WeAreHere Browser Extension and MCP Tools Scan Website Privacy Practices

The wearehere browser extension and its companion tools provide visibility into website privacy practices by scanning for trackers, fingerprinting, data broker connections, and form surveillance. The tools assign privacy scores from 0 (clean) to 100 (full surveillance) based on analysis of 10 categories: cookies, network trackers, hidden trackers, pressure tactics, data brokers, fingerprinting, stored IDs, form surveillance, link tracking, and ToS.

Key Findings from 150 Website Scans

A scan of 150 websites across the US, EU, and Netherlands revealed:

• CNN scored 70 with 64 tracker domains, 10 data brokers, and 26 hidden trackers
• Costco scored 80 with 43 hidden trackers, full device fingerprinting, and data broker connections
• USPS scored 60 with data brokers, fingerprinting, and 8 trackers watching user typing
• Rabobank (Dutch bank) scored 75 with 20 tracker domains, data brokers, and WebGL fingerprinting
• Thuisbezorgd (food delivery) scored 80 with full fingerprint suite and data broker connections
• NBC News scored 80 with 16 trackers watching form input and 3 data brokers

Common Surveillance Techniques Detected

• Fingerprinting (majority of sites): Reads screen, GPU, audio hardware, fonts, and browser config to create unique device ID. No cookies needed, private browsing doesn't help. Costco, Thuisbezorgd, and Zalando use all 5 methods.
• Data brokers (30+ sites): User visits are packaged and sold. CNN connects to 10 data brokers, USPS also connects to data brokers.
• Form surveillance (25+ sites): Trackers activate when users start typing, not when they submit. NBC News has 16 watching user typing.
• Hidden trackers (40+ sites): Invisible pixels, iframes, beacon scripts. CNN has 26, Costco has 43.

Regional Averages and Notable Sites

Average scores by region: US 34, Netherlands 32, EU 25. Least invasive sites: Etsy, Reddit, WhatsApp (5 each). No site scored zero.

Technical Implementation

Two open-source tools power the system:

• barebrowse: Headless browser that navigates like a real user through 30+ obstacle courses including consent banners (29 languages) and bot detection. Uses CDP-direct with no Playwright, no Selenium, and zero dependencies.
• wearehere: Privacy scanner analyzing the 10 categories mentioned above.

Both tools run as MCP servers, enabling any AI assistant to scan sites on command. The browser extension is available for Chrome and Firefox.

Getting Started

Install and configure:

npm install barebrowse wearehere
claude mcp add barebrowse -- npx barebrowse mcp

Then use the command: assess https://your-bank.com

Full results for all 150 scanned sites are available at: https://drive.google.com/file/d/1sW0Nx80z6sxSDQvnf7PTPfvKivpo1Y9u/view

The tools are available on npm: barebrowse (npmjs.com/package/barebrowse) and wearehere (npmjs.com/package/wearehere). The extension is on Chrome Web Store and Firefox Add-ons.