In the never-ending battle between online trackers and blockers, the companies producing the trackers tend to stay a bit ahead, constantly tweaking their techniques in order to keep tabs on people as they move around the web. This forces the ad blockers to adjust in turn, and recently the EFF made a significant change to its Privacy Badger browser extension that detects and blocks a technique known as cookie sharing that Google Analytics and other trackers use to get around the way many blockers detect and prevent cookie-based tracking.
The change means that Privacy Badger now provides users with more comprehensive protection from the tracking performed by Google Analytics, which is deployed on a significant fraction of the web. Millions of sites use Google Analytics to track visitors and their activity on the sites and many other extensions and ad blockers already block Google Analytics through various techniques. Privacy Badger uses a handful of different rules for detecting and blocking trackers, specifically looking for the types of behaviors that indicate tracking activity. The extension looks for a site trying to set a third-party cookie, which is the most common type of tracking activity; sites that set so-called supercookies, which are more persistent; and browser fingerprinting.
“However, since Google’s script is able to access the cookie, it can stick the cookie value right into the request itself (specifically, into the “query string” portion of the request). Google receives the identifier from the first-party cookie and uses it to link the request back to a user profile.”
In order to detect cookie sharing, Privacy Badger checks each new third-party request for several different conditions. It looks to see whether the request is an image request first, as most cookie sharing employs tiny tracking pixels, which are essentially images. Next, it determines whether the request URL contains query arguments, which are used to send extra data with image requests. Lastly, Privacy Badger looks for any query arguments with big pieces of data that have information in common with first-party cookies set by a site. If those three conditions are true, then Privacy Badger sees it as a tracking request.
EFF tested the new capability against the top 10,000 sites and identified five new domains that were tracking on the largest number of those sites, including Google Analytics, Chartbeat, and Nexac.
“The techniques used by trackers are always evolving, so Privacy Badger’s countermeasures have to evolve, too. In the process of developing the new cookie-sharing heuristic, we learned more about how to evaluate and iterate on our detection metrics. As a result, Privacy Badger is stronger than ever,” Cyphers said.