That's a misinterpretation of what I said. I called it a useful, opportunistic privacy improvement falling into the same school as antivirus of enumerating badness. It's not a fundamental privacy improvement. Ultimately, it doesn't really work, and just targets low-hanging fruit.
Conversation
Replying to
You said "in general extensions reduce privacy", I responded to this. And how do you know "it doesn't really work"? You have actual data supporting this? I see no references in your reddit post.
1
Replying to
The approach of enumerating badness fundamentally doesn't work. If you want to mislead users about what it achieves, that's on you. It's opportunistic elimination of low-hanging fruit. The same applies to heuristic-based measures. What's the fundamental privacy improvement? None.
2
Replying to
As said, I need well researched references that reducing exposure to as many 3rd parties as possible does not increase privacy. I am having a hard time imagining how not connecting to countless 3rd parties on any given site is a negative privacy-wise.
1
Replying to
I will refer back to the comment that I linked, specifically the paragraph about enumerating badness. It calls it useful and worth providing, and at the same time it's clearly not a solution or a fundamental privacy/security improvement. It's just opportunistic harm reduction.
1
You're completely misrepresenting what I've stated. I'm talking about achieving meaningful privacy via a robust approach, and in that approach, fingerprinting is a serious issue. There's a reason the Tor Browser doesn't include content blocking with subscription list choices.
2
I never said it wasn't useful but rather the opposite. I also said it makes no sense to disable it if a site promises not to track people. You're replying to something different than what I wrote. I was talking about the issues with having knobs / choices visible to sites.
1
I'm talking about it within the context of using Tor or a VPN in a browser with first party isolation and robust anti-fingerprinting. Having site-visible knobs exposed to the user is a problem. Content filtering is useful, but in this context it needs to be enabled by default and
1
1
it can't have a bunch of knobs or subscription choices. It has to simply be enabled by default with a per-site toggle to disable it. Having extensions, site-visible configuration options, filter, subscription choices, etc. just serves to defeat more fundamental privacy work.
1
1
It's also important for it to be clear that the content filtering is opportunistic attack surface / harm reduction based on eliminating low-hanging fruit. It's true whether it's based on subscription lists or heuristics. It's just like antivirus, not fundamental privacy/security.
1
1
1
I am not saying it isn't useful. I'm grouping together content filtering, Safe Browsing and antivirus into a useful form of attack surface / harm reduction. It's useful. It's also an unworkable arms race only hitting low-hanging fruit and we need real privacy / security.
Why is it not possible for persistant state and filtering to be hidden? I don't know anything about this, so I am confused.