EFF maintains a Privacy Badger "yellowlist" of domains for which requests are allowed but Privacy Badger restricts access or availability of objectionable cookies and potentially other objectionable identifiers.
Our objective in curating that list is to maximize user privacy while minimizing disruption to functionality that users expect from sites. The criteria we examine when considering possible yellowlist entries include (but are not limited to):
- Was this in Bau and Mayer's manually curated non-tracker list?
- Is this domain necessary for functionality the user expects from 1st party pages?
- Is the domain's privacy policy clear that it does not perform non-consensual tracking?
- Is there a reasonable self-hosted surrogate available that could replace the functionality of this domain (e.g. #400).