[tor-talk] Adblock Plus and Ghostery should be included in Tor bundle
Joe Btfsplk
joebtfsplk at gmx.com
Sun Feb 12 18:14:21 UTC 2012
On 2/12/2012 10:41 AM, Brian Franklin wrote:
> Unknown makes a good point. The options should be set globally for all users of the Tor Bundle to avoid any profiling. Those who have a need for further configuration do so at their own risk.
Good point. Originally, at least part of the Tor design was users
couldn't be tracked from end to end - period. Nothing about profiling
based on customization. Now things have changed - obviously.
A lot of users (apparently) don't want to use TBB in its current default
state. That may / may not be good for the crowd and / or them. I don't
have enough deep, technical knowledge to say.
One thing I do know, is the internet, trackers, hackers, gov'ts, etc.,
keep discovering new tools & refining ways to track Tor & NON - Tor
users. Tor devs constantly have to keep up & try to stay even, if not
ahead of "the adversaries." Overall, they do a good job & I'm pretty
sure all but experienced software devs w/ an excellent knowledge of
security issues, have no idea how hard this is for Tor devs.
That still leaves the question, should TBB users install addons that
haven't been explicitly tested & proclaimed "safe" to use w/ TBB (as
safe as the internet or TBB can reasonably be - NOTHING is or ever will
be 100%). I don't know, but topic probably deserves more "official"
discussion.
Now that Tor / TBB has become internationally well known, to extent some
countries already ban it & U.S. (& others) has considered legislation
that would affect its overall use, the big problem for users may soon
be, "are you using Tor _at all_," not just, could someone profile you
from browser / addon settings?
One big question - is it a necessity (no way around it) for sites or
traffic monitors to see what extensions are installed or other non -
default TBB settings (other than bare minimum, like browser ver., OS,
etc.). I don't understand the problems involved, so I'm asking the
"stupid" questions on others' behalf. Why is it necessary that data
like Ghostery (or many other) extensions are installed, be made
available to sites from TBB? Why is it necessary (or is it?) for
extension devs to write them so that the extension(s) installed are made
known to sites?
[I'm basing the question on many posts to the list about "if users use
xyz addon, or change TBB default settings, it's possible to
"fingerprint" them].
Why does a site have to know WHAT is blocking a tracker beacon or an ad,
rather than just they ARE blocked? NoScript is included in TBB w/ all
scripts allowed in default settings. So every user has it enabled (by
default). There must be an extraordinary # of customization
possibilities w/ that one extension. If users blacklist one site in
NoScript, they're automatically "different." Cookies are globally
enabled by default in TBB, so those blocking them are automatically
different. Is there more risk to users being profiled as unique, by
blacklisting ONE site in NoScript (or any other routine changes) than
there is by installing Ghostery, AdBlock Plus, etc?
Admittedly, I may not fully understand the problems here. When any of
many cookie managers / blockers (aside from native Firefox / Aurora)
blocks cookies, I don't think the site knows "Cookie Monster is blocking
cookies," does it? It just says, "Your browser isn't accepting
cookies." Maybe I'm wrong & sites DO know it's Cookie Monster?? But if
not, seems the same principle would (often) apply to blocking beacons,
ads & many other things using extensions, would it not? Using TBB,
sites don't have your true IP address, true geographical location, etc.
Why do they need to know which extensions are installed or the settings
of them?
Don't shoot the messenger - I'm just asking some questions that I
haven't seen discussed - here - in detail.
More information about the tor-talk
mailing list