Anyone have any good information on using ublock origin with tor browser? Does it compromise my anonymity?

  • nikifa@lemmy.ml
    link
    fedilink
    arrow-up
    7
    ·
    3 years ago

    silly comments. Tails is using ublock orgin for Tor browser they ship with.

    “Don’t use Tails it ruins your OP sec” lol.

    • Lunacy@lemmy.ml
      link
      fedilink
      arrow-up
      6
      arrow-down
      5
      ·
      edit-2
      3 years ago

      A difference is that Tails includes the uBlock Origin extension, which removes advertisements. If an attacker can determine that you are not downloading the advertisements that are included in a webpage, that could reveal that you are a Tails user.

      https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html

      edit:

      Site-specific or filter-based addons such as AdBlock Plus, Request Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe that these addons do not add any real privacy to a proper implementation of the above privacy requirements, and that development efforts should be focused on general solutions that prevent tracking by all third parties, rather than a list of specific URLs or hosts.

      Implementing filter-based blocking directly into the browser, such as done with Firefox’ Tracking Protection, does not alleviate the concerns mentioned in the previous paragraph. There is still just a list containing specific URLs and hosts which, in this case, are assembled by Disconnect and adapted by Mozilla.

      Trying to resort to filter methods based on machine learning does not solve the problem either: they don’t provide a general solution to the tracking problem as they are working probabilistically. Even with a precision rate at 99% and a false positive rate at 0.1% trackers would be missed and sites would be wrongly blocked.

      Filter-based solutions in general can also introduce strange breakage and cause usability nightmares. For instance, there is a trend to observe that websites start detecting filer extensions and block access to content on them. Coping with this fallout easily leads to just whitelisting the affected domains, hoping that this helps, defeating the purpose of the filter in the first place. Filters will also fail to do their job if an adversary simply registers a new domain or creates a new URL path. Worse still, the unique filter sets that each user creates or installs will provide a wealth of fingerprinting targets.

      https://2019.www.torproject.org/projects/torbrowser/design/#philosophy

      This is literally documentation taken from the Tor Project.

      • Brattea@lemmy.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        3 years ago

        Here’s the thing tho, u block might be good for your threat model. Depends what it is. any way if you are surfing clear web you got more serious opsec concerns.

        • Lunacy@lemmy.ml
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          3 years ago

          Hi.

          I think i didn’t explain myself because this is happened before.

          The point of the comments I wrote are not aimed to say “don’t use ad-blockers” or “don’t use Linux” and so on. What I’m trying to do is “fight” the misinformation spread by certain people about these topic.

          Now, while people should act according their own threat model, they should also be aware about the possible pro and cons about every software they eventually are going to use.

          I’m not an expert, but in my understanding privacy is not something you can easily achieve. Browser need to carefully develop actual features designed to protect users’s privacy, like Tor browser does.

          Installing a bunch of add ons aimed to “blocks ads & trackers” or *spoof user agent" will make you stand out more from the crowd.

          Then if you’re comfortable with that it’s up to you. Again, there is a big difference between be aware about something and then act accordingly and be in denial mode and accuse people to spread misinformation beside the reliable sources linked.

          I personally use ublock on my desktop browser because I don’t like to see a page filled with ads & tracker and I don’t care about stand out from the crowd.

          Please, let me now whether I made that clear or not.

          edit: I’m asking you because I tend to make typos since English is not my first language.

    • TheAnonymouseJoker@lemmy.mlM
      link
      fedilink
      arrow-up
      5
      arrow-down
      4
      ·
      3 years ago

      99% people have zero idea when they give advice using buzzwords. These people are either spreading misinformation, or are grifters (few of them).

      If uBlock Origin is creating more attack surface, being a highly vetted, open source addon for REDUCING attack surface, that should tell you about advice you should be taking from such idiots.

      I am one of the main people who has brought back focus on threat modelling and opsec, and I am glad that it is also differentiating the grift from the good advice, and not just guiding everyone towards a less tinfoil, more saner path to privacy.