TrackMeNot Review: The Worst Security Tool Ever?

TrackMeNot Review: The Worst Security Tool Ever?
Page content

What is TrackMeNot?

TrackMeNot (TMN) is a Firefox browser add-on aiming at preventing search engine user profiling by sending clear-text random queries to leading search engines with the idea that your real search terms will be buried and concealed by the mass and spectrum of the TMN random queries. I have been looking at Daniel C. Howe & Helen Nissenbaum’s TrackMeNot 0.6.291 which is very popular among users measured by the number of downloads and installs. However, security specialists have been criticizing TMN heavily ever since the inception of TrackMeNot.

System Requirements (5 out of 5)

TrackMeNot is a browser add-on for Firefox and as such operating system independent. Therefore, it can be used on Windows computers, Linux machines as well as on Macs with OS X.

Installation (5 out of 5)

The browser add-on can be installed by visiting https://addons.mozilla.org/en-US/firefox/addon/3173 and clicking + Add to Firefox. In the software installation screen which opens select TrackMeNot and hit the Install button. The installation only takes a second or two, after which your browser needs to be restarted.

Interface (4 out of 5)

The easiest way to view or configure TrackMeNot settings is by right-clicking the TMN icon found at the bottom right corner of the Firefox window. The context click lets you toggle between off/on and you can also manage TrackMeNot options.

TMN, by default, is on. It displays the actual query terms sent to search engines on the right side of icon. As TrackMeNot is rather an automatic background process there is no (need for a) full-fledged GUI.

Features (2 out of 5)

TrackMeNot tries to prevent search engines like Ask, Bing, Yahoo! and Google profiling you by making random queries (obfuscation) so that the search engine software couldn’t create and maintain a meaningful profile of your online search patterns. From the privacy point of view the worst case would be an identifiable non-obfuscated user profile sold by a search engine (SE). To prevent SEs from building meaningful profiles is why TrackMeNot has been developed according to the project’s website.

Since the early release the TMN software has been improved to not only making queries using various search engines at predefined intervals, but also burst mode mimicking the way a real user searches. On top of that does TMN - in the background - now make clicks on the search results using an algorithm to prevent clicking on ads.

You can choose among the major the search engines TMN queries, and by specifying an RSS Feed as query input source you can gain some degree of control what the actual search terms will be.

Performance (2 out of 5)

Bruce Schneier has harshly criticized TMN in 2006, and despite that TrackMeNot has improved since then trough new releases some deficits remain. The deficits fall either into the category implementation or design. As an example of the former, TMN, for instance, still lacks randomizing query intervals. As example of the weak design let’s just imagine the TMN random query sending search terms such as “Taliban training camp”. Chances are high that such or similar searches won’t go unnoticed, not matter if buried under a lot of noisy other fake search engines queries.

A commenter of Schneier’s blog has put the Meta information as: “worst-security-tool-ever”! It is really worth reading Bruce Schneier’s thoughts as well as the commenter giving the example of the police officer pulling someone over for speeding. In fact, I couldn’t stop laughing.

As almost every website shows ads or has analytic tracking code installed I personally doubt that TMN is of much use to prevent you being accurately profiled and/or watched as the big search engines have the budget and know how to filter out TMN traffic. You would also have to frequently delete cookies and use Anonymizer software or proxies to be able to hide your identify or online interests to a certain degree; the best result you would probably achieve using TOR onion routing.

Help & Support (3 out of 5)

Lots of information about the TrackMeNot browser add-on can be found on their homepage in the FAQ section, which is also opened if you click help in the icon’s context menu. You can also contact the TMN team by mail.

Price to Value (3 out of 5)

TrackMeNot is completely free.

The Bottom Line

TrackMeNot was built with good intentions in mind, but the security community including me has serious doubts about its effectiveness. Moreover, TMN has the potential to worsen people’s interest in your online search activities. Last but not least does TrackMeNot waste bandwidth, and, if you, for example, send to much queries to Google you will have to fill in a CAPTCHA before a real search. TrackMeNot cannot be given thumbs-up; it has the potential to give users a false sense of security and may produce detrimental effects.

I am looking forward to your feedback by means of comments below.

Reference

TrackMeNot official product page: https://cs.nyu.edu/trackmenot/

Screenshots taken by the author

More Firefox Add-ons Reviews: