Skip to main content

Privacy Badger

FREQUENTLY ASKED QUESTIONS

Privacy Badger

What is Privacy Badger?

Privacy Badger is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.  If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser.  To the advertiser, it's like you suddenly disappeared.

How is Privacy Badger different from Disconnect, Adblock Plus, Ghostery, and other blocking extensions?

Privacy Badger was born out of our desire to be able to recommend a single extension that would automatically analyze and block any tracker or ad that violated the principle of user consent; which could function well without any settings, knowledge, or configuration by the user; which is produced by an organization that is unambiguously working for its users rather than for advertisers; and which uses algorithmic methods to decide what is and isn't tracking. Although we like Disconnect, Adblock Plus, Ghostery and similar products, none of them are exactly what we were looking for. In our testing, all of them required some custom configuration to block non-consensual trackers. Several of these extensions have business models that we weren't entirely comfortable with. And EFF hopes that by developing rigorous algorithmic and policy methods for detecting and preventing non-consensual tracking, we'll produce a codebase that could in fact be adopted by those other extensions, or by mainstream browsers, to give users maximal control over who does and doesn't get to know what they do online.

How does Privacy Badger work?

When you view a webpage, that page will often be made up of content from many different sources.  (For example, a news webpage might load the actual article from the news company, ads from an ad company, and the comments section from a different company that's been contracted out to provide that service.)  Privacy Badger keeps track of all of this.  If as you browse the web, the same source seems to be tracking your browser across different websites, then Privacy Badger springs into action, telling your browser not to load any more content from that source.  And when your browser stops loading content from a source, that source can no longer track you.  Voila!

At a more technical level, Privacy Badger keeps note of the "third party" domains that embed images, scripts and advertising in the pages you visit. Privacy Badger looks for tracking techniques like uniquely identifying cookies, local storage "supercookies," and canvas fingerprinting. If it observes a single third-party host tracking you on three separate sites, Privacy Badger will automatically disallow content from that third-party tracker. In some cases a third-party domain provides some important aspect of a page's functionality, such as embedded maps, images, or stylesheets. In those cases Privacy Badger will allow connections to the third party but will screen out its tracking cookies and referrers (these hosts have their sliders set to the middle, "cookie block" position).

What is a third party tracker?

When you visit a webpage parts of the page may come from domains and servers other than the one you asked to visit. This is an essential feature of hypertext, but it has also come to be a serious privacy problem. On the modern Web, embedded images and code often use cookies and other methods to track your browsing habits — often to display advertisements. The domains that do this are called "third party trackers", and you can read more about how they work here.

What do the red, yellow and green sliders in the Privacy Badger menu mean?

The colors mean the following:

  • Green means there's a third party domain, but it hasn't yet been observed tracking you across multiple sites, so it might be unobjectionable. When you first install Privacy Badger every domain will be in this green state but as you browse, domains will quickly be classified as trackers.
  • Yellow means that the third party domain appears to be trying to track you, but it is on Privacy Badger's cookie-blocking "yellowlist" of third party domains that, when analyzed, seemed to be necessary for Web functionality. In that case, Privacy Badger will load content from the domain but will try to screen out third party cookies and referrers from it.
  • Red means that content from this third party tracker has been completely disallowed.

Privacy Badger analyzes each third party's behavior over time, and picks what it thinks is the right setting for each domain, but you can adjust the sliders if you wish.

Why does Privacy Badger block ads?

Actually, nothing in the Privacy Badger code is specifically written to block ads. Rather, it focuses on disallowing any visible or invisible "third party" scripts or images that appear to be tracking you even though you specifically denied consent by sending a Do Not Track header. It just so happens that most (but not all) of these third party trackers are advertisements. When you see an ad, the ad sees you, and can track you. Privacy Badger is here to stop that.

Why doesn't Privacy Badger block all ads?

Because Privacy Badger is primarily a privacy tool, not an ad blocker. Our aim is not to block ads, but to prevent non-consensual invasions of people's privacy because we believe they are inherently objectionable. We also want to create incentives for advertising companies to do the right thing. Of course, if you really dislike ads, you can also install a traditional ad blocker.

What about tracking by the sites I actively visit, like NYTimes.com or Facebook.com?

At present, Privacy Badger primarily protects you against tracking by third party sites. As far as privacy protections for "first party" sites (sites that you visit directly), Privacy Badger removes outgoing link click tracking on Facebook, Google and Twitter. We plan on adding more first party privacy protections in the future.

We are doing things in this order because the most scandalous, intrusive and objectionable form of online tracking is that conducted by companies you've often never heard of and have no relationship with. First and foremost, Privacy Badger is there to enforce Do Not Track against these domains by providing the technical means to restrict access to their tracking scripts and images. The right policy for whether nytimes.com, facebook.com or google.com can track you when you visit that site – and the technical task of preventing it – is more complicated because often (though not always) tracking is interwoven with the features the site offers, and sometimes (though not always) users may understand that the price of an excellent free tool like Google's search engine is measured in privacy, not money.

Does Privacy Badger contain a "black list" of blocked sites?

No, unlike other blocking tools like AdBlock Plus, we have not made decisions about which sites to block, but rather about which behavior is objectionable. Domains will only be blocked or screened if the Privacy Badger code inside your browser actually observes the domain collecting unique identifiers after it was sent a Do Not Track message. Privacy Badger does contain a "yellowlist" of some sites that are known to provide essential third party resources; those sites show up as yellow and have their cookies blocked rather than being blocked entirely. This is a compromise with practicality, and in the long term we hope to phase out the yellowlist as these third parties begin to explicitly commit to respecting Do Not Track.

The criteria for including a domain on the yellowlist can be found here.

How was the cookie blocking yellowlist created?

The initial list of domains that should be cookie blocked rather than blocked entirely was derived from a research project on classifying third party domains as trackers and non-trackers. We will make occasional adjustments to it as necessary. If you find domains that are under- or over-blocked, please file a bug on Github.

Does Privacy Badger prevent fingerprinting?

Browser fingerprinting is an extremely subtle and problematic method of tracking, which we documented with the Panopticlick project. Privacy Badger 1.0 can detect canvas based fingerprinting, and will block third party domains that use it. Detection of other forms of fingerprinting and protections against first-party fingerprinting are ongoing projects. Of course, once a domain is blocked by Privacy Badger, it will no longer be able to fingerprint you.

Does Privacy Badger consider every cookie to be a tracking cookie?

No. Privacy Badger analyzes the cookies from each site; unique cookies that contain tracking IDs are disallowed, while "low entropy" cookies that perform other functions are allowed. For instance a cookie like LANG=fr that encodes the user's language preference, or a cookie that preserves a very small amount of information about ads the user has been shown, would be allowed provided that individual or small groups of users' reading habits could not be collected with them. We have a very rough implementation of this; pull requests are welcome.

Does Privacy Badger account for a cookie that was used to track me even if I deleted it?

Yes.  Privacy Badger keeps track of cookies that could be used to track you and where they came from, even if you frequently clear your browser's cookies.

Does Privacy Badger still work when blocking third-party cookies in the browser?

When you tell your browser to deny third-party cookies, Privacy Badger still gets to learn from third parties trying to set cookies via HTTP headers (as well as from other tracking techniques such as canvas fingerprinting). Privacy Badger no longer gets to learn from cookies or HTML5 local storage being set via JavaScript, however. So, Privacy Badger still works, it'll just learn to block fewer trackers. Clearing history or already-set cookies shouldn't have any effect on Privacy Badger.

Will you be supporting any other browsers besides Chrome / Firefox / Opera?

Safari/iOS: Unfortunately, after legal review, the EFF found Apple's developer agreement unacceptable. Furthermore, Safari seems to lack certain extension capabilities required by Privacy Badger to function properly.

Edge: We are blocked from publishing Privacy Badger for Edge by the Windows Developer Agreement. Please see this comment on Privacy Badger's GitHub for more information.

If you would like to help us port Privacy Badger to other platforms, please let us know!

Can I download Privacy Badger outside of the Chrome Web Store?

You can! If you are using an alternative Chromium based browser such as Chromium ports Iron, Comodo Dragon, or Maxthon you can get the latest version of the addon directly from this link: https://www.eff.org/files/privacy_badger-chrome.crx

I am an online advertising / tracking company. How do I stop Privacy Badger from blocking me?

One way is to stop tracking third party users who have turned on the Do Not Track header (i.e., stop collecting cookies, supercookies or fingerprints from them). That will work for new Privacy Badger installs.

If copies of Privacy Badger have already blocked your domain, you can unblock yourself by promising to respect the Do Not Track header in a way that conforms with the user's privacy policy. You can do that by posting a specific compliant DNT policy to the URL https://example.com/.well-known/dnt-policy.txt, where "example.com" is all of your DNT-compliant domains. Note that the domain must support HTTPS, to protect against tampering by network attackers. The path contains ".well-known" per RFC 5785.

Privacy Badger currently checks for this specific verbatim policy document, though in the future Privacy Badger may allow content from sites that post different versions of a compliant DNT Policy, and that there may be ways for users to specify their own acceptable DNT policies if they wish to.

What is the Privacy Badger license? Where is the Privacy Badger source code?

Privacy Badger is GPLv3 code. You can find Privacy Badger on GitHub. There is a development mailing list. Privacy Badger is governed by EFF's Privacy Policy for Software.

I found a bug! What do I do now?

First, please make sure the bug hasn't already been reported by checking the current bug list for Privacy Badger. If the bug hasn't yet been reported you can report the bug here. If you don't have a GitHub account, we ask that you create one so that we can communicate with you about the bug and fix it more quickly.

If you're not comfortable creating or don't want to create a GitHub account, you can also report the bug to .

How can I support Privacy Badger?

Thanks for asking! Individual donations make up about half of EFF's support, which gives us the freedom to work on user-focused projects. If you want to support the development of Privacy Badger and other projects like it, helping build a more secure Internet ecosystem, you can throw us a few dollars here. Thank you.

If you want to help directly with the project, we appreciate that as well. Please see Privacy Badger's CONTRIBUTING document for ways to get started.

How does Privacy Badger handle social media widgets?

Social media widgets (such as the Facebook Like button, Twitter Tweet button, or Google +1 button) often track your reading habits. Even if you don't click them, the social media companies often see exactly which pages you're seeing the widget on. Privacy Badger includes a feature imported from the ShareMeNot project which is able to replace the widgets with a stand-in version, so that you can still see and click them. You will not be tracked by these replacements unless you explicitly choose to click them. Privacy Badger currently knows how to replace the following widgets if they are observed tracking you: AddThis, Facebook, Google, LinkedIn, Pinterest, Stumbleupon, and Twitter. (The source code for these replacements is here; pull requests are welcome.)

Note that Privacy Badger will not replace social media widgets unless it has blocked the associated tracker. If you're seeing real social media widgets, it generally means that Privacy Badger hasn't detected tracking from that variant of the widget, or that the site you're looking at has implemented its own version of the widget. To avoid confusion, the replacement widgets are marked with the Privacy Badger badge next to the button. To interact with a replacement widget, simply click on it. Depending on the widget, Privacy Badger will either send you directly to the appropriate sharing page (for example, to post a tweet) or it will enable and load the real social widget (for example, the Facebook Like button, with personalized information about how many of your friends have "liked" the page). In the second case, you will still need to interact with the real widget to "like" or share the page.  

How do I uninstall/remove Privacy Badger?

Firefox: See the "How to remove extensions and themes" Mozilla Support page.

Chrome: See the "Install and manage extensions" Chrome Web Store help page.

Opera: Click the menu button in the top left of the window, and then click "Extensions" and then "Manage Extensions." Scroll until you see Privacy Badger, move your mouse over it, and then click the "X" icon in the upper right. Click "OK" to confirm removal. You can then safely close the Extensions tab.

Is Privacy Badger compatible with other extensions, including other adblockers?

Privacy Badger is compatible with most extensions. Whether it makes sense to run it with an adblocker or other privacy extensions varies. If you have customized your adblocker settings to block trackers as well, Privacy Badger may be partially redundant (though it may offer advantages like cookie blocking and Facebook/Google/Twitter link cleaning that other tracker blockers do not).

If you run extensions like Adblock Plus or Ghostery in their default configurations, Privacy Badger can significantly increase your privacy online. (Adblock does not block invisible trackers by default, Ghostery does not block anything by default.)

uBlock Origin is an excellent privacy tool. uBlock Origin and Privacy Badger should work well together. Similar to adblockers, uBlock Origin protects using blacklists. Privacy Badger protects by automatically learning about trackers as you browse, which means Privacy Badger might catch things that uBlock Origin doesn't know about. Privacy Badger will learn about far fewer trackers when used together with uBlock Origin, but that's OK.

Why does my browser connect to fastly.com IP addresses on startup after installing Privacy Badger?

EFF uses Fastly to host EFF's Web resources: Fastly is EFF's CDN. Privacy Badger pings the CDN for the following resources to ensure that the information in them is fresh even if there hasn't been a new Privacy Badger release in a while:

  • https://www.eff.org/files/dnt-policies.json
  • https://www.eff.org/files/cookieblocklist_new.txt

EFF does not set cookies or retain IP addresses for these queries.

Why am I getting a "This extension failed to redirect a network request to ..." warning in Chrome?

When two extensions try to modify the same request in different ways in Chrome, only the more recently installed extension will succeed. There shouldn't be any actual problem here, just a common cosmetic issue in Chrome that should go away after the first time you see it. For more information, visit the following Privacy Badger issue comment on GitHub for an explanation of a Chrome conflict between Privacy Badger and Disconnect.

These extension conflict warnings will be removed in a future Chrome update. 

Why isn't my Badger learning to block anything?

By default, Privacy Badger does not learn in Private Browsing / Incognito modes.

Back to top

JavaScript license information