Avira Scout: Cookie Overkill – Updated Jan. 2017

Update January 2017

In some cases a user has to modify Privacy Badger settings to get working pages (this strongly depends on browsing behavior, as Privacy Badger is self-learning). With this limitation, we decided to have Privacy Badger OFF in the first (default) mode and ON in the second mode that is more for the more experienced users. Scout also has a blacklist based tracker blocker implemented, so there already is a good protection in the default settings.

Original Post

Many companies make money spying on you while you surf the internet. Sometimes they even sell the data they collect on you to other companies, without you knowing what got collected or who will get your data. To do so they have normal web pages integrate their tracking cookies – which is by the way the reason why cookies have a bad reputation.

On an average site you will have a surprising large list of trackers that monitor your behavior on the page and during your trip through the internet.

There is lots of technology to block said trackers (Ghostery, for example). But you don’t need it – our ABS (Avira Browser Safety) browser plugin is useful for a great many of things – one of which is tracker blocking (hint: Click on the small ABS bar on top of the homepage and check the trackers there).

Our technology is based on blacklists – much smaller blacklists than are required for the blocking of malicious URLs or malicious files. Compared to the other blacklists we have, trackers are a piece of cake (yet still huge).

Blacklists are good to handle for companies like Avira. We have our large data sets and testing environments and can ensure a very high quality. Blacklists have a disadvantage though: They can never be _exactly_ up-to-date, because testing requires time, everything from minutes to hours.

Entering Privacy Badger by the EFF

The EFF has a very creative and technologically interesting concept of blocking trackers called “Privacy Badger“. It works blacklist free. Short: While you surf the web the Badger is checking for third party content that is embedded in several different pages and seems to be sending ID tokens. It is everywhere? It sends ID tokens? Must be a tracker (it’s a bit more complicated than this, I have to admit).

While this is a very cool idea, it comes with its own set of disadvantages: If you do not visit enough different pages, the learning algorithm will not have the required data to block all the trackers. Especially rare trackers will be very underblocked.

But the disadvantages of the blacklist approach and the self-learning one negate each other.

And that’s exactly why we will do what every self-respecting Mad Scientist would: Just mix and match them together and see what happens. Privacy Badger is now pre-installed in Avira Scout. Which you can find in our Beta Portal btw: https://betacenter.avira.com/login.html

For details on Privacy Badger take a look at this talk from the Chaos Computer Club Camp 2015.

video

TL;DR:
At Avira we respect rule #2: Double Tap

For Science !

Please note: This article relates to the Windows, Mac and Linux version of the Avira Scout browser.

This post is also available in: GermanFrenchItalian

I use science to protect people. My name is Thorsten Sick and I do research projects at Avira. My last project was the ITES project where I experimented with Sandboxes, Sensors and Virtual Machines. Currently I am one of the developers of the new Avira Browser