Over the past decade, advertisements and behavioral tracking on the Internet have become evermore prevalent, with privacy advocates long calling it invasive. To counter this privacy invasion, privacy advocates and expert users have been relying on web browser extensions to limit being tracked or being exposed to advertisements, for example through ad blockers or anti-tracking extensions. Yet, the most popular browser, Google Chrome, is developed by the largest advertisement company in the world. Indeed, this fundamental conflict of interest between developing a browser, a user agent, and violations of users’ expectation of privacy through tracking has been a topic of extensive debate. Recently, it gained even more attention because of Google’s proposed change to “improve Chrome’s browser extension performance and privacy,” which fundamentally changes how extensions can inspect and modify web requests, limiting or even preventing the majority of privacy-focused extensions from working as intended.
In this talk, we investigate how eight popular browser extensions that focus on improving user privacy affect browser and system performance for the two desktop browsers with the highest market share, Google Chrome and Mozilla Firefox, and how they fare against no extensions. We evaluate if privacy-focused extensions may not only improve user privacy, but may also improve user experience based on intuitive metrics like websites’ page-load times, number of fetched resources, as well as response sizes, which we measure from two vantage points, one in the United States and one in Germany. Furthermore, considering the ubiquity of mobile platforms, we explore how these extensions could affect battery runtime by leveraging CPU time as a proxy indicator. Our results contradict Google’s recent claim that extensions inspect and block requests negatively affect browser performance. In fact, we show that a single privacy-focused extension can improve over no extensions on almost all metrics, and that even a combination of multiple privacy-focused extensions utilizing blocking request introspection may not negatively affect user experience.
Kevin Borgolte is a postdoctoral research associate in the Department of Computer Science and the Center for Information Technology Policy at Princeton University. His research interests span system and network security, currently focused on large-scale abuse on the Internet, protocol security, and security misconfigurations. Recently, he started participating in the Internet Engineering Task Force (IETF) to inform and contribute to the development of the Internet’s open standards. He is a member of the Shellphish Capture the Flag team, and he won third place overall in the DARPA Cyber Grand Challenge (CGC) with his colleagues from the Shellphish CGC team. Kevin holds a Ph.D. in computer science from the University of California, Santa Barbara, a M.Sc. from ETH Zurich, Switzerland, and a B.Sc. from the University of Bonn, Germany.
In an effort to support sustainability at our events, attendees are encouraged to bring reusable items for their personal use.