Adafruit cares deeply about privacy, security and human rights – our community and customers trust us with their data and it’s up to us to demonstrate the type of company we are and the type of people we are. We like to say “be excellent to each other” – those are words, and there are also actions.
A while ago we added support for DNT (Do Not Track) to our properties and will continue to do so. Supporting DNT is really about keeping users’ online behavior from being followed across the Internet by behavioral advertisers, analytics companies, and social media sites. It’s a little bit of coding, a little bit of tech as far as the approach and most of all, it’s a policy, promise and framework so users can know and choose what is tracked and what is not. Ideally all companies would respect DNT but not all do, and this is an opportunity for Adafruit to show its work and encourage others as well. (Adafruit’s latest privacy policy is here).
It will never be perfect, but this is a start and we’ll keep at it. Here are more details on DNT, Adafruit, the EFF and using tools like Privacy Badger as well as setting DNT in many of the browsers you may use. This is by no means a for-sure way to be super secure, super private or anything like that, but it’s a start, and we hope others, specifically educational companies like Adafruit, devote some time and resources to help educate their community and customers. Let’s do this!
What is DNT (Do not track)?
Let’s get started with having folks much smarter than us, the EFF (Electronic Frontier Foundation), explain exactly what DNT is and why it’s important.
Do Not Track (DNT) is a way to keep users’ online behavior from being followed across the Internet by behavioral advertisers, analytics companies, and social media sites. It combines both technology (a way to let users signal whether they want to be tracked) as well as a policy framework for how companies should respond to that signal.
…
Online tracking began in the late 1990s but has expanded massively in the last decade. Advertising is the main business model financing media production on the open web, and the drive to increase revenue by targeting ads to selected users has led to the creation of a plethora of companies dedicated to monitoring our clicks, searches, and reading habits as we move around the Internet. While technologists have long worried about the privacy implications, it was the Wall Street Journal’s What They Know series in 2010 that brought widespread public attention to the issue by showcasing how marketers gather data on online users.
Much of this tracking happens via cookies. The HTTP cookie, invented at Netscape in 1994, came into life as an innocent and essential tool for the web; cookies make possible “stateful” user interfaces such as user accounts and logins, multi-page forms, or online shopping carts. But cookies also allow sites to store a unique ID in your browser, and therefore to track you—and if a company is present on multiple websites, it can track your visits to each of those sites. In other words, a company can use cookies to construct a detailed overview of users’ activity. Many people feel this is an invasion of their privacy, and want to be able to block, limit or delete their cookies.
Unfortunately, more recent technologies have fostered the development of cookie-like tracking systems that are harder for a user to detect or delete, and can provide marketers with a rich source of data about an individual. Today, online tracking companies use supercookies and fingerprints to follow people who try to delete their cookies, and the leakage of user IDs from social networks and similar sites has often given them an easy way to identify the people they were tracking. In December 2015 EFF launched an updated version of its Panopticlick site which enables users to check their browser’s resistance to different tracking techniques.
You can read more on the EFF’s site and the Wikipedia entry for some more details and history of DNT.
How to enable DNT (browsers)
Good news, bad news. Ok, so browsers have “DNT” features, but really, you’re best off installing EFF’s Privacy Badger, however, we’re going to go through some of the browsers first. If you want to skip all this, go for it, the Privacy Badger is at the end either way.
Some browsers have built in DNT, however it doesn’t always work and some “browser companies” also are mostly funded by advertising and tracking so it’s unlikely that Chrome will really, ultimately, do an excellent job of not-tracking Google search/YouTube, etc, etc. Google’s ad business accounted for 89 percent of revenue, or $76.1 billion… “No one wants to face the reality that this is an advertising company with a bunch of hobbies”. And by default, don’t expect browsers to all come with DNT enabled. For these examples we’ll just look at Firefox, Safari and Chrome – there are others and lots of OSes, including mobile, this is to just get ya’ started.
Firefox
First up, make sure you have the latest browser, for Mozilla Firefox (macOS X) 1/8/2016 the version was/is 50.1.0.
After installing Firefox, click the little hamburger looking icon in the upper right and click preferences.
In Preferences, click Privacy (left bar) and click “manage your Do Not Track settings.” Click “Always apply Do Not Track”. Firefox has a read more link that talks about this too.
You can also make the block list a little more stricter, go ahead and do that too “You can choose which list Firefox will use to block Web elements that may track your browsing activity.” If some sites do not work any more, you might need to adjust these settings. There are additional options on what/who can track you in private windows and Firefox uses “Disconnect.me” – be sure to review what/who it’s blocking, they also offer a VPN service, we’ve not tried it out though.
Chrome
Next up, Google Chrome (Mac) latest version as of 1/8/2017 is Version 55.0.2883.95 (64-bit).
Same as before, click the 3 dot-burgery icon and click settings.
In settings click “Show advanced settings…”
Click “Send a Do Not TracK’ request with your browsing traffic. Chrome immediately pops up a window to read, it seems to say “some” websites are still going to track anyway, ok. And Chrome has a link to read more about this as well.
Safari
Last up, Apple’s Safari, the latest version 1/8/2017 is Version 10.0.2 (11602.3.12.0.1).
As far as browsers go, Safari is a little unusual, some of the leading features, at least as of 1/8/2017 is privacy, security and default options for privacy and not-tracking. Screenshot is above just in case anything changes later 🙂
To turn on DNT on Safari, at least the desktop version, go to Safari > Preferences.
Click Privacy and check off “ask websites not to track me”.
It appears that Safari on the desktop may by default block “some” 3rd-party cookies, and on iOS Safari by default may block even more, but since Apple control iOS, it’s unclear how or if Chrome for iOS for example can do the same things, here’s a article about this, we’ll see what more/what else we can determine. Our guess is that Apple likes saying they don’t track you by default and Google likes tracking you if you’re using a Google product/service so it’s some type of weird symbiotic look-the-other-way, at least for now.
If you click the little round question icon, Safari has a help system that explains what/how website tracking is, again, it says it’s up to sites to honor the request.
On iOS it does appear that DMT is on by default, at least it was for our phone, there were some additional settings in Privacy that we turned on as well.
There are additional setting in iOS for Privacy and ads, check out the settings and review Privacy and the Safari settings.
Just install the EFF’s Privacy Badger
Ok so all these browsers have some type of DNT setting that can be enabled, but most of them just say “well, it’s up to sites to honor it” – that’s really not going to happen, so what can you do? Install the EFF’s Privacy Badger, this will force the websites you visit not to track you, or at least it’s another layer you can add that will at least make it more difficult.
What is Privacy Badger?
Privacy Badger blocks spying ads and invisible trackers.
Privacy Badger was born out of our desire to be able to recommend a single extension that would automatically analyze and block any tracker or ad that violated the principle of user consent; which could function well without any settings, knowledge, or configuration by the user; which is produced by an organization that is unambiguously working for its users rather than for advertisers; and which uses algorithmic methods to decide what is and isn’t tracking. Although we like Disconnect, Adblock Plus, Ghostery and similar products (in fact Privacy Badger is based on the ABP code!), none of them are exactly what we were looking for. In our testing, all of them required some custom configuration to block non-consensual trackers. Several of these extensions have business models that we weren’t entirely comfortable with. And EFF hopes that by developing rigorous algorithmic and policy methods for detecting and preventing non-consensual tracking, we’ll produce a codebase that could in fact be adopted by those other extensions, or by mainstream browsers, to give users maximal control over who does and doesn’t get to know what they do online.
How does it work?
When you view a webpage, that page will often be made up of content from many different sources. (For example, a news webpage might load the actual article from the news company, ads from an ad company, and the comments section from a different company that’s been contracted out to provide that service.) Privacy Badger keeps track of all of this. If as you browse the web, the same source seems to be tracking your browser across different websites, then Privacy Badger springs into action, telling your browser not to load any more content from that source. And when your browser stops loading content from a source, that source can no longer track you.
At a more technical level, Privacy Badger keeps note of the “third party” domains that embed images, scripts and advertising in the pages you visit. If a third party server appears to be tracking you without permission, by using uniquely identifying cookies (and, as of version 1.0, local storage super cookies and canvas fingerprinting as well) to collect a record of the pages you visit across multiple sites, Privacy Badger will automatically disallow content from that third party tracker. In some cases a third-party domain provides some important aspect of a page’s functionality, such as embedded maps, images, or stylesheets. In those cases Privacy Badger will allow connections to the third party but will screen out its tracking cookies and referrers.
Ok, so here’s how to install, we’re going to show Firefox, it’s also supported in Opera, but it’s not available for Microsoft Edge, Firefox Mobile or many/most mobile browsers. For Chrome it’s basically the same thing, visit, click install.
Privacy Badger – Firefox
Make sure you have the latest version of Firefox and then head over to: https://www.eff.org/privacybadger.
Click “Install Privacy Badger and Enable Do Not Track”.
You may need to click “allow” to allow the software to be installed.
After installed, you may be taken to a quickie how-to on how to use Privacy Badger, you’ll also see cute little badger in your address/toolbar.
Ok, now the fun begins, let’s visit some sites, since this article is about Adafruit’s DNT, let’s see how we do. As you browse site the little Badger in the upper left will tell you the tracking attempts and tracking on a site.
Here’s adafruit.com Click around our site, try turning on and off DNT in your browser’s settings and see which sites, including Adafruit respect DNT and which ones do not. See what sites are tracking you, and over time, turn the ones on and off and block them in Privacy Badger if you choose not to be tracked.
For Adafruit, there will be times when you’ll need to go watch a video on Youtube or enable tracking if you want to watch a video on a site, some sites/services do not comply it DNT and you’ll be presented with the choice of viewing the videos, etc. or not.
Ok, so let’s look at a site that is tracking, we’ll pick an easy one, cnn.com. 59 trackers and it looks like their site uses Adobe Flash and has a security issue, ok – good to know, good to block.
Try other sites, email the site owners and ask them to respect DNT if they do not and please help someone you know that might not be so techy protect their privacy online. We’ve included many of the resources we referred to in the article, below, enjoy!
Other resources, references and more:
- All About Do Not Track – What is Do Not Track, allaboutdnt.com.
- Do Not Track – donottrack.us.
- Do Not Track – Wikipedia.
- How to Enable “Do Not Track” in Safari on iPhone & iPad.
- Safari’s now the only major browser supporting Do Not Track on iOS.
- Do Not Track – EFF.
- EFF on Twitter.
- It’s time to unite in defense of users – EFF.
- Tech Companies, Fix These Technical Issues Before It’s Too Late – EFF.
- Adafruit Privacy Policy – Updated December 23, 2016.
- Law Enforcement Request FAQ – Adafruit.
- Reporting Security Issues – Adafruit.
Thank you for implementing this on your site, like you’ve said, not many sites respect the DNT, I was surprised to see the youtube embed blocked by you, which tipped me off, thank you!