A few days ago, Jeff wrote a post encouraging WordPress plugin developers to be more transparent about trackers they apply to your website via their extensions. He referenced Pooria Asteraky’s discovery that a social sharing plugin had applied 13 trackers on a vanilla installation. This is no surprise, really, as a site owner installs social sharing plugins with the express purpose of sending information out from the website via Javascript or some other means.
Otto left a comment on the original post, clarifying which trackers might indeed be harmful or unwanted. He said, [pullquote]”Our primary concern in this regard would be plugins that do things without the consent or without the knowledge of the website owner.”[/pullquote] This is an important distinction to make, as many trackers perform a welcome and valuable service, such as Jetpack stats, Gravatar or Google Analytics. The trackers you want to hunt down are those that collect information about users or activities on the site without consent.
Let’s hunt trackers!
Since plugin authors may not always be transparent about what kinds of trackers their plugins install, especially if they’re not hosted on WordPress.org, site owners need some way to sniff these out. That’s where a free tool like Ghostery comes in handy for finding out what services might be communicating to and from a website. It operates as a browser extension and there are versions available for Firefox, Opera, Safari, IE, iOS and Firefox for Android.
Here’s an example of what it looks like when I installed it to Chrome, which was painless and instant.
Once installed, the extension looks for third-party page elements (or “trackers”) on the web pages you visit and displays them in the corner of your browser. It verifies these trackers against Ghostery’s extensive library of more than 1,700 trackers and 3,400 tracking patterns, including beacons, advertisements, analytics services, page widgets, and other third-party page elements.
Get the Details Behind the Trackers
If you suspect that a plugin might be “phoning home” from your website, inserting ads or invisible pixels for tracking, Ghostery gives you a quick way to track down the tracker and find out who is behind it. It’s not just for use on your own website – you can check out other sites as well. Here’s a quick example run on a WordPress.org plugin page:
You can click on each individual tracker to see the URL and find out more information. For the most part, you’ll see a harmless list like the one above. The Ghostery tool comes in handy if you feel that you may have been hacked or have noticed some suspicious activity on your site. The information Ghostery provides will help you to investigate your plugins and/or themes to find the culprit. It’s also useful for inspecting other sites for a small window into their third-party connections.
Block Unwanted Trackers
Ghostery also lets visitors block trackers based on the type of function they perform or on an individual basis. This is particularly useful if you want to block trackers that violate your privacy by collecting your behavioral data.
The ultimate goal here is to use Ghostery to find more information about invisible trackers and control your privacy online. Though it has a broad use outside of WordPress, Ghostery provides a first line of defense for finding plugins that “phone home” and using that knowledge to disable them and report on their activities.
Thanks Sarah, I’ll add it now.