New Chrome extension spots unencrypted tracking

TrackerSSL is aimed at alerting websites of insecure tracking via Twitter

TrackerSSL, a Chrome extension, identifies  third-party trackers on websites that are insecurely sending data across the Internet.

TrackerSSL, a Chrome extension, identifies third-party trackers on websites that are insecurely sending data across the Internet.

A new Chrome extension highlights tools embedded in websites that could pose privacy risks by sending data unencrypted over the Internet.

It's hard to find a major website that doesn't use a variety of third-party tracking tools for online advertising, social media and analytics. But if the trackers send data unencrypted, it is possible for those who have network-level access -- such as an ISP or government -- to spy on the data and use it for their own tracking.

It's partly the fault of websites that have not yet enabled HTTPS, which encrypts data sent between a computer and server, as well as companies that have not enabled it in their tracking tools.

Documents leaked by former U.S. National Security Agency contractor Edward Snowden showed the spy agency was using cookies in order to target users, according to a December 2013 report in the Washington Post. Cookies are small data files created by online trackers that are stored within a person's Web browser, recording information such as a person's browsing history.

The Chrome extension, called TrackerSSL, alerts users when a website is using insecure trackers and gives them an option of tweeting a message to the website letting it know of the issue. TrackerSSL was created by Open Effect, a digital privacy watchdog, and Citizen Lab, a technology-focused think tank at the University of Toronto.

"As demand for secure technology grows, most websites will not be able to protect their readers unless they stop using insecure ad trackers," wrote Andrew Hilts, executive director of Open Effect and a research fellow with Citizen Lab.

TrackerSSL shows a list of trackers embedded into a website. Websites that don't use HTTPS show more warnings, as some trackers would be more secure if it was used.

Other trackers simply don't ever encrypt data transmissions, which puts users at risk that data could be intercepted and misused.

"For content-driven websites such as online newspapers, such snooping can take the form of what's known as 'pattern of life analysis'," Hilts wrote. "Analysts may compile the web browsing history of a target and build the profile of a target by inferring from the target's lifestyle, demographics, political views and more."

For the best security, both the website and the individual trackers should use HTTPS. It's a tall order, especially for sites that use many trackers, and HTTPS can be tricky to set up sometimes. Hilts wrote that "if just one out of a dozen third-parties on a website do not use HTTPS, then a gaping security hole is left open."

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Citizen LabsecurityencryptionOpen Effectprivacy

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?