[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5273 [Firefox Patch Issues]: Update TBB design doc for 2.3.x-alpha
#5273: Update TBB design doc for 2.3.x-alpha
----------------------------------+-----------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone: TorBrowserBundle 2.3.x-stable
Component: Firefox Patch Issues | Version:
Keywords: MikePerry201207 | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by mikeperry):
Replying to [comment:16 gk]:
> Replying to [comment:15 mikeperry]:
> > The reason to put the beggar's header, the adblocker, and the plugin
control on a per site basis is to avoid the fingerprinting due to global
prefs.
> Maybe I am bit slow here but could you explain the fingerprinting risks
you see for TBB users a bit? Offering these options seems rather to
introduce fingerprinting issues as users choosing them are not in the
default set anymore. Let alone the option for bad exits to test whether
users are deploying the same filterlists and if not separating them and so
on...
Yes, the key thing in my mind is that users are able to define a
relationship with a specific site under this model. If they decide to end
this relationship, they hit the delete key and everything is wiped.
Moreover, their decisions wrt one site do not affect browser behavior on
other sites (which is the important component for 3rd party
linkability/correlation through fingerprinting, IMO).
> > I still hate the beggar's header and dislike the adblocker ideas, but
siloing them per url bar at least mitigates the damage they can do. The
per-site adblocker might also drive per-site incentive for ads to not suck
more than a global adblocker would.
> I am lost here as well. But maybe your ideas are due to the "Correlate
activity across multiple site visits" adversary goal you thought about
adding for completeness' sake? If so, I do not see how options buried in a
context menu which are off by default could defend against it.
The core idea here is rooted in the assumption that the crazies who think
they know better (but really do not) will enable this stuff by default
globally right now by way of installing Adblock or clicking the Beggar
Checkbox... That behavior (which we probably can't expect to stop) is
worse for the total population's anonymity set than per-site options. At
least, I think so.. Are there reasons to the contrary?
I also expect that certain sites will have homogenous requirements wrt ad
blockers and plugins/media because people will naturally decide that those
sites suck in similar ways... But perhaps that is a poor assumption? If
so, please explain how/why?
As a general matter, I prefer allowing user choice if possible, but it
also seems clear that user choice for global behaviors is really, really
bad... Allowing easy access to per-site choices would be way better by
comparison...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5273#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs