[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5273 [Firefox Patch Issues]: Update TBB design doc for 2.3.x-alpha
#5273: Update TBB design doc for 2.3.x-alpha
----------------------------------+-----------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone: TorBrowserBundle 2.3.x-stable
Component: Firefox Patch Issues | Version:
Keywords: MikePerry201207 | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by gk):
Replying to [comment:17 mikeperry]:
> Replying to [comment:16 gk]:
> > Replying to [comment:15 mikeperry]:
> > > I still hate the beggar's header and dislike the adblocker ideas,
but siloing them per url bar at least mitigates the damage they can do.
The per-site adblocker might also drive per-site incentive for ads to not
suck more than a global adblocker would.
> > I am lost here as well. But maybe your ideas are due to the "Correlate
activity across multiple site visits" adversary goal you thought about
adding for completeness' sake? If so, I do not see how options buried in a
context menu which are off by default could defend against it.
>
> The core idea here is rooted in the assumption that the crazies who
think they know better (but really do not) will enable this stuff by
default globally right now by way of installing Adblock or clicking the
Beggar Checkbox... That behavior (which we probably can't expect to stop)
is worse for the total population's anonymity set than per-site options.
At least, I think so.. Are there reasons to the contrary?
We'll see. What makes you confident that people do not install a global
adblocker anymore or do the four clicks to activate DNT globally? To make
that point more clear: Imagine the user that does these things globally
because she is not happy with the current TBB in this regard. I would
strongly argue that she is not fiddling with filterlists but just does not
want to get tracked (globally!). I mean if I fear tracking and take the
effort to install an add-on that defends against it and try to get the DNT
option activated in the pref menu I think that tracking is bad in general
and not just on google.com, right? Now, let's suppose you implement that
option and let this user decide to use your context menu to express her
beliefs. What is she going to do? Does she really go on every site she
visits into the context menu and to make sure that the options for this
site are checked (and stay checked! she might not get the per site logic
behind your idea)? Or is she going to do the thing she a) is usded to do
and b) that is much, much less error-prone c) that already protects before
the site is loaded the first time d) is much, much more convenient:
setting DNT to true and installing an add-on globally? I think you'll lose
the per side battle wrt to DNT and Adblock and it is just wasted effort.
There are other nasty side-effects of this design decision: it makes
explaining the privacy by design idea even harder (if one really ships a
privacy by design browser but still needs some exceptions there seems
something wrong with the design, right?), it suggests you are okay with
DNT and adblocker add-ons generally (yes, you are not but shipping those
options even if in a context menu by default suggests that to the laymen.
They may even say: "Wow, finally, Mike got it and I am right in using DNT
and Adblock globally as I have always done!"). You have to take new attack
vectors into account (e.g. bad exits trying to mess with filterlists etc.)
which in turn makes it even more difficult to understand and evealuate the
security implications of your design...
All in all, I really doubt whether that idea is worth the effort,
especially as you have to educate/explain the design decisions to the the
users anyway. If so, lets not distract from getting the double-keying idea
to them.
> I also expect that certain sites will have homogenous requirements wrt
ad blockers and plugins/media because people will naturally decide that
those sites suck in similar ways... But perhaps that is a poor assumption?
If so, please explain how/why?
Don't know yet as I am not sure whether I understand you correctly. What
do you mean with "homogenous requirements wrt ad blockers and
plugins/media" and how does this fit to the issue whether site-based
options for adblockers etc. or no options at all should be implemented in
the default TBB?
> As a general matter, I prefer allowing user choice if possible, but it
also seems clear that user choice for global behaviors is really, really
bad... Allowing easy access to per-site choices would be way better by
comparison...
Choice is good but do users really want to have per site choices regarding
ad-trackers and DNT? What makes you believe so? And why does that not
already exist as an add-on and all anti-tracker add-ons are working
globally (at least all I can currently come up with)? If there is even a
tiny demand for a specific wish there usually seems to exist an add-on for
it on AMO.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5273#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs