[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Adblock Plus and Ghostery should be included in Tor bundle



On 2/12/2012 10:41 AM, Brian Franklin wrote:
Unknown makes a good point. The options should be set globally for all users of the Tor Bundle to avoid any profiling. Those who have a need for further configuration do so at their own risk.

Good point. Originally, at least part of the Tor design was users couldn't be tracked from end to end - period. Nothing about profiling based on customization. Now things have changed - obviously.

A lot of users (apparently) don't want to use TBB in its current default state. That may / may not be good for the crowd and / or them. I don't have enough deep, technical knowledge to say. One thing I do know, is the internet, trackers, hackers, gov'ts, etc., keep discovering new tools & refining ways to track Tor & NON - Tor users. Tor devs constantly have to keep up & try to stay even, if not ahead of "the adversaries." Overall, they do a good job & I'm pretty sure all but experienced software devs w/ an excellent knowledge of security issues, have no idea how hard this is for Tor devs.

That still leaves the question, should TBB users install addons that haven't been explicitly tested & proclaimed "safe" to use w/ TBB (as safe as the internet or TBB can reasonably be - NOTHING is or ever will be 100%). I don't know, but topic probably deserves more "official" discussion.

Now that Tor / TBB has become internationally well known, to extent some countries already ban it & U.S. (& others) has considered legislation that would affect its overall use, the big problem for users may soon be, "are you using Tor _at all_," not just, could someone profile you from browser / addon settings?

One big question - is it a necessity (no way around it) for sites or traffic monitors to see what extensions are installed or other non - default TBB settings (other than bare minimum, like browser ver., OS, etc.). I don't understand the problems involved, so I'm asking the "stupid" questions on others' behalf. Why is it necessary that data like Ghostery (or many other) extensions are installed, be made available to sites from TBB? Why is it necessary (or is it?) for extension devs to write them so that the extension(s) installed are made known to sites?

[I'm basing the question on many posts to the list about "if users use xyz addon, or change TBB default settings, it's possible to "fingerprint" them]. Why does a site have to know WHAT is blocking a tracker beacon or an ad, rather than just they ARE blocked? NoScript is included in TBB w/ all scripts allowed in default settings. So every user has it enabled (by default). There must be an extraordinary # of customization possibilities w/ that one extension. If users blacklist one site in NoScript, they're automatically "different." Cookies are globally enabled by default in TBB, so those blocking them are automatically different. Is there more risk to users being profiled as unique, by blacklisting ONE site in NoScript (or any other routine changes) than there is by installing Ghostery, AdBlock Plus, etc?

Admittedly, I may not fully understand the problems here. When any of many cookie managers / blockers (aside from native Firefox / Aurora) blocks cookies, I don't think the site knows "Cookie Monster is blocking cookies," does it? It just says, "Your browser isn't accepting cookies." Maybe I'm wrong & sites DO know it's Cookie Monster?? But if not, seems the same principle would (often) apply to blocking beacons, ads & many other things using extensions, would it not? Using TBB, sites don't have your true IP address, true geographical location, etc. Why do they need to know which extensions are installed or the settings of them?

Don't shoot the messenger - I'm just asking some questions that I haven't seen discussed - here - in detail.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk