Computer Scientists Invent SugarCoat Privacy Tool

December 02, 2021

Return to Learning Center

Computer scientists have developed a mind-blowing new technique to defend you from advertisers.

It feels like there's a military style "arms race" between advertisers trying to figure out how to suck up more private information and and privacy-focused computer scientists who are trying to help people retain their anonymity. This time, you can chalk up a very interesting win for the privacy-advocates. A team of researchers and computer scientists at the University of California San Diego along with Brave Software have created a tool called SugarCoat that will increase protections for users' private data while they browse the web. This tool's development has been funded by various National Science Foundation grants (CCF-1918573, CAREER CNS-2048262, NSF Graduate Research Fellowship) along with Brave.

This research is very technical, but the big problem with many existing privacy enhancing browser extensions and ad-blockers that exist today is that they generally shut down a piece of JavaScript that does something like write a cookie to assign an ID to try and track a user so they can be targeted on other sites. These types of Ad-blockers work well to protect privacy of course, because a script that can't run can't betray your browsing data to advertisers. But the existing way that these tools work is a double-edged sword in that it might also block a critical bit of functionality that a website needs to function resulting in a partially broken website. A private Internet is rendered useless if it doesn't work reliably.

This new technique, branded SugarCoat, is a method of replacing privacy damaging source code with an alternative privacy-preserving version, rather than blocking a script entirely. For example, instead of loading a website analytic scripts which tracks users, it could automatically replace these scripts with fake versions that look the same or generate a random user ID and insert it seamlessly in a script. If a script calls for hitting an API, it could transparently hit a fake API to duplicate the expected return values and proceed. This ensures that the content-blocking tools are not breaking web pages that embed these scripts and that the scripts can't access private data and track people.

Developing these kinds of privacy-preserving scripts in the past has been possible, but was a laborious and manual reverse-engineering affair that advertisers could break very readily with simple technical changes. This technology is currently being built into the Brave web browser directly, but also is adaptable enough to eventually find its way into various other ad-blocking tools. Brave's browser is of course very interesting to check out in its own right: it's fast, highly privacy focused, and even comes with some interesting Cryptocurrency functionality built-in. With additional cutting-edge privacy features, Brave might become the browser of choice for people who are concerned about their privacy. If used well, this SugarCoat technique might prevent ad retargeting and other tracking where big corporations can get access to data that people might not want them to have, just like Apple's App Tracking Transparency ATT Framework has helped done so in the realm of phone apps. Of course, data leaks continuously happen, so every bit you can do in your life to introduce friction to identity thieves and other nefarious critters can help protect you and is highly recommended.

We hope you enjoyed reading this guide and learned something new! Check out our Learning Center to learn more about online privacy and security or consider subscribing to our Online Privacy Service to remove your phone number, name, and address from Google, Bing, Yahoo, and DuckDuckGo search results and hundreds of data broker sites.