Blacklight
Real-time website privacy inspector by The Markup. Enter any URL and see exactly which trackers, cookies, keyloggers, and session recorders are watching visitors. Free, instant, no installation required.
What should journalists know about Blacklight?
Blacklight is investigative journalism as a tool. The Markup built it to make the invisible surveillance infrastructure of the web visible to anyone — no technical expertise required. Enter a URL, wait 30-60 seconds, and Blacklight scans the site in a real browser environment, cataloging every tracker, cookie, fingerprinting script, session recorder, and keylogger it finds. The results are specific: not just 'this site has trackers' but exactly which advertising companies are collecting data, whether the site uses canvas fingerprinting to identify you even without cookies, whether session-recording scripts (like FullStory or Hotjar) are capturing your mouse movements and keystrokes, and whether Facebook, TikTok, or X/Twitter pixels are reporting your visit back to those platforms. For journalists, Blacklight is useful in three ways. First, as a research tool: before you visit a website for reporting, check what it will do to you. Second, as an investigative tool: compare a company's privacy claims against what Blacklight actually finds on their site. Third, as a source-protection consideration: if you are sending a source to a website, know what tracking they will be exposed to. The Markup also released Blacklight Query as an open-source command-line tool (October 2024) for batch scanning — useful for data journalists who need to scan hundreds of sites for a story about industry-wide tracking practices. Limitations: Blacklight scans what loads on the initial page visit. It does not log in, navigate through multi-page flows, or detect server-side tracking that leaves no client-side fingerprint. Dynamic consent banners may alter what loads depending on simulated location (Blacklight offers Ohio, California, and Europe location options). It is a snapshot, not continuous monitoring.
Quick privacy audits of any website before visiting or recommending it. Investigating whether companies' tracking practices match their privacy policies. Building datasets of surveillance prevalence across industries or sectors. Checking whether a source-facing page (tipline, whistleblower portal) has inappropriate tracking. Verifying that your own publication's website is not running trackers that compromise reader privacy.
Continuous website monitoring (it is a one-time scan, not ongoing surveillance detection). Detecting server-side tracking or analytics that do not load client-side scripts. Scanning sites behind login walls or paywalls. Network-level surveillance detection (packet inspection, ISP monitoring). Mobile app tracking analysis. Replacing a full security audit of a website's infrastructure.
Security & Privacy
Data is scrambled while being sent to their servers
Data is scrambled when stored on their servers
Where servers are located — affects which governments can request your data
Privacy policy summary
Blacklight requires no account and no personal information to use. You enter a URL and receive results. The Markup is a nonprofit newsroom committed to investigating technology's impact on society — they do not sell data or run advertising. The URLs you scan are processed on their servers; The Markup's general privacy policy applies. No tracking pixels or advertising on the Blacklight tool page itself (The Markup practices what it preaches).
How to protect yourself:
Blacklight shows you what is happening — acting on it is your responsibility. If a site has extensive tracking, access it through Tor Browser or a privacy-focused browser with strict blocking (Firefox with uBlock Origin in strict mode). Use Blacklight before sending sources to any URL — if a whistleblower portal has Facebook pixels, that is a serious source-protection failure. For data stories, use Blacklight Query (open-source CLI tool) to batch-scan sites and build structured datasets. Remember that Blacklight shows a snapshot: sites change their tracking over time, and consent banners may alter results by simulated geography. Run scans from multiple location options (Ohio, California, Europe) to see how tracking varies by jurisdiction.
Blacklight is not a tool that handles your data — it is a tool that reveals how other sites handle visitor data. The 'strong' rating reflects The Markup's credibility (Pulitzer-finalist nonprofit newsroom), the tool's transparency (Blacklight Query is open source), the absence of tracking on the tool itself, and the public-interest mission behind it. There is no meaningful security risk in using Blacklight: you enter a URL, it scans the site, you read the results. No account, no personal data, no tracking. The only consideration is that The Markup's servers process the URLs you scan — if your scan targets reveal your investigative interests, that is a minor operational security consideration, though The Markup has no incentive or history of disclosing such information.
Who Owns This
Known issues
Scans only the initial page load — does not navigate through sites, click consent banners, or log in. Dynamic content that loads after user interaction may not be captured. Some tracking technologies are entirely server-side and leave no client-side fingerprint for Blacklight to detect. Sites using sophisticated consent management platforms may load different trackers based on the simulated location, making results location-dependent. Scan results are a snapshot in time — sites update their tracking infrastructure frequently. Very slow-loading sites may timeout before all trackers initialize. The tool cannot detect tracking embedded in mobile apps, only websites. Canvas fingerprinting detection may flag legitimate uses of the Canvas API (though this is rare in practice).
Pricing
Free
This is an editorial assessment based on publicly available information as of 2026-04-11, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.
Something wrong or outdated? Report it.