Re: [Tails-dev] AdBlock Plus in Tails' Tor Browser

Poista viesti

Vastaa
Lähettäjä: bertagaz
Päiväys:  
Vastaanottaja: The Tails public development discussion list
Aihe: Re: [Tails-dev] AdBlock Plus in Tails' Tor Browser
Hi,

This answer might pop up late now that #8665 is in Ready for QA state,
still it might bring new questions. Sorry for that.

On Fri, Jan 23, 2015 at 12:49:10AM +0100, intrigeri wrote:
> mercedes508 wrote (22 Jan 2015 17:54:53 GMT) :
> > And I'm wondering how important the fingerrint issue is, considering
> > how easy it is to change it (e.g. by enlarging the browser window),
>
> I'm more concerned about behavioral differences (compared to the Tor
> Browser) that we ship by default (XXX: we haven't summed up what they
> were recently, by the way), than about bits of fingerprinting
> information that every Tor Browser user, be it upstream or within
> Tails, can individually choose to leak.
>
> I'm tempted to propose that on this topic, just like for resizing the
> browser:
>
>  * we provide safer defaults;
>  * we let users manually opt-in if they want to block ads and diverge
>    from the Tor Browser anonymity set.


> (Of course the current behaviour for resizing the window is not a good
> implementation of opting-in to diverge, as the security consequences
> of this action are completely non-obvious to the user. There are
> tickets in the right place about asking for a confirmation in this
> case, I think.)
>
> [And I'm starting to wonder if this wouldn't be better to put that
> in the upcoming Tor Browser's "security slider". At first glance:


Then if we go for safer defaults, I agree Ad Block+ would be more close to
NoScript in term in UX and fingerprinting.

We could integrate Ad Block+ the same way: installed but disabled by
default.

That sure would be something to discuss further with the TorBrowser
people.

We could help them to upstream our Ad Block+ rules update process.

Shall we engage a discussion about this? That's
https://trac.torproject.org/projects/tor/ticket/9387

> "block ads, not JS" < "block neither ads nor JS" < "block JS, not ads"
>                               (default)

>
> but once you block JS, your fingerprint is so much different anyway
> that blocking ads on top don't make a big difference, so possibly this
> would be better, although awkward and then perhaps confusing for
> users:
>
> "block ads, not JS" < "block neither ads nor JS" < "block JS and ads"
>
> Food for thought.]


I'm not even sure we need to decouple both, but why not. It might be hard
to fit in the TorLauncher slider though if we want to push this forward.

Bert.