When you visit a website or post on social media, you’re not the customer—you’re the product. So many things seem to be freely available on the internet, but the currency you pay with is your privacy. If that fact bothers you, if you’d rather play your cards closer to the vest, TrackOFF Basic 4.0 has a uniquely powerful way to foil advertisers and other trackers by varying your fingerprint (I’ll explain this below). If you’ve already given up on privacy, if you figure your life is an open book, you may not need it. But if you’re actually concerned about protecting your privacy online, TrackOFF can definitely help.
TrackOFF’s protection doesn’t come for free. There are few comparable products, but at $34.95 per year TrackOFF costs a bit less than the $39 per year you pay for privacy-focused Abine Blur. Blur goes beyond blocking trackers, with password management, disposable email addresses, and more. But a TrackOFF subscription gets you three licenses to Blur’s one.
The program automatically installs extensions for Internet Explorer and Edge, and walks you through the process of enabling its extensions for Chrome, Firefox, and Opera. Your estimated privacy score goes up as you accomplish this initial configuration.
Of course, I wanted the best privacy score; 70 percent didn’t seem so good. Fortunately, TrackOFF makes the path to a better score very clear. Enabling automatic cookie clearing in all my browsers raised the score. Scheduling that automated clearing for once per hour brought it to 100, the maximum. But before I dig deeper into the product’s functionality, a little background is in order.
Tossing Your Cookies
At its very simplest, your browser’s interaction with a website is like a conversation with Dory, the blue tang from Finding Nemo. Your browser sends an HTTP request, the website responds to the request, and then it immediately forgets you. If your browser sends another request, it’s a whole new interaction. Therein lies the potential for much frustration. You’ve just entered your screen name on a webpage; you don’t want to enter it again when you click to another page on the same site.
Cookies were an early solution to this problem. A cookie is a text file that resides on your computer. The website that created the cookie can read back the data it contains, but other sites can’t touch it. This lets a site remember you as you surf among its different pages, or leave and come back for another visit. Since the cookie only contains data that you willingly gave to the website, it doesn’t sound like a privacy problem.
Modern browsers include a setting to block the use of third-party cookies, but it doesn’t really matter. Advertisers already moved on to using Silverlight cookies, self-repairing evercookies, and a host of other technologies to track you.
Your Online Fingerprint
All the cookie solutions I mentioned depend on maintaining a file (the cookie) on your PC. However, new fingerprinting techniques eliminate the need for any such file. Your browser reveals a huge amount of information about itself and your PC to any website that asks. What extensions have you installed? Which fonts are available on this device? What is the precise version of the browser? The OS? Trackers now use algorithms that process this data into a fingerprint that uniquely identifies you.
One thing that’s not required to identify you with a unique fingerprint is your IP address. You can install the best VPN in the world and use it to spoof your IP address so that you appear to be in Timbuktu, but doing so doesn’t change your fingerprint. There are plenty of virtues to using a VPN, but it won’t fool this fingerprinting technique.
For the last year or so, I’ve participated in a study on fingerprinting conducted by the computer science department at Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU). This study simply uses common fingerprinting techniques to periodically check each participant, and reports on a weekly basis how many different fingerprints they’ve found for you, and how many were unique, not matching any other participant. If you have any interest in this topic, I encourage you to click the link and sign up.
So far, the study has never once reported a fingerprint matching any of the other thousands of participants. To put it another way, my fingerprint identifies me uniquely. It does change from time to time, but the unique identification lasts long enough for websites to take advantage of it.
The HTTP standard includes a header element that tells websites you don’t want them to track you, but it’s toothless. Sites can ignore it with impunity, and many do. Twitter recently announced it was dropping support for the Do Not Track header.
Products like Abine Blur and the Electronic Frontier Foundation’s free Privacy Badger take an active approach to Do Not Track, blocking all access by URLs associated with known trackers. Note that in addition to advertisers, these can include web analytics tools and social media buttons. Yes, when you visit a page that has a Facebook “like” button, Facebook knows—even if you don’t click on it!
Tracker blocking is one of the many privacy-related features of Steganos Privacy Suite 18. The toolbar installed with AVG AntiVirus Free includes a similar active Do Not Track feature, as does Kaspersky Internet Security.
The principals at TrackOFF point out that the wholesale URL blacklisting used by Blur and others can interfere with the user’s browsing experience if not done perfectly. In addition, any blacklist requires maintenance and constant updating. In a sense, the blacklisting solution is like an antivirus that can only find malware it already knows about, while the TrackOFF solution is like a modern antivirus that detects malware based on its behavior.
Fooling the Fingerprinters
The basic concept behind TrackOFF is simple. Fingerprinting algorithms gather reams and reams of data to boil down a fingerprint specific to your computer. But every 30 to 60 minutes, TrackOFF makes some changes to that data—nothing that matters to your computer’s operations, but enough to give you a completely different fingerprint. Note that while browser fingerprinting works on any platform, TrackOFF at present works only on Windows and Android. I evaluated the Windows edition for this review.
I installed the product and used the FAU research site to check my fingerprint. Indeed, the site reported that my fingerprint was not only unique, it was brand-new. In fact, every time I pressed Ctrl+F5 to completely refresh the page, it reported yet another new fingerprint. I found that slightly odd, because TrackOFF itself didn’t report spoofing a new print each time.
My contacts at the company explained that TrackOFF watches for attempts to collect a fingerprint in real time. If it detects such an attempt, it makes minor changes to the reported data, enough to fool the fingerprinter, but not as much as a full update. Beyond that, I can say no more; the details are naturally proprietary.
You may have heard that the administration recently gave ISPs permission to aggregate and sell your data. This is a situation where fingerprinting isn’t relevant. The ISP knows who you are—you’re the one who pays the bill each month and gets an internet connection. In addition, my TrackOFF contacts point out that that an over-enthusiastic ISP could conceivably use fingerprinting to distinguish different users within your home network. In this situation, a VPN does help. When you use a VPN there’s no way for the ISP to sniff or snoop your encrypted internet traffic.
Hands On With TrackOFF
I hope you learned something from my lengthy introduction. The topic is uncommon enough that without some background, it’d be tough to understand what this product does. Fortunately, TrackOFF itself is easy to use.
The main window’s home screen is a dashboard that puts everything at your fingertips. You can see the last three potential tracking attempts, the sites that have triggered the most tracking warnings, the total number of cookies tossed, and the date of the last time you cleared browser data. This is also the location of the privacy score that I mentioned earlier. If it’s not at 100, you can click a button to learn what actions raise the score.
On the Browsers page, you can see which browsers have TrackOFF’s fingerprint protection add-in installed and enabled. If it’s necessary for some reason, you can temporarily disable protection for any of the browsers here.
Click My Tracks to manage cookies and browser data. As noted, enabling scheduled cookie clearing raises your privacy score. For the very best score, you must clear cookies every hour. If necessary, you can exempt certain websites from cookie-clearing, but doing so lowers your score. You can also click a button to clear eight kinds of browser data that could reveal your web-surfing habits. Note that you can do the same thing directly in all modern browsers by pressing Ctrl+Shift+Del.
When you search the web using one of the big search portals, you’re giving away a lot of information. The portal can see what you’ve typed even if you never actually make the search—that’s how it offers suggestions while you’re typing. Maybe that doesn’t bother you, but if you’ve read this far in a review about a product that’s strictly aimed at protecting privacy, maybe it does. From TrackOFF’s Private Search page, you can launch searches on Duck Duck Go, which celebrated 10 billion anonymous searches earlier this year.
Note that Duck Duck Go is just one of many options for anonymous searching. The iCloak Stik, which lets you boot into a completely private environment, relies on Disconnect Search. Epic Privacy Browser gets results from major search engines, but it strips out referrer data and routes searches through a proxy to protect your privacy.
When TrackOFF detects what seems to be an attempt to fingerprint you, it pops up a small notification. On the Reports tab, you can view these potential tracking attempts. Another tab simply logs each time TrackOFF changed your fingerprint; in the first eight hours I used the product, it made 13 such changes.
You’re free to review all the information TrackOFF gives you, but you’re not required to do anything about it. Once you’ve finished the initial setup, you’re covered. Every 30 to 60 minutes it changes the data that websites draw on to fingerprint you, in ways that baffle them but make no difference to your computer. When it detects an active attempt at fingerprinting, it pops up a transient notification, but you don’t have to do anything about those. You can set it and forget it.
For the Elite
As noted, you get a different kind of privacy when you run your web traffic through a VPN. For those who want everything in a single package, TrackOFF Elite 4.0 includes all the privacy protection in the Basic edition, reviewed here, and adds full-scale VPN protection.
The incremental cost for upgrading to Elite is $25 per year, or a little over $2 per month. That compares quite favorably with standalone VPNs, most of whose prices are in the range of $6 to $12 per month. We’ll know more about the VPN component once my colleague, Max Eddy, has a chance to put it to the test.
What Would You Pay?
TrackOFF Basic won’t protect you from ransomware, or keep viruses out of your system. It’s laser-focused on protecting your privacy. You can use it for mundane tasks like clearing cookies or deleting browser data, and you can launch anonymous searches from within the application. But the heart of the product is its ability to foil attempts to track you based on your browser fingerprint, a unique technology that I haven’t seen in any other products.
Whether it’s worth the price is totally a matter of how much you value your online privacy. If that’s a high priority for you, you really should install TrackOFF and use a VPN, or consider TrackOFF’s Elite edition, with VPN included.