The web tracker blocklist is built using data from our Tracker Radar. Questions or issues with tracker blocking in DuckDuckGo apps and extensions should be reported in the Privacy Configuration. The trackers included in the blocklist are identified by looking for common third-party requests from Tracker Radar that are setting cookies or using browser APIs in a way that suggests fingerprinting.
- Where are the blocklists? Blocklists can be found here by version and platform.
- Where can I find the code that generates the blocklists? The code to generate blocklists from the Tracker Radar data set is not yet open source, but coming soon.
- How do I use the blocklist? See examples file that gives an overview of the blocking algorithm and lists couple of examples.
The blocklist is in JSON format and consists of four main objects:
Trackers are grouped by their domain (based on Public Suffix List and Tracker Radar Suffix Additions).
Each tracker contains the following fields:
| domain | The domain of the tracker |
|---|---|
| owner | Entity (usually a company) that controls this tracker |
| fingerprinting | Likelihood this tracker is fingerprinting [0-3] |
| cookies | Percentage of sites that have cookies set by this tracker |
| prevalence | Percentage of sites that request this tracker |
| default | The default behavior when blocking this tracker [block or ignore1] |
| rules | Resources to match for a given tracker |
| categories | List of categories assigned to this tracker |
The domain that should be matched against third-party requests to identify the request as being associated with a known tracker.
Entity (usually a company) that controls each tracker. Each entity has a corresponding entity file in Tracker Radar. Entities have the following fields defined:
| name | The name of the entity |
|---|---|
| displayName | A shortened entity name without company suffixes |
The decimal percent of sites that request this third-party tracker.
The decimal percent of sites that have cookies set by this third-party tracker.
The likelihood this tracker is using browser APIs to uniquely identify users.
| 0 | No use of browser APIs |
|---|---|
| 1 | Some use of browser APIs, but not obviously for tracking purposes |
| 2 | Use of many browser APIs, possibly for tracking purposes |
| 3 | Excessive use of browser APIs, almost certainly for tracking purposes |
The default behavior used when no matching rules are found.
| Default | rules? | Action |
|---|---|---|
| block | no | All third-party requests from this tracker are blocked |
| block | yes | If a rule was matched then follow the rule action, otherwise blocked |
| ignore | yes | If a rule was matched then follow the rule action. If no action exists then block the request. Allow all other requests to load1 |
| ignore | no | Do not block1 |
An optional array of objects containing regexes to match against the full URL of third-party requests made to this domain. A matching rule takes priority over the tracker default action.
| rule | Regex to match against the full tracker URL |
|---|---|
| fingerprinting | see fingerprinting |
| cookies | see cookies |
| surrogate | Certain tracking scripts are implemented in a way that attaches function calls to page elements. When these scripts are blocked, they break sites. In order to block these trackers while still maintaining site functionality, we redirect the requests to surrogate code that replaces all of their functions with no-ops. This field contains the file name of the replacement code to serve instead of blocking |
| exceptions | Optional object listing types and domains to not block on |
| action | Optional action to apply other than blocking |
exceptions
An optional object that can contain domains or types arrays. Do not block the tracker request if there is a domains or types match. In cases where the exceptions object contains both domains and types both must match.
| domains | An array of domains to match against the site requesting the tracker. Do not block in cases where the site domain matches an entry in the domains array |
|---|---|
| types | An array of resource types to match against the tracker request resource type. Do not block in cases where the tracker resource type matches an entry in the types array |
action
An optional field listing an action to take when matching on the rule other than blocking. The action field can also be used to switch a matched rule to a non-blocking rule by setting action: ignore1.
The entities object contains an entry for each of the trackers contained in the blocklist and comes directly from the entity data in Tracker Radar.
The domains object is a mapping of all entity properties to entity name. This is used for quick lookup of the site owner for determining if a request is first or third-party.
Used for CNAME cloaking protection. The cnames object maps a first-party subdomain that has a DNS CNAME redirecting to a third-party tracker.
Footnotes
-
Other privacy protections apply to non-blocked trackers ↩ ↩2 ↩3 ↩4