[PrivacyBadger] Pushing Privacy Badger's buttons, part 2

Cooper Quintin cooperq at eff.org
Mon Apr 11 18:56:10 PDT 2016 

Actually this seems like a pretty good solution to Don's problem and one
that we should maybe adopt anyway. There are other benefits to reading
the TSR as well such as getting a list of first parties. I would likely
support this change.

- Cooper

On 04/09/2016 11:31 AM, Mike O'Neill wrote:
> Why not agree on a "block me" signal. Any reference to a third-party marked in a particular way will cause the request to be blocked by tracking protection i.e. PrivacyBadger
> 
> The Do Not Track (candidate) recommendation contains such a signal. A TSR (a JSON resource at //ad.aloodo.com/.well-known/dnt ) with Tracking set to "T" ( { "Tracking": "T", ... } when accessed with the DNT set (DNT:1), would signal refusal to stop tracking, i.e. block me. You could also do it by returning a Tk: T to any ad.aloodo.com  resource.
> 
> 
> 
> 
> -----Original Message-----
> From: PrivacyBadger [mailto:privacybadger-bounces+michael.oneill=baycloud.com at eff.org] On Behalf Of Don Marti
> Sent: 09 April 2016 18:48
> To: privacybadger at eff.org
> Subject: [PrivacyBadger] Pushing Privacy Badger's buttons, part 2
> 
> Still working on tools that a web site can use to
> notify users when they're vulnerable to third-party
> tracking.
> 
> Here's the problem.
> 
>  * If the script warns the user when a third-party
>    iframe loads, it will falsely notify some users
>    of an "untrained" Privacy Badger.
> 
>  * If we wait to notify until we're sure that a
>    third-party cookie can be set and read on three
>    sites, then we miss a chance to notify some users
>    of list-based protection who haven't been to enough
>    sites that include the iframe.
> 
> One solution is...put the https://ad.aloodo.com/track/
> iframe everywhere!!1!1  Even if you don't want to run
> tracking notifications on your own site, the iframe
> will train Privacy Badger to block it, so the cookie
> test will work when the user goes to a site that does
> do notifications.  Still looking for other solutions.
> 
> Anyway, more here:
> 
>   http://blog.aloodo.org/posts/track-js-script/
> 
> Comments and suggestions welcome.
> 
> 
> _______________________________________________
> PrivacyBadger mailing list
> PrivacyBadger at eff.org
> https://lists.eff.org/mailman/listinfo/privacybadger
>

More information about the PrivacyBadger mailing list