Blacklight - a website privacy inspector

amarok · January 20, 2025, 11:59pm

Great privacy tool: Blacklight – The Markup

Input any web address or specific page at that address; Blacklight analyzes it for trackers and “sharing,” (i.e. surveillance & clandestine reporting) behavior.

FranklyFlawless · January 21, 2025, 12:33am

amarok · January 21, 2025, 12:46am

Not particularly related, in my opinion.

FranklyFlawless · January 21, 2025, 12:52am

Both resources are third-party auditors.

irvinewade · January 21, 2025, 7:00am

Do you have some examples of bad sites that you discovered?

The state broadcaster here, abc.net.au, came up pretty smelly.

Also take note of

Some websites may be using a bot detection tool that identified Blacklight as a bot and so did not fire the trackers.

That is, there can be evasive action by snooping websites. That said, most websites seem to be shameless i.e. they wouldn’t bother.

FranklyFlawless · January 21, 2025, 1:51pm

The Guardian:

It’s FOSS:

SLNT:

Avocado Green Mattress:

HEATONIST:

TELUS:

Rogers:

Freedom Mobile:

RedFlagDeals:

KOHO:

Here are a few that managed to evade full detection:

Everlane:

LowEndTalk:
- LowEndTalk

None of these are actually “discoveries”.

amarok · January 21, 2025, 3:43pm

These are pretty bad, especially the last one:

arstechnica.com
alibaba.com
netflix.com
webmd.com
mayoclinic.org
npr.org
rollingstone.com
weather.com
redpocket.com (a U.S. MVNO)

It’s helpful to be able to match particular tracker domain names with their egregious functions… so they can be specificaly banned in NoScript.

amarok · January 21, 2025, 4:23pm

Note that some sites are even worse after you log in (e.g. streaming services, shopping sites, etc.). I’ve seen (thanks to uBO) something like 800-900 scripts of various kinds trying to run at once when I’m using MHz Choice (international TV programming).

FranklyFlawless · January 21, 2025, 6:44pm

KOHO practices that abusive behaviour, and it was the exact reason why I immediately chose to terminate my financial account with them once I found out, further fueling my mission to become unbanked.

irvinewade · January 21, 2025, 10:31pm

LOL. That’s pretty unimpressive. They do at least disclose their badness under “policies”.

PS You should suppress the oneboxing, one way or another.

Yes, Blacklight itself makes that observation on their website. If you are “anonymous”, you can’t be deemed to have consented to all this **** but once you have logged in, they can attach consent to your account / identity, whether explicit or implicit.

On a more general note, I am wondering how this overlaps with Privacy Badger and/or whether Privacy Badger ought to be extended to cover more forms of abuse. Privacy Badger is obviously better in the sense that it runs all the time (for every website you visit) and puts a concise red flag on your browser window - rather than your having to make a special effort to check out how crap each website is.

Privacy Badger also gets the real view of the website too e.g. will defeat any bot avoidance and e.g. will take into account whether you are logged in.

FranklyFlawless · January 21, 2025, 10:59pm

I stopped using Privacy Badger, among other web extensions, after reading @arkenfox’s user.js wiki:

Wiki page 4.1-Extensions | arkenfox/user.js - GotHub (on my GotHub instance)

irvinewade · January 22, 2025, 12:57am

OK, but let’s say a person is running Privacy Badger …

Also, there is a difference between preventing tracking and wanting to know how abusive a web site is.

For example, Privacy Badger tells me that a web site uses googletagmanager.com and that Privacy Badger blocked it but I know that googletagmanager.com is blocked at the DNS level anyway and hence the actual abuse is always going to be prevented regardless of what the browser does. But I would still like to know about it.