The Efficacy of Google’s Privacy Extension

Over four years ago, Google launched a Chrome privacy extension. Keep My Opt-Outs arrived with a media splash, and it presently has over 400,000 users worldwide.1

It’s a top result on the Chrome Web Store,2 and it’s even endorsed by a faux celebrity.

Unfortunately, the Keep My Opt-Outs extension isn’t nearly as effective as Google claims. It hasn’t been updated for years, resulting in only half of the promised coverage. Keep My Opt-Outs also doesn’t work in Chrome’s private browsing mode, despite the user’s explicit permission.

If you’re currently running Keep My Opt-Outs, I’d encourage switching to Disconnect or Privacy Badger.3 Adblock, Adblock Plus, and Ghostery are also excellent privacy tools, when configured properly.

In this post, I’ll explain why Google emphasized the Keep My Opt-Outs extension, how the code works, and what went awry.

Do Not Track in California

Both houses of the California legislature have unanimously approved AB 370, a Do Not Track initiative that is backed by Attorney General Harris. If Governor Brown signs the bill, it will be the first Do Not Track law worldwide. So, what would it do? More and less than a casual reader might expect.

The Trouble with ID Cookies: Why Do Not Track Must Mean Do Not Collect

Original at the Stanford Center for Internet and Society.

Co-authored by Arvind Narayanan.

The debate over the meaning of Do Not Track has raged for well over a year now. The primary forum is the W3C Tracking Protection Working Group, with frequent sparring in the press and capitals worldwide. There are, broadly, two Do Not Track proposals: one chiefly backed by the ad industry, and another advanced by privacy advocates [1]. These proposals reflect vastly different visions for Do Not Track with vastly different practical consequences. The two sides have unsurprisingly been at loggerheads, with scant movement towards resolution of the key issues.

Tracking Not Required: Advertising Measurement

Co-authored by Arvind Narayanan.

Measurement is central to online advertising: it facilitates billing, performance measurement, targeting decisions, spending allocation, and more. In a pair of earlier posts we explained how advertisement frequency capping and behavioral targeting are achievable without compiling a user’s browsing history. This post similarly proposes practical, privacy-improved approaches to advertising measurement.


Do Track: Browser-Based Do Not Track Exceptions

Users hold widely varying preferences on web tracking.1 Some don’t mind the practice. Some object to it entirely. Many trust certain organizations to follow them around the web.

Do Not Track accomodates these divergent preferences in two ways. First, browsers and other user agents include an option for universally signaling a preference against tracking (“DNT: 1”). Firefox, Internet Explorer, and Safari have all integrated this feature, and Chrome will support it by the end of the year. Second, a user can configure exceptions to the universal signal. Some websites may choose to build a proprietary “out-of-band” exception mechanism, using ordinary web technologies, that trumps the “DNT: 1” signal. The Do Not Track Cookbook includes an example of how a Facebook out-of-band exception mechanism might appear.

The W3C Do Not Track standard will provide another option: a simple JavaScript interface that allows a website to request an exception, paired with a signal that some tracking is allowed (“DNT: 0”).


Tracking Not Required: Behavioral Targeting

Original at 33 Bits of Entropy.

Co-authored by Arvind Narayanan and Subodh Iyengar.

In the first installment of the Tracking Not Required series, we discussed a relatively straightforward case: frequency capping. Now let’s get to the 800-pound gorilla, behaviorally targeted advertising, putatively the main driver of online tracking. We will show how to swap a little functionality for a lot of privacy.

Admittedly, implementing behavioral targeting on the client is hard and will require some technical wizardry. It doesn’t come for “free” in that it requires a trade-off in terms of various privacy and deployability desiderata. Fortunately, this has been a fertile topic of research over the past several years, and there are papers describing solutions at a variety of points on the privacy-deployability spectrum. This post will survey these papers, and propose a simplification of the Adnostic approach — along with prototype code — that offers significant privacy and is straightforward to implement.


Tracking Not Required: Frequency Capping

Co-authored by Arvind Narayanan.

Debates over web tracking and Do Not Track tend to be framed as a clash between consumer privacy and business need. That’s not quite right. There is, in fact, a spectrum of possible tradeoffs between business interests and consumer privacy.

Our aim with the Tracking Not Required series is to show how those tradeoffs are not at all linear; it is possible to swap a little functionality for a lot of privacy. We only use technologies that are already deployed in browsers, and the solutions we propose are externally verifiable.1

We focus on issues at the center of Do Not Track negotiations in the World Wide Web Consortium. Advertising companies have pledged to stop forms of ad targeting once a user enables Do Not Track, but many maintain that tracking is essential for a litany of “operational uses.” The Tracking Not Required series demonstrates how business functionality can be implemented without exposing users to the risks of tracking.

This first post addresses frequency capping in online advertising, the most frequently cited “operational use” necessitating tracking.


Third-Party Web Tracking: Policy and Technology

John Mitchell and I have written a new paper that synthesizes research on policy and technology issues surrounding third-party web tracking. It will appear at the IEEE Symposium on Security and Privacy in May.


In the early days of the web, content was designed and hosted by a single person, group, or organization. No longer. Webpages are increasingly composed of content from myriad unrelated “third-party” websites in the business of advertising, analytics, social networking, and more. Third-party services have tremendous value: they support free content and facilitate web innovation. But third-party services come at a privacy cost: researchers, civil society organizations, and policymakers have increasingly called attention to how third parties can track a user’s browsing activities across websites.

This paper surveys the current policy debate surrounding third-party web tracking and explains the relevant technology. It also presents the FourthParty web measurement platform and studies we have conducted with it. Our aim is to inform researchers with essential background and tools for contributing to public understanding and policy debates about web tracking.

The FTC’s Chairman Groks Do Not Track

Last Thursday the White House hosted a major event on online privacy. Much of the public attention focused on a long-awaited White House report and a commitment by an online advertising self-regulatory group to implement components of the Do Not Track technology. Both the Electronic Frontier Foundation and the Center for Democracy and Technology have written detailed reviews of what transpired.

There has been scant focus on Federal Trade Commission Chairman Jon Leibowitz’s brief remarks on Do Not Track. That’s a mistake.