Privacy Agreement - $heriff
What information is collected by $heriff?
Apart from the data regularly recorded by web servers (IP, timestamps, user agents, ...) we collect:
Web Page Source Code: Source code of the web page that is being checked. The
source code (web site contents) is necessary for the extension as a proof when price discrimination is detected
since most websites change their website contents frequently. Also this data can be used for further analysis by
3rd Party Domains: Domains of the resources that were requested from the examined page. The extension
is informing the user which third party domains have been contacted upon visiting the specific web site. Usually third party
domains are responsible for user tracking and targeting. The extension is collecting this data to be able to identify which
third party domains are actually monitoring the users on the web. This type of data has nothing to do with the user's personal
Product Price Location Metadata: Additional information helpful in finding the location of the price on
the page. When the user highlight a product price the extension is building a graph based on the structure of the html code
(content of the website). The extension is using the graph to be able to identify the price from the same website as observed
from different locations worldwide (from another countries). The graph is necessary for cases when the website from another
country is not exactly the same with the one that other users observed. This is happening since most web sites contents are
customized based on user location. In this case the extension may fail to extract the product price. The graph helps the
extension to overcome this situation.
What information is NOT collected by $heriff?
The User Browsing History: $heriff does not collect or store the browsing history of the user. The extension
cellects ONLY the webpage where you want to check the prices on and always upon a user request.
Personally Identifiable Information (PII): $heriff does not collect or store any Personally
Identifiable Information about the user, such as real name, email, address or phone number. However, when requesting price comparison,
users should be mindful of the "Useful Tips" section - not following the tips set forth therein could expose your PII.
Donating your data for this research project
For users who choose to donate their data for reaseach ("opt-in"), we additionally collect the following:
User ID: Unique ID of the $heriff extension. Note that after uninstalling the extension we cannot link the donated
data with you or your browser.
Cookies: First and third party cookies for each price comparison request (This is a small text file added to your
browser by the visited webpages). Note that we collect cookies ONLY from webpages where you want to check the price on.
Recent Browsing History: Browser history as observed during price comparison request. We collect the last 1000 visited
URLs - your recent browser history. That includes the full URL without any possible arguments that may exists.
The opt-in feature, i.e., the donation of user data feature, is disabled by default (Donate History, Donate Cookies checkboxes
= unchecked). You can check the current status of the options by clicking on the $heriff logo (upper-right corner of your browser). You can
selectively opt-in for each option by just selecting the corresponding checkbox for each option. Please review the "Useful Tips" section below
before opting-in to our donation feature.
Since the price comparison requests are recorded to our servers we recommend the following:
Avoid sending price comparisons from webpages that contains sensitive private data, such as health, religion, sexual orientation, etc.
Avoid sending price comparisons from web banking systems or any similar web services that include user names and passwords or any similar
data that may reveal your real identity.
If you ever request such type of price comparison by mistake please send us a feedback message (Red button at lower-left corner of your
browser) from the price comparison results page (This is the new popup window that appears after each price comparison request) so we can
delete it from our servers.
Note that when you enable the donation features, your browser history and cookies are only collected when price request is send. By enabling
and disabling the donation features, no data is collected, you have to at least send one price check requests.
If for any reason you want to have your data deleted from our system please send as a feedback message with the subject "remove my data".
It is very important that you do so before unistalling the add-on.
The browser extension and the measurement infrastructure are designed for the research purposes. We do our best to assure that it works as intended,
although we can give no warranty.
Privacy Agreement - eyeWnder
What information is collected by eyeWnder?
- Advertisement Landing Page: The advertisement landing page url seen in web-pages visited by
the user. The url is extracted from code analysis on the visited page WITHOUT clicking on any ads.
- User Demographic information: The demographic information provided by the user during the
add-on installation phase. This includes: Age, Gender, and Employment status (mandatory) and approximate annual
Income (optional). This information is used to detect whether advertisements are targeted on any of the above
popular demographic categories.
- User Interests: The User Interests inferred by the extension locally based on the pages visited
by the user. The Interests are computed without sharing any information with advertisers. The extension is using a
lexicon of categories attributed to different web domains and maintains the top-20 such categories based on the
pages visited by the user. As with the Demographic info contributed directly by the user, the Interests are
essentially for being able to detect targeting.
What information is NOT collected by eyeWnder?
- The User Browsing History: eyeWnder does not collect or store the browsing history of the user.
- Personally Identifiable Information (PII): eyeWnder does not collect or store any Personally
Identifiable Information about the user, such as real name, email, address or phone number.
- Long Term Unique Identifiers: eyeWnder does not collect any long term unique identifiers like
cookies, IP addresses, device or software identifiers, etc. eyeWnder assign its own unique id to a user to be able
to identify and analyse the ads belonging to the same user. This identifier is not used for anything else. The
user can select to automatically reset this identifier as frequently as desired with minimum window of one week.
This limits the maximum amount of ad analysis that can be conducted for a user.
Collected Data details and description
The service is design to protect user anonymity and at the same time to provide meaningful aggregated results about
displayed ads. Below we list some implementation details on what data are recorded by the system:
When advertisements are detected, the browser extension collects the URL of the visited website, the user
ID* and the following information about each detected advertisement:
*The user ID can be renewed every one week if the user
wishes to do so. This functionality is available in the options menu of the extension.
- Advertisement type: We have four different type of advertisement that depends on how the
advertising network render the advertisement in the users' browser (Image, Small Images, Canvas or HTML
- Landing page: The landing page of the advertisement (if the extension manage to detect it
without clicking on the advertisement). The landing page is the URL that the user will end up visiting if he
click on the advertisement.
- Timestamp: The timestamp when the visited website finishes rendering in the user's browser.
- Advertisement Source URL: This is the source URL that serving the advertisement resources
- Advertisement Dimensions: The width and height of the advertisement.
- Advertisement Placement: This is where the advertisement is detected within the website.
We have two possible placement options either in the main body of the website, alongside the actual URL
resources, or inside an isolated environment called iFrame.
- Nested Path: This is available only if the advertisement is nested inside multiple iFrames.
- Advertisement Anchor: This is available only if the advertisement is located inside an
<a> HTML Tag. In other words, if the advertisement is inside an element that redirects the user to
the landing page, when the user click on it.
The extension also allows the users to see the different interest topics for all visited domains. To collect the
interest topics of a domain, the extension needs to contact the back-end service of the tool. To avoid user
browsing history fingerprinting we implement the following protection measures:
- Browser build-in indexDB: The browser build-in indexDB holds the topics of a visited
domain locally within the user's browser. By storing the interest topics locally the user's browser only
needs to contact the back-end service once, when a new domain is visited for the very first time, to get the
interest topics. The build-in indexDB utilises the
LRU eviction policy
to minimize the space needed at the users' browser. The indexDB can hold interest topics for up to 2000
- Domains Mixing: The actual visited domains and advertisement landing page domains are mixed
together before requesting their interest topics from the back-end service. This approach make it even more
difficult to infer the actual browsing history of the user.