Privacybadger: Bad wording in UI ("Hasn't yet learned to block...")

Hi there, thanks for reaching out! Perhaps the current message is a bit misleading -- it's actually trying to say that the domains listed in that section do exhibit some kind of tracking behavior. Since each installation of Privacy Badger learns to block as you browse, this message is just trying to convey that your installation hasn't seen the trackers in that section at least three times, and thus hasn't decided to block them.

It sounds like what you're thinking of is an option that's already available in Privacy Badger but is turned off by default. If you navigate to the settings page for your installation of privacy badger, you will see a "show domains that don't appear to be tracking you" option:

When that option is selected, you'll see a new section in the extension popup that looks like this:

Hello! As Daly wrote, Privacy Badger automatically learns to block trackers once it sees the same domain perform tracking on three separate websites. The domains displayed in the "hasn't yet learned to block" section were seen tracking once or twice, but not yet three times. Does that make sense now?

@ablanathtanalba @ghostwords
Of course I know how Privacy Badger works, but the message doesn't answer the user a key question: Why do these domains even appear on the list?

And specifically, users can have a different definition of "tracker": A domain is no "tracker" if it's not "tracking". That's why I said the wording is confusing.

• If Privacy Badger declares a domain as a "tracker", why doesn't the badger just block it (but only after it's seen three times)?
• If a domain is considered "tracking" only after it's seen three times, then the wording shouldn't suggest it is "tracking" when it isn't. (Presumption of innocence, you know. It's okay to say a domain is a "potential tracker" even though it's not guilty of actually tracking.)

From my point of view, the domains appear on the list to give the user the same sort of insight that the rest of the lists displayed on the popup do: a look under the hood at the different domains that display tracking behavior on any given page and how Privacy Badger handles them.

Privacy Badger waits three times as a safety precaution against misattributing a domain as a tracker when it isn't. Some CDN's and other dynamically loaded content might trip a heuristic that Privacy Badger uses to detect trackers -- waiting until the domain is detected three times ensures that it is indeed just a tracker.

I think the word "domain" is intentionally chosen to head that list -- every list item there is a domain, Privacy Badger hasn't yet learned to block them even though they've displayed tracking behavior. If you agree that lumping the domains in with the count at the top of the popup in "Privacy Badger detected ___ potential trackers on this page", then at no point does the phrasing in the popup label a harmless domain as a tracker.

@ablanathtanalba I was not arguing about the word "domain", but the phrase "hasn't yet learned to block". Because the latter suggests something. Users need to know the reason why a domain is allowed despite the potential tracking behavior, and the UI didn't address that clearly.

If the message were "The following domains may record your browsing habit but didn't track you across sites", then I'll accept it.

(I think in the future Privacy Badger UI should group domains by their blocking status as well as reasons, so in each group the messages are clear. Example:

• Blocked - Tracker
• Blocked Cookies - Tracker in yellowlist (may break browsing if blocked entirely)
• Allowed Temporarily - Non-tracking domains recording your browsing (may be first-party)
• Allowed - No tracking behavior
• Allowed - Whitelist
  )

See #2478 for reasons why the "hasn't yet learned to block" header was added.

@Explorer09 Perhaps there is a way that the message could be clearer in saying that the domains in that area have exhibited tracking behavior, but since they haven't been caught at least three times by Privacy Badger they're not being blocked. Maybe a link could be embedded in the heading to this relevant section in the Privacy Badger FAQ?.

Your suggestion "The following domains may record your browsing habit but didn't track you across multiple sites" is misleading because the domains in that part of the popup _are tracking the user across different sites_.

Or perhaps this could be an area that is optionally hidden by the user like #2359 .

@ablanathtanalba I think Privacy Badger lacks (for this particular question) is an explanation of the three-strike rule. Why three strikes? If Privacy Badger isn't meant to block first-party trackers, that explanation would work. And the UI message can be reformed to reflect that reason.
("The following domains exhibit tracking behavior, but don't seem to be from a third party")

As I mentioned previously, the three strike rule is a safety precaution that helps to prevent Privacy Badger from misidentifying a harmless third party resource as a third party tracker. The domains in the section of the popup that we're talking about are from a third party, and they do exhibit tracking behavior, but they haven't been spotted three times.

Just to make sure we're on the same page -- third party trackers are just domains that do some kind of fingerprinting or other tracking behavior of the user other than the site they're directly visiting. The "three strike" rule we have in effect has nothing to do with the similar naming convention in "third party trackers".

@ablanathtanalba If you are to prevent misidentifying a third-party resource as a tracker, then the UI wording shouldn't call it a "tracker", period.

People expect convicts to be put in jail. If they aren't, they are "suspects" instead. Do you get the analogy? So the Privacy Badger UI didn't put user's assumption in mind. A third-party tracker should be blocked, or it shouldn't be labeled as a tracker (but as a suspect).

... then the UI wording shouldn't call it a "tracker"

This is why the area in question specifically calls the items 'domains' and not 'trackers'.

If identifying, tagging, and blocking trackers on the web were easy and foolproof, there wouldn't need to be safety precautions like our three-strike rule. Sometimes the domains that exhibit tracking behaviors are also delivering content to the page that's necessary for it to display and behave like the user expects.

I do however think you're onto something that the headline of that section of the popup could lead the user to further elaboration on the process that Privacy Badger uses to identify and catch trackers. Perhaps a keyword there could link to the section of the FAQ that I previously linked.

My takeaway is that we should improve the discoverability of domain list header tooltips. There is an explanatory tooltip that comes up when you hover over the "hasn't yet learned" header, but I don't think it's clear that the tooltip is there. So this would be a UX improvement.

A related issue is that the more usable custom tooltips are still currently disabled on Firefox. We should restore them at some point: #1814

@ghostwords My original question isn't about tooltips. It's about a UX problem that Privacy Badger fails to explain why it "green-light" allows some domains despite the tracking behavior. Ideally the UI explanation could be done in one sentence (user won't need to read the tooltip except for knowing details).

I've read the tooltip actually before filing this issue report. My complaint is that it isn't swiftly clear why the "three-strike rule" was there in the first place. It could have explained quickly (e.g. the domains may be first-party services, or the domains didn't yet track you "_across sites_"), but the UI failed to achieve that.

Why do these domains even appear on the list?

We could also follow up on #2478 and hide the "hasn't yet learned" (not-yet-blocked domains) section by default, same as the non-tracking domains section. We'd update the counter to count on blocked/cookieblocked domains. Probably reword the "Show domains that don't appear to be tracking you" to cover not-yet-blocked domains too.

@RiseT suggests on Transifex:

The current string sounds like the domains in question have to get blocked (decision completed), but Badger doesn't know how to do so yet.

What do you think about these as alternatives:

"Your Badger hasn't decided yet if these domains should get blocked" or

"Your Badger is still evaluating if these domains should get blocked"

Resolved by #2623.