-
Notifications
You must be signed in to change notification settings - Fork 82
How does HTTP Switchboard compares to Ghostery or Disconnect concerning privacy?
A whole lot of web sites pull resources from 3rd parties (examples: themes.googleusercontent.com, cloudfront.net) thus giving these 3rd parties log data telling them that one specific IP address has been visiting one specific website. If you are really concerned with privacy, you might not want that.
The results below are my findings, and they are published in the spirit of informed consent.
-
Ghostery ("increasing the transparency of your browsing experience and giving you tools to control your privacy online")
- version 5.0.0
- "Block all", and nothing whitelisted.
-
Disconnect ("Disconnect lets you visualize & block the invisible websites that track you")
- version 5.10.2
- Everything is green ("Green = blocked. Grey = not blocked"), and nothing whitelisted.
-
HTTP Switchboard
- version 0.6.6
- Out of the box settings: images from everywhere except blacklisted hostnames allowed, all else blocked.
- Domain of URL of web page whitelisted in the matrix.
Any of the above extension was the only one running at the time of the test, no conflict with another extension can be blamed for the results.
- Steps:
- Browser cache was cleared.
- Target web page was force-refreshed.
- Data was pulled from the developer console, ignoring domain and subdomains matching URL of web page.
- Only hostname is listed below, often many requests to same hostname, for various type of data (javascript, font, css, etc.)
I will insert here the responses of the owner/developer/etc. of Ghostery/Disconnect to the results below.
- Disconnect: Response I got in a Hacker News discussion.
A page on http://www.theguardian.com
Note: *.guim.co.uk not reported as a 3rd-party below, as key resources are pulled from this domain (stylesheets, etc.), which domain/subdomains required whitelisting in HTTPSB for the page to display properly (to meaningfully compare to Ghostery/Disconnect).
| Hostname | Ghostery | Disconnect | HTTPSB |
|---|---|---|---|
| What is said to be blocked: | snapshot | snapshot | snapshot |
| 3rd parties which were not blocked: | |||
facebook-web-clients.appspot.com |
✔ | ✔ | |
guardian-notifications.appspot.com |
✔ | ✔ | |
related-info-hrd.appspot.com |
✔ | ✔ | |
static-serve.appspot.com |
✔ | ✔ | ✔ |
cdnjs.cloudflare.com |
✔ | ✔ | |
www.google.com |
✔ | ||
ajax.googleapis.com |
✔ | ✔ | |
discussion.guardianapis.com |
✔ | ✔ | |
s.ophan.co.uk |
✔ | ✔ | |
platform.twitter.com |
✔ |
A page on http://www.wired.com/
| Hostname | Ghostery | Disconnect | HTTPSB |
|---|---|---|---|
| What is said to be blocked: | snapshot | snapshot | snapshot |
| 3rd parties which were not blocked: | |||
www.adobetag.com |
✔ | ||
dwgyu36up6iuz.cloudfront.net |
✔ | ✔ | |
dnkzzz1hlto79.cloudfront.net |
✔ | ✔ | |
condenastl3cdn.cust.footprint.net |
✔ | ✔ | |
api.cnevids.com |
✔ | ✔ | |
player.cnevids.com |
✔ | ✔ | |
fonts.condenast.com |
✔ | ✔ | |
contextlysiteimages.contextly.com |
✔ | ✔ | |
contextlysitescripts.contextly.com |
✔ | ✔ | |
rest.contextly.com |
✔ | ✔ | |
fonts.googleapis.com |
✔ | ||
themes.googleusercontent.com |
✔ | ||
a.mobify.com |
✔ | ||
cdn.mxpnl.com |
✔ | ||
714015.ssl.cf2.rackcdn.com |
✔ | ||
platform.twitter.com |
✔ | ||
p.typekit.net |
✔ | ||
www.webmonkey.com |
✔ | ✔ | ✔ |
A page on http://www.upworthy.com
| Hostname | Ghostery | Disconnect | HTTPSB |
|---|---|---|---|
| What is said to be blocked: | snapshot | snapshot | snapshot |
| 3rd parties which were not blocked: | |||
d8rk54i4mohrb.cloudfront.net |
✔ | ✔ | |
upw-prod-images.global.ssl.fastly.net |
✔ | ✔ | ✔ |
www.google.com |
✔ | ||
fonts.googleapis.com |
✔ | ✔ | |
themes.googleusercontent.com |
✔ | ||
cc.simplereach.com |
✔ | ||
platform.twitter.com |
✔ |
