I wrote a fairly long comment touching on why most browser and extension privacy features are just theatre and in reality tend to reduce privacy:
reddit.com/r/GrapheneOS/c
Services like Panopticlick are also incredibly misleading. Their approach is flawed and the data is tainted.
Conversation
Also gave a shout out to Apple for shipping some genuinely useful privacy features in Safari. There are not many attempts at browser privacy features that I can say that about. It's nearly all privacy theatre. Safari does that too, but they shipped a few genuinely good features.
1
3
In general, extensions reduce privacy. Changing site-visible settings reduces privacy. Deviating from standard content filtering lists reduces privacy. If you use uBlock Origin and you deviate from the standard filters, that can be detected. Sites can enumerate what is blocked.
3
6
There are approaches aimed at actually fundamentally improving privacy, and then there are approaches aimed at gaming tests like Panopticlick or the impossible task of trying to enumerate everything bad while generally ignoring all of the tracking done via first party assets.
1
3
Privacy conscious people want to take action to improve their privacy, and when it comes to a browser fingerprint that's really the opposite of what you want to do. You don't want to stand out. It's definitely frustrating that making decent changes is bad unless upstream does it.
2
1
3
Replying to
ok, so what privacy extensions would you use then if you were a Firefox user?
Do you find Privacy Badger a good one?
1
If you use Privacy Badger, sites can trivially detect that you're using it. By using an extension, you made your browser more unique. It also doesn't provide fundamental privacy improvements. It does opportunistic blocking of third party assets, not a rigorous privacy approach.
1
1
It's the more advanced form of enumerating badness, like a more modern antivirus with behavioral heuristics. It still fundamentally doesn't work. Opportunistically blocking a subset of common tracking / analytics implementations isn't actually fundamentally improving privacy.
1
1
I do think it's a lot less bad than trying to list out every specific case of an asset included for tracking / analytics purposes. It's really the same as comparing an entirely hash-based antivirus approach to one that uses behavioral heuristics. It's not real privacy / security.
Personally, I don't see value in trying to play this game of blocking the lowest hanging fruit with methods like this. It doesn't even touch the most nefarious / advanced tracking. It's only playing an arms race against the lowest common denominator by advertising firms, etc.
1
1
It's not a battle that's going to be won even against that lowest common denominator. As long as it's not broadly deployed, it's a liability rather than an asset, and if it was broadly deployed the effort would be spent to make sure that it's always bypassed. It doesn't work.
1
1
Show replies