EFF’s Privacy Badger will deteriorate your browser experience

Privacy Badger is a browser extension available for Firefox and Chromium that blocks third‐parties from tracking your behavior on the web. Using an aggressive heuristics approach rather than the usual curated blacklists, Privacy Badger quite often ends up breaking sites.

Months after installing the privacy‐enhancing browser extension, it will still randomly break the sites you visit regularly.

Privacy Badger icon

Privacy Badger icon

Most blocking extensions work by blocking websites matched against distributed blocklists. What sets Privacy Badger apart from all the other blockers is its use of a heuristic blocker that analyzes the third‐party resources on the web pages you visit to determine if any of them are tracking your web activities or fingerprinting your browser. When the same third‐party is observed to be tracking you across multiple websites, Privacy Badger will start blocking the tracker altogether or stop it from setting cookies.

The heuristics used by Privacy Badger to determine if a third‐party site is tracking your activities on a first‐party site are very simple and only cover the most common ways used for tracking. The “super‐cookies” and other alternative forms of persistent identifiers that have filled headlines over the last few years are not being detected. The project has made it clear that it wants to detect more known tracking methods in the future. As things are looking right now, they’ve got enough of a challenge with delivering a good experience dealing with only the traditional tracking methods.

A heuristic blocker is a very interesting approach and I feel it is superior to the use of distributed blocklists. These lists are curated to the needs and incentives of others and doesn’t necessarily represent the best options for the user. With Privacy Badger, the user must do some surfing before resources start to be blocked, yet it’s only the things affecting the user and the site she normally visits that are blocked. The publishing, tracking, and advertising industries are also being pressured to respect their users’ privacy and reduce their use of persistent tracking, to avoid getting blocked and thus forced out of the market.

The big problem with the heuristic approach is that many websites uses Content Distribution Networks (CDNs) or dedicated domains across multiple websites for the purposes of delivering images, style sheets, and scripts. These are also technically third‐parties (a first party is defined as the domain you’re visiting) but their purpose is not to track you but to either distribute load across multiple servers, better leverage caching, or circumvent arcane limitations in web browsers on the number of simultaneous browser connections to the same server. Due to a mixture of false positives in Privacy Badger and bad implementations plus sloppy testing on many such delivery servers, these often end up being blocked by Privacy Badger.

Images not loaded fallback graphic seen in browsers

Images and style sheets not loading is a daily sight even after using Privacy Badger every day for months.

When these become blocked, websites start to look distinctly broken as some or all of their style sheet and images are blocked from loading. On‐page features (“widgets”) delivered from third‐parties stop working and much of the fun of browsing a beautiful and functional web start ebbing away. Users can click on the Privacy Badger extension icon and choose to unblock some blocked servers from a long list of third‐parties that were detected on the site they’re visiting and possibly blocked. Guessing which arcane domain name from a long list prevented the images you wanted to see or feature you wanted to use from loading is hard. Privacy Badger offers no assistance when it comes to unblocking third‐parties. To make matters worse: you will often have to unblock a set of domains in combination to fully restore the broken pieces of the website you’re trying to bring back to life.

Another troublesome area that I’ve seen many user report bugs to Privacy Badger about is the pervasive blocking of third‐party widgets. Widgets provide functionality to websites such as comment sections, social‐media share buttons, CAPTCHAs. These resources are rightfully blocked by Privacy Badger as widgets are well‐known for tracking users across the web and selling that data to yet other companies. That users want these features and don’t understand how they affect their privacy is an area where Privacy Badger really falls short. There should at least be some educational links if not a full in‐context explanation of how a comment widget can track you across the web. From users’ perspective, Privacy Badger just broke a website or feature they love.

To make matters worse still, this affects more websites the more websites you have visited: A page may work normally the first few hours or days after installing Privacy Badger, as the extension only blocks third‐parties once they’ve been detected on at least three different websites. Something that worked yesterday will mysteriously not function anymore or look broken today.

When using Privacy Badger, I find myself constantly thinking “Is this not loading because something is broken, or is it blocked? Or is the network just slow?” The breakdown seems to be roughly split in the middle between the two options, but you spend more time thinking of it; and even more time unblocking and waiting for slow sites to reload again.

My own website ended up being blocked because I visited some third‐party sites (web based feed readers and blogs) that had hotlinked images hosted on my website onto their own pages. As this site sets some cookies for .ctrl.blog, my own site was suddenly considered a tracker and was blocked from loading.

Three years back I made an extension that blocked all third‐party content from loading on every website. It completely broke the Web and hardly anything worked. I quickly abandoned it without even publishing it when it became clear it would be entirely unusable as anything but a novelty art project; depicting a less distributed‐asset driven web. Without manual intervention to unblock third‐parties whose content the sites you love depend on — Privacy Badger kind of feels like the useless extension I wrote years back.

Privacy Badger is available for Firefox and Chromium from the project website. I’d not recommend using this extension to anyone without a firm grasp of how the web works and how resource loading is knotted together.

10 comments

  1. I want to like Privacy Badger, I really do, but the problem you describe – opening a page, say The Oniom – and getting no images happens way too often. I think a hybrid that would allow PB to do what it does, but also reference a whitelist of “good guys” that don’t track you and are necessary for a site to function… is probably not in the offing. O well.

  2. Privacy Badger actually improves users web browsing experience.

    While you complain it breaks the web, the reason it is good is that mass adoption of utilities such as Privacy Badger will (hopefully) break enough badly written/setup web pages chock full of widgets, social media buttons, unnecessary javascript, etc. that they have to change the way they construct the pages.

    And this time, in a more user friendly manner, instead of the current editions of high visibility/high contrast schizophrenia inducing rapidly blinking animated gif ads, etc.

    Breaking the web? Bring it on!

    Someone needs to break the web, to help advertisers know how they are doing things wrong.

    Web pages shouldn’t break because of the way ads load, anyway!

    Privacy Badger & other utilities should disrupt the web enough that they can start fixing things.

    While you are upset at them for breaking the web, I am happy!

    More people should use utilities such as these, so they will start fixing things quicker!!!

    1. “Web pages shouldn’t break because of the way ads load, anyway!”

      Content delivery networks (CDN) are efficient and improve performance and even the battery life of our devices. Any extension that breaks websites that use CDNs will be in for a huge surprise when a laaarge percentage of the top websites stops working.

      My main complaint here was that Privacy Badger not only breaks the web’s largest websites by removing images and stylesheet; it does so a little by little. Causing websites to appear to be working when you first install it, and then frustratingly more and more websites will stop working over time. This is a bad design for any product.

      1. I am with James on this one. The current system of tracking an advertising needs to be destroyed.

        Imagine an internet where we didn’t have to deal with that crap? The only problem is everyone wants the benefits without having to make the sacrifice themselves

  3. ” The current system of tracking and advertising needs to be destroyed ” Agreed, Absolutely ! …The answer is not to give way to the mind numbed Status Quo, someone has got to “make a stand ” so to speak,at some level… I came across this article due to the loss of an area in my Ebay account which was no longer visible after I had installed PB just a day or two ago… Suspected my furry pal might be the culptit ! ( : <

    However, now I have discovered where the problem was coming from, I can, always, if needs be, open another browser….
    More important, however, is to ~ Support the likes of Mr Badger, and any other pertinent endeavor that represents ~Making a Stand, for the Freedom , Privacy and Respect, Both on- and off line, that is the ~ Natural Birthright of every living being upon this planet, yesterday, today, always ….

  4. Are you sure it’s not you? I’ve been using Privacy Badger since beta, in Firefox and Chrome, in concert with Adblock Plus (until I caught wind of their protection racket) and uBlock Origin, and I can’t remember the last time I had to adjust a setting in Privacy Badger to unbreak a site. I know it happens… rarely. Maybe a couple times a year. And I browse a LOT.

  5. I’ve been using Privacy badger for about 6 months or so. For most of that time I had no problems whatsoever — once in a while a site wouldn’t work and I’d have to unblock it to get it to display properly, but it was uncommon.

    But in the past few weeks, suddenly it’s breaking sites for me left and right, even on sites I’d visited many times previously with Privacy Badger enabled without issue. Yesterday all of a sudden it was preventing product photos and review from appearing on an art supply store website that I visit a lot, even though it had never been an issue before. And it’s blocking styles sheets from loading on all sorts of sites that I’ve visited before without issue. I keep ending up disabling it for sites where it’s broken because fiddling with all the permission sliders is frustrating, which sort of ends up defeating the purpose of using it.

    I like the idea of it enough to keep using it for now, but it’s starting to become more trouble than it’s worth.

    1. The problems your describing is what happens when Privacy Badger starts blocking common content distribution networks. They host partial content for a lot of different websites and in Privacy Badger’s definition of a cross-origin resource they’re blocked. The real problem is of course that Privacy Badger is doing exactly what it’s supposed to do.

  6. After every Firefox update the browser seems to take longer and longer to open and close.

    Firefox 52.0.2 has been acting extra laggy for the past few days after disabling privacy badger Firefox appears to load without the extra lag if I open a new tabs window it’s slow and choppy moving the mouse pointer around and clicking on the Firefox menu is also real choppy and slow.

    1. This is to be expected given that Privacy Badger builds an ever expanding database of website relations (which domains and cookies have been seen at which other websites). This will eventually slow down the browser as the database grows.

      You can troubleshoot these kinds of problems by going to about:healthreport and looking at start up times, or about:performance and looking at add-on performance.

Leave a Reply

Your email address will not be published. Be courteous and on-topic. Comments are moderated prior to publication.