I disagree with this take. There is "the site" and there is all the 3rd parties "invited" by "the site". Not connecting to the 3rd parties will significantly lower the data mined & sent to countless 3rd parties -- no way this is a reduction of privacy.
Conversation
Replying to
That's a misinterpretation of what I said. I called it a useful, opportunistic privacy improvement falling into the same school as antivirus of enumerating badness. It's not a fundamental privacy improvement. Ultimately, it doesn't really work, and just targets low-hanging fruit.
3
Replying to
You said "in general extensions reduce privacy", I responded to this. And how do you know "it doesn't really work"? You have actual data supporting this? I see no references in your reddit post.
1
Replying to
The approach of enumerating badness fundamentally doesn't work. If you want to mislead users about what it achieves, that's on you. It's opportunistic elimination of low-hanging fruit. The same applies to heuristic-based measures. What's the fundamental privacy improvement? None.
2
Replying to
As said, I need well researched references that reducing exposure to as many 3rd parties as possible does not increase privacy. I am having a hard time imagining how not connecting to countless 3rd parties on any given site is a negative privacy-wise.
1
Replying to
I will refer back to the comment that I linked, specifically the paragraph about enumerating badness. It calls it useful and worth providing, and at the same time it's clearly not a solution or a fundamental privacy/security improvement. It's just opportunistic harm reduction.
1
You're completely misrepresenting what I've stated. I'm talking about achieving meaningful privacy via a robust approach, and in that approach, fingerprinting is a serious issue. There's a reason the Tor Browser doesn't include content blocking with subscription list choices.
2
I never said it wasn't useful but rather the opposite. I also said it makes no sense to disable it if a site promises not to track people. You're replying to something different than what I wrote. I was talking about the issues with having knobs / choices visible to sites.
1
I'm talking about it within the context of using Tor or a VPN in a browser with first party isolation and robust anti-fingerprinting. Having site-visible knobs exposed to the user is a problem. Content filtering is useful, but in this context it needs to be enabled by default and
1
1
it can't have a bunch of knobs or subscription choices. It has to simply be enabled by default with a per-site toggle to disable it. Having extensions, site-visible configuration options, filter, subscription choices, etc. just serves to defeat more fundamental privacy work.
1
1
It's also important for it to be clear that the content filtering is opportunistic attack surface / harm reduction based on eliminating low-hanging fruit. It's true whether it's based on subscription lists or heuristics. It's just like antivirus, not fundamental privacy/security.
I am not saying it isn't useful. I'm grouping together content filtering, Safe Browsing and antivirus into a useful form of attack surface / harm reduction. It's useful. It's also an unworkable arms race only hitting low-hanging fruit and we need real privacy / security.
1
1
Why is it not possible for persistant state and filtering to be hidden? I don't know anything about this, so I am confused.