I disagree with this take. There is "the site" and there is all the 3rd parties "invited" by "the site". Not connecting to the 3rd parties will significantly lower the data mined & sent to countless 3rd parties -- no way this is a reduction of privacy.
Conversation
Replying to
That's a misinterpretation of what I said. I called it a useful, opportunistic privacy improvement falling into the same school as antivirus of enumerating badness. It's not a fundamental privacy improvement. Ultimately, it doesn't really work, and just targets low-hanging fruit.
3
Replying to
You said "in general extensions reduce privacy", I responded to this. And how do you know "it doesn't really work"? You have actual data supporting this? I see no references in your reddit post.
1
Replying to
The approach of enumerating badness fundamentally doesn't work. If you want to mislead users about what it achieves, that's on you. It's opportunistic elimination of low-hanging fruit. The same applies to heuristic-based measures. What's the fundamental privacy improvement? None.
2
Replying to
As said, I need well researched references that reducing exposure to as many 3rd parties as possible does not increase privacy. I am having a hard time imagining how not connecting to countless 3rd parties on any given site is a negative privacy-wise.
1
Replying to
I will refer back to the comment that I linked, specifically the paragraph about enumerating badness. It calls it useful and worth providing, and at the same time it's clearly not a solution or a fundamental privacy/security improvement. It's just opportunistic harm reduction.
1
You're completely misrepresenting what I've stated. I'm talking about achieving meaningful privacy via a robust approach, and in that approach, fingerprinting is a serious issue. There's a reason the Tor Browser doesn't include content blocking with subscription list choices.
2
Replying to
The Tor browser not packaging a content blocker other than NoScript is not a validation of the statement "extensions reduce privacy". The Tor browser being a tool for anonymity does not necessarily mean "extensions reduce privacy" when using a mainstream browser.
1
Replying to
I said that in general, extensions reduce privacy, and they do. Most extensions are not privacy extensions. The ones that are privacy extensions rarely succeed in providing any true fundamental improvements. I'm talking about building real privacy/security and how this hurts it.
1
uBlock Origin and uMatrix do have features that are fundamental privacy improvements. They also have many things that would be shooting yourself in the foot in the context of providing more fundamental privacy. uBlock Origin is widely used so it has that going for it too.
1
All I did was say that if someone uses uBlock Origin, and they change the default subscriptions, that can and is detected as part of fingerprinting. Detecting extensions and ad-blocking subscriptions is straightforward and standard. I'm not saying content filtering is bad.
I'm saying that in the context of trying to provide a truly privacy friendly browser, extensions don't have a place (the Tor Browser default extensions are not 'extensions' in this sense, they are part of the baseline) and neither does having much site-visible configuration.
1
There would be no issue with the Tor Browser including an ad blocker as part of the baseline at least as long as it didn't offer configuration beyond being on or off and the filters would need to be tied to the browser version, not separately updated.
1
Show replies