Blacklight logo
ITP Alumnus Surya Mattu just launched Blacklight. It runs a real-time inspection of potential privacy violations on a given website.
New investigation: Do you know who’s informed when you visit government websites? Sites for abortion providers? Those serving LGBTQ people? We found online tracking is common, even where privacy would seem paramount.
We spent 18 months developing Blacklight, a one-of-a-kind instant privacy inspection tool. It’s free for anyone to use: https://themarkup.org/blacklight
Enter any URL
Hit “scan site”
See the results of seven different privacy tests
Using Blacklight, we found more than 100 sites serving undocumented immigrants, domestic and sexual abuse survivors, sex workers, and LGBTQ people sent data about their visitors to advertising companies.
Some website operators told us they didn’t know about the trackers—or what advertisers and marketers did with the data they collected. Operators can unknowingly load trackers through add-ons like social share buttons or comment sections that install with a few easy clicks.
One of the more invasive techniques Blacklight tests for, key logging, captures information users type before they hit send.
We found @MayoClinic using key logging on forms for appointments and clinical trials. The site didn’t disclose this tracking, and didn’t respond to multiple requests for comment.
Even some government sites used invasive tracking methods. The U.S. Mint and Small Business Association sites loaded trackers called canvas fingerprinting, which can track people who block cookies. Neither disclosed this tracking.
The Arizona Department of Child Safety’s website linked to the state’s privacy policy, which said it didn’t load cookies to track users. Blacklight found that the agency did. After we asked about it, the agency changed the disclosure.
Building a tracker-free website is possible but can be time-intensive and costly. Websites for @ProtonMail, conservative think tank @AEI, a Bitcoin wiki forum, @getlantern, and of course, http://themarkup.org all came up clean in Blacklight scans.
Try using Blacklight throughout the day before you visit websites to find out how you might be tracked. Surprised at what you find? Take a screenshot of results and tag us on social.
Read the full investigation by @suryamattu and @ASankin here: