Firefox add-on: Know who is watching when you visit a website (and optionally block them) with Ghostery

If you did not know this already, let me tell you now: The Internet is not a private place. It was never designed to be a private place. The architecture, the core and the pillars, of the Internet was built in a very transparent manner. If you desire privacy, the Internet is not the place to get it (although there are more, and more techniques out there nowadays to improve Internet related privacy).

That being said, almost every website on the internet runs “web bugs“. Simply put, a “web bug” is a script on  a website that monitors user behavior. Web bugs are mostly used to allow webmasters to collect and analyze statistics related to the traffic on their websites, and to serve ads which supply a source of revenue that keep websites going. Even dotTech uses them (see dotTech Privacy Statement for more information).

Although they sound like horrible, big brother type ordeals, for the common user, web bugs are not that big of a deal; at worse, the most “personal” information web bugs collect are IP addresses. I put personal in quotes because IP addresses are actually pseudo-personal in the sense that IP addresses give general geographic information about users (most of the time they can tell the city where the IP originates from), but can’t be personally tied to individual users or households without a subpoena forcing an ISP to reveal that information. Plus IPs are usually issued in a dynamic fashion nowadays, meaning your IP will change at regular intervals, and IPs are owned by an ISP and not you.

Generally speaking, only a privacy nut (and I say “nut” in a loving way) or someone who is genuinely doing something illegal should worry about web bugs. However, even if you are not a privacy nut (I still say “nut” in a loving way), it is still nice to know if your are being tracked and what is doing the tracking when you visit a website. This is where Ghostery comes in.

Ghostery is a Firefox add-on that notifies users if a website is running web bugs, what web bugs the website is running, and allows users to block the web bugs (if desired). Currently Ghostery notifies users of over 200+ web bugs:

2009-11-16_204353

How Ghostery works is simple. After installation, Ghostery places a button/toolbar in Firefox’s bottom toolbar:

2009-11-16_231655

When a web bug is detected on a website, the Ghostery button/toolbar will tell you the number of web bugs found, and a small popup box will appear at the top right of your Firefox window and will tell you exactly which web bugs were found:

2009-11-16_232822

(This screenshot is of dotTech. Doubleclick, Google Adsense, and Google Custom Search Engine are all part of the ad serving system of Google Adsense; Piwik Analytics is the main statistics plugin I use.)

If you click on the Ghostery button/toolbar (single left click) you can get more information about each tracker and optionally block it (any web bug you block will be blocked for all websites you visit that run it – not just the specific website you block it for):

2009-11-16_233205

Although the *purpose* of Ghostery is not to be an ad blocker, if you block an advertisement related web bug, the ads associated with that web bug will also be blocked. Now let me make something clear. As a webmaster, I do not appreciate people blocking ads. Even if a website visitor doesn’t click on them, each time a visitor loads a web page, each ad gets one “impression”; and when it comes to advertising, impressions are as important as clicks. I never block ads, on any website I visit, because I understand ads are the main source of revenue for websites; without ads most websites wouldn’t exist. I just ignore ads (I only block offensive adult ads). However, while I would rather people didn’t block my ads (or my statistical plugins for that matter), I do understand some people have their reasons for doing it and will do it… but I can say please and make you feel like a jerk, right? :P

One thing I am sure you will get tired of while using Ghostery is the fact that the popup box appears every time you load a web page. For example, every time you load a page on dotTech you will get the box. Even though the box disappears automatically after 15 seconds, this can get annoying real quick. So I suggest considering either turning off the popup box and relaying on the button/toolbar to notify you, or lowering the “disappearing” time to something lower like 2-3 seconds. To do this, simply click on the button/toolbar and go to “Options”:

2009-11-16_235119

The popup box is controlled via the settings under “Alert Options” and the button/toolbar is controlled via the settings under “Statusbar Options”.

Last but not least, you can control what web bugs you have blocked from the “Blocking” tab under “Options”:

2009-11-16_235527

You can block/unblock all web bugs supported by Ghostery from here.

Users can grab Ghostery from the following links:

Version reviewed: 2.0.1

Supported platform: Firefox 3.0-3.5.x

Ghostery homepage

[Direct download]

[Firefox Ghostery add-on page]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

32 comments

  1. Kev93

    I enable ads and see 2 that stand out. One is for a free webhost (I’m their latest customer) and one for IE. I think I’ll disable ads again. (Quickly :) )

    (PS I do mean ‘enable’, it’s the way this custom browser is built.)

  2. Doktor Thomas

    Never underestimate the propensity of people to deviate from what you think is normal (turning off Google views to deprive webmasters of income). Prepare by out thinking them with another option…

  3. Adder

    @Harlan: Oh yeah! I forgot about that spelling option! o.O Geesh. I should know better than to nit-pik. Pretty dang foolish to correct someone’s spelling and spell it wrong yourself. lol Ummm, actually though, I just wanted to see if anyone was paying attention, and you win the prize Harlan!!! (That’s my story and I’m sticking to it.)

    We now return you to your regular discussion topic…

    @giovanni: In regards to the ‘rumor’ that CCleaner can delete Flash Cookies, it does indeed have that ability which is why I don’t often use these other programs. By using CCleaner, it doesn’t matter which browser I am using – IE8, FireFox, Google Chrome, Opera, and occasionally Safari – the Flash Cookies get deleted along with all of the other junk every night.

    @Ashraf: Sounds like a great idea for a post Ashraf. :)

  4. Josh

    I understand that Ghostery can give you more info about each web bug (if you care to read about each one – bearing in mind the potential list of 200), but as Jack (14) says, do we really want to do that every time while we surf?

    Giovanni’s suggestion about Flash Cookie Cleaner seems like a more practical alternative.

    What impresses me most about this post, is Ashraf’s honesty. Wish more site owners would be transparent! So many idiots are bamboozling us with hype and non-transparency, that we are becoming overburdened with security/privacy concerns. This is so bad for the Internet! Thanks a million, Ashraf. I will keep your ads up (and even click on them) just to reward you for this :-)

  5. Ashraf
    Author/Mr. Boss

    @Shi: I second that.

    I am not that much into many privacy/adblocking addons for Firefox and I really did learn a lot from everyone that posted. In fact I am thinking now I may compile all the “useful” privacy/adblocking addons for Firefox into a separate post.

    Great info everyone!

    Oh and thanks to everyone that don’t block my ads, and I hold no grudge against anyone that does block my ads. We are all friends here.

  6. Shi

    Great thread. Learnt a bit from you guys. Even spelling lol. I use noscript and adblock plus with easylist.

    One reason that some people may want to consider blocking adds is if they have reading difficulties. Decluttering the web page of adds makes it much easier to read the page.

  7. giovanni

    YEAH!!

    Great add-on but honestly I think that the Firefox add-on BETTER PRIVACY, aimed at cleaning Flash cookies from your system, is more useful than Ghostery if you really care about your privacy!!

    https://addons.mozilla.org/en-US/firefox/addon/6623

    Why??

    Because, unlike traditional browser cookies, FLASH COOKIES are pretty unknown to web users, and they are not deleted through the ordinary browser cleaning facility.

    That means that even if a user thinks to have cleared his computer of tracking cookies, he most likely has not.

    So even if an user, with an average web browser features knowledge, manages to get rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again because of the presence of FLASH COOKIE DATA in his system that act as a sort of “backup” cookies.

    And if you take into account that most of web users worldwide use INTERNET EXPLORER as default browser you can easily understand the extent of this pretty unknown threat.

    One more reason to use MOZILLA FIREFOX as default browser even though it’s rumored that the ubiquitous CCLEANER can delete FLASH COOKIES as well with regard to ADOBE FLASH COOKIES, providing that Adobe Flash Player is checked and shows on the Application tab in the Cleaner list of options.

    Alternatively, to get rid of FLASH PLAYER COOKIES, my suggestion is to use SpywareBlaster as it has a feature that allows users to “kill” Macromedia Flash and Adobe Flash Player.

    However, in addition to it, there is a nice and handy free tool I discovered recently called “Flash Cookie Cleaner 1.0″ able to find, view, and clean FLASH COOKIES from your system whatever browser you use when surfing on the internet.

    http://www.softpedia.com/get/System/System-Miscellaneous/Flash-Cookie-Cleaner.shtml

    Very useful for those that don’t use FIREFOX (with the add-on BETTER PRIVACY mentioned above of course) as default broswer.

    Enjoy!!

  8. Adder

    I have to agree with Jack on this. I have for years simply run CCleaner before I hit the sack (although I do occasionally use programs such as those being discussed depending on my whereabouts within the internet), and I always have third-party cookies disabled. As for the ads, I never bother blocking them (except pop-ups of course) because they are indeed what keeps most websites free and functional.

    In regards to the article itself… All I can say, Ashraf, is that posting a positive article recommending a program that can potentially cut into your website’s revenue and that could hamper the accuracy of your website’s statistics is either a stroke of genius or downright foolhardy (in your case, I tend to lean towards the former ;) ). Most webmasters wouldn’t even consider posting such an article/review. This honesty and above board characteristic of yours is quite refreshing and rare in this day and age, is one of the reasons so many visitors to your site trust you and your reviews and return regularly. Kudos and Thank you. :)

    (A quick nit-picking note here… in your third paragraph, the ‘sudo-personal’ should be ‘psuedo-personal’)

  9. Ozzie

    @ Pete: A similar thing can be found on the MVPS Host site as well (http://msmvps.com/blogs/hostsnews/archive/2009/11/13/1739488.aspx). You can either download a zipped file of the monthly update of dodgy sites and then unzip and copy them into your hosts file or copy the text directly from the site link and then paste. SpywareBlaster has a similar function as well.

    @ Jack: Well, Firefox gives you the option to accept cookies until you close the browser, and you can set the cache, etc, to be cleared as well, but as WobblyWombat mentioned, hidden LSO cookies aren’t wiped (or so I also believe), hence why the Better Privacy add-on was developed. I was using it up until the recent install of Windows 7 and the reinstall of FF, but had to take it off as it wasn’t working for some reason.

  10. Josh

    Very geeky discussion going on here. More to the point … How would one know whether one should block Bluekay or CoreMetrix or whatever? The 200 (!!!) names are meaningless to most users and Ghostery would be as useful to them as sunglasses at night.

  11. WobblyWombat

    I have been using Ghostery for some time, mainly for interest sake, I don’t find it annoying once the notification pop-up time has been decreased.
    Sorry if this is too off topic, but I’d also like to mention “Better Privacy” add-on ( https://addons.mozilla.org/en-US/firefox/addon/6623 ) which deletes “hidden LSO cookies” when you close FFox (LSO’s are normally missed by cookie-cleaners I believe?). Sorry I don’t know a lot about the technicalities of this – but to quote:

    “Flash-cookies (Local Shared Objects, LSO) are pieces of information placed on your computer by a Flash plugin. Those Super-Cookies are placed in central system folders and so protected from deletion. They are frequently used like standard browser cookies. Although their thread potential is much higher as of conventional cookies, only few users began to take notice of them. It is of frequent occurrence that -after a time- hundreds of those Flash-cookies reside in special folders. And they won’t be deleted – never.”

  12. Ozzie

    @ hahaguy: Yeah, I tried QuickJava a while back, but ended up reverting to NoScript, primarily because I could pick and choose what I wanted to allow on a page and when, whereas QuickJava was an all-on or all-off choice. I guess it comes to convenience (QuickJava is definitely the more convenient of the two … click on, click off) and the level of control a user wants to have. I must be a control freak because I do like the power that NoScript gives me. Don’t fret though, Ashraf, your website is permanently allowed.

  13. jumbi

    Indeed, users who have used NoScript or AdBlock have similar results.

    I personally use noscript to my professional PC and of course with manual cookie control, so nothing enters that I dont allow.

    To my other PCs (mainly notebooks) I use for simplicity adblock (again with manual cookie control!) and have adequate control.
    But because I understand that ads are important for webpages (I pay myself google adwords for one of my pages), I let them appear when I am connected to my networks, by having adblock disabled.
    When I use mobile internet connection (where data quantity is charged), I have adblock enabled.

    To summarize:

    With noscript (+manual cookies), u dont need Ghostery.

    With adblock (+manual cookies), u may use Ghostery as an extra level of block.

    About manual cookies:
    Many may ask how they would know if a cookie is necessary or not for a page to function properly.
    Generally all directly connected cookies should be acceptable (of course when u want to visit the site and not just surfing around).
    All other cookies are questionable.
    An easy way to recognise undesirable cookies is those that contain words like “ads”, “stats” etc.
    A further way to check whether a cookie is undesirable is to open (at another tab) the page that the cookie belongs.

    By the way, let me also remind you of an easy and simple addon, called RemoveCookie, with which you may immediately right click on a page and remove all connected cookies from your system (useful also if you sign in to a site with different usernames etc and dont want to use another browser).

    # Ashraf
    Do not worry about losing some displays/clicks from the ads on your pages, because the experienced users who block them are to few compared to the unlimited people on the internet :-)

  14. OldElmerFudd

    Ashraf,
    Interesting review, to be sure. I’m not a privacy addict, but do follow sane online practices (imo). I *am* a fanatic about loading Firefox with addons. I’ve done that, and found most never got used decently. There are some nearly universal .xpis on every machine I’ve used. Currently, my seven (yep, 7!)
    are:
    AdBlock Plus
    CustomizeGoogle
    Flashblocker
    Pixlr
    Secure Login
    Session Manager
    TabMixPlus

    They get strained every month for usability.

    About Pixlr: it’s an online Flash based Image Editor that’s amazingly fast. The interface is reminiscent of Photoshop, so I find it easy to do quick looks. Can be installed as an addon for machines that don’t do a lot of heavy lifting in graphics work.
    https://addons.mozilla.org/en-US/firefox/addon/9924

    The homepage is listed, as is usually the case.

  15. Ozzie

    @ Ashraf: Thanks for the reply. I think maybe it’s not so necessary as NoScript anyway lists what is going on behind the page and you can block or unblock accordingly as desired. But a nice tool nonetheless. Thanks again!

  16. Ashraf
    Author/Mr. Boss

    @Ozzie: Hmm. To be honest I don’t have much experience with either NoScript or AdBlock so I don’t know. However, in terms of Ghostery, I believe the main purpose is to let you know what is tracking you; blocking it is secondary.

    @Samuel: >.>’. Uh oh.