[tor-talk] Privacy Badger
Dave Warren
davew at hireahit.com
Sat Aug 29 05:17:44 UTC 2015
On 2015-08-28 20:05, Mike Perry wrote:
> Yikes! I didn't know this. This is especially bad, especially if Privacy
> Badger has custom storage mechanisms for this that aren't cleared
> regularly (which you touch on below).
And if you do clear this list regularly, Privacy Badger is useless; it
functions by learning which sites are legitimate and which are
potentially tracking you based on the fact that by their nature,
trackers are resources loading from a consistent location into various
unrelated sites using cookies that are potentially uniquely identifying.
Resetting it's history leaves you vulnerable to tracking until it has
re-learned your behaviour, by which time you're vulnerable to
fingerprinting.
It might be possible to take the same concept and democratize it in some
fashion that would share the heuristically learned data between users,
such that users aren't individually fingerprintable (while uses of
Privacy Badger itself would become more obvious), but then you have the
problem of building a whitelist for resources that are actually useful,
and potential malfeasance on the part of whitelist submissions, as well
as the efforts to manage the whitelist. Without a whitelist, it will
eventually break sites, and if you whitelist yourself, you again
generate a fingerprint.
As much as I love Privacy Badger in general, I don't see how it can fit
into the Tor model.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the tor-talk
mailing list