[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] ads slow Tor Browser dramatically



Thus spake Julian Yon (julian@xxxxxxxxxx):

> On Tue, 6 Nov 2012 14:44:37 -0800
> Mike Perry <mikeperry@xxxxxxxxxxxxxx> wrote:
> 
> > I am deeply opposed to shipping an always-on universal adblocker with
> > the default TBB. I think it would be political suicide in terms of
> > accomplishing our goals with acceptance of Tor users by sites,
> > lobbying for private browsing origin changes, and convincing the
> > world that privacy by design is possible without resorting to
> > filtering schemes and/or DNT-style begging.
> > 
> > Further, adblocker filter choices are fingerprintable.
> > 
> > *However*, I recognize that many sites use advertising networks that
> > are obnoxious, deceptive, and possibly even dangerous wrt vectors for
> > malware (though safebrowsing filters are supposed to exist for this
> > last reason and we do use those).
> 
> One of the things that frequently spooks me off-Tor is ads that clearly
> know what I've been doing elsewhere. i.e. I see an ad on one site
> offering to sell me specific items I've been looking at on another.
> Now, obviously as an experienced comp sci I'm aware of the technologies
> that are being employed to do this, and I'm aware of the ways that the
> Tor Browser, driven responsibly, offers protection against this.
> 
> But two things spring to mind. (1) Such ads already constitute a form
> of social engineering. How long until an ad network comes up with an
> ingenious psychological trick to convince a small but significant
> percentage of normally responsible Tor users to deanonymise themselves?
> (2) Given what they can already do using technologies we know about, I
> can't help wondering if the advertising industry is in fact the true
> Global Adversary. It wouldn't surprise me if they were putting more
> resources into beating Tor than any nation state.

I considered writing an in-depth reply questioning the distinction
between these "Global Adversary" third parties and the first parties
that would willingly collaborate with such third parties, but I think in
the interest of brevity, I'll just start with two simple questions:

Can you explain how regular expressions will hinder such a "true Global
Adversary" in any way?

If not, can you suggest an alternate, non-regex ablocker design that
would withstand such a threat?


-- 
Mike Perry

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk