Hacker News new | comments | ask | show | jobs | submit login
Help EFF test Privacy Badger, our new browser extension for privacy (eff.org)
226 points by schoen on May 2, 2014 | hide | past | web | favorite | 125 comments

I wish I had EFF's clout behind my work too[1]. In the last few months, I have been completely dedicated to write an extension which completely informs the user about what a web page does, and gives the user full control over what web sites do in his/her browser.

Spent hours after hours at not only making it work, but also making it work efficiently (wrote custom ABP engine from scratch which doesn't suffer the real one's abuse of memory/CPU), and yet barely anyone is noticing it.

EFF is also one of the recipient I suggest for people who really want to donate something for my work.

In any case, an important warning concerning any extension which modifies HTTP headers on Chromium-based browsers: only one extension is allowed to modify the HTTP headers[2], and since EFF's badger does modify outbound request headers, it will break any previously installed extension which relies on also modifying these headers to work properly.

This means mine[1] is incompatible, one of the two extensions won't be able to do what it says it does. This applies for any other extension modifying outbound HTTP headers.

[1] https://github.com/gorhill/httpswitchboard#http-switchboard-...

[2] https://developer.chrome.com/extensions/webRequest#implement...

Hi, I'm an EFF staff technologist and wrote most of Privacy Badger Firefox (though I didn't come up with the idea). It's often hard for us to find projects like yours, so we appreciate developers contacting us and telling us about them directly. It's possible we can find a way to work together, if you'd like. Email me: yan at eff dot org.

Disclosure: I didn't work on Privacy Badger Chrome but at least I can fwd you on to the right people. :)

Sorry, that does sound frustrating. I joined EFF partly because it was a good way to make software that people would actually use.

(One constraint that most people may not realize is that EFF has very strict privacy policies for our tech projects. There's lots of projects I'd like to do, but the lawyers probably wouldn't approve. So there's plenty of room for other developers to do projects that step over lines we wouldn't cross.)

> I have been completely dedicated to write an extension which completely informs the user about what a web page does, and gives the user full control over what web sites do in his/her browser.

That's awesome! At Mozilla we've been daydreaming about incorporating something like that into the product. Especially with the proliferation of both in-browser content policies (CSP, Mixed Content blocking, etc.) and out-of-browser content policies (addons like Privacy Badger, ABP, Ghostery, etc.) it's almost impossible to understand the root cause of what's breaking a page, especially if you're not a technical user.

> but also making it work efficiently (wrote custom ABP engine from scratch which doesn't suffer the real one's abuse of memory/CPU)

For the Firefox version of Privacy Badger, we also eschewed the ABP engine in favor of something we wrote ourselves. Don't get me wrong, ABP is a great tool and we learned a lot from its code - but we wanted something as lean and performant as possible. I'd be interested to see the approach you took!

> only one extension is allowed to modify the HTTP headers

> it will break any previously installed extension

That sounds like a shortcoming in Chrome's Extension API. Firefox is somewhat better in that we do not restrict addons based on the behavior of other addons, so multiple addons are allowed to modify a request's headers. Unfortunately, the order in which the request is passed from handler to handler is not guaranteed, so in practice this may not end up being so useful.

We're trying to improve this situation by rewriting the Gecko Content Policy API [0], but that's a large project with no clear deadline.

[0] https://groups.google.com/forum/#!msg/mozilla.dev.platform/v...

Generally I think your addon and Privacy Badger are targeted at different audiences and have different use cases. It is too bad they are incompatible with each other - I, for one, would like to have both installed. Perhaps we can resolve this by talking to the Chrome devs about their Extension API?

- One of the Privacy Badger devs

I thought a bit more about the incompatibility, and it's not an all or nothing situation. In the case of HTTPSB (can't speak for other extensions), installing Privacy Badger after will likely break some specific privacy-related features of HTTPSB, but a user might find this acceptable, since Privacy Badger will take over for some of the broken features. I explain in more details where there are conflicts: https://github.com/gorhill/httpswitchboard/wiki/Compatibilit...

> I wish I had EFF's clout behind my work too.

Man, I'm sure that must be really frustrating. It looks like your tool takes a different strategy than EFF's and there will be room for both -- I hope you keep it up.

As a general perspective (not just directed at you, gorhill), it's worth bearing in mind that the EFF has earned their clout by working hard and getting results since 1990 -- almost a quarter of a century. You can think of them like a startup founder who has a lot of money and connections to launch new companies, because she's been building winning companies for decades and built up those resources. For her, backing a new project means betting some of that capital. For you, starting on your own without that kind of track record means you'll have to hustle longer and harder to find success.

This analogy is particularly helpful if you (again, not just gorhill) actually do want the EFF or a similar organization to back your project. That startup founder is going to be constantly getting pitches from people who want her time or attention or just money. The ones she'll want to help will be the ones she knows and trusts because they've helped her out before.

That makes projects like this Badger thing a great opportunity to get involved with an organization -- they're asking for your help. It's a chance to prove you have the coding skills/social skills/enthusiasm/values/reliability/whatever that make you a good fit. Then when you're starting your own project, they'll be relatively likely to put some of their reputational capital behind it.

Agreed - at first, this seems frustrating, but don't let it be discouraging.

gorhill, there are very few people who are both interested in and qualified for building software of this sort. You've essentially just proven to the EFF that you're the exact person whose help they should want with this, so you have an opportunity to join forces with them and build not just an amazing product, but an amazing product that does exactly what you originally set out to do!

This is the same principle behind so-called talent acquisitions ("acquihires"); the difference here is that we're talking about a non-profit organization and two open-source projects, so there's even less friction in joining forces. And more importantly, you can always change your mind if you ever decide to. Nothing holding you back!

Exactly! gorhill, if you're interested in a position at either Mozilla or EFF, PM me :)

- One of the Privacy Badger devs

Sorry, that sounds frustrating.

I just installed your extension and it looks pretty slick so far! I had been using RequestPolicy, CookieMonster, and NoScript on Firefox to do something similar, but wasn't aware of something like RequestPolicy for Chrome. Your extension fits the bill nicely.

Couple questions:

* Your documentation says "Efficient blacklisting ... javascript won't execute". Is this because you prevent the request altogether or do you somehow allow the Javascript to be fetched but then sandbox it or something? The latter seems brittle and prone to issues (tptacek's warnings about security/javascript in the browser come to mind).

* The control panel seems to let me block scripts from the domain I'm actually on (so, not a 3rd party request). Does this include inline script tags in the HTML? Obtrusive javascript via "onclick=..."? Last I checked, I thought Chrome didn't give you hooks to be able to stop, with an extension, the evaluation of scripts. In fact, that's why I've been using Firefox w/ NoScript, since I didn't think Chrome could match it. Is that not the case?

* When I search Google (but no other page), it seems to flash and reload since installing the script. What's that?

Thanks for your hard work on this! I appreciate it a lot.

Thanks for the nice words, it does help the morale.

Regarding javascript execution there are two cases:

External javascript: won't execute because the net request for the external resource is blocked.

Inline javascript: won't execute because a Content-Security-Policy directive is injected into the main page or sub frame.

This week I had to write an explanation of how this work because the idea that inline javascript can't be reliably disabled on a Chromium-based browser is still going strong. Here are the details:


Regarding the "flash and reload", I noticed that too lately, I have to look into this to understand what is happening.

Very cool! Thanks for the explanation.

One last question (sorry!): I just used the "Google" preset configuration to load gmail and it all just worked. I'm still trying to get the hang of interpreting the grid, but at the top left I see in blue ".google.com". Does that mean these whitelistings only apply to pages in a Google subdomain? For example: google analytics requests from some other* domain aren't whitelisted?

> Does that mean these whitelistings only apply to pages in a Google subdomain

Yes, the top-most left-most box is for choosing where the rules apply, I call it the scope selector.

"" = global scope

".example.com" = any web page which sits on 'example.com' or a subdomain of 'example.com'

"example.com" = any web page which sits exactly on 'example.com'

If multiple scopes exist for a given web page, the most narrow one is used. Also, scopes are really sandboxes, there is no inheritance of rules across scopes (trying to implement this is opening a can of worms both on usability and code-wise).

Very cool! Been using it all morning and I'm very impressed. Thanks again for your hard work.

More efforts in this space are a Good Thing(tm) regardless, so thank you for your contribution.

That said, you talk about all the effort that went into building it only to have nobody notice it...I have to ask, how much time did you put into promoting it and how did you approach that?

I don't intend for this to come off rude, but if you didn't do much to promote it, is it possible there's a bit of "Field of Dreams" syndrome at play here (the "if I build it they will come" fallacy)?

Regardless, I think there is a lack of trustworthy and well-known resources for getting the word out about new advancements in the privacy space like yours. I'm in the digital media world, and while I'm acutely aware of this stuff, I'm unaware of any sites that serve that purpose.

I'd love the EFF to put their weight behind a list of trustworthy add-ons that they inspect and maintain (in addition to theirs) since this needs to be a larger effort than they alone have the resources for. The big problem is getting the public more aware, and they are one of the best loudspeakers for that at the moment.

Does this initially block most/all domains and require individual whitelisting? I'm using it now, on washingtonpost.com it blocked requests to washingtonpost.com... if it requires manual whitelisting that's waay more than the average user will do and probably more than I will do (I'd been using disconnect or ghostery, will switch back to one of those or pBadger).

Yes, it has been said that it's more for advanced users. I've been trying to mitigate this with presets, recipes, etc. but still I understand and accept that it's not for everybody.

I usually ask people to at least read this one page [1], not to convince them, but rather just so that it is understood that the extension is fully configurable: it can be at any point in the full block-all / allow-all spectrum.

[1] https://github.com/gorhill/httpswitchboard/wiki/How-to-use-H...

I just added a 3rd example of how the extension can be used without blocking anything, while still reporting everything. If anything, this can be useful to keep the other privacy extensions open for scrutiny.

We do have a preloaded list of third-party sites to not block because they would cause too much breakage. Note that because PBadger is in alpha, this list is very short right now: https://www.eff.org/files/cookieblocklist.txt

It's maintained by EFF, and more things will get added as time goes on.

Add mail.google.com!! I took the time to go to google accounts, re-login, disable the blocking on the various sites (accounts.google, mail.google etc.) to get it working, but I can imagine breaking gmail will be a quick route to "uninstall extension" for many people. :)

UGH, you're right. Ok, let me explain this. We whitelisted google.com but it was not anticipated that, in the general case, we should really whitelist all subdomains in order not to break sites.

Luckily this was a one-line patch: https://github.com/EFForg/privacybadgerfirefox/pull/63 (though in the future, it is better for the whitelist to have wildcards in the cases where it's necessary).

Thanks for testing. Really helps a lot.

FYI, upgrading to 0.1.1 (released Friday) fixes the bug I mentioned. Subdomains of whitelisted sites are also whitelisted now. https://github.com/EFForg/privacybadgerfirefox/pull/63/files

Installed it, looks very powerful, and that's probably part of the issue. A lot of options to change and no real idea what they are.

Also, it caused some of my pages to stop working which I know aren't doing anything odd (internal helpdesk software).

I usually refer new users to this one page which shows that the extension can also be used in "allow-all/block-exceptionally" mode, which mode is less likely to break web pages (ABP, Ghostery, Disconnect etc. all work in such mode):


At one end of the spectrum, the extension can be used without no filtering of any kind, and the user still has a comprehensive reporting tool to see what a web page does.

I realize this may be an extension for more technical users (not sure that's the right approach for something like this to begin with), but HTTPS Switchboard doesn't exactly roll off the tongue, no matter how accurately descriptive its name is. Privacy Badger or Disconnect seems much catchier. Something to keep in mind for yours, if you want high adoption.

Before addeventlistener, I remember people manually chaining eventhandlers. Any chance you could do a variation on that?

>function addLoadEvent(func) {

> var oldonload = window.onload;

> if(typeof window.onload != "function")

> window.onload = func;

> else

> window.onload = function() {

> oldonload();

> func();

> }

>} http://www.csgnetwork.com/directonloadchain.html

The matrix visual is genius! I'll be using your extension going forward. Thanks for the great work. You may want to consider setting up a Gittip account or something similar so people have the option of supporting your work.

I love it! By far the most important thing about Privacy Badger is that it's backed and controlled by the EFF, instead of some individual or business that might be tempted in the future to betray users for profits.[1]


[1] For example, consider what happened with Adblock Plus. For years, it blocked all ads, but then in 2011 its developer announced it would allow "acceptable ads" by advertisers who had partnered with Adblock Plus. (For the details, see http://en.wikipedia.org/wiki/Adblock_Plus#Controversy_over_a... ) The EFF is extremely unlikely ever to do something like that.

The EFF is doing something similar, though I don't know if their standards are different than Adblock Plus':

"Advertisers and other third-party domains can unblock themselves in Privacy Badger by making a strong commitment to respect Do Not Track requests."

To be fair to EFF, it is explicit about what it considers that strong commitment to be: publishing this DNT policy notice on the domain:



What does the dnt-policy.txt promise mean?

Posting the dnt-policy.txt file makes a promise to the users who interact with their domain. We [EFF] believe it would be a false and misleading trade practice to post the policy without the intent to comply in good faith. However, EFF is not in a position to enforce this promise or monitor compliance.

There is code in Privacy Badger that checks whether a site has publicly posted a statement of compliance with DNT before blocking it. If they do and then violate that commitment, we have a record of it and can call them out on it.

Can you still configure the plugin (manually) to not trust such sites?

I don't want it to be a negotiation between the EFF and a website as to the state of my privacy - I want the final say in who is going to be trusted.

As I understand it, yes, you would still have final control.

When you click on the plugin icon in the browser toolbar, a popup box displays all the trackers Privacy Badger has found. There is a slider next to each tracker, with three states, green, yellow and red. Red means blocked.

As Privacy Badger works, it moves the slider for a tracker when it notices it following you across domains. But you can still manually drag the slider across to Red if you want.

This seems different. Adblock's stated purpose was to block ads. They directly compromise this purpose by allowing companies to pay to be able to show adds. Privacy Badger's stated purpose is privacy. There is no direct contradiction in allowing third party domains to be unblocked if they are not going to violate privacy. The only question here is how strongly to we believe they will honer the DNT.

Yet another plugin to add to my privacy arsenal (opt-outs from Google, AdBlock, Ghostery, Disconnect, and now Badger).

This really reminds me of the early years of antivirus on Windows, when you needed at least two antivirus suites to catch everything. Just as vendors eventually acknowledged (mostly) their responsibility for security on their OSes, browsers need to step up and start implementing these features by default, and innovating. It's crazy that, at the moment, I have to grant a third party total and unlimited access to my browser and history in order to protect my own privacy.

This should be on, by default, since most people are generally either adamantly against being tracked or ignorant of it and their options.

The handful of people that have a hard-on for targeted marketing should be ticking checkboxes in preference panels and installing plugins, not people who would rather Neilson not know everything about them...

Privacy is not a goal of Google chrome.

How much would you pay for an independent, non-ad supported, privacy-focused browser?

Off the cuff? $40.

Of course my willingness would vary depending on the project, community, features, stability, etc... but there's precedent. I've had no problem donating similar amounts to browser projects in the past, or smaller amounts (+/- $10) to privacy plugins (Adblock, Disconnect).

As a mac user, it's Safari, Chrome, or Firefox. All three are to varying degrees beholden to advertising powers who want my data, and aren't going to challenge the status quo in a major way. That needs to change, and I'd be willing to support that.

Let's say $40 per annum, i.e. $3.33/month, to pay for a browser like we do for an OS. I'd be willing to pay for an essential piece of software that needs to be independent and look after me and my data.

Simplifying, 39% of the world's 7.1bn population is using the internet [1]. That's 2.8bn people. Opera, the least popular major browser, has a 1.8% market share [2].

If the $40 browser could match that share, it'd be a $2bn p.a. business.

Why hasn't it happened already? Are we so enamoured with "free" software that this couldn't get off the ground?

[1] http://en.wikipedia.org/wiki/Global_Internet_usage [2] http://www.w3schools.com/browsers/browsers_stats.asp

Probably because you are thinking of yourself and as a representative sample of the population that is interested in privacy. Hate to break it to you, but if you understand how you are tracked ata all, you are in the minority. HN is quite possible the least representative population of the global internet user population in terms of both amount of money that you have (and hence amount you'd be willing to spend) and most people on HN have a pretty good idea of what is being tracked whereas a member of the general population would not.

Personally, I think there could be sufficient demand especially if you consider this:

Microsoft has traditionally been in the business of developing and selling user-centric (as opposed to advertiser-centric) software. Why wouldn't they develop a user-centric browser and sell it like they do the Office products? I'm genuinely wondering. Would it be hated by developers as it'd limit their earning opportunities?

I think that we are at the point in the game that people don't want to pay for a browser unless they can get something significantly better than what they get from a free browser. Keep in mind that in breaking into the market, you have to overtake the competitors with features that aren't available. This would likely be possible in the mobile market, but not the desktop market.

Opera's market share has been both increasing and decreasing over the last few years[1] but it looks like it is taking market share from IE users and more people are switching to chrome. So I would predict Opera's share would go down in the future.

The big questions for me, would then be: What am I getting from a browser that I pay for over a free one? Can I get the same features out of plugins for a more widely adopted (and hence better supported or developed for) browser?

Microsoft is really business and student oriented with the majority of their products. A browser only matches part of their design goals. They want people to keep paying for their OS and don't want products to migrate to the web where they have to compete with Google (Though they already have to do this to some extent).

Don't get me wrong, I would be personally interested in something like this but don't believe that many people outside of developers (and people doing criminal things whether moral or not) would be.

Not sure what you mean with the last point/question. The market share would be decidedly small, it likely wouldn't be developed for (unless it used a major library like webkit) and most business people wouldn't notice much difference in their ad-based revenue from such a small market share.

[1] http://www.w3schools.com/browsers/browsers_stats.asp

How much private information is someone willing to provide (knowingly) for an ad supported browser?

Sexual orientation? Medical records? 24/7 location tracker? Banking status? Purchase records? All private correspondence? Check all, and you get a nice fast browser in the phone with integrated e-wallet, e-medical, e-dating, and email.

When you ask how much someone is willing to pay for their privacy, we are comparing a product with uncertain hidden cost vs informed priced products. The result will always end up the same: you get lemons until the information asymmetry is solved.

You mean Firefox?

Firefox is technically/indirectly ad-supported. I don't think it's much of a problem - which is why I use it - but it is an incentive to not piss of Google too much, which can conflict with its mission.

Any promises of privacy or security are worthless unless it's on an open licence (GPL equivalent) - and in that case how would payment be enforced? Apparently you are asking a "trick question".

Because of the good plugins that are becoming more available, probably just €10. And it would have to be open source (but not necessarily free, as in beer) otherwise it is bs.

Ahead of time, or after it is available?

I'd pay anywhere from $25-$60, depending on functionality.

This seems like it would completely replace Disconnect/Ghostery. Am I correct?

I think he is aiming for redundancy. I.E., what happens if Ghostery starts letting companies pay to be 'let through'? The GP might know about it, since I'm sure that kind of story would find it's way to HN, but it's nice to have some redundancy when it comes to protecting ones privacy.

Which is why it's awesome the EFF is doing this one. They can be trusted.


> Meyer also says that Ghostery users are presented with clear disclosures about how the company uses their data if they opt in.

> if they opt in.

> opt in.

You could just use Epic instead, which would be like using Linux or Mac without an antivirus:


It's not even open source yet, why exactly would one trust it?

From their website's faq[1]:

> Is Epic Open Source?

> Yes! Epic is open source software. Chromium which Epic is built on is also open source software. We haven't had a chance to formally release Epic's source code because we've been giving 200% to get the product ready, and Chromium is a HUGE code base so to release it in an organized way will take a bit of effort. That being said, if you want to know anything about Epic's changes to the core Chromium, if you want any files, any code, anything at all, just write us and we're happy to get it to you. We will be releasing all the code in organized git repository soon as well -- sorry for the delay.

However, please note that Epic uses a builtin proxy. Also from the faq:

> Who powers Epic’s proxy service?

> Spotflux at present powers Epic’s proxy.

[1]: https://www.epicbrowser.com/FAQ.html

If it doesn't have the source available along with the binaries, it's not open source, regardless of their good intentions.

Afaict that's not technically correct. For example the GPL doesn't require that you provide the source code up-front, it's enough if you provide it when asked for. Which seems to be what the epic folks do.

From the Open Source Definition (http://opensource.org/osd)

    2. Source Code
    The program must include source code, and must allow 
    distribution in source code as well as compiled form. 
    Where some form of a product is not distributed with 
    source code, there must be a well-publicized means of
    obtaining the source code for no more than a reasonable 
    reproduction cost preferably, downloading via the 
    Internet without charge. The source code must be the 
    preferred form in which a programmer would modify the 
    program. Deliberately obfuscated source code is not 
    allowed. Intermediate forms such as the output of a 
    preprocessor or translator are not allowed.
So it really depends on your interpretation of "well-publicized means of obtaining the source code". I don't think I would label a "send us an email and (maybe) we'll give you the source or the patches) as Open Source, mostly because if a company doesn't already have their source in the open, they don't want it in the open, doesn't matter what they write on their site.

OK I have reached saturation point with all these plugins. I value the work that the eff are doing. I think a comparison page on wikipedia is a good idea, who agrees?

for example:



That's a great idea! I would be willing to help, and could probably find some others to help too!

From FAQ: "Privacy Badger is a browser-add on tool that analyzes sites to detect and disallow content that tracks you in an objectionable, non-consensual manner."

If this is for average users, something like "Privacy badger stops advertizers from secretly tracking your movements and activities online" be better. "browser-add[sic] on tool that analyzes sites to detect" etc. etc. is too complicated, people won't read it IMO.

"When you visit websites, your copy of Privacy Badger keeps note of the "third party" domains that embed images, scripts and advertising in the pages you visit. If a third party server appears to be tracking you without permission, by using uniquely identifying cookies to collect a record of the pages you visit across multiple sites, Privacy Badger will automatically disallow content from that third party tracker."

Words you probably shouldn't use for a layperson friendly explanation: embed, script, server, disallow, "third party" (without explaining precisely what you mean in this context). The top question on the should be broken out into a "how does it work (generally speaking)" and "how does it work (more technical)." I'm afraid people will get stuck on that say "this is too technical" and not read the rest.

"When you see an ad, the ad sees you" this is excellent!! It succinctly explains the problem in a layperson friendly way.

"When you see an ad, the ad sees you. When the advertiser 'sees' you it sees what site you are on when you view the ad. This information can be used to build a profile about you: where you shop, what blog or news sites you read, what forums you post on, etc.. Privacy Badger stops your browser from requesting the ads, so the advertiser never 'sees' what sites you're visiting.

When you see an ad, the ad sees you... Privacy badger stops you from seeing the ad and stops the ad from seeing you!!"

Ideally you'd just copy this: http://donttrack.us/ but specifically for ads.

Hi, I'm the main author of Privacy Badger's Firefox version. You are 100% right; I'll point this out to the text authors.

On the other hand, EFF's fanbase is generally very technical compared to the average person and I'm sometimes afraid of coming off as imprecise or belittling to them. Striking the balance is hard.

I would love it if there was a plugin that combined the blacklist part of Disconnect/Ghostery with the learning algorithm of Privacy Badger and the anti-fingerprinting features of Secret Agent.

There are many trackers that are known in advance and there is no need to analyse them. Stop them right away.

New ones crop up, or old ones change domains, watch them and block them.

And randomize my headers so even if cookies are blocked, they can't fingerprint me statistically.

Btw. what is the point of Privacy Badger without the Do Not Track header?

The reasons for not using a blacklist in Privacy Badger were philosophical, not technical. I agree it would be more convenient to ship with a blacklist but hopefully the learning algorithm works well enough to be almost-equivalent.

> Btw. what is the point of Privacy Badger without the Do Not Track header?

Not sure I understand. Privacy Badger Alpha currently sets the Do Not Track header on all requests.

Thanks for mentioning Secret Agent. I had looked for a plugin to do that some time ago and couldn't find one. Now I have!

You're welcome. A direct link is here:


Just bear in mind the default installation can break some pages (Soundcloud) or worsen your user experience (many web sites, Google, Wikipedia or Ars Technica among others, redirect you to the mobile version if you have a certain user agent).

Even without DNT, it still blocks tracking cookies, etc.

I'm going to drown in downvotes likely, because this will go against popular opinion. But i have to speak out about this nonsense: most adserving scripts aren't violating your privacy!

People keep confusing the adserving/retargeting sector with the identity-sector (Google, Facebook). Identity (centralized) vs anonymous (or decentralized) is an important debate. But the adserving industry are not picking sides in that debate. they don't want your name, and they are not keeping any data any milisecond longer than required, because it's all low-margin: costs matter a lot.

People want all their content for free. People don't want annoying popups all the time. So when you look at some product, you get a cookie. That product-id and the cookie-id (that refers to your browser, not you) go into a typical cassandra or redis cluster for about 30 days. Then they are deleted.

End result: (1) your content is free (2) you are not drowning in ads (3) your privacy was not violated. Nobody in _this_ sector wants to store your personal stuff.

People should be concerned about what identity-providers (like Google or Facebook) do with your information. And people should be very wary of identity-providers where you are not the customer. But pure adserving companies, the ones targetted with this tool, were never messing with your privacy in the first place. All tools like this do, is put websites out of bussiness.

Can the intelligent people in HN please start getting more informed about the difference between these two sectors?

Retargeting-sector ==> Be anonymous, see few ads, get free content. Low-margin, technology-driven.

Identity-sector ==> Give all your info, see lots of ads, spam your friends. High-margin, social-life-extortion-driven.

And maybe, not freak out so much about 'retargeting'. Retargeting is fine: its why so much of the internet is free. It funds many YC companies (like Reddit). Just don't ever deal with identity providers who also sell ads. But that's about 10 scripts of the thousands that are blocked by this tool.

> People keep confusing the adserving/retargeting sector with the identity-sector (Google, Facebook).

Can you blame them when the latter keep buying the former? Google bought Doubleclick. Twitter bought MoPub. Facebook bought Atlas. And so on...

I don't blame them, but the sector is much bigger than just the identity-players.

Given that most of the identity players (Google, Twitter, FB) also offer retargeting themselves, I find it tough to accept your reasoning that the two are distinct and unrelated.

Firefox users should install:

To block tracking background requests:

-> RequestPolicy: https://addons.mozilla.org/en-US/firefox/addon/requestpolicy...

To block ads/trackers:

-> Adblock Edge: https://addons.mozilla.org/en-US/firefox/addon/adblock-edge/

To eliminate tracking via cookies/persistent Flash cookies/Localstorage:

-> Self-Destructing Cookies: https://addons.mozilla.org/en-US/firefox/addon/self-destruct...

I have RequestPolicy installed, but at some point its intrusiveness led me to disabling it again. I can't really recommend it.

The other two however, go for them, they're not intrusive to the user experience at all in my experience.

Is there a reason why you suggest Adblock Edge instead of Adblock Plus?

As a counterpoint: I use Request Policy and love it.

For those who don't know, Request Policy (RP) simply blocks requests outside the website's domain. I configured mine to deny all requests unless I whitelist them (by hostname). It eliminates most security issues; Ghostery rarely has to block any trackers, for example.

I would never recommend it for a typical end-user; it requires too much understanding (e.g, to understand enough about CDNs to identify which hosts need to be whitelisted). For most people reading this, it would be no problem.

It comes with large, pre-configured whitelists that cover many common websites. Many sites work fine without anything whitelisted, though most need at least one host for their CSS. More complex sites, such as those running applications, can take some effort to get running. Once you figure out a site, RP remembers the whitelist and the site works indefinitely.

The interface needs work but it's functional. There is a beta of a new version, which is supposed to fix some interface issues, but I haven't tried it.

Adblock Plus has gone partly rouge, at least for the hardcore anti-ad crowd, ever since it started taking money from and "allowing" certain advertisers to get through without blocking.

Adblock Edge is not known to have such issues, as of yet.

> [...] its intrusiveness [...]

Personally, I'd rather call the usual +/- 20 background requests per page (of which each company may track you) "intrusive". But I suppose that's a matter of preferences.

EDIT re: Adblock Edge instead of Adblock Plus:

Adblock Plus has sold out, taking money for unblocking certain ads.

FYI: The latest versions of Adblock Plus and Adblock Edge yield to Firefox during startup. Which, it seems, prevents them from having loaded all of their rules by the time Firefox begins to process requests. IOW, they don't block everything they should when Firefox first starts up.

As part of my project, I like to benchmark regularly privacy enhancing extensions ("blockers") for Chromium-based browsers. So I took the opportunity to run one of my key benchmark this morning. [1]

The results are meant for a github page, but I decided to present them here, and I reformatted specifically to be HN friendly (hopefully).

In short, any of the following blockers help a lot against no blocker at all. Some are less likely to break web pages, while some other are more likely, and every users have their own requirements when it comes to striking balance between privacy and convenience. This is for information purpose only, not to make a statement that one is better than the other. With the proper information, people can make an informed choice according to their own prerogatives.

I ordered the list by the amount of distinct domains which are "touched". I figure the more distinct domains are touched, the more metadata is leaked to different parties. The format of the results is n / N, where n is the number of distinct 3rd-party domains, and N is the total number of distinct domains.

"3rd-party" is from a DB-less machine point of view, i.e. if a domain name differs from the one of the URL of the page, it is deemed 3rd-party. Despite this caveat, I think this still allows to compare blockers between themselves for the same benchmark ran inside the same narrow time frame.

Benefit to the users: It's nice to see privacy becoming more and more a top issue and more and more choice to address this particular problem.

So here:

No blocker

  Domains:            420 / 421
  Hosts:              641 / 720
  Scripts:            518 / 641
  Outbound cookies:   263 / 341
  Net requests:     2,079 / 2,849
Privacy Badger 2014.5.1 (BETA)

  Domains:            192 / 193
  Hosts:              299 / 381
  Scripts:            334 / 455
  Outbound cookies:    52 / 115
  Net requests:     1,340 / 2,176
Disconnect 5.17

  Domains:             93 / 94
  Hosts:              171 / 248
  Scripts:            262 / 385
  Outbound cookies:    19 / 83
  Net requests:     1,124 / 1,936
HTTPSB 0.9 Allow-All/Block-Exceptionally

  Domains:             54 / 55
  Hosts:              101 / 153
  Scripts:            169 / 265
  Outbound cookies:     2 / 43
  Net requests:       930 / 1,648
Adblock Plus 1.7.4

  Domains:             54 / 55
  Hosts:               97 / 149
  Scripts:            177 / 272
  Outbound cookies:     1 / 33
  Net requests:       913 / 1,612
Ghostery 5.2.1

  Domains:             52 / 53
  Hosts:               99 / 160
  Scripts:            173 / 286
  Outbound cookies:     8 / 47
  Net requests:       966 / 1,722
HTTPSB 0.9 Block-All/Allow-Exceptionally

  Domains:             21 / 22
  Hosts:               49 / 75
  Scripts:              0 / 0
  Outbound cookies:     0 / 0
  Net requests:       680 / 1,199
[1] https://github.com/gorhill/httpswitchboard/wiki/Comparative-...

Note that Privacy Badger uses a browser history-dependent algorithm for blocking - when you first install it, it doesn't block anything because it assumes that third-party trackers are innocent until proven guilty. When it sees you being tracked on 3+ first-party domains by a third party, it either blocks or cookieblocks the third party. I wrote up a basic description of the algorithm here: https://github.com/EFForg/privacybadgerfirefox/blob/master/R...

So if you're testing Privacy Badger on a profile with no browsing history, it is bound to do worse than other extensions. You have to "prime" it with some browsing data before it's really effective.

I see, so this means results for Privacy Badger reflect a worst-case scenario. I've added links to the proper section in the Privacy Badger's README file.

So people who use incognito mode don't benefit much?

Unfortunately not, if you use Incognito by default (other than being able to see who's tracking you and toggle the settings manually). We could add a feature to optionally save data in Privacy Badger between incognito sessions (or use data from the non-incognito sessions to determine which sites to block in incognito sessions).

In Firefox, PBadger Alpha doesn't have permission to operate in Incognito mode yet, so it will just be off.

Tracking bug for this (in Firefox): https://github.com/EFForg/privacybadgerfirefox/issues/11

I've always looked for some harder data on how to tell the difference (effectively) from these different tools. Really appreciate the data you're providing here.

My challenge is that I looked at this data and the web page on Github and I may not be the sharpest tool in the shed but I'm not certain how to interpret the data and understand the real world implications. On the GitHub page it states that "The most important figure in my opinion with regard to privacy is the 3rd-party Domain count" which is a good hint but if I look at Disconnect 5.17 for example I see 93/94 which is "3rd-party count / total count". What, exactly does that mean? Does that mean for the 15 web sites visited that 93 http requests were from 3rd parties and only 1 from a first party? And that with the specified tool it is blocking those 93 requests?

Thanks for any additional explanation.

It's the number of distinct "3rd-party" domain names reached on average for the 15 visited web pages. So in the case of Disconnect, for the 15 URL visited, on average 93 "3rd-party" domains were touched. The web page domain in the URL address bar is deemed 1st-party. "Domain" is extracted as per Mozilla's Public Suffix List.

Great, thank you so much. Did you consider including Request Policy? It's not apples-to-apples and might be tricky to test (it breaks more sites without per-website configuration).

RequestPolicy is not available for Chromium. In any case, HTTP Switchboard can be configured to mimic how RequestPolicy function[1], but really these benchmarks are time-consuming and I have to limit the amount of extensions I benchmark.

[1] https://github.com/gorhill/httpswitchboard/wiki/HTTP-Switchb...

So this addon just blocks some third party cookies? I already have third party cookies disabled in my Firefox settings. Does that make this plugin useless to me?

Wasn't there already plans to "block" third party cookies from being delivered as standard anyway, when the top level site domain changes?

I have third party cookies blocked as well in Firefox settings - I see this error when I click on the badger icon in the toolbar: "Your cookie preferences are changed from the defaults. This may reduce the effectiveness of Privacy Badger."

Probably if all third-party cookies are blocked, then Badger doesn't have anything to work with.

Yes, the alpha version (what we just launched) only works on third-party cookies, so the heuristic blocking algorithm doesn't do anything if you block 3rd party cookies entirely. We plan to add detection of other tracking methods (Flash cookies, local storage, fingerprinting, etc.) as time goes on. More info in the Firefox version's README: https://github.com/EFForg/privacybadgerfirefox/blob/eb1055c4...

Thanks for clarifying. This is a much needed initiative and your work is greatly appreciated. Happy to see my donations hard at work :)

I have all cookies blocked except for the domains that I whitelist (where I need to login). This is built into all browsers (AFAIK). Why not just use that feature? What am I missing here?

Perhaps now is a good time to mention that if you want to work on projects like Privacy Badger with EFF, we're hiring for a Staff Technologist: https://www.eff.org/opportunities/jobs/staff-technologist. The role is a mix of software engineering, doing security/privacy research, pressuring large internet companies and standards groups to not be evil, and teaching lawyers/reporters about technology issues.

It's overall a fun job. I wrote most of Privacy Badger Firefox with help from Mozilla folks in the last two months, and it's very satisfying to see people using and reporting bugs in the software that I made almost immediately after launch. :)

Happy see an alternate to Ghostery that isn't run by an advertising company.

You might also be interested in Disconnect.


In order to be effective against the numerous tracking techniques that are in use, the extension MUST block requests. If you aren't breaking many popular websites as a result of blocking their third party requests then it is your own privacy that gets broken. So this concerns me:

"In some cases a third-party domain provides some important aspect of a page's functionality, such as embedded maps, images, or fonts. In those cases, Privacy Badger will allow connections to the third party but will screen out its tracking cookies."

To clarify, those cases where we block cookies but not requests entirely are the sites on this whitelist: https://www.eff.org/files/cookieblocklist.txt

This pull request will also apply the whitelisting to subdomains of the domains on the whitelist: https://github.com/EFForg/privacybadgerfirefox/pull/63.

Unfortunately blocking all those sites and making users whitelist them manually is a lot of work for most users. So we ship a whitelist.

I have to say, I love that the EFF is doing this. No more wondering about some of the classic privacy extensions' ulterior motives. Having "one extension to rule them all", built by the EFF, is excellent. On top of that, no more conflicts between them either (and disabling each and every one of them whenever you get a loading issue on some site is frustrating!)

I fully intend to contribute to my browser's extension's repository. I hope other developers on HN will join me.

> I fully intend to contribute to The EFF. I hope other developers on HN will join me.

Fixed that for you :)

Are there any extensions that will block flash cookies (LSOs) instead of allowing them and deleting after each browser session?


One current option: https://addons.mozilla.org/en-US/firefox/addon/betterprivacy...

Why extension if you can disable the local shared objects (LSO cookies) entirely from the flash settings?

Or just use click to play to activate flash on your browser, at least then they can't be set anywhere in the background.

It's great to see additional attention on privacy while browsing from the desktop. It does feel, however, a little like we're fighting yesterday's war. With so much browsing / internet usage taking place on mobiles it would seem to be much more important (or at least _as_ important) to provide privacy to mobile browsers. Given the limited ability to impact the way mobile browsers work (especially on iOS) I wonder if we'll see any real solution here?

I currently run adblock edge with the regular easy list, privacy list, and social blocking list. How is this plugin different?

If I've already got NoScript, ABP, and Ghostery will this addon make any difference?

Is this bassicaly just adblock with just the anti tracking list enabled?

From their main page[1]:

> Does Privacy Badger contain a "black list" of blocked sites?

> No, unlike other blocking tools like AdBlock Plus, we have not made decisions about which sites to block, but rather about which behavior is objectionable. Domains will only be blocked or screened if the Privacy Badger code inside your browser actually observes the domain collecting unique identifiers after it was sent a Do Not Track message. Privacy Badger does contain a whitelist of some sites that are known to provide essential third party resources; those sites show up as yellow and have their cookies blocked rather than being blocked entirely. This is a compromise with practicality, and in the long term we hope to phase out the whitelist as these third parties begin to explicitly commit to respecting Do Not Track.

[1]: https://www.eff.org/privacybadger

I installed the plug-in and went to three sites I know contain tracking code. Privacy Badger tells me "Could not detect any tracking cookies." ... Am I missing something?

Maybe it's a bug. FTA:

This is an alpha release; we've been using it internally and don't think it's too buggy. But we're looking for intrepid users to try it out and let us know before we encourage millions of people to install it. If you find bugs, you can file them on github against either the Firefox or Chrome repos as appropriate.



Do you have other extensions installed that are already blocking trackers? (NoScript, for instance.) If so, Privacy Badger shows only the ones that they've missed.

How does this compare to Ghostery and/or Disconnect?

From https://www.eff.org/privacybadger

> How is Privacy Badger different to Disconnect, Adblock Plus, Ghostery, and other blocking extensions?

> Privacy Badger was born out of our desire to be able to recommend a single extension that would automatically analyze and block any tracker or ad that violated the principle of user consent; which could function well without any settings, knowledge or configuration by the user; which is produced by an organization that is unambiguously working for its users rather than for advertisers; and which uses algorithmic methods to decide what is and isn't tracking.

> Although we like Disconnect, Adblock Plus, Ghostery and similar products (in fact Privacy Badger is based on the ABP code!), none of them are exactly what we were looking for. In our testing, all of them required some custom configuration to block non-consensual trackers. Several of these extensions have business models that we weren't entirely comfortable with. And EFF hopes that by developing rigorous algorithmic and policy methods for detecting and preventing non-consensual tracking, we'll produce a codebase that could in fact be adopted by those other extensions, or by mainstream browsers, to give users maximal control over who does and doesn't get to know what they do online.

> This week, Mozilla published research showing that privacy is the single most important thing that users want from their web browsers.

I can't speak for anyone else, but I'd be happy just to have a version of Firefox that didn't leak memory like a sieve and become unusably laggy after a day or so. Strangely enough, though, Mozilla's "research", which is nothing more or less than a "click this or this or this" sort of poll, doesn't offer any option for "I'd like your product to suck less please".

The fact that "speed" or "good performance" were not options did raise my brow. As well as the fact that the EFF called an internet poll "published research".

The poll in question: https://webwewant.mozilla.org/

Privacy may very well be the top issue on users' minds, but calling this evidence seems a stretch.

Your opinion is out of date.

It's funny you should say that, because outside cross-browser functionality testing, Firefox has been my default browser since back when it was still called Phoenix. The reason I complain about Firefox's memory leaks and general flakiness is not because I hate the browser and want it to die, but because I like it and I'm sick of having to kick it over and restart it every day so that I can use it without the UI freezing for ten seconds out of every thirty.

Naturally, I've grown quite accustomed, in those rare cases when I muster the temerity to express this opinion, to being shouted down for it. I am surprised to see that happen on Hacker News, though; on 4chan it'd be de rigeur, of course, but I expected better here. I don't know why, though; after all, it's precisely the same attitude which characterizes Mozilla's approach to bug reports.

You must be unlucky then, because I've been using Firefox for years, on various versions of OSX, Linux and Windows and have never suffered issues as severe as you describe. And over the past year or so, things have just got better and better. From what I've seen, most people don't have the problems you describe with recent versions of Firefox.

I been using Firefox since v2. I have all the problems the parent does. I love the browser, send off my crash dumps (about 3 a week) I want the browser to be better and they are getting there.

The memory issues are bad, but only apparent with you have lots of tabs open for long periods of time. I can at times have over 50 pages open and it is around this time things start to crash. Why 50 pages at one time? Well that is how i use my browser. Also the fact that firefox still does not have its tabs on their own threads is frustrating for these crashes as it takes out all tabs, where as sometimes when chrome crashes you don't always lose everything.

Anyway FireFox is a great browser just wish they stopped following the chrome team around like lost puppies.

I don't have these issues (often)[1], and I usually keep 100 - 400 tabs open on a 6 year old Dell Inspiron 1525. I'm not sure what you mean by losing all of the tabs because my session is restored on restart and I don't lose anything.

[1] I probably restart or crash once or twice a month.

I have hundreds of tabs open all the time and Firefox runs for weeks; Windows or something else gives out first and requires a reboot.

But my main point is, with hundreds of millions of users, what are our anecdotal experiences worth?

> ...with hundreds of millions of users, what are our anecdotal experiences worth?

To Mozilla, any user's experience means little enough at best. On the other hand, any user's "anecdotal" experience of how well Firefox works, or doesn't work, means a hell of a lot to her.

I would much much rather be using Firefox, but I use Chrome because of the issues being mentioned. Firefox becomes unresponsive for me left running for more than a few days.

Mozilla dev here! Sorry to hear you're having so many problems! A few things to consider:

1. Many of Firefox's stability issues are due to 3rd party components (plugins and addons). I recommend disabling all of them, restarting the browser, and seeing if the issues persist. You can then selectively enable (or click-to-play, for plugins) them to improve your experience while maintaining stability. 2. You could also try a profile reset [0], which tends to magically fix some problems (especially if you've had the profile for a while).

[0] https://support.mozilla.org/en-US/kb/reset-firefox-easily-fi...

I appreciate your taking the time to respond to my concerns, but honesty compels of me the admission that I'd appreciate it more if you could offer something more substantive than the browser equivalent of "Have you tried turning it off and on again?" Of course I have, and if it'd solved my problems, I wouldn't still be complaining about them on Hacker News, where the response is certain to include an overwhelming preponderance of "works just fine for me!"

On the other hand, per a decision made a couple of years ago, I also stick with the ESR release track rather than keeping up with the mainstream releases, because I got tired of having to restart for updates even more frequently than for performance reasons, and also of having the user-interface tablecloth yanked out from under me every time the major version changed -- on that latter point, incidentally, if I want Google Chrome's UI, I know where to find it.

It's possible that running Firefox 24 ESR means I've missed out on some recent stability and performance updates, although I had the impression that both sorts of fixes were generally backported to the ESR branch; given my prior experience, I'd be astonished (and delighted) to see those missed updates make a major difference, but who knows? Perhaps in June, when Firefox 31 ESR drops, I'll find myself astonished and delighted.

If you look in about:memory, you can try to diagnose a bit where the memory is going. This may or may not result in anything that will be useful for you.

I appreciate that it is frustrating when your browser is misbehaving, but your generic complaint "my browser leaks like a sieve!" cannot possibly garner anything other than generic suggestions. Memory issues can be caused by buggy websites, websites that use some feature that Firefox implements poorly, addons, plugins, buggy graphics drivers, and so on. Issues that come up after days of heavy browsing can be particular hard to diagnose.

> although I had the impression that both sorts of fixes were generally backported to the ESR branch

ESR mostly just receives security updates, plus the occasional crash fix.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact