A comparison of web privacy protection techniques

The online advertising market is becoming bigger and bigger. Users access content provided for free by publishers who monetize their audience through advertisement. Companies thus buy online exposure to promote their products, and in order to maximize advertisement efficiency, they tailor their ads to users regarding their interests.

Advertisers use techniques such as cookies, local data storage, or fingerprinting to identify users across websites. In response to these techniques, several counter-measures were designed, such as the Do Not Track HTTP header by which a user can ask not to be tracked. Browsers can also block some or all cookies, and many browser extensions prevent third-party tracking by blocking requests to tracking services. Thus users have many techniques available but have trouble picking one that offers proper protection.

In this article, Johan Maze, Richard Grenier and Kensuke Fukuda of the National Institute of Informatics of Japan compare existing privacy protection techniques and provide efficiency-based recommendations. They propose a methodology to compare privacy protection techniques against third party tracking. Then, they compare the performances of the different privacy protection techniques before assessing the impact of privacy protection techniques on website quality. They also provide recommendations for users.

The authors first classified the counter-measures available to users regarding their methods: blocking lists, heuristics, indiscriminate blocking, or others.

  • Blocking list: AdBlock Plus, uBlock Origin, Ghostery, Disconnect, NoTrace, DoNotTrackMe/Blur, BeefTaco;
  • Heuristic: Privacy badger, MyTrackingChoices;
  • Indiscriminate: NoScript, RPC;
  • Other: HTTPSDEverywhere, Decentraleyes, WebofTrust.

They then compared the protection techniques in terms of performance and blocking overlap. The most popular extensions show an extensive overlap. Ghostery and uBlock Origin block specific resources that are not affected by other extensions. Regarding overall privacy protection, RequestPolicyContinued and NoScript show the best performances. Ghostery and uBlock Origin protect users slightly less while the remaining techniques provide average to low protection. The DoNotTrack HTTP header provides almost no protection.

Then, they analyzed how privacy protection techniques impact website quality. Their results showed that RequestPolicyContinued and NoScript reduce webpage quality. Other extensions do not have such an impact.

Overall, their analysis showed that RequestPolicy Continued and Noscript are the most effective privacy protection techniques.


Cite: Mazel, J., Garnier, R & Fukuda, K. (2019). A comparison of web privacy protection techniques. Computer Communications, 144, 162-174.