Do contact me if you found a bug, if you have questions or if you’d like specific feature to be added, I tend to rely heavily on user feedback to improve my plugins! And if you’re happy with how it works, drop by on the WP DoNotTrack-page on wordpress.org to rate it and/ or to confirm it works with your version of WordPress!
Although browser addons such as NoScript and Ghostery (which is cross-browser with some limitations) provide great protection against tracking, some people prefer not to have to install plugins. Firefox does have configuration options to somewhat limit what trackers can do. You can follow the knowledge base article here to learn how to disable 3rd party cookies (the default setting in Safari, which Google was caught circumventing).
If you’re up to it, you also simply open up the almighty “about:config” and tinker with the following settings (some of which aren’t available in the browser UI):
- network.cookie.cookieBehavior with values:
- “0”: allow all cookies (default)
- “1”: don’t allow 3rd party cookies
- “2”: don’t allow any cookies
- network.cookie.thirdparty.lifetimePolicy with values:
- “0”: keep cookies for as long as the server asks
- “1”: ask the user on each and every cookie set (try it out if only for fun, you’d be surprise how much cookies are set)
- “2”: cookie gets deleted when you close your browser (i.e. at the end of the session)
- “3”: cookies have a lifetime as defined in the “network.cookie.lifetime.days ” preference
- network.cookie.thirdparty.sessionOnly: set to “true” or “false”
- privacy.donottrackheader.enabled: set to “false” (default) or “true”, which gently asks sites not to track you
Setting “network.cookie.thirdparty.sessionOnly” to “true” is a low-impact change which should stop tracking-companies (think Media6degrees or Quantcast) from following you around the web.
If you want to stop Facebook, Google & Co to stop tracking you around the web as well, the above setting will not suffice. You should either log out of their sites as soon as you’ve done your business there or set “network.cookie.cookieBehavior” to “1” (which will break their “social widgets”). Or you can install Ghostery or NoScript, off course.
Let’s apply the duck-test to Google;
- They severely limited access for Scroogle, the Google-scraper for privacy-nuts, to the point where it is effectively out of service (although apparently Google isn’t the only one to blame)
- They have been caught with their hands in your cookie jar, not only bypassing user’s cookie preferences in Safari but also in Internet Explorer
So if Google looks, swims and quacks like it doesn’t care about user privacy, it must be that it … doesn’t care about user privacy.
I on the other hand do care about my privacy, so I decided to put even less eggs in Google’s basket: I’ve switched my search-engine to startpage.com, which is operated by a Dutch company (i.e. one which has to comply with stricter European privacy laws) and which guarantees privacy while being powered by Google.
Startpage’s only downside: they are blocked by our company internet-filter because they provide proxy-services, so as an alternative I also use the less powerful DuckDuckGo (I changed keyword.url in Firefox’ about:config to “https://duckduckgo.com/?q=”). And a nice bonus; DuckDuckGo also has a nice Android-app, which I have installed to replace Google Search on my Sammy SII as well.
Update 02-2015: things change, blogposts get out of date and indeed A2A is not owned by Lockerz any more.
AddToAny, one of the most popular sharing-widgets around, has had 3rd party tracking by Media6degrees for quite some time already. I wasn’t too happy about that, but it did have the no_3p option to disable this “functionality”. Half a year ago however AddToAny was acquired by Lockerz.com and it now includes tracking by Lockerz.com which cannot be turned off and does not check for navigator.doNotTrack either.
I’ve contacted the developer (Pat’s a swell guy, really) and he answered he would look into honoring the DoNotTrack header, which he wrote he’d love to include in Q1 somewhere. In the mean time, if you have AddToAny on your site, you can already hide the Lockerz “Earn” tab. And if you’re on WordPress, you could install (or upgrade) WP DoNotTrack, which I’ve updated to stop the Lockerz tracking (make sure lockerz.com is your blacklist).
If there’s a Drupalista out there that uses AddToAny and would like to stop Lockerz tracking; I’d be happy to co-author a Drupal DoNotTrack module, do get in touch!
Did you know you can limit the damage an iframe can do by adding the “sandbox” attribute? And that you can add a value to that attribute to loosen your grip if you choose to do so?
So yeah, the option to sandbox iframe’s pointing to blacklisted (or non-whitelisted) hostnames will probably be in a future version of WP DoNotTrack. Stay tuned!
I pushed out a major new version of WP DoNotTrack to the WordPress plugin repository and major in this case means:
- you can now choose between a blacklist and whitelist-approach (previous version did blacklisting only)
- define what exactly is in that black- or whitelist (previous version came with a hardcoded blacklist)
- and off course an option-page under wp-admin to change all these settings
Because of these new features (4 of them) and because I think the plugin is already at least 50% mature, I decided to bump the version from 0.1.0 to 0.5.0. Never been good at math anyway …
If you encounter any problems when installing or configuring this plugin, you might find valuable info in the FAQ. But here’s two tips anyway:
- In general caching and js-aggregating plugins can interfere, so you might want to disable those while working on your WP DoNotTrack configuration and re-enable (with cleared caches) once you’re satisfied with the result.
- If you’re running WP YouTube Lyte with the bonus “donottrack” feature activated, you’ll want to deactivate that before installing/ activating WP DoNotTrack. If you don’t do that, you’ll have to turn to the FAQ …
Don’t hesitate to contact me or leave a comment beneath this here little blogpost if you run into problems, if have a feature request or if you just want to chat a little. I just love receiving feedback!
After almost a year of tinkering with my Donottrack-plugin for WordPress, I’ve requested it to be hosted in the WordPress repositories and uploaded version 0.1.0. So if you’re using Donottrack on your blog, or if you activated this “bonus feature” of WP YouTube Lyte, I propose you give WP DoNotTrack a try and let me know what gives here in the comments or via the contact form?
From the readme:
WP DoNotTrack stops plugins and themes from adding 3rd party tracking code to your blog to protect your visitor’s privacy. WP DoNotTrack uses (a slightly modified) version of jQuery AOP to catch and inspect elements that are about to be added to the DOM and renders these harmless if the black- or whitelist says so.