Firefox Ghostery Plugin blocks website tracking

[Cutting_Edgetech]

I've been using Ghostery plugin for Firefox for several months now. Its a great little addition to add to your privacy setup. Its intended for blocking websites from tacking you on the net. The user does not have to answer any pop-ups. It blocks everything on its own, and notifies the user what it is blocking in real-time. I recommend it to anyone that cares about their privacy. It has never caused me any problems that I have sometimes experienced when using applications that block cookies or script. Every webpage I have ever visited worked flawlessly with this plugin.
-https://addons.mozilla.org/en-US/firefox/addon/ghostery/?src=cb-dl-mostpopular

[Cudni]

Indeed a good tool to have in the arsenal

[klarm]

I've been using it for a while now. wasn't sure if it is really blocking or just notifying. glad it does indeed block .
cheers.

[Pinga]

Ghostery is an industry initiative so there are good reasons to stay away from it. See also:

http://www.wilderssecurity.com/showthread.php?t=315810

[vasa1]

Quote:

Originally Posted by Pinga

Ghostery is an industry initiative so there are good reasons to stay away from it. See also:

http://www.wilderssecurity.com/showthread.php?t=315810

The last time I looked, it didn't block "ooyala". Maybe related to the "initiative"?

[vasa1]

BTW, there's another thread existing on Ghostery here.

[lordraiden]

Quote:

Originally Posted by Pinga

Ghostery is an industry initiative so there are good reasons to stay away from it. See also:

http://www.wilderssecurity.com/showthread.php?t=315810

So what? where are the good reasons except the paranoia?
The program do what is says.

Quote:

Originally Posted by vasa1

The last time I looked, it didn't block "ooyala". Maybe related to the "initiative"?

Report it https://getsatisfaction.com/ghostery
https://getsatisfaction.com/ghostery...7&style=topics

[vasa1]

Quote:

Originally Posted by lordraiden

So what? where are the good reasons except the paranoia?
The program do what is says.



Report it https://getsatisfaction.com/ghostery

I don't use it. I just installed it the one time to "look inside".

[kupo]

Quote:

Originally Posted by Pinga

Ghostery is an industry initiative so there are good reasons to stay away from it. See also:

http://www.wilderssecurity.com/showthread.php?t=315810

The author of Ghostery already made a statement about this. Please stop spreading FUD. Ghostery is a great tool and now a featured extension in Firefox.

[Pinga]

Quote:

Originally Posted by skudo12

The author of Ghostery already made a statement about this. Please stop spreading FUD. Ghostery is a great tool and now a featured extension in Firefox.

Making statements doesn't change anything about the actual situation. I merely stated two facts.

[TheWindBringeth]

Putting the Evidon ownership, etc aside for a moment, what are the privacy issues with the Ghostery add-on itself? The privacy policy at http://www.ghostery.com/privacy-bt suggests three data passing scenarios:

1) The auto-update performed when you enable Tracker Fetch could pass some info above and beyond the minimum necessary to update definitions so to speak. Has anyone examined it and found evidence that it is doing so?
2) The "view script source" description makes it clear that data will be sent to them but doesn't elaborate on what that data is, whether it would apply to sites you are visiting via HTTPS, etc. Has anyone looked into that and determined how revealing it is?
3) The GhostRank feature sounds as though it would reveal quite a bit.

If you don't enable #3, don't use #2, and don't use #1 if it is dirty... is Ghostery otherwise clean?

[kupo]

Quote:

Originally Posted by Pinga

Making statements doesn't change anything about the actual situation. I merely stated two facts.

By reading the Privacy Policy, you are assured what the extension is doing behind your back. If you don't believe it, well that's you. Auto-update and ghost rank are both opt-in. I doubt anything private is collected in auto-update. The view script source has it's privacy policy here -http://www.ghostery.com/privacy-dotcom .

[TheWindBringeth]

Well it's not like I don't believe them when they say the view script source feature initiates a call that includes data about the page. Its that neither the privacy policy nor the page you pointed me to identifies exactly what that data is, whether it is sent over a secure connection, whether it is accompanied by a Ghostery user ID, etc. Therefore, based on just the disclosure there, it is impossible to assess what types of information they and/or intermediaries can see as a result of using the feature. It goes on to say "No PII is collected or stored during this call" but I don't see PII (logically "Personally Identifiable Information") defined there and the reader doesn't know if that definition is as comprehensive as they would want it to be. In many cases, claims like that are made on the basis that the software is not "trying" to collect "PII" despite the fact that the software implementation is such that it will collect "PII" in common usage scenarios. This being a privacy forum, I thought someone here might have studied the addon and its behavior.

[Cutting_Edgetech]

When I get time I will contact the developer, and see what he has to say about insinuated privacy violations.

[kupo]

Quote:

Originally Posted by Cutting_Edgetech

When I get time I will contact the developer, and see what he has to say about insinuated privacy violations.

Keep us updated

[lordraiden]

Quote:

Originally Posted by TheWindBringeth

Well it's not like I don't believe them when they say the view script source feature initiates a call that includes data about the page. Its that neither the privacy policy nor the page you pointed me to identifies exactly what that data is, whether it is sent over a secure connection, whether it is accompanied by a Ghostery user ID, etc. Therefore, based on just the disclosure there, it is impossible to assess what types of information they and/or intermediaries can see as a result of using the feature. It goes on to say "No PII is collected or stored during this call" but I don't see PII (logically "Personally Identifiable Information") defined there and the reader doesn't know if that definition is as comprehensive as they would want it to be. In many cases, claims like that are made on the basis that the software is not "trying" to collect "PII" despite the fact that the software implementation is such that it will collect "PII" in common usage scenarios. This being a privacy forum, I thought someone here might have studied the addon and its behavior.

https://www.ghostery.com/faq

What data does Evidon receive from users who opt-in to GhostRank?

When a user opts-in to GhostRank, we have access to the following information:

Bugs identified by Ghostery
Bugs blocked by Ghostery
Number of times the bug has been identified
Domains identified as serving bugs
Advertisements served at particular domains, including companies associated with each ad
Information about the type of notice associated with each ad
The browser in which Ghostery has been installed
Ghostery version information


Is my data safe? What is Evidon going to do with it?

Ghostery users are anonymous. If you elect to download the Ghostery plug in, you'll note there are no registrations or sign ups required. The Ghostery plug-in does not place session cookies into your browser. Neither the Ghostery application nor Evidon receives any data from Ghostery users unless the user opts-in to participate in GhostRank. In that case, data is collected in aggregate form and without any personal information, for research and industry monitoring purposes (more on GhostRank below). GhostRank data is never used for advertising targeting purposes. GhostRank is a true opt-in feature - all the other features of Ghostery are fully available whether or not GhostRank is enabled.

Ghostery's dedication to user privacy is capture in the Ghostery Browser Tool Privacy Policy. http://www.ghostery.com/privacy-bt


What does Evidon do with GhostRank information?

GhostRank data will never be used target advertising. Evidon uses the data from GhostRank to discover new trackers on the internet, view specific performance and use statistics, and follow industry compliance with privacy and choice standards for behavioral advertising. The data also helps us understand where advertisements are served, who is associated with these ads, and whether these ads are compliant with industry self-regulatory programs. We may also use GhostRank data (on an aggregate and anonymous basis) to help us understand how advertisers and their vendors are honoring opt-out requests.

[TheWindBringeth]

Quickly...

Bugs identified by Ghostery: What information about these is sent? Given the later "Evidon uses the data from GhostRank to discover new trackers on the internet" comment, is this designed to collect details about potential bugs which could slurp up something one wouldn't want it to?
Bugs blocked by Ghostery: Is this just the simple name ("Doubleclick", "Quantcast", ...) of known bugs?
Number of times the bug has been identified: N/C Edit: Could conceivably be usefull for identifying frequency of visits to certain sites.
Domains identified as serving bugs: Not sure how implemented but inclined to think it would reveal which bugs are served by which sites. Says only "domains" which implies no information about subdomains or individual pages. Would seem to at least reveal domains the user visited but there is the question of correlating the information (see below).
Advertisements served at particular domains, including companies associated with each ad: Not sure how implemented and how specific. One concern being: if ads are targeted based on characteristics of the user, knowing which specific ads are offered to a user can indirectly reveal those characteristics.
Information about the type of notice associated with each ad: Not sure what this is or how it is implemented
The browser in which Ghostery has been installed: N/C
Ghostery version information: N/C

I don't see mention of a unique identifier (above and beyond IP Address, the persistence of which and "PII-ness" of which can vary) being sent. It isn't clear how much would be correlated as a result of the reporting mechanism and its period. It isn't clear if such information is sent in the open for intermediaries to capture.

Additional info might be gathered by searching and asking the developer. However, I think there is much to be said for users endeavoring to investigate things for themselves. Especially when they are concerned about privacy and know the software has features which send information home. One can approach that by examining the software files, by examining network traffic via Wireshark and/or Firebug, etc. Doing so can answer questions, provide important confirmation of what is said by others, and sometimes even turn up something no one has thought of yet. In throwing out earlier questions I was trying to encourage people to (learn to) do that and share what they found.