back to article Watch out, Yahoo! EFF looses BADGER on sites that ignore Do Not Track

In the wake of Yahoo!'s decision to stop honoring browsers' Do Not Track signals, the Electronic Frontier Foundation has released a new blacklisting tool that will automatically block tracking cookies from sites that refuse to support DNT. Dubbed Privacy Badger, the tool is available as a browser plugin for Chrome and Firefox …


This topic is closed for new posts.
  1. h4rm0ny
    Thumb Up


    First thing Monday I'm going to make a donation to the EFF. This is good stuff.

    Also, +1 to El Reg for actually properly using "looses" as opppose to all these people who can't spell 'lose'.

    1. Graham Marsden

      @ h4rm0ny Re: GOOD.


      1. Graham Dawson Silver badge

        Re: @ h4rm0ny GOOD.

        That's Muphry's Law: if you correct someone else's spelling or comment on it in any way, you will make a typo yourself.

        1. h4rm0ny
          Paris Hilton

          Re: @ h4rm0ny GOOD.

          Murphy is a vengeful god.

          Clearly having a Paris Hilton moment.

        2. Piro Silver badge

          Re: @ h4rm0ny GOOD.

          Never before wide use of the internet had I ever heard of 'Murphy's Law'. I guess it must be an Americanism, because in Britain the same phenomenon has always been called Sod's law.

          1. veti Silver badge

            Re: @ h4rm0ny GOOD.

            According to most reputable sources I can find, "sod's law" is actually a newer coinage than "Murphy's law". Murphy's law is definitely referenced by name from the early 1950s, but "sod's law" doesn't appear in print until 1970.

            So "always been called"... may not be as accurate as you think.

            1. I. Aproveofitspendingonspecificprojects

              Ah yes I remember the salad days of yore.

              Lady Chatterly made it into print in the 1960's I believe.

              It was good to be young then. Not that I ever read it of course. I am looking forward to a transaltion of Fanny Hill into the vernacular (to be venal.) Especially because I like my porn to end happily ever after. Not just so I can understand it, I assure you.

              So sod's law get's trumped by Murphy does it?

              Well that just goes to show how sod's law works doesn't it.

          2. h4rm0ny

            Re: @ h4rm0ny GOOD.

            >>"it must be an Americanism, because in Britain the same phenomenon has always been called Sod's law."

            I have heard Murphy's Law as a child in the UK. But I think it's mainly because back then "sod" was a vaguely bad word and I got the child-friendly version of it. Probably why you get Murphy's Law in the USA - their aversion to "rude" words.

            I wanted to write "Sod's Law" actually, but someone had already used "Murphy" and "Sod the Powerful God" just was either too rhyming or too open to verb / noun confusion.

    2. King Jack

      Re: GOOD.

      It's a badger not a PPPenguin.

  2. Anonymous Coward

    If they really want to 'badger them'...

    Create a plugin that sends thousands of unnecessary get-requests to their servers

    the moment a tracking cookie is detected while the DNT flag is set...

    That way, everyone who refuses to honor DNT will basically DDOS themselves...

    1. king of foo

      Re: If they really want to 'badger them'...

      I like...

      You could also have it email the ASA and report every website that does this. EVERY TIME.

    2. Charles 9 Silver badge

      Re: If they really want to 'badger them'...

      Except that might be grounds for a suit. Perhaps a quick beep to the EFF and for every, say, 100 times they get a red flag, the EFF can send an e-mail to the admins of that website listing the violations. Of course, they'd also need to find a way to make sure it's not summarily filtered, but enough of them should start getting their attention. And the sites can't accuse the EFF of spam since each message is different and all the e-mails will be valid claims of misconduct.

    3. Acme Fixer
      Thumb Down

      Re: If they really want to 'badger them'...

      Then that becomes the first shot in a war of ddosing and getting banned. Suddenly you won't be able to access anything.

      It's the Golden Rule: he who has the golden website makes all the rules.

  3. ecofeco Silver badge

    Armor up

    I like the way you think, malle-herbert. Upvoted.

    I use FF because it allows me to armor up and not fall victim to the whims of websites.

    Adblock, Flash block, script block, privdog, clear history on close, Ghostery. Plus my hardware and software firewalls. Plus my AVs, both active and passive. It takes ALL of those running at once to safely surf these days. And even then things get through. (very very little in my case)

    So no matter what the website/trackers decides, they can kiss my shiny metal ass. Because thanks to them, they have made surfing the web akin to slogging through the sewers in a knife fight.

    Install the above and you will be shocked at the amount of malware it blocks for Yahoo alone.

    1. John Tserkezis

      Re: Armor up

      "Install the above and you will be shocked at the amount of malware it blocks for Yahoo alone."

      Actually, you won't. I've had those running for so long, I really don't know what I'm missing from Yahoo at all. Which is even better. :-)

    2. RISC OS

      Re: Armor up

      Jeez you must have so much fun browsing... wouldn't it be easier just not to use the internet, or even a computer?

      1. Charles 9 Silver badge

        Re: Armor up

        Especially since many sites, including some of the BIG ones or ones with exclusive content, are now employing ad-blocker-blockers of a very broad sort. Basically they won't let you see anything unless you open yourself up to the cookies.

        1. Steven Roper

          Re: Armor up

          Especially since many sites ... are now employing ad-blocker-blockers of a very broad sort.

          My universal response to being told to turn off my adblocker or allow third-party tracking is simply to add that site to my blacklist and move on to the next site. I've lived perfectly well so far without whatever the site is offering and I'll live perfectly well without it for many years yet.

          Same thing goes for sites that display nothing but a "You must enable Javascript to view this site" banner. If you don't give me any reason why I should allow Javascript for your site, you don't give me any reason to be a potential customer (or product!) A good site should fall back gracefully to at least let people see what you're offering so they can decide whether they want to enable Javascript or not. By all means have a banner advising me that some features need Javascript, but at least give me something to be able to base that decision on.

          1. Charles 9 Silver badge

            Re: Armor up

            That may well be possible if you have an alternative, but I note you left out the key word exclusive. In this case, it's down to a take it or leave it. If you turn them down, you have to go without the offer since you can't get it anywhere else.

            And it gets dicier when you're not talking about something cosmetic but important stuff like exclusive drivers, security patches, and so on. What if the only way to keep your system safe is to submit to the cookie minefield? (And yes, I've personally experienced such a dilemma for an old driver)

      2. ecofeco Silver badge

        Re: Armor up

        "Jeez you must have so much fun browsing... wouldn't it be easier just not to use the internet, or even a computer?"

        Yes! Thank you! The recovered speed and complete lack of annoying as shit adverts/trackers/AV vectors, make surfing enjoyable again.

      3. Fluffy Bunny

        Re: Armor up

        "fun browsing... wouldn't it be easier just not to use the internet, or even a computer?"

        For the best sites, I write my own programs. Firefox is just to find the ones worth the effort.

    3. Fibbles

      Re: Armor up

      Running multiple AVs at the same time...

      FFS people, this is supposed to be a website with a technically inclined readership...

      1. ecofeco Silver badge

        Re: Armor up

        "Running multiple AVs at the same time...

        FFS people, this is supposed to be a website with a technically inclined readership..."

        Spybot plays nice with every AV I've ever used, but it is only used in passive/immunized mode. My firewalls are firewalls only. I've chosen Avast as my main "live/active" AV.

        Yes, thank you. I've resolved many a user's performance problem because they were running 2 AVs. If I hadn't known this for the last 10 years, your advice would have been timely.

    4. Joe Zeff

      Re: Armor up

      If you want to get rid of some of the stuff you're using to get rid of tracking cookies, malware and so on, switch to Linux and get rid of all of your AV software. And, if it matters, you can stop paying for your OS, your applications and your upgrades because Linux is free. Or, you can keep on throwing money into Microsoft's money pit if you prefer.

      1. I. Aproveofitspendingonspecificprojects

        Your heart bleeds for NSA.

        No Text.

        Oh well if I must:

        They should change the name of BT to GCHQ so Microsoft/Yahoo users might realise why they own all the landlines.

      2. Phil Koenig

        Re: Armor up

        @Joe Zeff:

        Did you just touch down from 2002?

        Free software and lack of malware (even if only an illusion) does not have anything to do with website activity tracking.

        1. P. Lee

          Re: Armor up

          > Free software and lack of malware (even if only an illusion) does not have anything to do with website activity tracking.

          Perhaps not directly, but it removes the commercial incentive to allow it, which is a good start.

          Using a browser's porn mode helps. Most sites work if you allow JS for the site, but block off-domain content, so noscript is still useful. Also, something like "better privacy" for ditching flash cookies.

    5. Acme Fixer

      Re: Armor up

      Thanks for the info.

  4. Pete Spicer

    DNT is great in theory, except it was doomed the minute Microsoft decided to make it on by default. A cynic mind might even suggest it was done deliberately to compromise the idea. Don't forget - this is not the first time something major has chosen to explicitly ignore DNT being set, on the basis that you couldn't actually rely on the user having made the choice.

    1. SoaG

      "on the basis that you couldn't actually rely on the user having made the choice."

      Your logic is backwards. Consumers should have to opt-in to being tracked.

      1. BlueGreen

        > Your logic is backwards. Consumers should have to opt-in to being tracked.

        Yes they should, but that's ireelevant: prior to DNT there was not any opt-in *or* opt-out. DNT gave you at least the opt-out. MS then deliberately broke it by turning it on by default thereby almost forcing sites to ignore it, which not long after brings us to where we are now. Exactly as I predicted.

        Amazing how many people actually thought MS were doing us all a favour. So bloody naive.

        1. Anonymous Coward
          Anonymous Coward


          Well here's how I see your argument: all these ad companies were basically fucking us up the ass whenever they wanted, but they agreed to only do it if we'd had a good night's sleep first. Then Microsoft came along and taped our assholes up, so the ad companies pulled the tape off and fucked us. You think that was what Microsoft wanted and you're angry at them because you thought it was damned civil of the ad companies to say they'd let us have a few z's first. Am I on the right track here?

          1. BlueGreen

            Re: @BlueGreen @Terri Terrapin

            While I like your expression, MS didn't 'tape our assholes up', if anything they weakened the tape. They sabotaged DNT. DNT was weak (as it was not backed by law) and if it became common to opt out it would have been murdered later. Instead, MS ensured it was murdered sooner.

            > you thought it was damned civil of the ad companies

            don't assume too much just because I didn't spell it out. TBH if I could release a virus that castrated every ad company employee in the world forever I'd do it. They are a disease.

            Now, given that they are a disease I use a comprehensive blocklist so I kill >99% of ads anyway. Do you? Do you make any effort to systemically deal with ads? And do you see a longer term issue here that has to be solved if ads are to be abolished forever (in other words, can you see the disease is perhaps self-inflicted)?

            (am pissed, please excuse any laxity or errors)

            1. Charles 9 Silver badge

              Re: @BlueGreen @Terri Terrapin

              Do you make any effort to systemically deal with ads?

              Whether you do or now, the ad companies make every effort to systematically deal with people who systematically deal with ads. They employ broad ad-blocker-blockers and start having host sites and other legitimate domains host the ads, meaning if you block the ads you block the content, too. And with more and more exclusive (and perhaps even important) content being hidden behind these cookie minefields, it increasingly reaches the point of "Do You Dare?"

        2. Phil Koenig

          What I particularly "enjoyed" was how these charitable advertising organizations developed a system to "opt out" of their industry's tracking.... but only by setting cookies in your browser, requiring cookies to be enabled, of course.... :D

          Right now technology is running a couple of decades ahead of brain-dead politicians, who are either clueless about how they are allowing technology to invade traditionally-sacred personal/political liberties, or in such service to the monied interests that the result is the same.

    2. El Andy

      Re: Well that's all well and good, but...

      Don't kid yourself, the ad companies have always wanted DNT to default off and be hard to change so they can claim everyone is opting in. And that includes Google.

      1. Anonymous Coward
        Anonymous Coward

        Re: Well that's all well and good, but...

        That may well be, but a PROPER government would put people before business and demand that businesses NOT track a person unless EXPRESSLY and EXPLICITLY permitted. Much like that recording scandal in California (it's an all-party explicit consent state). And if they don't like the way that works, well they can just find another line of work. (Rude Salute)

    3. Steve the Cynic

      "DNT is great in theory, except it was doomed the minute Microsoft decided to make it on by default."

      This is either hopelessly naive or hopelessly MS-bashing, more likely both. DNT was doomed the moment it was invented, even before the proposals were first published. The very first time I heard about the idea, I concluded that it was fatuously naive optimism on a scale that is rarely seen anywhere, and nothing in any of the subsequent discussions has inclined me to change that opinion.

    4. P. Lee

      Didn't MS do something similar with the high-priority flag in IP? They turned it on permanently for Windows, thus destroying its purpose and spoiling it for everyone else?

  5. Anonymous Coward
    Anonymous Coward

    Hmm, well, glass houses & stuff...

    My browser has DNT set but Ghostery still detects no less than 11 objects of dubious parentage on the El Reg web page reporting this story (and there's no guarantee that's all of them).

    Time to eat your own badger food El Reg?

  6. Jerry

    It's a bit rich to publish this article with ELEVEN trackers embedded in the El-Reg page!

  7. Crazy Operations Guy

    Too difficult to implement DNT

    I guess its the same kind of people that need supervision when using a butter knife, lest they gouge out their own eyes.

    If the browser with DNT connects to a site with ads, only request enough data to display the ad (Screen resolution, browser version, etc) and only record that someone saw that ad. How is this so difficult?

    1. RISC OS

      Re: Too difficult to implement DNT

      I guess if you are on yahoo's payroll for a 6 figure salary, "do not track" is too complicated a phrase to understand.

      1. Les Moor

        Re: Too difficult to implement DNT

        It's likely that the only devs left at Yahoo after all of the jackassery that has gone on there over the last few years are the slow children (no offense intended to slow children)/

    2. Anonymous Coward
      Anonymous Coward

      Re: Too difficult to implement DNT

      Just displaying the ad isn't enough anymore. Those that relied simply on that data have since disappeared. The ad companies that remain won't really pay you unless that ad brings something along with it, like some kind of identification. And no, they will accept no less since it's the only way they can stay in business. And if the web providers can't get ad revenues, everything will start falling behind paywalls.

      1. I. Aproveofitspendingonspecificprojects

        everything will start falling behind paywalls.

        Everything you don't want to read sea or hear on the internet will start falling behind paywalls.

        There, FTFY.

        1. Charles 9 Silver badge

          Re: everything will start falling behind paywalls.

          Everything you DO want to read sea or hear on the internet will start falling behind paywalls.

          There. FTFTFY. It was right the first time, as I can speak from experience. More and more important and exclusive content is starting to get locked down.

  8. kurkosdr

    The deal with cookies

    I never understood the deal with cookies. Why do browsers accept them by default? Normally, there would be an "allow cookies from this site" button in the bottom right (and that only for the purpose of allowing the site to remember log-ins).

    I blame netscape, which presented an ugly popup window (that interrupted your browsing), everytime a site wanted to set a cookie, so most users just set their browser to "allow all", so this became the "standard behaviour".

  9. Tony Green


    ...install Cookie Monster and deny all cookies by default, just using CM to enable them on sites where it suits ME to allow cookies to be set. Which means there are not third-party cookies for Badger to detect even when the bastards try to set them.

  10. Mage Silver badge

    3rd party cookies

    There is zero reason to allow 3rd party cookies. I have them blocked ever since I could.

    1. Scroticus Canis

      Re: 3rd party cookies

      Exactly, and I block them to by default. So if you don't accept third party cookies will this version of Badger do anything for you?

      Normally use FF with NoScript as my general browser and have set annoying repeat offender cookies to be automatically scrubbed when it closes (also cache, logins, etc...). One usability problem with this is that drag&drop or cut&paste doesn't work from the show cookie sub-window to the scrub sub-window; have to type them in manually (take note Mozilla).

      1. Charles 9 Silver badge

        Re: 3rd party cookies

        I think Badger can also handle the FIRST-party cookies as well from sites that won't behave.

        Thing is, how long before sites use cookie detectors and won't let you in until you accept them...ALL of them.

  11. IT Drone

    El Reg Badgered

    ... thanks for the tip - Privacy Badger has greatly improved my browsing experience of The Register as it has the effect of blocking ads. Flashblock did a good job of not distracting my eyeballs but page loading is much faster now that I don't even see the space a blocked Flash ad used to take up. But ultimately I guess my selfish actions are contributing to the death of "free" content made possible by advertising. Oh dear...

    1. JeffyPoooh

      Re: El Reg Badgered

      Exactly. At work, the network is effectively slow enough that I can watch all the ad networks loading one by one on The Register pages. It's actually become "a bit much".

    2. I. Aproveofitspendingonspecificprojects

      You get free internet?


      I have to pay for mine.

      And I still have to watch adverts.

      But now I can't watch free moviers online because NoScript won't let me.


      Oh, I already said that.

  12. Kit-Fox

    I see that most people on here advocate not allowing cookies

    a compromise is to allow cookies and then either use an addon to delete them each time you close FF / or other browser of choice, or use something like CCleaner to delete them all on a regular basis

    Neither option is really all that labour intensive

    1. Tony Green

      No need for an add-on to delete cookies when you close Firefox. Just set the option in preferences and it's done for you.

    2. Mage Silver badge

      It's really only 3rd party cookies that are the problem. You usually DO want the one(s) belonging to the sites you log in to.

      Almost all privacy issues are 3rd party ones (they let a 3rd party track you as move from site to site!).

      Firefox lets you disable all 3rd party ones. But some actual sites then are confused unless you delete the cookies for that site and let them be re-created. I don't know if it's a bug. But at the FIRST time you disable ALL 3rd party cookies you might have to log out of a site, delete (not same as disable) all cookies, close browser, open browser then log in again and the "desired" site cookie then works.

      1. Anonymous Coward
        Anonymous Coward

        I recommend the 'Cookie Controller' FF (i.e. Pale Moon) add-on.

        Set default for the 'off state' (cookies blocked) to 'force at start'; and default for the 'on' state (click the 'Toggle' button to allow cookies for all sites or the 'Permissions' button to allow just the current site) to 'session only'.

        The vanishingly-small no. of sites you want to keep the cookies from you can set to, e.g for Ixquick or somewhere else you genuinely trust: 'Cookies allowed'. For sites like El Reg: 1st party only, which keeps your log-in details

        If in a hurry and clicking the 'Cookies Toggle' button to, say, enable global 'session only' cookies, next start it will have reverted back to 'blocked' by default.

    3. Fibbles

      There's a Firefox addon I advise less technically inclined relatives to use called Self-Destructing Cookies. It automatically blocks all third-party cookies. For first-party cookies you click on the addon icon when visiting a page and get 3 simple options: the cookie self destructs after you close the tab (default), after you close the browser or never (useful to stay logged in to sites you trust).

      It works out better than a simple system of blocking everything apart from the stuff on your whitelist since some sites kick up a fuss / refuse to work without first-party cookies. Having the cookie self-destruct after you close the tab is a good compromise.

    4. JeffyPoooh

      "Neither option is really all that labour intensive"

      Keeping it easy is a lot more difficult than you imply.

  13. Anonymous Coward
    Anonymous Coward

    What do you want for free?

    Someone has to pay for your content because you sure as hell don't. You want if for free (as in, no money direct from your wallet).

    So companies have come up with innovative and groundbreaking ways to sell advertising space to cover cost. And now you block that.

    Luckily the impact will be slight as this is just neckbeard extremists from the EFF, not a group many have heard of and even less take seriously.

    What these sites should do is detect content thieves like you (which is what you ate, reading without paying) and block you. That way you get what you paid for; nothing.

    If you don't like tracking, don't use the WWW or pay for your content.

    1. Zack Mollusc

      Re: What do you want for free?

      Meh, they can block me if they want. Let them find out how much their content is actually worth.

    2. Anonymous Coward
      Anonymous Coward

      Re: What do you want for free?

      I'm quite happy to pay reasonable prices for content - though news sites are unwilling to provide it (e.g. I might want to look at Le Monde for an hour a month, but that will cost me 20 euros - there is no PAYG)

      I am also prepared to put up with adverts for free content.

      What I am not happy about is all the tracking of me as an individual by organisations which may, for all I know, be as criminal as you can get. How do I know who information is being sold to? Google at least tell me their policies, but what about these trackers that most people have never heard of?

      So your dichotomy is a false one; it's a trichotomy at least. The third option is, if you don't like tracking, only accept ads from companies with which you have an explicit relationship.

      1. Charles 9 Silver badge

        Re: What do you want for free?

        No, it's a true dichotomy because the ONLY ads that matter anymore are tracking ads. All the dumb ad networks have since disappeared. And as for an explicit relationship, that's a loophole one could drive a lorry through. They'll FIND a way to make the relationship explicit, and then all bets are off.

    3. grammarpolice

      Re: What do you want for free?

      Tracking has nothing inherently to do with advertising.

      If you don't like your tracker being blocked, try treating your customers as human beings rather than pigs to be fattened.

  14. Viper1j

    Privacy and Honey Badgers

    They don't give a f*ck.

  15. Potemkine Silver badge

    oh, sh*t

    It made a long time I hadn't that song stuck into my head.... thanks guys :nuke:

  16. Inachu

    DNT has a few meanings. DNT track so that if the page does get spidered that the search results will always contain the latest page in search results.

    DO NOT SPIDER - keep page out of search engine index.

  17. Esme

    Any comment Mr Vulture, Sir?

    Thanks for the various tips above folks, some I didn;t know about amongst them - having installed them, I too find that there's several underiable doodads lurking on the very page that told us about Privacy Badger.

    Any comment from Vulture Central?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021