In this article, I am going to evaluate a few add-ons for Mozilla Firefox that help maintain control over the data that is being shared, and discuss some of their pros and cons. Similar or the same add-ons might exist for Google Chrome or other browsers as well. The plugins I am going to discuss are the following:

1. Ghostery
2. BetterPrivacy
3. NoScript
4. Beef Taco
5. AdBlock Plus

1. Ghostery

Ghostery is specifically designed to identify and notify the user about hidden or unhidden elements that might be able to track you and send information to third parties. It also allows blocking these elements altogether or selectively. It is by far the most useful privacy add-on available, since it generally works non-intrusively, has a comprehensive list of sites that track users, and it blocks the tracking by removing / not loading the questionable elements in web sites in the first place. In order to constantly improve and keep up-to-date with an ever-growing number of potentially tracking web companies, it features the so-called GhostRank, which allows users to voluntarily participate in collection of data to identify previously unknown tracking code.

For any privacy-concious user, Ghostery is definitely a must-have add-on. It is available for all major desktop browsers (although Chrome support is marked as experimental as of now) as well as for iOS mobile devices.

Pros:

• Non-intrusive
• Comprehensive and thorough blocking of tracking elements
• Automatic update of tracking blacklist

Cons:

• Blacklist functionality means that new companies not yet on the list might go unnoticed

2. BetterPrivacy

BetterPrivacy has a single purpose: Keeping track of, managing and deleting so-called super-cookies. Super-cookies are cookies (little pieces of information stored by websites on the user’s computer) that are stored in other places than the usual Web browser’s cookie storage – most notably using Flash or the newly established DOM storage. Needless to say, any cookie can be used to identify the user and thus pose a potential privacy risk. This potential risk is increased by the fact that these super-cookies may currently not be removed when using browser features such as “delete private data” or “private browsing”. BetterPrivacy allows viewing these super-cookies and deleting them manually or automatically when the browser is closed.

Since the automatic deletion of super-cookies removes a potential privacy risk and does not seem to have any negative effect on major websites (the BetterPrivacy website warns that some games might be an exception), I would definitely recommend using this add-on. It does not, however, offer comprehensive privacy protection. Tracking and collection of information can still be conducted when BetterPrivacy is used in isolation, especially when the same browser is used for e.g. browsing facebook and other pages at the same time.

Pros:

• Single point of management for super-cookies
• Automatic deletion of super-cookies does not seem affect any major web sites negatively

Cons:

• Single-purpose add-on – no comprehensive privacy protection

3. NoScript

NoScript is the weapon of mass destruction among the plugins discussed here. In the recommended mode of operation, it prevents all JavaScript from being executed unless explicitly allowed for a web site. On a typical web site that includes JavaScript code for that site as well as potentially tracking JavaScript from third parties such as Google or facebook, the user can selectively set for which of the originating sites JavaScript code execution should be allowed. This means that all active tracking functionality is sustainably halted.

There are, however, significant drawbacks to this method. Much of today’s web uses JavaScript for totally legitimate purposes, and it can take quite long to allow these script sources for a fresh install of JavaScript (I have dozens of web sites that I visit frequently or less frequently, and I need to allow JavaScript for most of them, and this more often than not involves multiple clicks since they do not only use JavaScript originating from the web site itself, but also third-party JavaScript that is required for them to work properly). Also, some sites provide both tracking and non-tracking utility scripts: a notable example is google.com.  In addition, if you for the first time use a new sites, especially in order to order goods or make other financial transactions (such as for services), these transactions will often require JavaScript to be activated for a number of sites, including the web site itself, the bank involved and so on. This might require several clicks to allow scripts for each individual site, each of them requiring a reload of the current page, potentially breaking the booking process, or, even worse, causing several bookings to go off. Alternatively, the user might temporarily turn off the protection altogether (and maybe forget to turn it on later again).

These drawbacks make NoScript hard to use for the non-expert user. I would thus not recommend using NoScript unless you know what you are doing.

Pros:

• Whitelisting functionality (i.e., execute JavaScript only when explicitly allowed) protects also against new tracking elements
• Blocking of JavaScript

Cons:

• No blocking of non-active tracking functionality, such as one-pixel images etc.
• Blocking of JavaScript impedes/breaks legitimate functionality of web sites as well

4. BeefTaco

BeefTaco might be considered the light, non-invasive method of privacy protction. What it does is send opt-out requests to advertising companies in order to stop them from serving behavior-based adverts. As such, it does not in any way affect the way that websites work and are displayed, but only affects the content of the adverts. Neither, however, does it prevent in a technical way an advertising company from collecting data about you. All it does is ask the companies to refrain.

In summary, the strength of BeefTaco is that it interferes neither with the fuctionality and rendering of a site nor with the legitimate concern of web site operators to make money by showing advertisements. However, if you don’t trust the advertising companies, BeefTaco is nothing for you.

Pros:

• Does not interfere with the web sites’ content

Cons:

• No technical prevention of information collection

5. AdBlock Plus

AdBlock Plus is, as the name suggests, above all, an ad-blocking add-on. It can, however, also block tracking code that is not advertisement-related. Since its most recent version, it also has an option to allow “acceptable”, non-annoying ads, though that behavior is currently limited to a very short list of ads since they have to be manually verified.

Since AdBlock Plus is not primarily a privacy tool, but an ad-blocking tool, I would not recommend it to users that are concerned only about their privacy. Personally, I consider advertising by itself not a bad thing: Apart from its obvious marketing purpose (which is a legitimate purpose in itself), it also serves as a means for web sites to make money (which is also a legitimate purpose). Especially for smaller web sites, which often barely earn enough money to finance their own expenses, let alone contribute to covering to the owner’s cost of living, the availability is often crucial.

Pros:

• Comprehensive ad-blocking functionality
• Recent addition of allowing non-annoying ads

Cons:

• Blocks legitimate, non-privacy critical ads as well

Summary

Some privacy-related measures should be taken by any user that is concerned about their privacy. For non-expert users or those that do not want to spend too much time configuring, Ghostery is definitely the best choice. Experts might be better suited with NoScript. Those who trust the advertising companies but simply do not want behavioral advertising should stick to Beef Taco, while those that want to get rid of ads altogether should go for AdBlock Plus. The super-cookie safeguard BetterPrivacy complements any of the other four options and is worth checking out in any case.

• User experience perfectly adapted to the phone (e.g. touchscreen interaction)
• Direct access to device “periphery”, e.g. gyroscopic sensor
• Integration with other software, e.g. messaging, contacts
• Own, colorful app icon

Naturally, most apps do not in fact replace Web applications, they rather augment them with another means of interaction (e.g. think of all the social network apps, news and information apps, etc., that contact their respective “mother sites” using dedicated APIs). Nevertheless, the increasing proliferation of app-enabled smartphones means that apps will increasingly be considered a required means of interaction for Web applications. This will naturally have quite an impact on the mid-term development of the software and software development landscape, particularly with respect to those services that are currently being offered primarily as free (and most probably ad-financed) Web applications. In the remainder of this article, I will discuss some aspects of these changes, and highlight their positive as well as negative potential consequences.

Service monetization

First and foremost, I will discuss one of the most important and positive aspects of apps: Due to the ease of use of the respective app stores, apps have made it easy to monetize services. Most classic Web applications are offered free of charge, and monetize primarily using advertising. This, however, has many drawbacks: Users develop advertisement blindness, block advertising completely, and more often than not advertising also impedes the user experience of Web applications – be it in terms of the visual appereance, or even getting in the way of the user wanting to use the application (think layer apps, or Flash ads with sound effects).

In contrast, lots of apps are offered for a relatively little charge around 1$, which is easily payable by the user through the app store, and because all applications carry a price tag (even if it sometimes says “free”), it makes it more acceptable for the user to pay for receiving a service. Even though today there are means to charge small amounts to users also in more classic Web applications (think premium SMS messages, PayPal, etc.), it simply doesn’t feel natural to pay for something on the Web without getting physical goods in return (of course, I am exaggerating here, and there are numerous examples of virtual services and goods being sold for real money, but they mostly fall outside the basic service category I am looking at here).

Additional effort with limited differentation opportunities

Apps as one means of interaction with Internet based services are going to be increasingly considered a necessary part of the service itself. The more this is the case, the less will the existence of an app to access the service alone be a unique selling proposition (USP) for that service. Of course, an app with a well designed, intuitive interface can be a USP, but the same holds true for a well designed Web interface, so this argument is not app specific.

On the other hand, designing and developing apps to interface with an Internet based service requires additional effort, especially if the apps are to actually take into account the specialties of the device they are targeting (and a good Web developer/designer doesn’t necessarily make for a good app developer/designer). This is especially true if the competition offers their apps free of charge (as it is the case now e.g. for social networks), since then there is no way to generate additional revenue to cover the efforts involved in the app development – except ads, again.

Multitude of platforms

Another challenge that is developing is the increasing number of platforms for which an app concept exists. Apple’s iOS – powering iPhone, iPad and iPod touch – is still the most popular and relevant one, but other smartphone (OS) vendors have adopted their app platforms and stores as well: Google’s Android, Microsoft’s Windows Phone 7, RIM’s BlackBerry platform, Palm’s Web OS, Nokia’s OVI are only the most relevant, and this means a stunning number of six platforms with incompitable programming environments. Some progress has been made in this direction recently, e.g. Palm focusing on making it easy for developers to port their apps to Web OS. On the other hand, there is Apple as the most important player, whose app store terms effectively prohibit any software not originally developed in Apple’s C dialect Objective C, making it virtually impossible to easily port any app to iOS.

A way out of this dilemma would be to increase standardisation of smartphone app development platforms. There are multiple possibilities for developing that kind of platform: One would be Java, which has a track record in both platform interoperability and mobile devices, or web technologies such as XML, HTML, and JavaScript, which are quite well known to a lot of developers and can already be used for app development on a number of platforms. Naturally, a standard smartphone app development platform would still have to be able to adapt to specialties of the device, but abstraction layers to accomplish this could probably be conceived relatively easily.