Thus spake Julian Yon (julian@xxxxxxxxxx): > On Tue, 6 Nov 2012 14:44:37 -0800 > Mike Perry <mikeperry@xxxxxxxxxxxxxx> wrote: > > > I am deeply opposed to shipping an always-on universal adblocker with > > the default TBB. I think it would be political suicide in terms of > > accomplishing our goals with acceptance of Tor users by sites, > > lobbying for private browsing origin changes, and convincing the > > world that privacy by design is possible without resorting to > > filtering schemes and/or DNT-style begging. > > > > Further, adblocker filter choices are fingerprintable. > > > > *However*, I recognize that many sites use advertising networks that > > are obnoxious, deceptive, and possibly even dangerous wrt vectors for > > malware (though safebrowsing filters are supposed to exist for this > > last reason and we do use those). > > One of the things that frequently spooks me off-Tor is ads that clearly > know what I've been doing elsewhere. i.e. I see an ad on one site > offering to sell me specific items I've been looking at on another. > Now, obviously as an experienced comp sci I'm aware of the technologies > that are being employed to do this, and I'm aware of the ways that the > Tor Browser, driven responsibly, offers protection against this. > > But two things spring to mind. (1) Such ads already constitute a form > of social engineering. How long until an ad network comes up with an > ingenious psychological trick to convince a small but significant > percentage of normally responsible Tor users to deanonymise themselves? > (2) Given what they can already do using technologies we know about, I > can't help wondering if the advertising industry is in fact the true > Global Adversary. It wouldn't surprise me if they were putting more > resources into beating Tor than any nation state. I considered writing an in-depth reply questioning the distinction between these "Global Adversary" third parties and the first parties that would willingly collaborate with such third parties, but I think in the interest of brevity, I'll just start with two simple questions: Can you explain how regular expressions will hinder such a "true Global Adversary" in any way? If not, can you suggest an alternate, non-regex ablocker design that would withstand such a threat? -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk