Blacklight reveals who is tracking you when you're online

Faceless companies sneak glances over your shoulder when you're online. You deserve to know what's going on.

Vector illustration in modern flat linear style. A hacker can be seen stealing credit card data. The...

Every single time you go online, you leave behind a trail that lets third-party companies dig into your activities and derive data-based insights about you. It sounds uncomfortable and invasive because it technically is. Whether you're on Facebook, Instagram, Twitter, or elsewhere, there are little traces — crumbs, if you will — of you all over the internet. These little traces, when put together as these researchers did with browsing habits, can create a composite sketch of you and your activities online.

It's a subject that causes a great deal of controversy for privacy reasons as this data is used later on to push an avalanche of recommendations and suggestions on you.

Advocates of user privacy have long tried to lessen the degree to which these trackers hound everyday people. To that end, The Markup has a real-time website privacy inspector called the Blacklight. "Who is peeking over your shoulder while you work, watch videos, learn, explore, and shop on the internet?" writes Surya Mattu, who worked on its concept and development. "Enter the address of any website, and Blacklight will scan it and reveal the specific user-tracking technologies on the site — and who’s getting your data. You may be surprised at what you learn." Here's how Input's test run of Blacklight turned out.

What Blacklight tells you — According to Mattu, Blacklight will help you identify third-party cookies, ad trackers, keylogging, session recording, Canvas fingerprinting, Facebook tracking, Google's application of "remarketing audiences," and was created with the help of Node JS Javascript. Every time you search for a website in the Blacklight field, Mattu explains that the inspector initiates a fresh profile for each session. If you're super curious, you can check Blacklight's code on Github, download it as an NPM module, and learn more about it here. The open-source aspect is a nice touch.

Give it a shot — In order to see how deep Blacklight goes, I decided to run it on The inspector takes at least 30 seconds to bring the preliminary findings. In OpenFit's case, the website and app that I use for my workouts, Blacklight reported that there were 23 ad trackers and 24 third party cookies on the website. "When you visit [OpenFit], it tells Facebook," Blacklight informs me. It also gives me an idea of the ad-tech companies OpenFit interacts with, including Adobe, Alphabet, HotJar, Microsoft, and Verizon.

What's the point? — Almost everyone knows that their online presence is obsessively tracked. The purpose of Blacklight isn't necessarily to discourage you from using a website — after all, some of this data is used to improve your experience online. But it definitely gives you an idea of just who exactly is breathing down your neck and spying over your shoulder.

Its creators even encourage you to come to your conclusions based on your personal threat model. "Blacklight results should not be taken as the final word on potential privacy violations by a given website," Blacklight states at the bottom of its page. "Rather, they should be treated as an initial automated inspection that requires further investigation before a definitive claim can be made."