Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect and block tracking pixels #794

Open
pritha90 opened this issue Mar 31, 2016 · 7 comments
Open

Detect and block tracking pixels #794

pritha90 opened this issue Mar 31, 2016 · 7 comments
Labels
enhancement help wanted heuristic Badger's core learning-what-to-block functionality important privacy General privacy issues; stuff that isn't about Privacy Badger's heuristic

Comments

@pritha90
Copy link

Identify and block the presence of tracking pixels in emails opened using the browser.
@cooperq cooperq added this to the Privacy Badger 2.0 milestone May 17, 2016
@cooperq cooperq removed this from the Privacy Badger 2.0 milestone Aug 2, 2016
@ghostwords ghostwords added the privacy General privacy issues; stuff that isn't about Privacy Badger's heuristic label Mar 31, 2017
@n-sayenko
Copy link
Contributor

n-sayenko commented Oct 17, 2017
edited
Loading

Can PB just blacklist known email tracker domains? Or should this be a toggle feature with a button and some indicator that it is working in emails? I found a list of trackers and am thinking you can stop 1x1 img from downloading if it comes from that domain?

Anyway, I want to work on this, but don't know which way PB wants to go re: blacklist vs visible toggle button
@ghostwords
Copy link
Member

As a matter of principle, Privacy Badger must not maintain blacklists. This makes our job harder.

This feature would probably be a new kind of tracking heuristic where Privacy Badger would decide whether certain image resources were tracking pixels (tiny image dimensions with a non-trivial query string?) and then learn to block the domain (probably) the pixels are served from. This might be the same task as #367 (comment).
@ghostwords
Copy link
Member

Related: #1635.
@ghostwords ghostwords changed the title Extend the tool to block email tracking Jun 28, 2018
@ghostwords ghostwords added the heuristic Badger's core learning-what-to-block functionality label Jun 28, 2018
This was referenced Jun 28, 2018
Closed
Closed
@bcyphers bcyphers mentioned this issue Jul 8, 2018
Closed
@bcyphers bcyphers mentioned this issue Aug 24, 2018
Merged
@troy-lamerton
Copy link
Contributor

I'm going to have a go at implementing this.

@ghostwords

non-trivial query string

What decides if a query string is non-trivial?

Possible conditions:

  • number of parameters >= 3
  • query string length > 120
  • a parameter key containing "id"
@ghostwords
Copy link
Member

ghostwords commented Sep 4, 2018
edited
Loading

Since there is so much overlap between #2088 and this, should we put a hold on this issue for now? @bcyphers already opened a PR.

What decides if a query string is non-trivial?

I was thinking of reusing either our HTML5 local storage entropy estimation function or the one for cookies.

The main technical obstacle with general-purpose pixel detection seems to be that there doesn't seem to be a way to get image dimensions from inside chrome.webRequest listeners. That might be fine, we could just go by querystring contents. I think #2088 is about taking querystring values and comparing them to known tracking values (retrieved from cookies).
@bcyphers
Copy link
Contributor

bcyphers commented Sep 4, 2018
edited
Loading

Yeah, this is tough. I think we need to update the entropy function (per #2088), and after that it might be worth applying the same kind of heuristic to email pixels.

@ghostwords I think querystring contents alone are fine; a tracker is a tracker whether it's attached to an invisible pixel or a banner graphic. To be less invasive, we could just try stripping off high-entropy query params from image requests in emails.
@ghostwords ghostwords mentioned this issue May 16, 2019
Open
@ghostwords
Copy link
Member

Relevant study: "I never signed up for this! Privacy implications of email tracking" (from Proceedings on Privacy Enhancing Technologies 2018)
@ghostwords ghostwords mentioned this issue Nov 5, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement help wanted heuristic Badger's core learning-what-to-block functionality important privacy General privacy issues; stuff that isn't about Privacy Badger's heuristic
6 participants
@cooperq @ghostwords @bcyphers @pritha90 @troy-lamerton @n-sayenko