Ghostery lists Adobe TypeKit as privacy threat

The Internet tracker blocking program Ghostery now lists Adobe TypeKit (a very popular font service) as a privacy threat. I read about this first on WUWT:

I’ve gotten a few complaints this week from some overly paranoid people that say they can’t see WUWT anymore in Firefox, but can in Safari. The problem seems to be related solely to a browser extension called “ghostery” which is somehow flagging Adobe Typekit (used to provide custom fonts on WordPress) as some sort of malware.

Ghostery is not malware blocking software (as you can read on wikipedia). It is software that protects you against tracking while surfing the web and IMHO you are not overly paranoid when you use it. In the comments somebody explains:

Font are very seductive tracking beacons. Honest people who would never consider installing a tracking beacon have no qualms about using served fonts, and there’s no difference between them. There is a lot of ignorance out there regarding data mining.

So maybe Ghostery is not listing Adobe TypeKit by accident? We see with Google Analytics that website owners are happy to pay for analytics with their visitors privacy. The same may apply to fonts (although TypeKit is not free). But before we accuse Adobe, let’s take a look at the Adobe TypeKit privacy policy:

In order to provide the Typekit service, Adobe may collect information about the fonts being served to your website. The information is used for the purposes of billing and compliance, and may include the following: …

So, one thing is for sure: Adobe TypeKit is in fact collecting data while serving fonts. This alone may be reason for Ghostery to block it. I did some research and verified that next to the font files TypeKit is loading a 1 by 1 pixel GIF image that has an URL like this:

In the privacy statement Adobe says they collect data “for the purposes of billing and compliance”, which seems reasonable. Also, the privacy policy has a list of data that they collect. None of the data on the list seems to be invading the privacy of the website visitor. So is this a big fuss about nothing? I’m not sure. If you pay close attention to the wording of the sentence you see that they chose to use “may include”. AFAIK “may include” does not imply “is limited to”. Also this “compliance” is not further specified. What do they need to comply with?

Can Adobe TypeKit be trusted to respect our visitors privacy? Probably they can, but even after reading their privacy policy I’m not 100% sure. What do you think? Should I take off my tin-foil hat?


Blocking Google and Facebook tracking using Ad Block Plus and Ghostery

abp_ghostery_iconsI was suprised to find out that both Google and Facebook were still tracking me after I installed “Ad Block Plus” with the “EasyPrivacy” subscription.

Facebook “like” widget not blocked on

I was on and I saw this little Facebook thingy:


I expected that to be blocked by “Ad Block Plus” because I subscribe to the “EasyPrivacy” list. I started Firebug to see that the iframe was there and that is was loaded from the Facebook website:


In the “blockable items” I verified that this widget was not blocked:


This was unexpected to me, so I began to dig a little deeper in the workings of “Ad Block Plus”.

Google AdSense not blocked on

On the Dutch news website ( I saw that Google was whitelisted (shown green). I quickly found the filter source by hovering the rule, it said “Allow non-intrusive advertising”:


I was not aware of me allowing any tracking, especially not from Google. The main reason I have this plugin installed is to keep Google away. So, as you can understand I was not happy. How come “Ad Block Plus” had suddenly (from juillet 2013 according to decided some advertisers were better than others? Also why did “EasyPrivacy” not protect me against Facebook?

After some searching I found that this filter (that was enabled during the 2.0 update of the plugin) could be triggered with an obscure checkbox:


This “acceptable ads feature” (as they call it themselves) is enabled by default as you can read in the “acceptable-ads” FAQ. Also, they are admitting that they are being paid:

…we are being paid by some larger properties that serve non-intrusive advertisements… – source

So what do you think? Has “Ad Block Plus” been paid by Google to unblock them? And why does the “EasyPrivacy” subscription not cover Facebook? Have they also been paid for that? (edit: The “Fanboy” subscriptions do block Facebook)

Ghostery to the rescue

I therefore decided to install Ghostery. This is another tool that promises to block tracking efforts. However, you must make sure that you configure it correctly:

  1. Options – General – Sharing options – Disable GhostRank
  2. Options – General – Blocking Options – Trackers – Select all
  3. Options – General – Blocking Options – Cookies – Select all
  4. Options – Advanced – Display Options – Select none
  5. Options – Advanced – Performance Options – Select all

Ghostery does not make a secret of their business model:

…it’s is made by an advertising company called Evidon … it is a Web tracking blocker that actually helps the ad industry – source

And remember, whenever you are not paying for a service, you are the product. So you better understand the business model behind these services. The business models of the “Ad Block Plus” and “Ghostery” plugins are (now) clear to me. This does NOT mean I endorse the use of these plugins. There are many arguments to use and also many to not use these plugins. Please  keep a critical mind and decide for yourself!