Do-Not-Track Tools: Hands-On Showdown

Online tracking is a hot topic these days, with the Obama administration and the Federal Trade Commission calling for tougher online privacy protections. The FTC recently issued a report urging voluntary practices for online businesses regarding data collection. Another popular proposal suggests building a universal do-not-track function into future Web browsers.

The proposed universal do-not-track tool won’t be particularly robust, since it would simply make your browser send a “please don’t track me” request to a website. Given the past misbehaviors of Internet behemoths such as Facebook and Google, it’s hard to put much faith in a solution that depends on the best intentions of site owners.

Nevertheless, that’s the gist of the FTC’s appeal to Internet businesses for voluntary cooperation. Specifically, the agency suggests that privacy controls should be incorporated into new products and services by design (including that do-not-track feature in every browser, perhaps); that consumers should have simple ways to control their personal information; and that corporate data-collection practices should be transparent.

On balance, however, most of us pay via our eyeballs and our personal data for the majority of the information we access online. Targeted ads–sometimes laughably off-base, sometimes appropriate based on demographics–pop up on many sites in lieu of a paywall. If you really hate the ads, or if you don’t want to share anything about yourself and your browsing habits, you might shell out for ad-free access to a site.

The key here is the call for transparency. Sites commonly use cookies, a bit of code, to recognize you the next time you return. In some cases, cookies are an important part of the way the Web works. You couldn’t click a Facebook “Like” button and have it work automatically, for example, without a cookie from the social network determining that you were signed in to Facebook.

But some cookies follow you around the Web. These tracking cookies, stashed in your browser, note your browsing habits and online activity, and can help a tracking company determine appropriate ads. Companies may serve up the ads directly, or sell your data.

The FTC’s proposals ask that privacy be the default, that sites’ collection habits be clear, and that browsers provide some protection from tracking–but remember, those are all just suggestions.

If you really want to stop sites from tracking you, and if you don’t want to rely on a site’s goodwill, you can turn to several browser add-ons that will shield your Web browsing habits from a host of advertising and behavioral-tracking technologies–or at least alert you to their interest, and enable you to grant or reject the request.

Here’s a hands-on look at three tools designed to keep your browsing activity private.

AVG Do-Not-Track

AVG’s free antivirus program for Windows now comes with a Do-Not-Track browser add-on that works with Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer.

To get started, download AVG 2012 and then run an update to obtain the add-on. Current AVG users will receive the new tool as an automatic update. AVG automatically installs its Do-Not-Track feature in any of the three browsers available on your system.

Immediately after installation, decide whether you want AVG’s Do-Not-Track tool to alert you whenever it detects a tracking cookie. To enable this feature, click the AVG icon and select Alert me when active trackers are detected. However, I don’t recommend activating the automatic alert, since it causes the AVG add-on to produce a pop-up window every time it detects cookies on a page; considering that almost every website has some form of tracking on it, dealing with these pop-ups can become tedious pretty quickly.

Settings: Although AVG automatically blocks a wide variety of ad networks by default, it doesn’t block several social and Web-analytics features. Among the trackers it leaves unblocked are Comscore Beacon, Facebook Connect, Facebook Social Plugins, Google +1, Google Analytics, LinkedIn, LinkedIn Button, Twitter Button, and Yahoo Analytics. If you’d like to block some of those items, click the AVG Do-Not-Track icon, select Settings, and choose cookies under ‘Block the following’.

AVG also adds a “do-not-track” header to your browser. This tells websites that honor the header to respect your wishes and not attempt to set any tracking cookies.

Browsing the Web: AVG’s Do-Not-Track add-on keeps a running count of how many trackers it detects on a single page as that page loads. On PCWorld.com, for example, AVG found four trackers: two Web analytics trackers and two social buttons. The tool didn’t block any of them, however, since by default it wasn’t set to stop such cookies.

When AVG detects a cookie that it is set to block, the tool shows that cookie’s name in the pop-up window with a line crossed through it. To see more detailed information about a tracker, you can hover over its entry in the pop-up window.

In the example shown here, AVG is telling me about the Bizo advertising cookie on the Wall Street Journal site. I can see that the cookie collects personal and nonpersonal data, and that it shares its data with third parties. To report on what kinds of data each tracking cookie collects, AVG pulls information from the privacy policy of the company setting the cookie.

Bottom line: In my tests, AVG’s browser add-on appeared to work decently, but it was less robust than the other tools I tried. To its credit, AVG allows you to modify which cookies it blocks and which ones it doesn’t. The downside, though, is that you must download and install the entire AVG antivirus program to get the Do-Not-Track tool. That’s problematic, since AVG still has some bad habits such as installing browser toolbars and attempting to switch your browser’s search provider by default.

DNT+

Boston-based security company Abine offers a browser add-on called Do Not Track Plus (DNT+) that works with most major browsers, including Chrome, Firefox, Internet Explorer, and Safari. Officially, DNT+ supports only Windows and Mac, but in my tests DNT+ also worked for Linux systems.

DNT+ is very similar to AVG’s antitracking tool, except that you don’t have to download an entire antivirus program to get it–just visit Abine’s DNT+ product page, and click the Download Now button. In my tests, Abine’s system automatically detected my browser type (Chrome) and installed the add-on. You can also find DNT+ in the Chrome Web Store and at the Firefox add-on site.

An Abine representative told PCWorld that DNT+ blocks 580 tracking technologies; the rep also claims that the add-on speeds up Web browsing by 40 percent.

Settings: Similar to AVG, DNT+ comes with a set of tracking cookies blocked by default in its settings, but Abine’s antitracking tool is much more aggressive than AVG’s. In my tests, DNT+ stopped all of the cookies that AVG didn’t block by default, including social cookies such as Facebook buttons and Google’s +1 button.

When the tool blocks social buttons, companies such as Facebook and Google can’t track you. But DNT+ will still allow you to use these social functions if you click on them.

Keep in mind, however, that clicking on a social button will identify you to that social network. In my tests with DNT+ on Chrome, this feature worked quite well, but I was never able to get the Facebook Like button to work. Other social buttons, such as those from Google+, LinkedIn, and Twitter, did work.

Browsing the Web: Trying out DNT+, I noticed a dramatic difference in the number of tracking cookies that it detected in comparison with AVG. On the WSJ site, for example, AVG detected just three trackers and only one advertising network–but DNT+ found five ad networks, five behavioral trackers, and one social network. On PCWorld.com, the difference was even larger, with DNT+ finding 13 trackers to AVG’s four.

DNT+ doesn’t offer as much detail about each individual tracking cookie as AVG does. Instead, DNT+ groups cookies into three categories: social networks, ad networks, and behavioral-tracking companies. Clicking a section expands it so that you can see which tracking companies DNT+ is blocking. This feature at least gives you some idea about what each tracking cookie is up to.

Turning DNT+ off: Let’s say that you visit Marvel.com and decide to allow tracking for that site. To do so, click the DNT+ icon and then select Blocking Tracking from the drop-down menu. This action will automatically turn off DNT+ for all of Marvel.com, but you will have to reload the site’s current page for the new setting to take effect. DNT+ will remember this setting every time you visit Marvel.com in the future.

Bottom line: Abine’s DNT+ is an effective do-not-track tool that blocks a wide range of unwanted advertisers and other tracking companies. One strange thing is that DNT+ will stop counting trackers at a certain point, but when you click the add-on button, the tally will increase by a few more cookies. When I was browsing on Marvel.com, for example, it told me that three trackers were present; when I clicked the DNT+ button, the count went up to five.

Ghostery

Unlike the AVG tool and DNT+, Ghostery does not automatically block cookies from tracking companies. Instead, it gives you options for which items to block, and when to do so.

Visit the Ghostery site and click the green Download Ghostery for Free button. The site will automatically detect your browser type so that you get the correct add-on.

You can also find Ghostery in the Chrome Web Store and on the Firefox add-on site.

Settings: By default, Ghostery merely alerts you to cookies’ presence. If you want to start blocking cookies, you must enable the feature by clicking the Ghostery icon in your browser and then clicking the settings cog. Next, under ‘Blocking Options’, click Enable bug blocking.

In the screen that comes up, you can select the tracking cookies you want to block one by one, or you can choose to block them all by checking the box at the top of Ghostery’s blocking list. Blocking all may be the easier option to start with, since you likely will want to allow only a few specific cookies such as Facebook or Google’s +1. But you might come across others as you browse, at which point you’ll need to modify the settings.

If you want help in making those custom selections, go under ‘General Options’ and select the Show alert bubble command. Just like AVG’s Do-Not-Track tool, Ghostery can get annoying really quickly if it pops up an alert bubble for every Web page you visit, but you can make your choices and then save them. Once you’re finished with Ghostery’s settings, click the Save button at the bottom of the page.

Browsing the Web: Ghostery works just as AVG and DNT+ do, supplying a running tally of blocked tracking cookies. In my tests Ghostery was not quite as effective as DNT+, but it was far better than AVG. As in AVG’s interface, any trackers that Ghostery blocks have a line drawn through their names.

Bottom line: Ghostery seems to work fairly well, but the DIY aspect of blocking individual trackers may put off some users.

Your Best Bet

In my tests, I found Abine’s DNT+ to be superior to the other two tools, with Ghostery coming in a close second. I also liked the fact that DNT+ permits you to interact with a Web page’s social elements when you choose to do so. AVG antivirus users may want to keep an eye on the company’s Do-Not-Track feature to see whether AVG improves it over time. If you’re not an AVG user, though, you’re better off with DNT+.

Other Options

Collusion for Firefox and Mozilla’s do-not-track header: A far less robust approach to implementing do-not-track is to use Firefox’s built-in do-not-track header along with the organization’s experimental Collusion add-on.

Collusion shows you exactly which websites are tracking you, as well as the tracking cookies they set. Collusion can’t block anything; the add-on is merely an educational tool that illustrates how many tracking cookies are on your computer.

One of the interesting things about Collusion, however, is that it also reveals relationships between the sites you visit, using a simple graph. For example, whenever you visit sites carrying Google’s DoubleClick tracking cookie, all of those sites in Collusion’s graph will point to the DoubleClick cookie.

Mozilla’s do-not-track header is a bit of code in your browser that tells websites that you don’t want to be tracked, but it’s up to individual websites to respect your privacy settings. The number of sites currently supporting Mozilla’s do-not-track initiative is not clear.

Android users can activate do-not-track in Firefox for Android by swiping toward the left on any Firefox tab and selecting the settings cog at the bottom right of the screen. On the next screen, tap the checkbox next to Tell sites not to track me.

For Chrome and IE: Other browsers also have homegrown do-not-track features that you can try. Chrome users can download Google’s Keep My Opt-Outs extension, and Internet Explorer 9 users can turn to Microsoft’s tracking protection lists.

Connect with Ian Paul (@ianpaul) on Twitter and Google+, and with Today@PCWorld on Twitter for the latest tech news and analysis.