Protecting the Privacy Product

September 8, 2010
Share on LinkedInTweet about this on TwitterShare on RedditShare on FacebookShare on Google+

Collectively, the last few years have been one long coming-out party for online privacy.  The FTC held well publicized privacy roundtable discussions. A highly visible online privacy bill was introduced in Congress (and several others followed behind it). Facebook and Google got caught up in a media privacy frenzy. The the Wall Street Journal released a series of articles about online privacy, and (in perhaps the most obvious indicator of how mainstream privacy has become), Stephen Colbert dedicated his “The Word” segment to protecting your online identity.

In most ways, this is great news to online privacy advocates. Finally, average everyday internet users are becoming concerned about their data and how it’s being shared, and that new-found focus can only lead to big strides in privacy education and protection. But it’s also true that attention brings opportunity, and you can expect commercial efforts to attempt to capitalize on this new hot privacy topic – not always with users’ best interests in mind.


Generally speaking, it’s smart to be skeptical about these things. Online marketing and data sharing was a little like the economy’s wild west for a time, and many users have emerged from that era reasonably gun-shy.  At Ghostery, we heard these concerns pretty clearly when we were purchased by Better Advertising (now Evidon). Red flags went up all over the place from users worried that we were somehow using a privacy tool to invade user privacy. We took steps to explain our intentions, and overall people seemed to understand our mission and find it acceptable. But with this new general curiosity about online privacy has come an influx of new Ghostery users, and we thought it was time to break down GhostRank, our relationship with Evidon, and our mission to help educate and empower users across the web. What follows is a one-stop description of how it all works together, an answer to the (invalid) criticism that “Ghostery is owned by an advertising company”, and transparent layout of our business model.  The short version goes like this:

Ghostery is free to use, but it’s not free to maintain and make better.  We’d really like you to participate in GhostRank, because it’s safe for you and it’s how we support our nifty little browser plug-in.

Now let’s break that down.

Ghostery is free to use, but it’s not free to maintain and make better.
This part isn’t hard to understand. Ghostery is free, it’s built to be free, and we don’t have any plans to make it anything but free.  Our highest priority is to help educate users and the best way to do that is to keep the information open and free to access.  That information is in the form of a company database that contains hundreds of entries, and that takes a lot of upkeep to maintain. New online advertising and data trading companies pop up all the time, and existing companies continually add to their current functionality. We do our best to make sure our database stays comprehensive and accurate while keeping up with those changes.  We’ve built and support Ghostery in Firefox, Chrome, Internet Explorer, and Safari (coming very soon).  And we’re always working to make Ghostery better, both by building a stronger and faster code base and with new features to enhance a user’s ability to understand and control their data online.  None of that authoring and maintenance is free, so how do we do it?  That’s where GhostRank comes in.

We’d really like you to participate in GhostRank, because it’s safe for you…
GhostRank is the opt-in feature you’ll find under the red “PLEASE READ THIS CAREFULLY” text in the Ghostery options menu. Enabling GhostRank means that you anonymously participate in an information-gathering panel designed to improve Ghostery performance and create a census of advertisements, tracking beacons, and other page scripts across the web.  Let me explain.

Huffington Post Screenshot

Ghostery notification on

Here’s an example of a GhostRank data record sent from my computer earlier today:

What follows is an outdated version of our Ghostrank logging process. For the most recent breakdown, please see this post.

Now let’s take a look and the different elements in that record and what they’re telling us at Ghostery central:

  • bid=88 – this is the “bug id” in our database.  In this case, we’ve encountered bug #88.
  • – this the “bug name”.  In this case, the script is from the company “”
  • – the URL on which the bug was found.  I was checking out the Huffington Post homepage.
  • bl=false, blm=-1, bs=false – a run-down of blocking configuration.
    Was the bug blocked? (It was not.)
    Is blocking enabled? (It is not.)
    Was the bug selected in the blocking list? (It was not).
    These would all indicate that the script was blocked, of course, if I had blocking enabled.
  • v=2.3 – that’s the version of Ghostery I’m running.
  • ua=firefox – my “user agent”, or browser.  I was using Firefox.
  • rnd=9375251 – a random number to help us identify unique GhostRank records.

That’s it.  We know that on a given day at a given time, some Ghostery user (running v2.3 in their Firefox browser) encountered script #88 on the home page of Huffington Post. We don’t know who that Ghostery user is, and we don’t store any kind of unique identifier about the user – no usernames (which don’t even exist), no browser cookies, no Flash cookies, IP addresses, nothing. Nobody would have even known this record came from me, a Ghostery team member, except now that I’ve blabbed about it on the blog.

That’s why we say that enabling GhostRank is safe for you – because there’s no “you” involved. We only care about this data in aggregate, meaning that we’re only interested to know that some users saw a given script on a given site.  There is no value at all for us in knowing which user, and we don’t have any way to figure that out in any case.  So why do we care at all?  Great question.

…it’s how we support our nifty little browser plug-in.
Ghostery is owned by Evidon, which despite its earlier moniker “Better Advertising”, is NOT (and never was) an advertising company.  Evidon doesn’t sell ads, create ads, or deliver ads.  It doesn’t help target ads, optimize ads, or localize ads.  It doesn’t collect information about ad interaction.  It doesn’t print ads in newspapers or on billboards… really, it’s not at all about the ads themselves.  What Evidon does do is help advertisers and networks comply with industry standards for the use of data while advertising.  Online advertisers aren’t clueless – they know that users tend to find behavioral advertising a little creepy.  So along with following the FTC’s principles for online behavioral advertising, they’ve created their own self-regulatory standards. These efforts represent a big step in the right direction to give users the information they need to make decisions about their online advertising experience.  Evidon provides technology to help advertisers and networks meet those standards, and gives them reports to illustrate that they’re complying across the web.

That’s where the GhostRank panel comes in.  Ghostery can detect all sorts of scripts – including delivery code from ad servers and the behavioral notice script (the little “Ad Choices” icon that you might already be seeing around the web).  GhostRank records can be compiled into reports that indicate whether or not advertisers are providing this notice. These reports also help companies understand where their scripts are appearing – something that is surprisingly difficult to determine at times. Companies find this information very valuable, because the US Federal Trade Commission has been vocal about the close eye that they’re keeping on the industry.  So without giving up any kind of personal information, Ghostery users are advancing a system where those who perhaps could do wrong pay for a tool that helps make sure they don’t do wrong. Not only does this provide enough resources to keep Ghostery up and running, but we’re very proud of this business model. Who else should pay for policing online ad companies, besides online ad companies?

In addition to those companies, Ghostery also provides this data to the Better Business Bureau and other organizations working to make sure that there are consequences when companies don’t live up to these standards.

Besides providing revenue for Ghostery and working to enable a more transparent online advertising ecosystem, we also use GhostRank data to keep an eye on Ghostery performance and publish reports like this recent one from Adam.

Don’t forget, it’s opt-in.
Hopefully, this sheds a little light on things, and you’re feeling comfortable with the idea of opting-in to the GhostRank panel.  If not, we get it.  There are more than a few bad-actors out there, and we know that users are particularly careful when it comes to their privacy.  You can use Ghostery, fully featured, for free, without sending any information back at all.  You’re not part of the panel, and that’s a bummer, because we could use your help – but we’re not going to require that you help us in order to use Ghostery.  Ghostery is primarily about enabling transparency, whether or not you choose to participate in GhostRank.

Dig a little deeper.
There a couple of ways to check up on us.  First, read our privacy policyterms of use, and FAQ.  You’ll find that everything I’ve spelled out here is echoed there.  Secondly, Ghostery’s code is not at all obscure.  If you’re technically inclined, feel free to look under the hood and see for yourself how we send GhostRank data. You can also use a header request inspector (like HTTPFox for Firefox) to view all the requests a page makes, including the requests we send.

We’re working hard to make sure Ghostery stays at the top of your list of must-have browser add-ons.  We appreciate all the tweetsfacebook commentsforum posts, and emails – both positive and negative. Your feedback is invaluable as we work toward our goal of a more transparent web full of educated users. And as always, thanks for using Ghostery!

Happy Browsing,

Andy Kahl
Ghostery Product Manager

Share on LinkedInTweet about this on TwitterShare on RedditShare on FacebookShare on Google+

Tags: , , , ,

5 Responses to Protecting the Privacy Product

  1. Richard Outerbridge on July 20, 2012 at 6:24 am

    OK, but i still don’t understand. How do you folks, how can you folks, make money from helping me, a lowly consumer, avoid the advertisements and web-tracking bugs of your clients?

  2. Some Ghostery Clarifications… | countxyz on August 2, 2012 at 7:55 am

    […] as “GhostRank.” While Ghostery was on the defensive today on twitter, they provided this which clearly defines what GhostRank is: GhostRank is the opt-in feature you’ll find under the […]

  3. Karen Likes This... on August 5, 2012 at 3:30 pm

    This helps a lot, I’m a Terminal Cancer patient, and need to know how to stand, and when not to stand, ya know..? I’m also concerned, with the Needs I have, as a Cancer patient, therefore this is important to me, and thank you for allowing it to me, also. I’m just trying to “Find my way” as any Newbie, would and in my particular, Case. I’m not able to Lose if you get what I’m saying, and I need to keep what I’ve got. Thank you..

  4. Laurene on May 1, 2013 at 9:02 pm

    Hi there, yeah this article is in fact pleasant and I have learned lot of
    things from it on the topic of blogging. thanks.

Leave a Reply