Privacy Badger's default settings now have local learning off to prevent fingerprinting
Popular privacy extension Privacy Badger will be changing its default settings in order to better protect user privacy and prevent tracking.
In a post on the Electronic Frontier Foundation's website, 4 members of the Privacy Badger team described what's changing and why. The Google Security Team reached out to the EFF's Privacy Badger developers back in February 2020 in order to inform them of how its "local learning" function can be used as a method of fingerprinting-based tracking by malicious actors. With the local learning feature enabled, Privacy Badger dynamically adjusts how it operates based on the behavior of the sites a user visits. This was compared to the now-patched exploit in Safari's Intelligent Tracking Prevention function.
Luckily, this disclosed flaw from the Google Security Team has not been used by or against anyone outside of the proof-of-concept discovery and showcase to the development team. The local learning feature has been disabled by default on Privacy Badger installs as a precautionary measure. This means that the default settings that Privacy Badger has to block web tracking lies solely in its “Badger Sett” tracking domain list, which is "periodically" refreshed with newly pre-trained definitions in order to keep up with the ever-evolving web tracking sphere.
Local learning will remain an option for users to enable if they want because the developers believe it to be "a reasonable tradeoff that users should be able to make for themselves." However, if a user opts to enable the function, a malicious actor can, with significant effort, manipulate Privacy Badger's increasingly unique local learning state to function as an identifier and tracker for that specific user.
Further coverage: EFF news post