Looking for browser privacy? A group of researchers in France and Japan say RequestPolicyContinued and NoScript have the toughest policies, while Ghostery and uBlock Origin offer good blocking performance and a better user experience.
The study also gave a nod to the EFF's Privacy Badger, which uses heuristics rather than block lists, but once trained is nearly as good as Ghostery or uBlock, demonstrating that its heuristics are reliable.
In their study, currently a pre-review publication at arXiv, the researchers (Johan Mazel of the National Institute of Informatics in Tokyo, Richard Garnier at the National School of Computer Science and Applied Mathematics of Grenoble (ENSIMAG) and Kensuke Fukuda) took existing privacy footprint techniques, but added an evaluation of HTML quality to test various blockers' impact on site usability.
The list of systems tested included both blocklist-based products, heuristic systems, as well as other techniques.
The blocklist tests covered AdBlock Plus, uBlock Origin, Ghostery, Disconnect, NoTrace, DoNotTrackMe/Blur, and BeefTaco. As well as Privacy Badger, the other heuristic-based system tested was MyTrackingChoices. NoScript and RequestPolicyContinued were classified as “indiscriminate” blockers, while “others” included HTTPSEverywhere, Decentraleyes and WebOfTrust.
Their privacy footprint tests followed a format familiar to anyone who takes an interest in how Web sites they visit interact with third parties, by graphing first-party/third-party interactions of the Alexa Top 1,000 sites.
The graph let them measure the number of third parties seen (tracking breadth); the “mean number of third parties per first party corresponds” to capture intensity of tracking; and “the number of first parties associated with the top 10 third parties”, intended to identify the most prominent trackers.
Would it surprise you to learn that the DoNotTrack header is almost universally ignored? Here's the summary of what the researchers found:
“The most popular extensions show a wide overlap. Ghostery and uBlock Origin block specific resources that are not affected by other extensions. In terms of overall privacy protection, RequestPolicyContinued and NoScript show the best performances. Ghostery and uBlock Origin protect users slightly less. Remaining techniques provide average to low protection. The DoNotTrack HTTP header provides almost no protection.”
Noting that block lists are cumbersome to maintain, the trio suggest that future research focus on heuristic products, and automatic blocklist building. ®