Menu
New Chrome extension spots unencrypted tracking

New Chrome extension spots unencrypted tracking

TrackerSSL is aimed at alerting websites of insecure tracking via Twitter

TrackerSSL, a Chrome extension, identifies  third-party trackers on websites that are insecurely sending data across the Internet.

TrackerSSL, a Chrome extension, identifies third-party trackers on websites that are insecurely sending data across the Internet.

A new Chrome extension highlights tools embedded in websites that could pose privacy risks by sending data unencrypted over the Internet.

It's hard to find a major website that doesn't use a variety of third-party tracking tools for online advertising, social media and analytics. But if the trackers send data unencrypted, it is possible for those who have network-level access -- such as an ISP or government -- to spy on the data and use it for their own tracking.

It's partly the fault of websites that have not yet enabled HTTPS, which encrypts data sent between a computer and server, as well as companies that have not enabled it in their tracking tools.

Documents leaked by former U.S. National Security Agency contractor Edward Snowden showed the spy agency was using cookies in order to target users, according to a December 2013 report in the Washington Post. Cookies are small data files created by online trackers that are stored within a person's Web browser, recording information such as a person's browsing history.

The Chrome extension, called TrackerSSL, alerts users when a website is using insecure trackers and gives them an option of tweeting a message to the website letting it know of the issue. TrackerSSL was created by Open Effect, a digital privacy watchdog, and Citizen Lab, a technology-focused think tank at the University of Toronto.

"As demand for secure technology grows, most websites will not be able to protect their readers unless they stop using insecure ad trackers," wrote Andrew Hilts, executive director of Open Effect and a research fellow with Citizen Lab.

TrackerSSL shows a list of trackers embedded into a website. Websites that don't use HTTPS show more warnings, as some trackers would be more secure if it was used.

Other trackers simply don't ever encrypt data transmissions, which puts users at risk that data could be intercepted and misused.

"For content-driven websites such as online newspapers, such snooping can take the form of what's known as 'pattern of life analysis'," Hilts wrote. "Analysts may compile the web browsing history of a target and build the profile of a target by inferring from the target's lifestyle, demographics, political views and more."

For the best security, both the website and the individual trackers should use HTTPS. It's a tall order, especially for sites that use many trackers, and HTTPS can be tricky to set up sometimes. Hilts wrote that "if just one out of a dozen third-parties on a website do not use HTTPS, then a gaping security hole is left open."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Citizen LabsecurityencryptionOpen Effectprivacy

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments