Anyone have any good information on using ublock origin with tor browser? Does it compromise my anonymity?
It’s highly discouraged to add further add ons on Tor since you will be more easily fongerprintable.
The only thing you should change on Tor are security settings, nothing else.
It makes sense for it to have a built in ad-blocker. Any idea why they don’t do that?
Hi! It doesn’t make sense at all. Blocking ads & trackers is not a good approach to achieve privacy. It’s quite weak actually for many reasons…
First of all, because enumeration badness doesn’t work; it’s not possible to create a list of every possible “malicious domain”. And even if it was possible, websites could develop their own first party tracking and then share the information to third parties like Google or Facebook.
Second of all, because apps and websites can detect what domains are blocked, thus they -or malicious actors- will able to uniquely identify users more easily.
Third of all, because extensions add more attack surface since they use privileged script in order to work.
That’s why Tor doesn’t use any ad-blocker.
For more information about enumeration badness and browser tracking you can see here and here
For more information about enumeration badness and browser tracking you can see here and here
and here
https://madaidans-insecurities.github.io/browser-tracking.html
Madaidan FUD detected once again.
I can totally see how Madaidan can cause fear, uncertainty, and doubt. When I read, for example, his criticisms of Linux, I felt not only that, but also disappointment. You for sure have good reasons to dislike Madaidan and either GraphenOS or the Lemmy GrapheneOS community. But I don’t know them. Could you explain a bit why Madidan and GrapheneOS (or it’s Lemmy community) are problematic? Your answer would help me see what you see :)
Is important to understand that madaidan isn’t spreading any FUD or fear or doubts whatsoever.
His criticism toward Linux is justified and well written. People who actually work with Linux everyday can confirm that.
- Brad Spengler, the developer of the most extensive kernel hardening patchset in existence and inventor of many widely used exploit mitigations along with pipacs (including ASLR, W^X, CFI, etc.):
https://grsecurity.net/10_years_of_linux_security.pdf
https://grsecurity.net/~spender/interview_notes.txt
https://nitter.net/grsecurity/status/1249850031357788162
https://nitter.net/spendergrsec/status/1308734202330963970
https://nitter.net/spendergrsec/status/1308762791734632454
- Kees Cook, Alexander Popov and more prominent Kernel Self-Protection Project members:
https://www.youtube.com/watch?v=v7_mwg5f2cE
- Daniel Micay, lead developer of GrapheneOS (formerly CopperheadOS), hardened_malloc, linux-hardened, etc.:
- Dmitry Vyukov, another prominent Linux security developer:
- Joanna Rutkowska, founder of QubesOS and author of many well-known security papers:
https://nitter.net/rootkovska/status/1136220742662664193
https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html
- Jon Oberheide, co-founder of Duo Security:
https://jon.oberheide.org/files/syscan12-exploitinglinux.pdf
- Solar Designer
https://www.openwall.com/lists/oss-security/2020/10/05/5
Now, that means that you should not to use Linux? Absolutely not. It’s not the point of the article. Madaidan itself uses Linux and he said many times how hate Wundows. The same goes for Firefox, he uses it as a daily driver. Basically, he uses the software he criticized, because those are simply security and technical analysys.
There is a huge difference between:
“I acknowledge that what madaidan has wrote is true, nonetheless I still keep to prefer Linux as my daily for x reasons”
And
“madaidan is spreading fud about Linux and other software because is a shill etc.”
And please, don’t listen to TheAnonymouseJoker. He is known as a troll in basically every privacy community.
https://lemmy.ml/post/73800/comment/66774
Read above comment chain comments too, and notice the other person’s deleted comments for some reason
Edit: the grifter is making claims about
And please, don’t listen to TheAnonymouseJoker. He is known as a troll in basically every privacy community
Here, “every privacy community” refers to NoGoolag and SpiteChat Telegram/Mtarix rooms, both places where madaidan is an admin and his entire pack of extremely racist people shitpost all day. It may also refer to r/privacytoolsio, where blacklight and madaidan seem to be close, toxic friends that call each other for brigading anyone who criticises them. blacklight, r/PTIO mod, once even attacked me after I was banned by trai_dep, the monster in the privacy community that promotes Apple and AMA hosts absolutely disgusting people like Cory Doctorow.
The only FUD around here is you @TheAnonymouseJoker@lemmy.ml
Surely not gonna take the words of !grapheneos@lemmy.ml moderator, are you, readers? This person moderates the GrapheneOS community here.
I would like to tell you that you even begged for moderating TheHatedOne and GrapheneOS communities here. Reveals a lot about you more than me.
Requesting is not begging, hence the purpose of c/community_requests
You seem like an angry person replying out of hate. I’m sorry for whatever it is that happened to you to be this way. It doesn’t give you a right to attack, harass and bully people.
Edit: your behavior is very much like an abuser in real life that gets off on verbally insulting people for your own sick and twisted kicks.
Quite the leap there, with the abuser claims. Be careful with the projection and the sarcasm, it might burn you a little on the inside.
You are just revealing about yourself as you continue to reply to me.
silly comments. Tails is using ublock orgin for Tor browser they ship with.
“Don’t use Tails it ruins your OP sec” lol.
A difference is that Tails includes the uBlock Origin extension, which removes advertisements. If an attacker can determine that you are not downloading the advertisements that are included in a webpage, that could reveal that you are a Tails user.
https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html
edit:
Site-specific or filter-based addons such as AdBlock Plus, Request Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe that these addons do not add any real privacy to a proper implementation of the above privacy requirements, and that development efforts should be focused on general solutions that prevent tracking by all third parties, rather than a list of specific URLs or hosts.
Implementing filter-based blocking directly into the browser, such as done with Firefox’ Tracking Protection, does not alleviate the concerns mentioned in the previous paragraph. There is still just a list containing specific URLs and hosts which, in this case, are assembled by Disconnect and adapted by Mozilla.
Trying to resort to filter methods based on machine learning does not solve the problem either: they don’t provide a general solution to the tracking problem as they are working probabilistically. Even with a precision rate at 99% and a false positive rate at 0.1% trackers would be missed and sites would be wrongly blocked.
Filter-based solutions in general can also introduce strange breakage and cause usability nightmares. For instance, there is a trend to observe that websites start detecting filer extensions and block access to content on them. Coping with this fallout easily leads to just whitelisting the affected domains, hoping that this helps, defeating the purpose of the filter in the first place. Filters will also fail to do their job if an adversary simply registers a new domain or creates a new URL path. Worse still, the unique filter sets that each user creates or installs will provide a wealth of fingerprinting targets.
https://2019.www.torproject.org/projects/torbrowser/design/#philosophy
This is literally documentation taken from the Tor Project.
Here’s the thing tho, u block might be good for your threat model. Depends what it is. any way if you are surfing clear web you got more serious opsec concerns.
99% people have zero idea when they give advice using buzzwords. These people are either spreading misinformation, or are grifters (few of them).
If uBlock Origin is creating more attack surface, being a highly vetted, open source addon for REDUCING attack surface, that should tell you about advice you should be taking from such idiots.
I am one of the main people who has brought back focus on threat modelling and opsec, and I am glad that it is also differentiating the grift from the good advice, and not just guiding everyone towards a less tinfoil, more saner path to privacy.