[tor-talk] Adblock for everyone
Why you have HTTPSEverywhere and Noscript by default but not Adblockplus on TBB package? it really helps and blcok major tracking companies like Google Facebook ... Tor is not perfect, as almost all web pages have inserted at least one of these trackers on their page's source, one mistake is enough to compromise our privacy. Adblock solve this problem by just blocking these third parties. another danger of these third parties is FoxAcid codes! Facebook button is the best place for FoxAcid calls. please insert adblock by default on TBB package, if not explain why? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Adblock for everyone
On Sun, 6 Oct 2013 05:18:18 -0400 (EDT) Alice Anderson wrote: > Why you have HTTPSEverywhere and Noscript by default but not > Adblockplus on TBB package? it really helps and blcok major tracking > companies like Google Facebook ... Tor is not perfect, as almost all > web pages have inserted at least one of these trackers on their > page's source, one mistake is enough to compromise our privacy. > Adblock solve this problem by just blocking these third parties. > another danger of these third parties is FoxAcid codes! Facebook > button is the best place for FoxAcid calls. please insert adblock by > default on TBB package, if not explain why? Adblock whitelists certain advertising companies and ads themselves: See https://adblockplus.org/en/acceptable-ads and http://searchenginewatch.com/article/2280451/Google-Paying-to-Have-Ads-Whitelisted-on-AdBlock-Plus See #5 under https://www.torproject.org/projects/torbrowser/design/#philosophy "No filters Site-specific or filter-based addons such as AdBlock Plus, Request Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe that these addons do not add any real privacy to a proper implementation of the above privacy requirements, and that development efforts should be focused on general solutions that prevent tracking by all third parties, rather than a list of specific URLs or hosts. Filter-based addons can also introduce strange breakage and cause usability nightmares, and will also fail to do their job if an adversary simply registers a new domain or creates a new url path. Worse still, the unique filter sets that each user creates or installs will provide a wealth of fingerprinting targets. As a general matter, we are also generally opposed to shipping an always-on Ad blocker with Tor Browser. We feel that this would damage our credibility in terms of demonstrating that we are providing privacy through a sound design alone, as well as damage the acceptance of Tor users by sites that support themselves through advertising revenue. Users are free to install these addons if they wish, but doing so is not recommended, as it will alter the browser request fingerprint. " -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Adblock for everyone
Ad block? TBB already blocks javascript with noScript. Peace; Fynn. -- "Even a stopped clock is right twice a day" On 6 October 2013 06:18, Alice Anderson wrote: > Why you have HTTPSEverywhere and Noscript by default but not Adblockplus on > TBB package? it really helps and blcok major tracking companies like Google > Facebook ... > Tor is not perfect, as almost all web pages have inserted at least one of > these trackers on their page's source, one mistake is enough to compromise > our privacy. Adblock solve this problem by just blocking these third parties. > another danger of these third parties is FoxAcid codes! Facebook button is > the best place for FoxAcid calls. please insert adblock by default on TBB > package, if not explain why? > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsusbscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Adblock for everyone
Just wanted to add that Adblock edge is a fork of Adblock Plus that does NOT whitelist advertising companies. See https://addons.mozilla.org/en-us/firefox/addon/adblock-edge/ Andrew Lewman wrote: >On Sun, 6 Oct 2013 05:18:18 -0400 (EDT) >Alice Anderson wrote: > >> Why you have HTTPSEverywhere and Noscript by default but not >> Adblockplus on TBB package? it really helps and blcok major tracking >> companies like Google Facebook ... Tor is not perfect, as almost all >> web pages have inserted at least one of these trackers on their >> page's source, one mistake is enough to compromise our privacy. >> Adblock solve this problem by just blocking these third parties. >> another danger of these third parties is FoxAcid codes! Facebook >> button is the best place for FoxAcid calls. please insert adblock by >> default on TBB package, if not explain why? > >Adblock whitelists certain advertising companies and ads themselves: > >See https://adblockplus.org/en/acceptable-ads and >http://searchenginewatch.com/article/2280451/Google-Paying-to-Have-Ads-Whitelisted-on-AdBlock-Plus > >See #5 under >https://www.torproject.org/projects/torbrowser/design/#philosophy > >"No filters > >Site-specific or filter-based addons such as AdBlock Plus, Request >Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe >that these addons do not add any real privacy to a proper >implementation of the above privacy requirements, and that development >efforts should be focused on general solutions that prevent tracking by >all third parties, rather than a list of specific URLs or hosts. > >Filter-based addons can also introduce strange breakage and cause >usability nightmares, and will also fail to do their job if an >adversary simply registers a new domain or creates a new url path. >Worse still, the unique filter sets that each user creates or installs >will provide a wealth of fingerprinting targets. > >As a general matter, we are also generally opposed to shipping an >always-on Ad blocker with Tor Browser. We feel that this would damage >our credibility in terms of demonstrating that we are providing privacy >through a sound design alone, as well as damage the acceptance of Tor >users by sites that support themselves through advertising revenue. > >Users are free to install these addons if they wish, but doing so is >not recommended, as it will alter the browser request fingerprint. " > > >-- >Andrew >http://tpo.is/contact >pgp 0x6B4D6475 >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsusbscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Adblock for everyone
Thanks for your insight. On 10/6/2013 10:18 AM, Andrew Lewman wrote: Adblock whitelists certain advertising companies and ads themselves: These white lists can easily be disabled, but then that conflicts w/ Tor's concept of damaging sites' acceptance of Tor (interesting point). However, fingerprinting NOT with standing, millions? of Firefox & other browser users, having Adblock Plus, Ghostery, etc., enabled, are never turned away from websites, AFAIK. Just curious - by that analogy, should Fx, Chrome & others maybe disallow using extensions that block ads or other things, as it may cause some sites' non acceptance of browsers that allow such extensions? Could be wrong, but I'd bet if sites "reject" TBB, it might be because of several other reasons that come before blocking ads. But... Users are free to install these addons if they wish, but doing so is not recommended, as it will alter the browser request fingerprint. " That brings up a good question. I assume that TBB freely gives up info to sites that use the query: "navigator.plugins" - where sites can query whether specific plugins are installed: |var isSupported = navigator.plugins['Shockwave Flash'];|... if users install any plugins. Since TBB doesn't ship with plugins, why does TBB honor requests for plugin info, at all? Would TBB ignoring requests for "navigator.plugins" from sites break too many browser functions or ? As I understand, in Fx there's no equivalent method to find out all installed EXTENSIONS (distinguished from plugins; collectively called "addons"). But presence of SOME extensions are detectable by their effect on a web site's function, such as ads or trackers being blocked. Correct? But, not all extensions in Fx (TBB) are detectable - correct? Thanks. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Adblock for everyone
Alice Anderson: > Why you have HTTPSEverywhere and Noscript by default but not Adblockplus on > TBB package? it really helps and blcok major tracking companies like Google > Facebook ... > Tor is not perfect, as almost all web pages have inserted at least one of > these trackers on their page's source, one mistake is enough to compromise > our privacy. Adblock solve this problem by just blocking these third parties. > another danger of these third parties is FoxAcid codes! Facebook button is > the best place for FoxAcid calls. please insert adblock by default on TBB > package, if not explain why? > AdBlock doesn't actually block ads from loading in the browser, it only blocks the browser from showing them to you. So, there could be some small page rendering speed increase from using AdBlock, but no gain in anonymity AFAIU. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Adblock for everyone
Andrew Lewman: > On Sun, 6 Oct 2013 05:18:18 -0400 (EDT) > Alice Anderson wrote: > >> Why you have HTTPSEverywhere and Noscript by default but not >> Adblockplus on TBB package? it really helps and blcok major tracking >> companies like Google Facebook ... Tor is not perfect, as almost all >> web pages have inserted at least one of these trackers on their >> page's source, one mistake is enough to compromise our privacy. >> Adblock solve this problem by just blocking these third parties. >> another danger of these third parties is FoxAcid codes! Facebook >> button is the best place for FoxAcid calls. please insert adblock by >> default on TBB package, if not explain why? > > Adblock whitelists certain advertising companies and ads themselves: > > See https://adblockplus.org/en/acceptable-ads and > http://searchenginewatch.com/article/2280451/Google-Paying-to-Have-Ads-Whitelisted-on-AdBlock-Plus > > See #5 under > https://www.torproject.org/projects/torbrowser/design/#philosophy > > "No filters > > Site-specific or filter-based addons such as AdBlock Plus, Request > Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe > that these addons do not add any real privacy to a proper > implementation of the above privacy requirements, and that development > efforts should be focused on general solutions that prevent tracking by > all third parties, rather than a list of specific URLs or hosts. > > Filter-based addons can also introduce strange breakage and cause > usability nightmares, and will also fail to do their job if an > adversary simply registers a new domain or creates a new url path. > Worse still, the unique filter sets that each user creates or installs > will provide a wealth of fingerprinting targets. > > As a general matter, we are also generally opposed to shipping an > always-on Ad blocker with Tor Browser. We feel that this would damage > our credibility in terms of demonstrating that we are providing privacy > through a sound design alone, as well as damage the acceptance of Tor > users by sites that support themselves through advertising revenue. > > Users are free to install these addons if they wish, but doing so is > not recommended, as it will alter the browser request fingerprint. " > > It's trivial to turn-off their whitelist, but that still leaves a AdBlock that doesn't really block ads . . . -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Adblock for everyone
On 10/6/2013 3:14 PM, Joe Btfsplk wrote: Thanks for your insight. On 10/6/2013 10:18 AM, Andrew Lewman wrote: Adblock whitelists certain advertising companies and ads themselves: These white lists can easily be disabled, but then that conflicts w/ Tor's concept of damaging sites' acceptance of Tor (interesting point). However, fingerprinting NOT with standing, millions? of Firefox & other browser users, having Adblock Plus, Ghostery, etc., enabled, are never turned away from websites, AFAIK. Just curious - by that analogy, should Fx, Chrome & others maybe disallow using extensions that block ads or other things, as it may cause some sites' non acceptance of browsers that allow such extensions? Could be wrong, but I'd bet if sites "reject" TBB, it might be because of several other reasons that come before blocking ads. But... Users are free to install these addons if they wish, but doing so is not recommended, as it will alter the browser request fingerprint. " That brings up a good question. I assume that TBB freely gives up info to sites that use the query: "navigator.plugins" - where sites can query whether specific plugins are installed: |var isSupported = navigator.plugins['Shockwave Flash'];|... if users install any plugins. Since TBB doesn't ship with plugins, why does TBB honor requests for plugin info, at all? Would TBB ignoring requests for "navigator.plugins" from sites break too many browser functions or ? As I understand, in Fx there's no equivalent method to find out all installed EXTENSIONS (distinguished from plugins; collectively called "addons"). But presence of SOME extensions are detectable by their effect on a web site's function, such as ads or trackers being blocked. Correct? But, not all extensions in Fx (TBB) are detectable - correct? Thanks. No comments from more experienced users about the possibility of TBB ignoring sites' requests for *most* plugins? On 10/6/2013 10:18 AM, Andrew Lewman wrote: Users are free to install these addons if they wish, but doing so is not recommended, as it will alter the browser request fingerprint. The word "will" means no exceptions. Is it true that for extensions (not plugins), how they change TBB's fingerprint (if at all) may depend on their function? Specifically, their effect, if any, on the web page and if that effect could be detected by the web page (or an adversary)? And then, only if the extension's (not plugins') specific effect on a web page is actually being monitored? What site or adversary would or could monitor if an extension was installed, that only shows the download status / progress of a page, etc.? If an extension doesn't alter sites' functions - at all (not talking about AdBlock here), doesn't send / receive data, no pinging, etc., how would its presence be detected, thus changing TBB's fingerprint? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk