Security news that informs and inspires

DuckDuckGo Releases Tracker Radar Tool

In an effort to make tracking protection easier and simpler for individuals and developers to use, DuckDuckGo, the privacy focused search engine, has released a new open-source tool called Tracker Radar.

The tool is an extension of the protections already built into DuckDuckGo, as well as its extensions for the major browsers, including Chrome, Safari, and Firefox. DuckDuckGo, unlike other search engines, doesn’t track users’ search activity or movements around the web, does not store user information, and does not enable ad tracking. Tracker Radar is designed as an enhancement to those existing protections and a way to bring more protection against persistent trackers.

“Tracker Radar contains the most common cross-site trackers and includes detailed information about their tracking behavior, including prevalence, ownership, fingerprinting behavior, cookie behavior, privacy policy, rules for specific resources (with exceptions for site breakage), and performance data,” DuckDuckGo said in a post on the new tool.

“Too many people believe that you simply can't expect privacy on the Internet. We disagree and have made it our mission to set a new standard of trust online. We are publishing Tracker Radar and open-sourcing its code in furtherance of this mission.”

The number and variety of trackers on the web today is staggering and difficult for most individuals to get a handle on. There are the typical cookies installed by websites and ad trackers, but there are also many other third-party trackers that comprise a large part of the tracking ecosystem. Identifying and protecting against all of these is nearly impossible without specialized tools, and the companies that deploy the trackers are always working on new methods for evading blockers, making the task even more difficult.

DuckDuckGo’s Tracker Radar captures a large amount of information about each third-party domain it finds on a website. For example, it records how prevalent each domain is, the number of sites on which that domain is found, how likely it is that the domain is using fingerprinting, the owner of the domain, and how often the domain sets cookies. Tracker Radar also includes an entity file that lists all of the domains a specific entity owns.

“These domains are found in our crawl and cross-referenced with domains and entity names found in WHOIS and SSL certificates. This list can be used to accurately determine when a tracker is being used in a third-party context,” the company said.

“For example, we found on 29,758 of the sites in our current survey (68%). Since it is owned by Google, which has 479 domains in our data set, this means is being used on sites not owned by Google ~98% of the time.”

Tracker Radar is included in the company’s desktop browser extensions and mobile browser apps, and is available for developers to help build their own tracker block lists, as well.

“While major browsers are making important strides to protect consumers from trackers, their current focus has been primarily on blocking trackers from setting cookies and limiting their access to browser resources commonly used for fingerprinting. However, they still don't block major trackers out right, which leaves the door open to many other types of tracking (e.g., exposing your IP address and recording your browsing history in the process),” DuckDuckGo said.

“Tracker Radar can improve this situation because it identifies the trackers that can be totally blocked from loading at all without breaking websites.”