As a privacy concious user (maybe a bit paranoid at times… but then again, I am a German, so that comes naturally), I have been thinking a lot lately about how to maintain control about which web company gets which information about me. After all, through the proliferation of facebook’s like-button an its relatives (Google+, Twitter et al.) and the advent of behavioral advertising, companies have the means to create browsing profiles and, in the case of those companies that offer social networks and advertising services, even tie it to my person and use it to serve advertisements to me even in totally different contexts. This is even more relevant since that tracking can even occur when I am not logged in to the social network in question, since e.g. facebook uses identifying cookies even in that case (see heise for more information, albeit in German).
In this article, I am going to evaluate a few add-ons for Mozilla Firefox that help maintain control over the data that is being shared, and discuss some of their pros and cons. Similar or the same add-ons might exist for Google Chrome or other browsers as well. The plugins I am going to discuss are the following:
- Ghostery
- BetterPrivacy
- NoScript
- Beef Taco
- AdBlock Plus
1. Ghostery
Ghostery is specifically designed to identify and notify the user about hidden or unhidden elements that might be able to track you and send information to third parties. It also allows blocking these elements altogether or selectively. It is by far the most useful privacy add-on available, since it generally works non-intrusively, has a comprehensive list of sites that track users, and it blocks the tracking by removing / not loading the questionable elements in web sites in the first place. In order to constantly improve and keep up-to-date with an ever-growing number of potentially tracking web companies, it features the so-called GhostRank, which allows users to voluntarily participate in collection of data to identify previously unknown tracking code.
For any privacy-concious user, Ghostery is definitely a must-have add-on. It is available for all major desktop browsers (although Chrome support is marked as experimental as of now) as well as for iOS mobile devices.
Pros:
- Non-intrusive
- Comprehensive and thorough blocking of tracking elements
- Automatic update of tracking blacklist
Cons:
- Blacklist functionality means that new companies not yet on the list might go unnoticed
2. BetterPrivacy
BetterPrivacy has a single purpose: Keeping track of, managing and deleting so-called super-cookies. Super-cookies are cookies (little pieces of information stored by websites on the user’s computer) that are stored in other places than the usual Web browser’s cookie storage – most notably using Flash or the newly established DOM storage. Needless to say, any cookie can be used to identify the user and thus pose a potential privacy risk. This potential risk is increased by the fact that these super-cookies may currently not be removed when using browser features such as “delete private data” or “private browsing”. BetterPrivacy allows viewing these super-cookies and deleting them manually or automatically when the browser is closed.
Since the automatic deletion of super-cookies removes a potential privacy risk and does not seem to have any negative effect on major websites (the BetterPrivacy website warns that some games might be an exception), I would definitely recommend using this add-on. It does not, however, offer comprehensive privacy protection. Tracking and collection of information can still be conducted when BetterPrivacy is used in isolation, especially when the same browser is used for e.g. browsing facebook and other pages at the same time.
Pros:
- Single point of management for super-cookies
- Automatic deletion of super-cookies does not seem affect any major web sites negatively
Cons:
- Single-purpose add-on – no comprehensive privacy protection
3. NoScript
NoScript is the weapon of mass destruction among the plugins discussed here. In the recommended mode of operation, it prevents all JavaScript from being executed unless explicitly allowed for a web site. On a typical web site that includes JavaScript code for that site as well as potentially tracking JavaScript from third parties such as Google or facebook, the user can selectively set for which of the originating sites JavaScript code execution should be allowed. This means that all active tracking functionality is sustainably halted.
There are, however, significant drawbacks to this method. Much of today’s web uses JavaScript for totally legitimate purposes, and it can take quite long to allow these script sources for a fresh install of JavaScript (I have dozens of web sites that I visit frequently or less frequently, and I need to allow JavaScript for most of them, and this more often than not involves multiple clicks since they do not only use JavaScript originating from the web site itself, but also third-party JavaScript that is required for them to work properly). Also, some sites provide both tracking and non-tracking utility scripts: a notable example is google.com. In addition, if you for the first time use a new sites, especially in order to order goods or make other financial transactions (such as for services), these transactions will often require JavaScript to be activated for a number of sites, including the web site itself, the bank involved and so on. This might require several clicks to allow scripts for each individual site, each of them requiring a reload of the current page, potentially breaking the booking process, or, even worse, causing several bookings to go off. Alternatively, the user might temporarily turn off the protection altogether (and maybe forget to turn it on later again).
These drawbacks make NoScript hard to use for the non-expert user. I would thus not recommend using NoScript unless you know what you are doing.
Pros:
- Whitelisting functionality (i.e., execute JavaScript only when explicitly allowed) protects also against new tracking elements
- Blocking of JavaScript
Cons:
- No blocking of non-active tracking functionality, such as one-pixel images etc.
- Blocking of JavaScript impedes/breaks legitimate functionality of web sites as well
4. BeefTaco
BeefTaco might be considered the light, non-invasive method of privacy protction. What it does is send opt-out requests to advertising companies in order to stop them from serving behavior-based adverts. As such, it does not in any way affect the way that websites work and are displayed, but only affects the content of the adverts. Neither, however, does it prevent in a technical way an advertising company from collecting data about you. All it does is ask the companies to refrain.
In summary, the strength of BeefTaco is that it interferes neither with the fuctionality and rendering of a site nor with the legitimate concern of web site operators to make money by showing advertisements. However, if you don’t trust the advertising companies, BeefTaco is nothing for you.
Pros:
- Does not interfere with the web sites’ content
Cons:
- No technical prevention of information collection
5. AdBlock Plus
AdBlock Plus is, as the name suggests, above all, an ad-blocking add-on. It can, however, also block tracking code that is not advertisement-related. Since its most recent version, it also has an option to allow “acceptable”, non-annoying ads, though that behavior is currently limited to a very short list of ads since they have to be manually verified.
Since AdBlock Plus is not primarily a privacy tool, but an ad-blocking tool, I would not recommend it to users that are concerned only about their privacy. Personally, I consider advertising by itself not a bad thing: Apart from its obvious marketing purpose (which is a legitimate purpose in itself), it also serves as a means for web sites to make money (which is also a legitimate purpose). Especially for smaller web sites, which often barely earn enough money to finance their own expenses, let alone contribute to covering to the owner’s cost of living, the availability is often crucial.
Pros:
- Comprehensive ad-blocking functionality
- Recent addition of allowing non-annoying ads
Cons:
- Blocks legitimate, non-privacy critical ads as well
Summary
Some privacy-related measures should be taken by any user that is concerned about their privacy. For non-expert users or those that do not want to spend too much time configuring, Ghostery is definitely the best choice. Experts might be better suited with NoScript. Those who trust the advertising companies but simply do not want behavioral advertising should stick to Beef Taco, while those that want to get rid of ads altogether should go for AdBlock Plus. The super-cookie safeguard BetterPrivacy complements any of the other four options and is worth checking out in any case.
Tags: Browser, Mozilla Firefox, Privacy, Web