Everything is on the internet. Your business meetings, chats with relatives, food orders, entertainment…the list goes on. As you surf here and there, trackers watch your every move. If they can put together a profile of your interests, they can sell it, or hit you with targeted ads. Others may have more nefarious reasons to track you, like gathering personal info for an identity theft attempt. The many kinds of trackers put your privacy at risk. Norton AntiTrack aims to let you continue all your online activities without giving away anything to the trackers. It foils traditional tracking techniques, but with a light touch, so it doesn’t screw up your surfing. It handles high-tech browser fingerprinting techniques, too.
How Much Does Norton AntiTrack Cost?
This privacy protection doesn’t come for free. A Norton AntiTrack subscription runs $49.99 per year, currently discounted to $34.99 for your first year.
That pricing is almost precisely the same as for Avast AntiTrack, which performs a very similar service. Since Norton is in the process of buying Avast, I wondered whether the two products share a technology base. My Norton contact assured me that’s not the case, stating, “Norton AntiTrack is a brand-new product and codebase that we developed with different capabilities.” Note that at present, Norton AntiTrack is strictly a Windows product, while Avast’s product works under macOS and, to a lesser extent, Android. Note, too, that for an additional $10 you can install Avast’s product on up to 10 devices.
Of the few products in this niche, iolo Privacy Guardian costs the least. At $34.95 per year, its ongoing price is about the same as the first-year discount price of both Norton and Avast. In addition, that price lets you use it on every compatible device in your household. Unfortunately, Privacy Guardian didn’t fare so well in testing.
I should point out that the browser security extensions supplied with many antivirus and security suite products handle some of the same tasks as Norton AntiTrack. Specifically, they actively block traditional tracking systems, reporting on their activities in much the same way Norton does. Among the products with this kind of active Do Not Track system are Bitdefender Antivirus Plus, Avast Free Antivirus, and Kaspersky Internet Security.
Who Doesn’t Like Cookies?
There’s nothing about browsing a website that requires a continuous connection. Your browser sends a request to the server, the server returns a page of data, and that’s the end of the interaction. Technically. In real life, there are many reasons you want the server to remember you. You wouldn’t want a login prompt for each page on a secure site, would you? And it’s convenient that some sites remember your preferences between visits.
A designer at Netscape worked out a solution in the 90s, in the form of a “magic cookie” stored on the user’s machine, not on the server. Only the site that created the cookie can access its contents, at least in theory. And of course, nobody would misuse this technology…
Third-party cookies are where we run into trouble. A modern web page doesn’t come just from the site you requested. It pulls in advertisements and other components from third-party sites, and each of these sites can place its own cookie on your system. Not only that, but the same advertiser on a different page can also link the fact that you visited both those pages, or any pages where the ad appears. Cookies quickly become a means for trackers to build a profile that maps all your online travels.
Years ago, some pundits proposed a Do Not Track header for browser communications, a flag letting websites know that you do not want to be tracked. The World Wide Web Consortium (W3C) never accepted the DNT header, even though some browsers implemented it. It would have made little difference anyhow because it’s just a request. Advertisers could laugh it off and track you anyway.
That’s where the active Do Not Track systems I mentioned earlier come in. These systems identify trackers and block their access to your data. But that just escalates the war between privacy advocates and website trackers. The trackers create supercookies, self-repairing evercookies, and ever more persistent cookie-equivalents; and the privacy team finds ways to foil those. But all the cookie-like solutions must maintain a file on your PC. Then along comes a new technique called browser fingerprinting, which eliminates the need for that saved file, thereby making defense tough.
What Is Browser Fingerprinting?
Instead of trying to manipulate anything on your computer, browser fingerprinting makes use of the huge amount of information that your browser reveals to any website that asks. Which fonts are available on this device? What browser extensions have you installed? What is the precise version of the browser? What’s the screen resolution? Trackers now use algorithms that process this data into a fingerprint that uniquely identifies you.
One thing that’s not required to identify you with a unique fingerprint is your IP address. You can install the best VPN and use it to spoof your IP address so that you appear to be in Pottsylvania, but that doesn’t change your fingerprint. There are plenty of virtues to using a VPN; fooling this fingerprinting technique isn’t one of them.
Since its start in 2016, I’ve participated in a study on fingerprinting conducted by the computer science department at Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU). This study uses common fingerprinting techniques to periodically check each participant and reports each week how many different fingerprints they’ve found for you, and how many were unique, not matching any other participant. If you have any interest in this topic, I encourage you to click the link above and sign up.
So far, the study has never once reported that one of my fingerprints matches any of the other thousands of participants, meaning my fingerprint identifies me uniquely. It does change from time to time, but the unique identification lasts long enough for websites to take advantage of it. According to my historical data in the FAU study, I once had 263 days in a row with the same fingerprint.
If the trackers are simply harvesting information normally sent by your browser, not trying to save any files or run any code on your computer, what defense is possible? As it turns out, products like Norton AntiTrack offer a simple solution. They manipulate the data supplied by your browser in a way that doesn’t interfere with normal uses for that data, but that gives you a constantly (or at least frequently) changing fingerprint.
Getting Started With Norton AntiTrack
Getting this program installed is a snap, but installing the app is just the beginning. It can’t do anything until you also install its browser extensions for Chrome, Edge, and Firefox. The main window reflects this fact, displaying a warning red background until you take care of that essential task.
Once you have the extensions in place, you don’t need to do anything further with the app. It simply serves to gather and report statistics on what the extensions have accomplished. A status panel at left lets you know if the extensions need any attention. In the middle is a summary panel letting you know how many tracking attempts of various types the app has blocked. At the far right, another panel lists the sites with the most tracking attempts.
By default, the main window shows today’s stats. You can shift to see stats for the last 30 days, or for the whole time the app has been active. In addition, if any of the high-tracking sites catches your interest, you can click for details on just what types of trackers Norton blocked. In truth, though, you don’t have to look at the stats at all to get the benefit of this tool’s privacy protection.
Do Not Track Me
With the AntiTrack extensions installed in my browsers, I tried visiting a bunch of popular news sites, as this type of site always seems to have plenty of trackers. For each site, a numeric overlay on the AntiTrack browser button quickly counted the number of trackers.
Clicking the button opens a pop-up with a little more information. In addition to a large button repeating the tracker count, this pop-up includes links to exempt the site from tracker blocking, either once or always. That can be handy if you suspect that blocking trackers somehow screwed up the page display.
However, Norton makes a big effort to avoid interfering with the underlying page. If you do encounter problems, you can click a button titled Fix It. When you do so, Norton backs off from blocking access by the trackers, but instead feeds them false information. I don’t know of any similar product that does this.
You can click the big button to get a list of just what sites AntiTrack blocked on the page. The list is broken down into: Ads/Analytics, Social/Media, Shopping/E-Commerce, and Other. Icons indicate the severity of each tracker’s activities, and whether it uses browser fingerprinting. Where some similar extensions let you turn blocking on or off for specific categories or even for specific tracking sites, Norton is all or nothing.
Don’t Fingerprint Me
It’s hard to test whether this, or any active Do Not Track system, blocks the trackers it claims. I’d have to create a tracking ad, somehow get it onto the page, and check its status. But the technology is straightforward, and I have no doubt it works.
Checking whether it blocks fingerprinting could theoretically be easier, because there are websites devoted to measuring this technology. However, Norton AntiTrack doesn’t just tweak your fingerprint on a schedule, the way Avast AntiTrack does. It detects sites that use fingerprinting and targets them for confusion. That being the case, I didn’t know how it would do with those test websites, but I tried anyway.
With AntiTrack active, I used the previously mentioned FAU research website to check my fingerprint repeatedly. Each of the first few tries came up as never-before-seen, but then the fingerprint remained the same for a few hours.
The Electronic Frontier Foundation provides the CoverYourTracks page as a resource for checking your browser fingerprint. This page’s summary reported that I “have strong protection against Web tracking, though your software isn’t checking for Do Not Track policies.” When I tested Avast AntiTrack, the same page reported “you are not protected against tracking.” I ran this test several times, over a period of hours. Each time it reported my signature to be unique in its collection.
Another resource for checking your fingerprint is the AmIUnique site. This site provides a very detailed and color-coded chart detailing what goes into your fingerprint and which items do the most to make your print unique. It also allows saving the fingerprint data into a standard JSON file. Some tests on this site said my fingerprint is unique; others said it was seen before, but the previous sighting was also from me.
In every case, the Norton AntiTrack browser extension button showed zero trackers on the test sites. My theory is that fingerprint changes triggered by links to tracker websites caused my fingerprint to come up as unique on the test sites.
As noted, you’ll find active Do Not Track systems supplied with many antivirus or security suite products. This is also a common feature in privacy-focused tools such as IDX Privacy, Ghostery Midnight, and the Electronic Frontier Foundation’s free Privacy Badger.
Avast AntiTrack blocks trackers and fingerprinting like Norton AntiTrack, but also includes a component to clear personal data from your browsers. It also features a component that ups your privacy by ensuring the correct values for certain Windows privacy settings (though it doesn’t specify which).
The Privacy Shield component of iolo Privacy Guardian also adjusts your privacy, using 30 specific Windows settings. Alas, it does not clearly recommend which settings you should change. If you just disable all of them, you’ll find that you’ve disabled the camera, microphone, and Cortana, among other things.
Contained in Avira Free Security you’ll find a feature called Privacy Settings. Here you control 140 privacy settings in 17 categories. It helps you attain the best configuration by matching the advice of the company’s experts for either regular or enhanced privacy.
IDX Privacy and Ghostery Midnight both include VPN protection. IDX Privacy goes so far as to offer an identity theft recover guarantee. As for Norton, it sticks strictly to its stated purpose, preventing tracking of your online activities.
How Much Would You Pay?
Norton AntiTrack isn’t a security tool as such. It won’t keep viruses out of your system or protect you from ransomware. It has one job—protecting your online privacy from all kinds of trackers. By observation, it does the job. However, Avast AntiTrack does the same job, and adds other privacy-protective features, for the same price. In addition, a substantial volume discount lets you install Avast AntiTrack on multiple Windows, macOS, and Android devices, where Norton specifically supports a single Windows box.
Whether tracking protection merits that price is totally a matter of what monetary value you place on your online privacy. If privacy is a high priority for you, install Norton AntiTrack, and perhaps a VPN as well. Add the multi-faceted Abine Blur Premium (our Editors’ Choice tool in the privacy category) and you’ve put up some serious walls around your privacy.
Like What You’re Reading?
Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.