Credibility Gap: What does Ghostery really see?

March 4, 2010

The popular Firefox add-on, Ghostery, was recently acquired by Better Advertising, which is building a vast system to monitor compliance with new privacy rules for online behavioral advertising. I continue to get questions that indicate confusion about how Ghostery works. Because Better Advertising has portrayed Ghostery as a way to “see 99% of behavioral targeting,” it’s important to understand what Ghostery really sees.

When Ghostery is operating in the browser, it looks for known segments of Javascript that have been mapped in a database to particular companies, including ad targeting companies.

However, unlike our own add-on, TrackerWatcher, Ghostery does not look at actual browser interactions with ad-company servers. As a result, it completely misses non-Javascript tracking methods. Pixel-based tracking, a mainstay of behavioral tracking, may be missed by Ghostery if it is not enabled via Javascript. Because one company’s Javascript can serve another company’s tracking pixel, Ghostery may report the presence of the first company but ignore the second one entirely.

To see a demonstration of this problem, try Ghostery on the master opt-out page at the Network Advertising Initiative. This page includes image files (pixel-equivalents) served by dozens companies engaged in behavioral targeting. Several of these companies (ironically) even write new cookies the minute you hit that page. But because Ghostery is only looking for Javascript, and not actual server interactions, it only reports two advertising companies as present on that page.

This is not to say that Ghostery isn’t a useful tool — it is, and we link to it on PrivacyChoice. The problem is that Ghostery in its current form is being oversold both as a privacy protection tool for consumers and a compliance tool for the industry. In fact, Ghostery needs to be fundamentally re-engineered to be a truly effective tool to detect online tracking.

In the mean time, Better Advertising would be well served to clarify the presentation on Ghostery’s site to make it clearer to consumers what Ghostery really does (and doesn’t do). Credibility is too important to the self-regulatory initiative to be anything less than completely clear.

Note: Please be sure to read Better Advertising’s comment to this post, which includes an update on the product roadmap for Ghostery.


One Response to “Credibility Gap: What does Ghostery really see?”

  1. Jim and I have had several conversations about the challenges of good tracker detection and various approaches. I’ve found these conversations to be helpful and I hope they continue.

    Jim is certainly correct that Ghostery has been focussing on JS trackers. This is a function of how the application was configured when we assumed control in January of this year. No one at Better Advertising ever thought that Ghostery was at the end of its product roadmap. We’ve received a tremendous amount of feedback from the Ghostery community and have spec’ed a series of releases over the coming months to address the most requested features.

    We issued our first release (v2.03) within a month of the acquisition and our dev team has been expanding Ghostery’s detection capabilities significantly over the last 30 days. We’ve had a stable private release for several weeks and just now issued a request for beta testers in advance of a general rollout. (
    The new release detects trackers embedded in iframes and img tags and also deletes Flash and Silverlight cookies, among other features. All of this brings me to a larger point: While Ghostery, like any application, will never be 100% accurate in every instance, we’re investing in an aggressive roadmap and are making a good faith effort to deliver on its mission. That includes continually expanding detection features, not collecting data from Ghostery users unless they opt-in to GhostRank, and maintaining the tool as a free resource for the community.

    We’ve only owned Ghostery for 6 weeks now, but I think we’re beginning to demonstrate our commitment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: