Skip to content

Latest commit

 

History

History
115 lines (75 loc) · 6.34 KB

README.md

File metadata and controls

115 lines (75 loc) · 6.34 KB

DuckDuckGo's Web Tracker Blocklist

The web tracker blocklist is built using data from our Tracker Radar. Questions or issues with tracker blocking in DuckDuckGo apps and extensions should be reported in the Privacy Configuration. The trackers included in the blocklist are identified by looking for common third-party requests from Tracker Radar that are setting cookies or using browser APIs in a way that suggests fingerprinting.

Questions

  • Where are the blocklists? Blocklists can be found here by version and platform.
  • Where can I find the code that generates the blocklists? The code to generate blocklists from the Tracker Radar data set is not yet open source, but coming soon.
  • How do I use the blocklist? See examples file that gives an overview of the blocking algorithm and lists couple of examples.

Format

The blocklist is in JSON format and consists of four main objects:

Trackers

Trackers are grouped by their domain (based on Public Suffix List and Tracker Radar Suffix Additions).

Each tracker contains the following fields:

domain The domain of the tracker
owner Entity (usually a company) that controls this tracker
fingerprinting Likelihood this tracker is fingerprinting [0-3]
cookies Percentage of sites that have cookies set by this tracker
prevalence Percentage of sites that request this tracker
default The default behavior when blocking this tracker [block or ignore1]
rules Resources to match for a given tracker
categories List of categories assigned to this tracker

domain

The domain that should be matched against third-party requests to identify the request as being associated with a known tracker.

owner

Entity (usually a company) that controls each tracker. Each entity has a corresponding entity file in Tracker Radar. Entities have the following fields defined:

name The name of the entity
displayName A shortened entity name without company suffixes

prevalence [0-1]

The decimal percent of sites that request this third-party tracker.

cookies [0-1]

The decimal percent of sites that have cookies set by this third-party tracker.

fingerprinting [0-3]

The likelihood this tracker is using browser APIs to uniquely identify users.

0 No use of browser APIs
1 Some use of browser APIs, but not obviously for tracking purposes
2 Use of many browser APIs, possibly for tracking purposes
3 Excessive use of browser APIs, almost certainly for tracking purposes

default [block, ignore]

The default behavior used when no matching rules are found.

Default rules? Action
block no All third-party requests from this tracker are blocked
block yes If a rule was matched then follow the rule action, otherwise blocked
ignore yes If a rule was matched then follow the rule action. If no action exists then block the request. Allow all other requests to load1
ignore no Do not block1

rules

An optional array of objects containing regexes to match against the full URL of third-party requests made to this domain. A matching rule takes priority over the tracker default action.

rule Regex to match against the full tracker URL
fingerprinting see fingerprinting
cookies see cookies
surrogate Certain tracking scripts are implemented in a way that attaches function calls to page elements. When these scripts are blocked, they break sites. In order to block these trackers while still maintaining site functionality, we redirect the requests to surrogate code that replaces all of their functions with no-ops. This field contains the file name of the replacement code to serve instead of blocking
exceptions Optional object listing types and domains to not block on
action Optional action to apply other than blocking

exceptions

An optional object that can contain domains or types arrays. Do not block the tracker request if there is a domains or types match. In cases where the exceptions object contains both domains and types both must match.

domains An array of domains to match against the site requesting the tracker. Do not block in cases where the site domain matches an entry in the domains array
types An array of resource types to match against the tracker request resource type. Do not block in cases where the tracker resource type matches an entry in the types array

action

An optional field listing an action to take when matching on the rule other than blocking. The action field can also be used to switch a matched rule to a non-blocking rule by setting action: ignore1.

Entities

The entities object contains an entry for each of the trackers contained in the blocklist and comes directly from the entity data in Tracker Radar.

Domains

The domains object is a mapping of all entity properties to entity name. This is used for quick lookup of the site owner for determining if a request is first or third-party.

CNAMEs

Used for CNAME cloaking protection. The cnames object maps a first-party subdomain that has a DNS CNAME redirecting to a third-party tracker.

Footnotes

  1. Other privacy protections apply to non-blocked trackers 2 3 4