Privacy-Enhancing Browser Extensions Fail to Meet User Needs, New Study Finds
“The goal of this study is not to compare extensions specifically but to come up with a standardized benchmarking framework that addresses all user concerns so that the user can make informed decisions,” said Roongta. “As extensions evolve with every update, they might over- or underperform in different metrics at different times.”
The new measurement methodologies the researchers applied painted a mixed picture of the extensions they studied. While extensions like uBlock Origin optimized performance overheads well, most others like ABP exhibited significant CPU and memory overheads. Privacy Badger blocked ads and third-party trackers effectively while Ghostery struggled with them.
“Most of our analysis shows ABP needs to improve on metrics,” said Roongta. “That’s because it whitelists certain ads to show to the users. While this new dimension is often perceived critically by the users, it is important to sustain a free Internet. It will be interesting to see how user preferences change as these standards evolve with the advertiser policies over time and the system gets better so that the overhead caused by the extensions is negligible.”
The study highlighted instances of potential permission abuse and non-compliance with data protection regulations by some of the evaluated extensions. It provided recommendations for extension developers to enhance transparency around data practices.
The research underscores the pressing need for more rigorous analysis and systematic benchmarking of privacy-preserving browser additions that millions entrust with their online data and browsing experience daily. It contributes to Greenstadt’s body of research that explores what happens when people try to use privacy-enhancing technologies and how the Internet responds.
The following chart shows the new and re-assessed metrics the NYU Tandon researchers introduced to evaluate browser extensions, as presented in From User Insights to Actionable Metrics: A User-Focused Evaluation of Privacy-Preserving Browser Extensions.
|
User Concern |
Measurements |
|
Performance |
RAM usage: measure of the RAM used by the extensions during website loading. |
|
|
CPU usage: Measure of the CPU cycles used by the extensions during website loading (studied before but researchers re-assessed with enhanced measurement methods) |
|
|
Data Usage: Measure of the disk space used by the extensions during website loading (studied before but researchers re-assessed with enhanced measurement methods). |
|
Web compatibility |
Ad-Blocker Detection Prompt: the number of websites that either employ javascript to detect the presence of an ad-blocker extension, or display a prompt asking the user to disable their ad-blocker. |
|
Unable to Load: websites taking longer than 60 seconds to load when the extensions are present. |
|
|
Data and Privacy Policy |
Permissions: evaluation of the extra permissions requested for the actual functioning of the extension. |
|
|
Privacy Policy: evaluation of the privacy policies of the extensions. |
|
Extension Effectiveness |
Ads: the extension’s ability to block third-party trackers. |
|
Default Configurations |
Default Filter Lists: set of rules to identify and block various web content like advertisements, trackers, and other unwanted elements from being loaded or displayed. |
|
|
Acceptable Ads: ABP filterlist that allows certain advertisements to appear that adhere to acceptable ad standards. Acceptable Ad Standards. |
Rachel Greenstadt is Professor and Interim Director of the Ph.D. Program at the NYU Tandon School of Engineering. The article was originally posted to the website of NYU.
