Privacy online: prevent tracking using Adblock Plus' site-specific filters

There are companies - Google, Yahoo, Amazon and Facebook being some of the more reputable ones - that provide services which are embedded in millions of web sites. There are also companies that use code embedded in websites to track your movements around the web. Sometimes those companies overlap.

Adblock Plus, a Firefox extension currently developed by Wladimir Palant, uses rules to prevent certain content from being loaded in a web browser. Some of those rules are specific for content loaded from certain domains.

For example, if Adblock Plus prevents content from google-analytics.com from being loaded, Google can't use their Google Analytics script to track which websites you visit. Adblock Plus can block content from connect.facebook.com, preventing Facebook from using their Connect script to track which websites you visit, or images and scripts from flickr.com, preventing Yahoo! from using embedded Flickr photos to track which websites you visit.

The list of tracking URLs is large, and those that are used purely for tracking or advertising are covered by the EasyList subscription (Adblock preferences > Filters > Add filter subscription...). However, automatically blocking Facebook Connect, Flickr images or YouTube videos would alter the main content of web pages, so those aren't included by default.

The problem has evolved, as Google and others have started to host Javascript libraries on their servers for any site to use. There's www.google.com/jsapi (handily served from www.google.com so they can read your login cookie) and third-party libraries like jQuery served from ajax.googleapis.com. Yahoo! serves its YUI Javascript and CSS libraries from yui.yahooapis.com.

To maintain privacy, while allowing the sites you use regularly to function, it needs to be possible to block some files from loading on most sites, but still allow them to load on others.

Luckily, in Adblock 1.0.1, there's a new feature: site-specific filters:

|http://ajax.googleapis.com/*$domain=~hubmed.org

The filter above means "block content from ajax.googleapis.com on all sites, but allow it to be loaded on hubmed.org".

There isn't much of a user interface for configuring these filters yet (NoScript's contextual menu for allowing/forbidding scripts from certain domains is probably the right direction to go, with an extra "on this domain" option), but hopefully there will be as people realise how much they're being tracked.