The approach of enumerating badness fundamentally doesn't work. If you want to mislead users about what it achieves, that's on you. It's opportunistic elimination of low-hanging fruit. The same applies to heuristic-based measures. What's the fundamental privacy improvement? None.
Conversation
Replying to
As said, I need well researched references that reducing exposure to as many 3rd parties as possible does not increase privacy. I am having a hard time imagining how not connecting to countless 3rd parties on any given site is a negative privacy-wise.
1
Replying to
I will refer back to the comment that I linked, specifically the paragraph about enumerating badness. It calls it useful and worth providing, and at the same time it's clearly not a solution or a fundamental privacy/security improvement. It's just opportunistic harm reduction.
1
You're completely misrepresenting what I've stated. I'm talking about achieving meaningful privacy via a robust approach, and in that approach, fingerprinting is a serious issue. There's a reason the Tor Browser doesn't include content blocking with subscription list choices.
2
Replying to
The Tor browser not packaging a content blocker other than NoScript is not a validation of the statement "extensions reduce privacy". The Tor browser being a tool for anonymity does not necessarily mean "extensions reduce privacy" when using a mainstream browser.
1
Replying to
I said that in general, extensions reduce privacy, and they do. Most extensions are not privacy extensions. The ones that are privacy extensions rarely succeed in providing any true fundamental improvements. I'm talking about building real privacy/security and how this hurts it.
1
uBlock Origin and uMatrix do have features that are fundamental privacy improvements. They also have many things that would be shooting yourself in the foot in the context of providing more fundamental privacy. uBlock Origin is widely used so it has that going for it too.
1
All I did was say that if someone uses uBlock Origin, and they change the default subscriptions, that can and is detected as part of fingerprinting. Detecting extensions and ad-blocking subscriptions is straightforward and standard. I'm not saying content filtering is bad.
1
I'm saying that in the context of trying to provide a truly privacy friendly browser, extensions don't have a place (the Tor Browser default extensions are not 'extensions' in this sense, they are part of the baseline) and neither does having much site-visible configuration.
1
There would be no issue with the Tor Browser including an ad blocker as part of the baseline at least as long as it didn't offer configuration beyond being on or off and the filters would need to be tied to the browser version, not separately updated.
1
Every browser should work like the Tor Browser in terms of first party isolation, anti-fingerprinting, etc. and there shouldn't be nearly as much configuration that's visible to sites. The current ways things are isn't okay and eliminating low hanging fruit isn't a solution.
Also, to clarify, I'm not saying trying to configure your browser to mimic the Tor Browser with settings and extensions is useful. That's the antithesis of the concept behind the Tor Browser and other work to provide fundamental privacy improvements for the horror of the web.
1