Understanding Sushi Browser’s Tracking Protection

Understanding Sushi Browser’s Tracking Protection

Kura introduced tracking protection into Sushi Browser in version 0.8.0. This is similar to but different than an advertisement blocker, which was introduced into the browser in an earlier version.

In order to understand what tracking protection is, let’s define what tracking is. Tracking is the means by which an external party, whether advertisers, marketers, or some other entity, use metrics provided by analytics platforms to understand how users interact with their apps and websites. This subsequently can allow analysts and IT professionals to maintain their platforms and advertisers and marketers to better target users to increase sales. When we hear tracking, we usually think of the latter scenario first because of advertisements.

You can think of it like this. To maintain a site’s performance, an IT professional could only use an analytics tool’s page view- and visit-based metrics. They can make it so that a special page view metric only triggers when a user lands onto a 404, 500, or other error page. If they see a lot of instances of these error pages in an analytics report, they then can determine the parts of the site which are breaking and resolve them. Sales and marketing professionals’ highest priority arguably is profit-oriented. Therefore, they have to understand why the users are performing various actions on their platforms, and this can happen at the user-level. User-level information includes IP addresses, email addresses, payment information, and cross-platform user identification through cookies.

To see how tracking works, you can use your browser’s developer tools, specifically the network tool. The shortcut to open this is Control + Shift + I or Control + Shift + K on Chromium browsers. While the network tool is open, load any page. I’m using Sushi’s releases page on Github for this example.

You’ll see some calls or requests that the tool notices. The analytics ones are sometimes easy to identify. Github’s tracking has a request named collect.

Sushi Browser: Tracking Protection Off

The request’s details show that Google Analytics is making the request, and the request payload contains the information that is being sent.

Sushi Browser: Tracking Protection Off Details

Requests’ naming structure can vary. Rather than have a simple name, they sometimes use the request URL for identification.¬†Using another example, an alternate name for the request could be “collect?v=1&v=j66&a=10684…” as the following screenshot demonstrates. (I hid information that would easily identify the company I used for this.)

Sushi Browser: Tracking Protection Off - Query String Parameter Example

This is based on the headers that are sent in the request URL. The Query String Parameters section usually parses the URL into readable variables set by Google Analytics by default and the marketers’ own variable solution. You can also click “view source” or “view URL encoded” to see how the parameters would look encoded in a string or only encoded, respectively.

Sushi’s tracking protection blocks these trackers by canceling the request. You can enable the setting by going to Settings > General > Protection >¬†Enable Tracking Protection (e.g. Google Analytics).

Next, let’s check the Preserve log checkbox at the top-center of the developer tool and reload the page. You can see that the second collect request is red. Resize or hover over the column to confirm that it has been canceled.

Sushi Browser: Tracking Protection Off and On Comparison

Click on such a request, and you can see that the Request Headers section contains less information because those relating to Google Analytics are not available, and the Response Headers section is not there.

Sushi Browser: Tracking Protection On Details

I’ve found that this works well enough for at least most Google Analytics requests. However, the tracking protection appears to not be able to detect and cancel requests from Adobe Analytics. For this, I’d recommend using an adblocker like uBlock Origin if you want to block all trackers. A tracker blocker like Privacy Badger also would work, but there may be compatibility issues where opening a private or session tab causes erroneous tabs to spawn.

I would say that Sushi’s current tracker blocker is a good start. It can only block some request types, like those from Google Analytics, for now, but it is better than not having anything. Still, install uBlock Origin or the like if you want to block all trackers (and advertisements, simultaneously). Brave Browser’s tracker blocking certainly is better by design, given that that is one of Brave’s main priorities. While it uses much of the same underlying technology as Brave, Sushi’s main priority is multi-panel functionality. I believe Kura recognizes that and understands some users, some of whom have likely heard of or used Brave, want to have as much protection of their privacy as possible while having this functionality, and that’s why there is Chromium extension support to help with this.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s