Delivery-Date: Fri, 28 Aug 2015 22:02:41 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 41E6E1E0C75;
	Fri, 28 Aug 2015 22:02:40 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 22BA737212;
	Sat, 29 Aug 2015 02:02:34 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 2401037210
 for <tor-talk@lists.torproject.org>; Sat, 29 Aug 2015 02:02:20 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id lCnsSfOpOamO for <tor-talk@lists.torproject.org>;
 Sat, 29 Aug 2015 02:02:20 +0000 (UTC)
Received: from turtles.fscked.org (turtles.fscked.org [76.73.17.194])
 by eugeni.torproject.org (Postfix) with ESMTP id 028623720A
 for <tor-talk@lists.torproject.org>; Sat, 29 Aug 2015 02:02:20 +0000 (UTC)
Date: Fri, 28 Aug 2015 19:01:51 -0700
From: Mike Perry <mikeperry@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20150829020151.GG5822@torproject.org>
References: <20150828230041.747D340496@smtp03.mail.de>
MIME-Version: 1.0
In-Reply-To: <20150828230041.747D340496@smtp03.mail.de>
Subject: Re: [tor-talk] Privacy Badger
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============8207947973622200803=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============8207947973622200803==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="8S1fMsFYqgBC+BN/"
Content-Disposition: inline


--8S1fMsFYqgBC+BN/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

sg.info@email-postfach.info:
> Hi guys and girls,
> are there security issues using the privacy badger from eff.org with the =
tor browser ?=20
> Or: Is there are a need to use privacy badger or is this utility dispensa=
ble ?

The filters in use by Privacy Badger are fingerprintable - it is
possible for sites to determine that you have it installed.

In general, Tor Browser is opposed to adblockers, censorship lists, and
related filters, since they are trivial for a dedicated adversary to
bypass, and also distract from our mission of protecting from
fingerprinting and tracking threats through altering the browser to
provide real privacy by design. See also point 5 under:
https://www.torproject.org/projects/torbrowser/design/#philosophy

At the end of the day though, it is up to the user to decide if they
want to incur the fingerprinting hit of installing such filters. This
unfortunately has its own problems, since there are so many of these
types of filtering addons (and even different blacklist subscription
feeds for those addons) that they probably ultimately end up fragmenting
the userbase quite a bit in total.

Still, I also don't think that there's any reason to believe that even
if we shipped Tor Browser with "the one true block everything adblocker"
that userbase fragmentation wouldn't happen anyway. Many people would
still install one or more additional filters for various reasons, if
nothing else than because of personal preferences. Others may end up
disabling filters (or subsets of them) because they break random stuff
(if they could even figure that out).

The only way to win the blacklist game is not to play it, I'm afraid.


--=20
Mike Perry

--8S1fMsFYqgBC+BN/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJV4RKPAAoJEEEC+JXS8eGGW7AP+gO5gxej7+E+Zw5EV0cI0gyn
bamBCe9po3IoID+nwKatiBqI0gvLYxRWdBk0GzzKS0b2bmMVKpijNO6/JJRPhWJF
yKg/z0YIP9Qsxw2RvCu3AjNsjIxcUfPWxsmQ6e//5LqB24nOJ6UGge8TkYtiPI6i
VDzBUTACzRG7bPK8LpkW3PBSWaMZjay966mqvTBSziXwtwXzkdISGNDKosOxK1yn
EG9cRX1kYAQa7u7G7GRIhQcYZ6mpuOv5lXeRHJTCss2oceDZBwkUqCbpdIf5Yn27
GfJMlH1BcooYWNWUZXGIXmC+NgEJP8gAiP8Xz6CPgzwh9n9eoPzzUsCm6PIlVN9I
JyIkqhBFQMEhp5UWY+3xkpwWhBRM+6OzpamJuWaNarFG9/Q7p3PJsN7Y48aUjNjx
u5DPSQHw35ZpogCjoDIJ7sWlILbjDWM+QCqbaoRLPwcfbphaR0HyG1VDy+CjVYkt
iQL1KdCrPPUqKNOXXLCpuhNTCNzwjfw8QEn/2ioyBol0dj/evQymrKiOzF40sOcr
N1eNFh1Fs4jVz06zTrg9mTe66BHPtqyjFJ6NlW6vhULoEJO1BkuU5ngsh0IKN2Sg
gO0j6CaswbzT5O54kCYpMTwsu7HOVtw/z+fC0rB49gQe2gCtA2QMNT99Xd/flsHK
55mTXM/YCIb1kYCBSsOn
=rX6q
-----END PGP SIGNATURE-----

--8S1fMsFYqgBC+BN/--

--===============8207947973622200803==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============8207947973622200803==--

