Trackers: Privacy vs. Usability

DNSFilter has recently introduced a new category that can be blocked in configured policies: Trackers.

Having this category available provides a ton of advantages—finer-grained blocking, a focus on privacy, as well as the ability to integrate a wider range of third party feeds on our side—but one big advantage is that it can help with usability of sites.

Previously, there was only Advertising that could be blocked. This generally covered tracking domains—although domains that were Trackers but not Advertising wouldn't be included—but one issue we encountered was the number of sites tying functionality to tracking they had going on in the background. This meant that blocking a tracking domain could cause a site to stop working correctly.

How Things Break

These breakages aren't even just simple cases where the site won't load. Sometimes, only parts of a site will fail to load, or odd overlays might appear because something stopped halfway through rendering. Sometimes it was even more subtle, causing a site to load more slowly than usual or only fail when the user tried certain actions.

Most of the time this is all accidental: Developers just assumed that the resources stored on trackers, and data being sent to them, would work correctly and they hadn't tested the unhappy path. Other times, it's less clear that they aren't deliberately trying to convince users to unblock trackers. But either way, site owners have little incentive to fix things: all they would be doing would be enabling users to prevent valuable data about their browsing behavior being recorded for future use and sale.

Sam Macbeth from DuckDuckGo has an ongoing thread on Twitter that talks about some of the worst cases where this happens. He discusses websites in particular, but this trend has unfortunately been increasing and expanding as the ever-growing IoT market has kept up pace.

IoT

Devices which "phone home" are basically ubiquitous these days, sending all sorts of data like your viewing habits (for smart TV devices), eye movements (for VR headsets), and heart rate (for fitness trackers) back to the cloud where they are highly likely used to build up a profile of you and your habits.

For these sorts of devices, it's even harder to fix it when a device stops working—it's even less obvious which domains are causing the problem, and updates to IoT gadgets are much trickier than fixing some broken Javascript.

So unfortunately, as users who care about privacy, we're left with a choice: Privacy, or usability?

For some people, they'll always go for usability. Several people I work with, for example, are more than happy to have every detail of their online life tracked and stored, and simply assume that's happening everywhere and all the time. (I'm looking at you, Mike.) Personally it worries me, and the right to privacy is something I hold dear.

But in the end, it's up to you.

Final Thoughts

If this sort of thing doesn't bother you, something you may find interesting is to take a look at what's actually happening behind the scenes.

A peek behind the curtain can be revealing: Seeing the number of domains that are being accessed that are classed as trackers, and the rate they're being looked up, can be eye-opening.

Have a look at your DNS query log. Go to a few of your favorite news sites. Check out a couple of time wasting forums. Turn on and play with a couple of internet-connected devices. Then take another look.

You might be surprised at what's going on. And maybe, it might just change your mind.