Delivery-Date: Sat, 29 Aug 2015 01:23:18 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id DFACA1E02B8;
	Sat, 29 Aug 2015 01:23:16 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 3F3CA37136;
	Sat, 29 Aug 2015 05:23:12 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C2C55347B0
 for <tor-talk@lists.torproject.org>; Sat, 29 Aug 2015 05:23:07 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id CHFm6oOaJsVR for <tor-talk@lists.torproject.org>;
 Sat, 29 Aug 2015 05:23:07 +0000 (UTC)
Received: from vincent.hireahit.com (vincent.hireahit.com [23.19.120.58])
 by eugeni.torproject.org (Postfix) with ESMTP id 69E8825057
 for <tor-talk@lists.torproject.org>; Sat, 29 Aug 2015 05:23:07 +0000 (UTC)
Received: from VINCENT.hireahit.com by hireahit.com (vincent.hireahit.com)
 (SecurityGateway 3.0.2) with ESMTP id SG002341517.MSG 
 for <tor-talk@lists.torproject.org>; Fri, 28 Aug 2015 22:17:52 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=hireahit.com;
 s=MD-20140321; t=1440825471; x=1441430271; q=dns/txt; h=Message-ID:
 Date:From:User-Agent:MIME-Version:To:Subject:References:
 In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=wXzWvDV+z
 MbF0qFcGSRc4yheom594Roi1B2TWqVoq2A=; b=n+BGjJ4yZeCYxQ/mzXhbLZSrm
 NcLrh4Xwejhvdu9W0vI2BNNMvN9RSqg4vwXjsu+xumm/Oi73uu2iYF/ps0TfagS9
 M4zvxoT+hYqo2uS4VSG2HTB3mKPM/QqoV9rvD37euvQoB/mUKHkAP5Pr/zbB4hpa
 Ftic7zRKeVyF2McdqQ=
Received: from [x.x.x.x] ([184.68.44.226])
 by VINCENT.hireahit.com ([23.19.120.58])
 (Cipher TLSv1.2:AES-SHA:256) (MDaemon PRO v15.0.3) 
 with ESMTPSA id 50-md50000023474.msg for <tor-talk@lists.torproject.org>;
 Fri, 28 Aug 2015 22:17:49 -0700
X-MDRemoteIP: 184.68.44.226
X-MDArrival-Date: Fri, 28 Aug 2015 22:17:49 -0700
X-Authenticated-Sender: davew@hireahit.com
X-Return-Path: davew@hireahit.com
X-Envelope-From: davew@hireahit.com
X-MDaemon-Deliver-To: tor-talk@lists.torproject.org
Message-ID: <55E14078.1090105@hireahit.com>
Date: Fri, 28 Aug 2015 22:17:44 -0700
From: Dave Warren <davew@hireahit.com>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64;
 rv:25.4) Gecko/20150524 FossaMail/25.1.5
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <20150828230041.747D340496@smtp03.mail.de>
 <20150829020151.GG5822@torproject.org> <55E1163E.3050506@freedom.press>
 <20150829030517.GH5822@torproject.org>
In-Reply-To: <20150829030517.GH5822@torproject.org>
Subject: Re: [tor-talk] Privacy Badger
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2015-08-28 20:05, Mike Perry wrote:
> Yikes! I didn't know this. This is especially bad, especially if Privacy
> Badger has custom storage mechanisms for this that aren't cleared
> regularly (which you touch on below).

And if you do clear this list regularly, Privacy Badger is useless; it 
functions by learning which sites are legitimate and which are 
potentially tracking you based on the fact that by their nature, 
trackers are resources loading from a consistent location into various 
unrelated sites using cookies that are potentially uniquely identifying.

Resetting it's history leaves you vulnerable to tracking until it has 
re-learned your behaviour, by which time you're vulnerable to 
fingerprinting.

It might be possible to take the same concept and democratize it in some 
fashion that would share the heuristically learned data between users, 
such that users aren't individually fingerprintable (while uses of 
Privacy Badger itself would become more obvious), but then you have the 
problem of building a whitelist for resources that are actually useful, 
and potential malfeasance on the part of whitelist submissions, as well 
as the efforts to manage the whitelist. Without a whitelist, it will 
eventually break sites, and if you whitelist yourself, you again 
generate a fingerprint.

As much as I love Privacy Badger in general, I don't see how it can fit 
into the Tor model.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

