Also gave a shout out to Apple for shipping some genuinely useful privacy features in Safari. There are not many attempts at browser privacy features that I can say that about. It's nearly all privacy theatre. Safari does that too, but they shipped a few genuinely good features.
Conversation
In general, extensions reduce privacy. Changing site-visible settings reduces privacy. Deviating from standard content filtering lists reduces privacy. If you use uBlock Origin and you deviate from the standard filters, that can be detected. Sites can enumerate what is blocked.
3
6
Replying to
I disagree with this take. There is "the site" and there is all the 3rd parties "invited" by "the site". Not connecting to the 3rd parties will significantly lower the data mined & sent to countless 3rd parties -- no way this is a reduction of privacy.
1
2
Replying to
That's a misinterpretation of what I said. I called it a useful, opportunistic privacy improvement falling into the same school as antivirus of enumerating badness. It's not a fundamental privacy improvement. Ultimately, it doesn't really work, and just targets low-hanging fruit.
3
Replying to
You said "in general extensions reduce privacy", I responded to this. And how do you know "it doesn't really work"? You have actual data supporting this? I see no references in your reddit post.
1
Replying to
The approach of enumerating badness fundamentally doesn't work. If you want to mislead users about what it achieves, that's on you. It's opportunistic elimination of low-hanging fruit. The same applies to heuristic-based measures. What's the fundamental privacy improvement? None.
2
Replying to
As said, I need well researched references that reducing exposure to as many 3rd parties as possible does not increase privacy. I am having a hard time imagining how not connecting to countless 3rd parties on any given site is a negative privacy-wise.
1
Replying to
I will refer back to the comment that I linked, specifically the paragraph about enumerating badness. It calls it useful and worth providing, and at the same time it's clearly not a solution or a fundamental privacy/security improvement. It's just opportunistic harm reduction.
1
You're completely misrepresenting what I've stated. I'm talking about achieving meaningful privacy via a robust approach, and in that approach, fingerprinting is a serious issue. There's a reason the Tor Browser doesn't include content blocking with subscription list choices.
2
Replying to
The Tor browser not packaging a content blocker other than NoScript is not a validation of the statement "extensions reduce privacy". The Tor browser being a tool for anonymity does not necessarily mean "extensions reduce privacy" when using a mainstream browser.
1
Replying to
I said that in general, extensions reduce privacy, and they do. Most extensions are not privacy extensions. The ones that are privacy extensions rarely succeed in providing any true fundamental improvements. I'm talking about building real privacy/security and how this hurts it.
uBlock Origin and uMatrix do have features that are fundamental privacy improvements. They also have many things that would be shooting yourself in the foot in the context of providing more fundamental privacy. uBlock Origin is widely used so it has that going for it too.
1
All I did was say that if someone uses uBlock Origin, and they change the default subscriptions, that can and is detected as part of fingerprinting. Detecting extensions and ad-blocking subscriptions is straightforward and standard. I'm not saying content filtering is bad.
1
Show replies