[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Privacy Badger



On 2015-08-28 20:05, Mike Perry wrote:
Yikes! I didn't know this. This is especially bad, especially if Privacy
Badger has custom storage mechanisms for this that aren't cleared
regularly (which you touch on below).

And if you do clear this list regularly, Privacy Badger is useless; it functions by learning which sites are legitimate and which are potentially tracking you based on the fact that by their nature, trackers are resources loading from a consistent location into various unrelated sites using cookies that are potentially uniquely identifying.

Resetting it's history leaves you vulnerable to tracking until it has re-learned your behaviour, by which time you're vulnerable to fingerprinting.

It might be possible to take the same concept and democratize it in some fashion that would share the heuristically learned data between users, such that users aren't individually fingerprintable (while uses of Privacy Badger itself would become more obvious), but then you have the problem of building a whitelist for resources that are actually useful, and potential malfeasance on the part of whitelist submissions, as well as the efforts to manage the whitelist. Without a whitelist, it will eventually break sites, and if you whitelist yourself, you again generate a fingerprint.

As much as I love Privacy Badger in general, I don't see how it can fit into the Tor model.

--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk