you mean with the last point/question. The market share would be
decidedly small, it likely wouldn't be developed for (unless it used a major
library like webkit) and most business people wouldn't notice much difference
in their ad-based revenue from such a small market share.

[1]
[http://www.w3schools.com/browsers/browsers_stats.asp](http://www.w3schools.com/browsers/browsers_stats.asp)

------
throwawayaway
OK I have reached saturation point with all these plugins. I value the work
that the eff are doing. I think a comparison page on wikipedia is a good idea,
who agrees?

for example:

[https://en.wikipedia.org/wiki/FTP_clients](https://en.wikipedia.org/wiki/FTP_clients)

[https://en.wikipedia.org/wiki/Comparison_of_numerical_analys...](https://en.wikipedia.org/wiki/Comparison_of_numerical_analysis_software)

~~~
handsomeransoms
That's a great idea! I would be willing to help, and could probably find some
others to help too!

~~~
throwawayaway
[https://en.wikipedia.org/wiki/User_talk:Tootsestes/Compariso...](https://en.wikipedia.org/wiki/User_talk:Tootsestes/Comparison_of_web_browsers_privacy_extensions)

let's go!

------
sequoia
From FAQ: "Privacy Badger is a browser-add on tool that analyzes sites to
detect and disallow content that tracks you in an objectionable, non-
consensual manner."

If this is for average users, something like "Privacy badger stops advertizers
from secretly tracking your movements and activities online" be better.
"browser-add[sic] on tool that analyzes sites to detect" etc. etc. is too
complicated, people won't read it IMO.

"When you visit websites, your copy of Privacy Badger keeps note of the "third
party" domains that embed images, scripts and advertising in the pages you
visit. If a third party server appears to be tracking you without permission,
by using uniquely identifying cookies to collect a record of the pages you
visit across multiple sites, Privacy Badger will automatically disallow
content from that third party tracker."

Words you probably shouldn't use for a layperson friendly explanation: embed,
script, server, disallow, "third party" (without explaining precisely what you
mean in this context). The top question on the should be broken out into a
"how does it work (generally speaking)" and "how does it work (more
technical)." I'm afraid people will get stuck on that say "this is too
technical" and not read the rest.

~~~
sequoia
"When you see an ad, the ad sees you" this is excellent!! It succinctly
explains the problem in a layperson friendly way.

"When you see an ad, the ad sees you. When the advertiser 'sees' you it sees
what site you are on when you view the ad. This information can be used to
build a profile about you: where you shop, what blog or news sites you read,
what forums you post on, etc.. Privacy Badger stops your browser from
requesting the ads, so the advertiser never 'sees' what sites you're visiting.

When you see an ad, the ad sees you... Privacy badger stops you from seeing
the ad and stops the ad from seeing you!!"

Ideally you'd just copy this: [http://donttrack.us/](http://donttrack.us/) but
specifically for ads.

------
Revisor
I would love it if there was a plugin that combined the blacklist part of
Disconnect/Ghostery with the learning algorithm of Privacy Badger and the
anti-fingerprinting features of Secret Agent.

There are many trackers that are known in advance and there is no need to
analyse them. Stop them right away.

New ones crop up, or old ones change domains, watch them and block them.

And randomize my headers so even if cookies are blocked, they can't
fingerprint me statistically.

Btw. what is the point of Privacy Badger without the Do Not Track header?

~~~
jstalin
Thanks for mentioning Secret Agent. I had looked for a plugin to do that some
time ago and couldn't find one. Now I have!

~~~
Revisor
You're welcome. A direct link is here:

[https://www.dephormation.org.uk/?page=81](https://www.dephormation.org.uk/?page=81)

Just bear in mind the default installation can break some pages (Soundcloud)
or worsen your user experience (many web sites, Google, Wikipedia or Ars
Technica among others, redirect you to the mobile version if you have a
certain user agent).

------
ralfn
I'm going to drown in downvotes likely, because this will go against popular
opinion. But i have to speak out about this nonsense: most adserving scripts
aren't violating your privacy!

People keep confusing the adserving/retargeting sector with the identity-
sector (Google, Facebook). Identity (centralized) vs anonymous (or
decentralized) is an important debate. But the adserving industry are not
picking sides in that debate. they don't want your name, and they are not
keeping any data any milisecond longer than required, because it's all low-
margin: costs matter a lot.

People want all their content for free. People don't want annoying popups all
the time. So when you look at some product, you get a cookie. That product-id
and the cookie-id (that refers to your browser, not you) go into a typical
cassandra or redis cluster for about 30 days. Then they are deleted.

End result: (1) your content is free (2) you are not drowning in ads (3) your
privacy was not violated. Nobody in _this_ sector wants to store your personal
stuff.

People should be concerned about what identity-providers (like Google or
Facebook) do with your information. And people should be very wary of
identity-providers where you are not the customer. But pure adserving
companies, the ones targetted with this tool, were never messing with your
privacy in the first place. All tools like this do, is put websites out of
bussiness.

Can the intelligent people in HN please start getting more informed about the
difference between these two sectors?

Retargeting-sector ==> Be anonymous, see few ads, get free content. Low-
margin, technology-driven.

Identity-sector ==> Give all your info, see lots of ads, spam your friends.
High-margin, social-life-extortion-driven.

And maybe, not freak out so much about 'retargeting'. Retargeting is fine: its
why so much of the internet is free. It funds many YC companies (like Reddit).
Just don't ever deal with identity providers who also sell ads. But that's
about 10 scripts of the thousands that are blocked by this tool.

~~~
aspidistra
> People keep confusing the adserving/retargeting sector with the identity-
> sector (Google, Facebook).

Can you blame them when the latter keep buying the former? Google bought
Doubleclick. Twitter bought MoPub. Facebook bought Atlas. And so on...

~~~
ralfn
I don't blame them, but the sector is much bigger than just the identity-
players.

------
dan_bk
Firefox users should install:

To block tracking background requests:

-> RequestPolicy: [https://addons.mozilla.org/en-US/firefox/addon/requestpolicy...](https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/)

To block ads/trackers:

-> Adblock Edge: [https://addons.mozilla.org/en-US/firefox/addon/adblock-edge/](https://addons.mozilla.org/en-US/firefox/addon/adblock-edge/)

To eliminate tracking via cookies/persistent Flash cookies/Localstorage:

-> Self-Destructing Cookies: [https://addons.mozilla.org/en-US/firefox/addon/self-destruct...](https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies)

~~~
heinrich5991
I have RequestPolicy installed, but at some point its intrusiveness led me to
disabling it again. I can't really recommend it.

The other two however, go for them, they're not intrusive to the user
experience at all in my experience.

Is there a reason why you suggest Adblock Edge instead of Adblock Plus?

~~~
hackuser
As a counterpoint: I use Request Policy and love it.

For those who don't know, Request Policy (RP) simply blocks requests outside
the website's domain. I configured mine to deny all requests unless I
whitelist them (by hostname). It eliminates most security issues; Ghostery
rarely has to block any trackers, for example.

I would never recommend it for a typical end-user; it requires too much
understanding (e.g, to understand enough about CDNs to identify which hosts
need to be whitelisted). For most people reading this, it would be no problem.

It comes with large, pre-configured whitelists that cover many common
websites. Many sites work fine without anything whitelisted, though most need
at least one host for their CSS. More complex sites, such as those running
applications, can take some effort to get running. Once you figure out a site,
RP remembers the whitelist and the site works indefinitely.

The interface needs work but it's functional. There is a beta of a new
version, which is supposed to fix some interface issues, but I haven't tried
it.

------
gorhill
As part of my project, I like to benchmark regularly privacy enhancing
extensions ("blockers") for Chromium-based browsers. So I took the opportunity
to run one of my key benchmark this morning. [1]

The results are meant for a github page, but I decided to present them here,
and I reformatted specifically to be HN friendly (hopefully).

In short, any of the following blockers help a lot against no blocker at all.
Some are less likely to break web pages, while some other are more likely, and
every users have their own requirements when it comes to striking balance
between privacy and convenience. This is for _information purpose_ only, not
to make a statement that one is better than the other. With the proper
information, people can make an informed choice according to their own
prerogatives.

I ordered the list by the amount of distinct domains which are "touched". I
figure the more distinct domains are touched, the more metadata is leaked to
different parties. The format of the results is _n / N_, where _n_ is the
number of distinct 3rd-party domains, and _N_ is the total number of distinct
domains.

"3rd-party" is from a DB-less machine point of view, i.e. if a domain name
differs from the one of the URL of the page, it is deemed 3rd-party. Despite
this caveat, I think this still allows to compare blockers between themselves
for the same benchmark ran inside the same narrow time frame.

Benefit to the users: It's nice to see privacy becoming more and more a top
issue and more and more choice to address this particular problem.

So here:

No blocker

    
    
      Domains:            420 / 421
      Hosts:              641 / 720
      Scripts:            518 / 641
      Outbound cookies:   263 / 341
      Net requests:     2,079 / 2,849
    

Privacy Badger 2014.5.1 (BETA)

    
    
      Domains:            192 / 193
      Hosts:              299 / 381
      Scripts:            334 / 455
      Outbound cookies:    52 / 115
      Net requests:     1,340 / 2,176
    

Disconnect 5.17

    
    
      Domains:             93 / 94
      Hosts:              171 / 248
      Scripts:            262 / 385
      Outbound cookies:    19 / 83
      Net requests:     1,124 / 1,936
    

HTTPSB 0.9 Allow-All/Block-Exceptionally

    
    
      Domains:             54 / 55
      Hosts:              101 / 153
      Scripts:            169 / 265
      Outbound cookies:     2 / 43
      Net requests:       930 / 1,648
    

Adblock Plus 1.7.4

    
    
      Domains:             54 / 55
      Hosts:               97 / 149
      Scripts:            177 / 272
      Outbound cookies:     1 / 33
      Net requests:       913 / 1,612
    

Ghostery 5.2.1

    
    
      Domains:             52 / 53
      Hosts:               99 / 160
      Scripts:            173 / 286
      Outbound cookies:     8 / 47
      Net requests:       966 / 1,722
    

HTTPSB 0.9 Block-All/Allow-Exceptionally

    
    
      Domains:             21 / 22
      Hosts:               49 / 75
      Scripts:              0 / 0
      Outbound cookies:     0 / 0
      Net requests:       680 / 1,199
    

[1]
[https://github.com/gorhill/httpswitchboard/wiki/Comparative-...](https://github.com/gorhill/httpswitchboard/wiki/Comparative-
benchmarks-against-widely-used-blockers:-Top-15-Most-Popular-News-Websites)

~~~
unhush
Note that Privacy Badger uses a browser history-dependent algorithm for
blocking - when you first install it, it doesn't block anything because it
assumes that third-party trackers are innocent until proven guilty. When it
sees you being tracked on 3+ first-party domains by a third party, it either
blocks or cookieblocks the third party. I wrote up a basic description of the
algorithm here:
[https://github.com/EFForg/privacybadgerfirefox/blob/master/R...](https://github.com/EFForg/privacybadgerfirefox/blob/master/README.md)

So if you're testing Privacy Badger on a profile with no browsing history, it
is bound to do worse than other extensions. You have to "prime" it with some
browsing data before it's really effective.

~~~
nabla9
So people who use incognito mode don't benefit much?

~~~
unhush
Unfortunately not, if you use Incognito by default (other than being able to
see who's tracking you and toggle the settings manually). We could add a
feature to optionally save data in Privacy Badger between incognito sessions
(or use data from the non-incognito sessions to determine which sites to block
in incognito sessions).

In Firefox, PBadger Alpha doesn't have permission to operate in Incognito mode
yet, so it will just be off.

------
mike-cardwell
So this addon just blocks some third party cookies? I already have third party
cookies disabled in my Firefox settings. Does that make this plugin useless to
me?

Wasn't there already plans to "block" third party cookies from being delivered
as standard anyway, when the top level site domain changes?

~~~
noisy_boy
I have third party cookies blocked as well in Firefox settings - I see this
error when I click on the badger icon in the toolbar: "Your cookie preferences
are changed from the defaults. This may reduce the effectiveness of Privacy
Badger."

Probably if all third-party cookies are blocked, then Badger doesn't have
anything to work with.

~~~
unhush
Yes, the alpha version (what we just launched) only works on third-party
cookies, so the heuristic blocking algorithm doesn't do anything if you block
3rd party cookies entirely. We plan to add detection of other tracking methods
(Flash cookies, local storage, fingerprinting, etc.) as time goes on. More
info in the Firefox version's README:
[https://github.com/EFForg/privacybadgerfirefox/blob/eb1055c4...](https://github.com/EFForg/privacybadgerfirefox/blob/eb1055c44d9a27fa50b63e73ae328309366da59d/README.md)

~~~
noisy_boy
Thanks for clarifying. This is a much needed initiative and your work is
greatly appreciated. Happy to see my donations hard at work :)

------
unhush
Perhaps now is a good time to mention that if you want to work on projects
like Privacy Badger with EFF, we're hiring for a Staff Technologist:
[https://www.eff.org/opportunities/jobs/staff-
technologist](https://www.eff.org/opportunities/jobs/staff-technologist). The
role is a mix of software engineering, doing security/privacy research,
pressuring large internet companies and standards groups to not be evil, and
teaching lawyers/reporters about technology issues.

It's overall a fun job. I wrote most of Privacy Badger Firefox with help from
Mozilla folks in the last two months, and it's very satisfying to see people
using and reporting bugs in the software that I made almost immediately after
launch. :)

------
mbrownnyc
Happy see an alternate to Ghostery that isn't run by an advertising company.

~~~
hackuser
You might also be interested in Disconnect.

[https://disconnect.me/](https://disconnect.me/)

------
SudoNick
In order to be effective against the numerous tracking techniques that are in
use, the extension MUST block requests. If you aren't breaking many popular
websites as a result of blocking their third party requests then it is your
own privacy that gets broken. So this concerns me:

"In some cases a third-party domain provides some important aspect of a page's
functionality, such as embedded maps, images, or fonts. In those cases,
Privacy Badger will allow connections to the third party but will screen out
its tracking cookies."

~~~
unhush
To clarify, those cases where we block cookies but not requests entirely are
the sites on this whitelist:
[https://www.eff.org/files/cookieblocklist.txt](https://www.eff.org/files/cookieblocklist.txt)

This pull request will also apply the whitelisting to subdomains of the
domains on the whitelist:
[https://github.com/EFForg/privacybadgerfirefox/pull/63](https://github.com/EFForg/privacybadgerfirefox/pull/63).

Unfortunately blocking all those sites and making users whitelist them
manually is a lot of work for most users. So we ship a whitelist.

------
scrollaway
I have to say, I love that the EFF is doing this. No more wondering about some
of the classic privacy extensions' ulterior motives. Having "one extension to
rule them all", built by the EFF, is excellent. On top of that, no more
conflicts between them either (and disabling each and every one of them
whenever you get a loading issue on some site is frustrating!)

I fully intend to contribute to my browser's extension's repository. I hope
other developers on HN will join me.

~~~
matt-attack
> I fully intend to contribute to _The EFF_. I hope other developers on HN
> will join me.

Fixed that for you :)

------
canvia
Are there any extensions that will block flash cookies (LSOs) instead of
allowing them and deleting after each browser session?

[http://www.wired.com/2009/08/you-deleted-your-cookies-
think-...](http://www.wired.com/2009/08/you-deleted-your-cookies-think-again/)

One current option: [https://addons.mozilla.org/en-
US/firefox/addon/betterprivacy...](https://addons.mozilla.org/en-
US/firefox/addon/betterprivacy/)

~~~
angry-hacker
Why extension if you can disable the local shared objects (LSO cookies)
entirely from the flash settings?

Or just use click to play to activate flash on your browser, at least then
they can't be set anywhere in the background.

------
mgreg
It's great to see additional attention on privacy while browsing from the
desktop. It does feel, however, a little like we're fighting yesterday's war.
With so much browsing / internet usage taking place on mobiles it would seem
to be much more important (or at least _as_ important) to provide privacy to
mobile browsers. Given the limited ability to impact the way mobile browsers
work (especially on iOS) I wonder if we'll see any real solution here?

------
jstalin
I currently run adblock edge with the regular easy list, privacy list, and
social blocking list. How is this plugin different?

------
charonn0
If I've already got NoScript, ABP, and Ghostery will this addon make any
difference?

------
ASneakyFox
Is this bassicaly just adblock with just the anti tracking list enabled?

~~~
bitbiter
From their main page[1]:

> Does Privacy Badger contain a "black list" of blocked sites?

> No, unlike other blocking tools like AdBlock Plus, we have not made
> decisions about which sites to block, but rather about which behavior is
> objectionable. Domains will only be blocked or screened if the Privacy
> Badger code inside your browser actually observes the domain collecting
> unique identifiers after it was sent a Do Not Track message. Privacy Badger
> does contain a whitelist of some sites that are known to provide essential
> third party resources; those sites show up as yellow and have their cookies
> blocked rather than being blocked entirely. This is a compromise with
> practicality, and in the long term we hope to phase out the whitelist as
> these third parties begin to explicitly commit to respecting Do Not Track.

[1]: [https://www.eff.org/privacybadger](https://www.eff.org/privacybadger)

------
smoyer
I installed the plug-in and went to three sites I know contain tracking code.
Privacy Badger tells me "Could not detect any tracking cookies." ... Am I
missing something?

~~~
aspidistra
Maybe it's a bug. FTA:

 _This is an alpha release; we 've been using it internally and don't think
it's too buggy. But we're looking for intrepid users to try it out and let us
know before we encourage millions of people to install it. If you find bugs,
you can file them on github against either the Firefox or Chrome repos as
appropriate._

[https://github.com/EFForg/privacybadgerfirefox/issues](https://github.com/EFForg/privacybadgerfirefox/issues)

[https://github.com/EFForg/privacybadgerchrome/issues](https://github.com/EFForg/privacybadgerchrome/issues)

------
IvyMike
How does this compare to Ghostery and/or Disconnect?

~~~
Kerrick
From [https://www.eff.org/privacybadger](https://www.eff.org/privacybadger)

> How is Privacy Badger different to Disconnect, Adblock Plus, Ghostery, and
> other blocking extensions?

> Privacy Badger was born out of our desire to be able to recommend a single
> extension that would automatically analyze and block any tracker or ad that
> violated the principle of user consent; which could function well without
> any settings, knowledge or configuration by the user; which is produced by
> an organization that is unambiguously working for its users rather than for
> advertisers; and which uses algorithmic methods to decide what is and isn't
> tracking.

> Although we like Disconnect, Adblock Plus, Ghostery and similar products (in
> fact Privacy Badger is based on the ABP code!), none of them are exactly
> what we were looking for. In our testing, all of them required some custom
> configuration to block non-consensual trackers. Several of these extensions
> have business models that we weren't entirely comfortable with. And EFF
> hopes that by developing rigorous algorithmic and policy methods for
> detecting and preventing non-consensual tracking, we'll produce a codebase
> that could in fact be adopted by those other extensions, or by mainstream
> browsers, to give users maximal control over who does and doesn't get to
> know what they do online.

------
aaronem
> This week, Mozilla published research showing that privacy is the single
> most important thing that users want from their web browsers.

I can't speak for anyone else, but I'd be happy just to have a version of
Firefox that didn't leak memory like a sieve and become unusably laggy after a
day or so. Strangely enough, though, Mozilla's "research", which is nothing
more or less than a "click this or this or this" sort of poll, doesn't offer
any option for "I'd like your product to suck less please".

~~~
mike-cardwell
Your opinion is out of date.

~~~
aaronem
It's funny you should say that, because outside cross-browser functionality
testing, Firefox has been my default browser since back when it was still
called Phoenix. The reason I complain about Firefox's memory leaks and general
flakiness is not because I hate the browser and want it to die, but because I
like it and I'm sick of having to kick it over and restart it every day so
that I can use it without the UI freezing for ten seconds out of every thirty.

Naturally, I've grown quite accustomed, in those rare cases when I muster the
temerity to express this opinion, to being shouted down for it. I am surprised
to see that happen on Hacker News, though; on 4chan it'd be de rigeur, of
course, but I expected better here. I don't know why, though; after all, it's
precisely the same attitude which characterizes Mozilla's approach to bug
reports.

~~~
mike-cardwell
You must be unlucky then, because I've been using Firefox for years, on
various versions of OSX, Linux and Windows and have never suffered issues as
severe as you describe. And over the past year or so, things have just got
better and better. From what I've seen, most people don't have the problems
you describe with recent versions of Firefox.

~~~
tinfoilman
I been using Firefox since v2. I have all the problems the parent does. I love
the browser, send off my crash dumps (about 3 a week) I want the browser to be
better and they are getting there.

The memory issues are bad, but only apparent with you have lots of tabs open
for long periods of time. I can at times have over 50 pages open and it is
around this time things start to crash. Why 50 pages at one time? Well that is
how i use my browser. Also the fact that firefox still does not have its tabs
on their own threads is frustrating for these crashes as it takes out all
tabs, where as sometimes when chrome crashes you don't always lose everything.

Anyway FireFox is a great browser just wish they stopped following the chrome
team around like lost puppies.

~~~
hackuser
I have hundreds of tabs open all the time and Firefox runs for weeks; Windows
or something else gives out first and requires a reboot.

But my main point is, with hundreds of millions of users, what are our
anecdotal experiences worth?

~~~
aaronem
> ...with hundreds of millions of users, what are our anecdotal experiences
> worth?

To Mozilla, any user's experience means little enough at best. On the other
hand, any user's "anecdotal" experience of how well Firefox works, or doesn't
work, means a hell of a lot _to her_.

