Howto

Protect your users from fraud and malware, while increasing the value of your brand and your content, with one line of JavaScript.

Aloodo helps you alert vulnerable users and ask them to run tracking protection. More info on the Aloodo home page.

Quick start

Want to give your users a quick reminder? Add the script to your site.

<script src="https://ad.aloodo.com/ad.js"></script>

This script will load one invisible iframe and attempt to “track” the user from site to site. If tracking succeeds, it will load additional JavaScript and CSS and show a warning.

Users won't see the warning until they visit the third site that runs the iframe. This feature is needed in order to get accurate results with Privacy Badger.

Your own tracking warnings

By default, the above script will load and display a warning pop-up. If you prefer to supply your own warning, add an element with one of the following ids to the page:

  • tracking-warning-block
  • tracking-warning-inline
  • tracking-warning-table-cell

and apply style="display: none". Instead of displaying the popup, the script will set the existing element to block or inline.

This is how the cheesy ad and footer warning here on blog.aloodo.org work.

Elements hidden from known vulnerable users

If the page has an element with an id of tracking-safety, the ad.js script will hide it (set its display property to none) if it detects tracking. Please do not use this feature to tell users that they are safe from tracking, since not all tracking technologies are detectable from the client. This feature is just to let you remove generic copy that would not be needed if showing one of the tracking warnings above.

Reverse tracking wall

A simple way to encourage tracking protection is a “reverse tracking wall” that makes some pages unavailable to tracked users. A simple client-side reverse tracking wall is built in.

To use this feature, set the JavaScript variable trackingAlternateLocation to the URL of the page to which users should be redirected if tracking is detected.

<script type="text/javascript">
var trackingAlternateLocation =
'http://example.com/wall-warning/';
</script>
<script type="text/javascript"
        src="https://ad.aloodo.com/ad.js">
</script>

Example: Reverse tracking wall in two lines of JavaScript.

Silent mode

Just put https://ad.aloodo.com/track/ in an iframe. Vulnerable users will see a notification later, on other sites.

Customize it

If you prefer to use your own action to notify tracked users, you can also include https://ad.aloodo.com/track/ in an iframe, and handle the “tracking detected” message in your own script.

<iframe style="display: none"
 src="https://ad.aloodo.com/track/"></iframe>

This can be useful for gathering information on how many of your users are vulnerable to third-party tracking.

How it works

The main part is inline on this page:

https://ad.aloodo.com/track/

That script will send a "tracking detected" message if it detects that it has been able to modify a cookie and/or localStorage, on three different pages. It relies on document.referrer which, inside an iframe, is the containing page.

The script ad.js adds the iframe to the page and listens for the "tracking detected" message. It then tries the following.

  • if trackingAlternateLocation is set, blank the page and refresh to it.

  • if any elements with the ids tracking-warning-block, tracking-warning-inline or tracking-warning-table-cell are present, set their display to the appropriate value and finish.

  • Otherwise, attempt to load jQuery if not already present, then Toastr, and show a Toastr warning.

The ad.js script will not attempt to load additional JavaScript or CSS unless it is displaying the default Toastr warning.

Questions? Suggestions?

Don Marti · #