A team of computer scientists from the University of California San Diego and Brave Software developed a tool named SugarCoat to protect users' private data while they browse the web. The tool targets scripts that harm users' privacy, such as those used to track browsing history around the web but are still important for some websites to function. SugarCoat replaces such scripts with scripts consisting of the same properties but without privacy-harming features. It is designed to be integrated into Brave, Firefox, and other privacy-focused browsers, as well as browser extensions like uBlock Origin. Most existing content-blocking tools either block or enable a script to run, depending on whether it is included on a public list of privacy-harming scripts. However, in practice, some scripts are both privacy-harming and needed for websites to function, with most tools ultimately choosing to allow these scripts to run as an exception. There are currently over 6,000 exception rules that allow privacy-harming scripts to run. The researchers propose that content-blocking tools replace a script's source code with an alternative privacy-preserving version rather than blocking the script or allowing it to run. This would ensure that content-blocking tools do not break the web pages that embed these scripts, and that the scripts cannot access private data. SugarCoat addresses this gap by automatically generating privacy-preserving replacement scripts. The tool uses the PageGraph tracing framework to follow the privacy-harming scripts' behavior throughout the browser engine. It scans this data to identify when and how the scripts communicate with Web Platform Application Programming Interfaces (APIs) that expose privacy-sensitive data. Then it rewrites the scripts' code to talk to SugarCoat APIs instead, which look like the Web Platform APIs but do not expose private data. This article continues to discuss the purpose, development, and capabilities of the SugarCoat tool.

