Breakout of online tracking

How to limit tracking in software downloads

Earlier , I talked about how software you download through your web browser includes unique tracking codes (“super-cookies”) that are installed along with software downloads. Be sure to read Part 1 first for context. Here are some tips for how you can limit this type of tracking.

While there are existing tools to block tracking inside your web browser, there isn’t many options available on the operating system level. You can’t modify the software you download as easily as you can make changes to website to block or reduce tracking in your web browser.

There is little to no transparency regarding this type of tracking. You have to carefully investigate each bit of software you download to identify whether the software vendor has embedded unique tracking identifiers in the software you’ve downloaded.

You can, however, chip away at the tracking and reduce it’s effectiveness. The most effective methods to limit tracking involves you having to change how you behave on the web to make you more difficult to track.

These following tips are ordered by how effective I beleive they are at reducing the effectiveness of software download-embedded tracking.

Use an application firewall

There is no simple way you can absolutely block all tracking short of analyzing all outgoing traffic from your computer and inspect their contents. However, you can make some educated guesses based on the website that a program is trying to reach. E.g. does the program you’re trying to install really need to communicated with googleanalytics.com?

You can use an application firewall to be notified when installers and other programs want to connect to the internet and which website they want to communicate with. These programs also give you the option to proactively block or permit the connection.

It can be quite overwhelming to have to manually set policies for and evaluate which network connections are necessary and which isn’t for each installed program on your computer. An application firewall is only suitable for experienced users, but it’s also the most effective method to effectively reduce tracking.

Popular application firewall options include Little Snitch for macOS (free trial), NetLimiter for Windows (free trial), and OpenSnitch for Linux (free and open-source).

Download from other sources

This is terrible security advise, but you can often find alternative mirrors that host popular software. You may risk downloading modified software with other unwanted side-effects, so this isn’t generally advisable unless you really know what you’re doing (you probably don’t even if you think you do.)

You can, however, sometimes find alternatives downloads from the official website of the software vendor. These may be labeled as “Offline installer” or “Legacy installer”. Likewise, you may be able to find an official FTP mirror were you can download a vanilla copy of the software.

I’ve not found any downloads from an FTP mirror or who’ve been marked as a “Offline installer” that have contained unique tracking codes. I suspect few people use these alternative download methods so vendors haven’t yet bothered to implement tracking for them. This is no guarantee that you’ll get a version without tracking, however.

Change program file names before running them

The most common tracking method on Windows is based on inserting tracking codes in the file name. Changing the filename to something generic like “installer.exe” before running it removes the tracking codes. You can do this if you see that downloaded software has a long and gibberish looking filename.

This shouldn’t break anything, but it will remove tracking information and make the installer fallback to default values that aren’t associated with your web activities.

Only download software in Private/Incognito browsing mode

You can use private browsing mode in your browser when you download software. This won’t stop them from tracking you, but it reduce their ability to bind persistent identifiers (like cookies that already follow you around the web) from your web browser usage to the software you install.

Alternatively (or even complimentary), you can use the Firefox web browser and enable First-Party Isolation (FPI). FPI changes how the browser behaves and makes it more difficult to link activities between the different websites you visit.

Enable Do-Not-Track

Mozilla will honor the Do-Not-Track (DNT) setting in your web browser when you download software from them and won’t include marketing data in your installer if you use it. DNT was a proposed internet standard for signaling to websites that you don’t want to be tracked. The standard kind of didn’t go anyway, but Mozilla says they’ll honor it. You can enable DNT from your web browser (under either Advanced settings, Privacy, or Security settings.) Firefox automatically enables Do-Not-Track by default in Private browsing mode.

I’m not aware of any other software vendor that honors the signal, however.