I wrote a fairly long comment touching on why most browser and extension privacy features are just theatre and in reality tend to reduce privacy:
reddit.com/r/GrapheneOS/c
Services like Panopticlick are also incredibly misleading. Their approach is flawed and the data is tainted.
Conversation
Also gave a shout out to Apple for shipping some genuinely useful privacy features in Safari. There are not many attempts at browser privacy features that I can say that about. It's nearly all privacy theatre. Safari does that too, but they shipped a few genuinely good features.
1
3
In general, extensions reduce privacy. Changing site-visible settings reduces privacy. Deviating from standard content filtering lists reduces privacy. If you use uBlock Origin and you deviate from the standard filters, that can be detected. Sites can enumerate what is blocked.
3
6
Replying to
I disagree with this take. There is "the site" and there is all the 3rd parties "invited" by "the site". Not connecting to the 3rd parties will significantly lower the data mined & sent to countless 3rd parties -- no way this is a reduction of privacy.
1
2
Replying to
That's a misinterpretation of what I said. I called it a useful, opportunistic privacy improvement falling into the same school as antivirus of enumerating badness. It's not a fundamental privacy improvement. Ultimately, it doesn't really work, and just targets low-hanging fruit.
3
Replying to
You said "in general extensions reduce privacy", I responded to this. And how do you know "it doesn't really work"? You have actual data supporting this? I see no references in your reddit post.
1
Replying to
The approach of enumerating badness fundamentally doesn't work. If you want to mislead users about what it achieves, that's on you. It's opportunistic elimination of low-hanging fruit. The same applies to heuristic-based measures. What's the fundamental privacy improvement? None.
I explicitly said that features like content filtering and Safe Browsing are useful, but that fundamentally they aren't workable. They only target the low-hanging fruit on a case-by-case basis. Using heuristics is a step up, but ultimately still based on enumerating badness.
Replying to
As said, I need well researched references that reducing exposure to as many 3rd parties as possible does not increase privacy. I am having a hard time imagining how not connecting to countless 3rd parties on any given site is a negative privacy-wise.
1
Replying to
I will refer back to the comment that I linked, specifically the paragraph about enumerating badness. It calls it useful and worth providing, and at the same time it's clearly not a solution or a fundamental privacy/security improvement. It's just opportunistic harm reduction.
1
Show replies