Detect and block tracking pixels

[pritha90]

Identify and block the presence of tracking pixels in emails opened using the browser.

[n-sayenko]

Can PB just blacklist known email tracker domains? Or should this be a toggle feature with a button and some indicator that it is working in emails? I found a list of trackers and am thinking you can stop 1x1 img from downloading if it comes from that domain?

Anyway, I want to work on this, but don't know which way PB wants to go re: blacklist vs visible toggle button

[ghostwords]

As a matter of principle, Privacy Badger must not maintain blacklists. This makes our job harder.

This feature would probably be a new kind of tracking heuristic where Privacy Badger would decide whether certain image resources were tracking pixels (tiny image dimensions with a non-trivial query string?) and then learn to block the domain (probably) the pixels are served from. This might be the same task as #367 (comment).

[ghostwords]

Related: #1635.

[troy-lamerton]

I'm going to have a go at implementing this.

@ghostwords

non-trivial query string

What decides if a query string is non-trivial?

Possible conditions:

• number of parameters >= 3
• query string length > 120
• a parameter key containing "id"

[ghostwords]

Since there is so much overlap between #2088 and this, should we put a hold on this issue for now? @bcyphers already opened a PR.

What decides if a query string is non-trivial?

I was thinking of reusing either our HTML5 local storage entropy estimation function or the one for cookies.

The main technical obstacle with general-purpose pixel detection seems to be that there doesn't seem to be a way to get image dimensions from inside chrome.webRequest listeners. That might be fine, we could just go by querystring contents. I think #2088 is about taking querystring values and comparing them to known tracking values (retrieved from cookies).

[bcyphers]

Yeah, this is tough. I think we need to update the entropy function (per #2088), and after that it might be worth applying the same kind of heuristic to email pixels.

@ghostwords I think querystring contents alone are fine; a tracker is a tracker whether it's attached to an invisible pixel or a banner graphic. To be less invasive, we could just try stripping off high-entropy query params from image requests in emails.

[ghostwords]

Relevant study: "I never signed up for this! Privacy implications of email tracking" (from Proceedings on Privacy Enhancing Technologies 2018)