Skip to content
This repository has been archived by the owner on Nov 15, 2017. It is now read-only.

How does HTTP Switchboard compares to AdBlock , Ghostery or Disconnect concerning privacy?

Raymond Hill edited this page Apr 19, 2014 · 16 revisions

[Edit: added results for AdBlock+ on December 14th, 2013]

A whole lot of web sites pull resources from 3rd parties (examples: themes.googleusercontent.com, cloudfront.net) thus giving these 3rd parties log data telling them that one specific IP address has been visiting one specific website. If you are really concerned with privacy, you might not want that.

The results below are my findings, and they are published in the spirit of informed consent.

Notes

A disctinct feature of HTTP Switchboard is that it is also a script blocker, like NoScript on Firefox. Other blockers listed here do not prevent the execution of inline javascript.

Now regarding privacy.

Blocking everything is not necessarily a good thing to everybody, as this might break web sites. Some users, less concerned with privacy, prefer to block minimally, others will prefer to pick themselves only what is necessary for a web page to just display properly. HTTP Switchboard allows both approach: although it comes out of the box with blocking by default and allowing exceptionally, you can with a single click allow everything by default and block exceptionally.

Keep in mind that HTTP Switchboard is somewhat different than the two other extensions, which ones are based on a blacklist which is curated by their respective author. HTTP Switchboard blacklists come from various selfless third-parties, are extensive, and aside that, you can still block whatever you want ultimately. Also, HTTP Switchboard is a javascript blocker (like NoScript), a feature not found in the three other extensions.

Edit: Since version 0.6.6, a new column has been added in the HTTP Switchboard matrix, the css column, which comes whitelisted out of the box. This would likely cause HTTP Switchboard to hit more 3rd-party hosts, as the css column is also used to filter web fonts. I plan to redo the tests.

Methodology

  • AdBlock Plus
  • Ghostery ("increasing the transparency of your browsing experience and giving you tools to control your privacy online")
    • version 5.0.0
    • "Block all", and nothing whitelisted.
  • Disconnect ("Disconnect lets you visualize & block the invisible websites that track you")
  • HTTP Switchboard
    • version 0.6.6
    • Out of the box settings: images from everywhere except blacklisted hostnames allowed, all else blocked.
    • Domain of URL of web page whitelisted in the matrix.

Any of the above extension was the only one running at the time of the test, no conflict with another extension can be blamed for the results.

  • Steps:
    • Browser cache was cleared.
    • Target web page was force-refreshed.
    • Data was pulled from the developer console, ignoring domain and subdomains matching URL of web page. (Since then I wrote this tool to quickly parse the results from the console.)
    • Only hostname is listed below, often many requests to same hostname, for various type of data (javascript, font, css, etc.)

Reponses

I will insert here the responses of the owner/developer/etc. of Ghostery/Disconnect to the results below.

Results


Note: *.guim.co.uk not reported as a 3rd-party below, as key resources are pulled from this domain (stylesheets, etc.), which domain/subdomains required whitelisting in HTTPSB for the page to display properly (to meaningfully compare to Ghostery/Disconnect).

Hostname AdBlock+ Ghostery Disconnect HTTPSB
What is said to be blocked: snapshot snapshot snapshot
3rd parties which were not blocked:
s.ophan.co.uk
facebook-web-clients.appspot.com
guardian-notifications.appspot.com
related-info-hrd.appspot.com
static-serve.appspot.com
cdnjs.cloudflare.com
graph.facebook.com
clients1.google.com
www.google.com
ajax.googleapis.com
discussion.guardianapis.com
p.jwpcdn.com
platform.linkedin.com
www.linkedin.com
images.outbrain.com
odb.outbrain.com
widgets.outbrain.com
platform.twitter.com
s-static.ak.facebook.com
static.ak.facebook.com
connect.facebook.net
cdn.api.twitter.com
s.c.lnkd.licdn.com

Note: In the case of HTTPSB, there was a hit on static-serve.appspot.com because images are whitelisted by default when using out-of-the-box settings. But users can, if they choose so, block specifically static-serve.appspot.com with a single click in the matrix. This is not possible with Disconnect and Ghostery. It is possible with AdBlock+ if you don't mind technical stuff.


Hostname AdBlock+ Ghostery Disconnect HTTPSB
What is said to be blocked: snapshot snapshot snapshot
3rd parties which were not blocked:
www.adobetag.com
admin.brightcove.com
dwgyu36up6iuz.cloudfront.net
dnkzzz1hlto79.cloudfront.net
condenastl3cdn.cust.footprint.net
api.cnevids.com
player.cnevids.com
fonts.condenast.com
contextlysiteimages.contextly.com
contextlysitescripts.contextly.com
rest.contextly.com
disqus.com
go.disqus.com
juggler.services.disqus.com
realtime.services.disqus.com
wiredthreatlevel.disqus.com
a.disquscdn.com
connect.facebook.net
s-static.ak.facebook.com
static.ak.facebook.com
condenastl3cdn.cust.footprint.net
s.c.lnkd.licdn.com
www.google-analytics.com
fonts.googleapis.com
themes.googleusercontent.com
platform.linkedin.com
www.linkedin.com
a.mobify.com
cdn.mxpnl.com
images.outbrain.com
odb.outbrain.com
widgets.outbrain.com
assets.pinterest.com
passets.pinterest.com
widgets.pinterest.com
714015.ssl.cf2.rackcdn.com
widgets.twimg.com
cdn.api.twitter.com
platform.twitter.com
p.typekit.net
www.webmonkey.com

Note: In the case of HTTPSB, there was a hit on www.webmonkey.com because images are whitelisted by default when using out-of-the-box settings. But users can, if they choose so, block specifically www.webmonkey.com with a single click in the matrix. This is not possible with Disconnect and Ghostery. It is possible with AdBlock+ if you don't mind technical stuff.


Hostname AdBlock+ Ghostery Disconnect HTTPSB
3rd parties which were not blocked:
s-static.ak.facebook.com
static.ak.facebook.com
www.facebook.com
connect.facebook.net
static.ak.fbcdn.net
ajax.googleapis.com
code.jquery.com
s.c.lnkd.licdn.com
platform.linkedin.com
www.linkedin.com
player.ooyala.com
assets.pinterest.com
widgets.pinterest.com
buttons.reddit.com
www.reddit.com
ak.sail-horizon.com
cdn.sailthru.com
cdn.stumble-upon.com
badge.stumbleupon.com
platform.stumbleupon.com
cdn.taboola.com
netstorage.taboola.com
trc.taboola.com
cdn.api.twitter.com
platform.twitter.com

Hostname AdBlock+ Ghostery Disconnect HTTPSB
3rd parties which were not blocked:
admin.brightcove.com
www.facebook.com
static.ak.fbcdn.net
cdn.api.twitter.com
platform.twitter.com

Hostname AdBlock+ Ghostery Disconnect HTTPSB
What is said to be blocked: snapshot snapshot snapshot
3rd parties which were not blocked:
d8rk54i4mohrb.cloudfront.net
www.facebook.com
s-static.ak.facebook.com
static.ak.facebook.com
connect.facebook.net
upw-prod-images.global.ssl.fastly.net
static.ak.fbcdn.net
www.google.com
fonts.googleapis.com
www.google-analytics.com
themes.googleusercontent.com
cc.simplereach.com
platform.twitter.com
www.youtube.com
s.ytimg.com

Note: In the case of HTTPSB, there was a hit on upw-prod-images.global.ssl.fastly.net because images are whitelisted by default when using out-of-the-box settings. But users can, if they choose so, block specifically upw-prod-images.global.ssl.fastly.net with a single click in the matrix. This is not possible with Disconnect and Ghostery. It is possible with AdBlock+ if you don't mind technical stuff.

Clone this wiki locally