New Chrome extension spots unencrypted tracking

January 29, 2015 – 5:38 AM

A new Chrome extension highlights tools embedded in websites that could pose privacy risks by sending data unencrypted over the Internet.

It’s hard to find a major website that doesn’t use a variety of third-party tracking tools for online advertising, social media and analytics. But if the trackers send data unencrypted, it is possible for those who have network-level access — such as an ISP or government — to spy on the data and use it for their own tracking.

It’s partly the fault of websites that have not yet enabled HTTPS, which encrypts data sent between a computer and server, as well as companies that have not enabled it in their tracking tools.

Documents leaked by former U.S. National Security Agency contractor Edward Snowden showed the spy agency was using cookies in order to target users, according to a December 2013 report in the Washington Post. Cookies are small data files created by online trackers that are stored within a person’s Web browser, recording information such as a person’s browsing history.

The Chrome extension, called TrackerSSL, alerts users when a website is using insecure trackers and gives them an option of tweeting a message to the website letting it know of the issue. TrackerSSL was created by Open Effect, a digital privacy watchdog, and Citizen Lab, a technology-focused think tank at the University of Toronto.


You must be logged in to post a comment.