Re: [Tails-dev] AdBlock Plus in Tails' Tor Browser

Borrar esta mensaxe

Responder a esta mensaxe
Autor: sajolida
Data:  
Para: The Tails public development discussion list
Asunto: Re: [Tails-dev] AdBlock Plus in Tails' Tor Browser
I'll try to add more and fresh info to the debate.

Some of us asked people developing Tor Browser why it was shipping ads,
and what they think about Tails removing AdBlock Plus.

Being friendly to big websites
------------------------------

Apparently, if AdBlock Plus is not part of the TBB, it is mostly as a
possible argument against the blocking of Tor by big websites whose
incomes come from those ads. In some way, to help legitimate the access
to those websites from Tor. So this is more of a strategical move.

Some of us pointed out that the efficiency of this is hard to prove, and
many big websites keep on being unfriendly to Tor (Google and Cloudflare
just to name a few). On the other end, these companies are not blocking
all browsers who have this extension installed while that would be
technically possible.

And the thing is that Tails is a very tiny portion of Tor users. So
Tails removing or keeping AdBlock Plus probably won't influence the
power balance with blocking sites that much.

I'm doing some very rough maths here but Tor has around 2 million direct
users daily
(https://metrics.torproject.org/userstats-relay-country.html) while
Tails has around 10000 users daily. That's 0.5%.
Even if we consider 50% of Tor users as bots (they probably are), Tails
is still 1%. D'oh!

So, from that point of view, we might question the utility of removing
AdBlock Plus as a strategical move for our users.

Regarding fingerprinting
------------------------

On the fingerprinting part of the discussion, AdBlock Plus actually
blocks something like 80% of the tracking technologies and ads. On the
tracking part of this point, as the Tor Browse already has an isolation
mechanism per tab and per domain, so most of this tracking is neutralized.

More interestingly, we also learned that it is surely possible to
fingerprint Tor Browser depending on your host OS (say Windows, Mac,
Linux, Tails, etc.). Apparently, the usual tests that we run can be
defeated by other techniques (differences in the display of widgets
between operating systems, Unicode tricks, etc.) and independently from
ad blocking. David Fifield knows more about that stuff.

So if the idea of removing AdBlock is too make Tails look more like, say
Tor Browser on Windows, then yes it will surely improve things a bit on
some aspect (analysis of network flows) but not others (graphical
analysis of the display) and might not be a strong enough argument on
its own. I'm not sure which technique is easier to perform for an attacker.

To finish with, I'm personally not really thrilled about that debate
anymore. I do with ads in Tor Browser outside of Tails, and I'm fine.
But I would still keep AdBlock Plus as a political statement against
surveillance of users and ads as the core business model of nowadays
Internet. Fuck that shit! :)