Delivery-Date: Sat, 29 Aug 2015 04:29:16 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8007B1E039F;
	Sat, 29 Aug 2015 04:29:14 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id B1EE93717C;
	Sat, 29 Aug 2015 08:29:08 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C26B137121
 for <tor-talk@lists.torproject.org>; Sat, 29 Aug 2015 08:29:04 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id OLB6pMRX9ga0 for <tor-talk@lists.torproject.org>;
 Sat, 29 Aug 2015 08:29:04 +0000 (UTC)
Received: from turtles.fscked.org (turtles.fscked.org [76.73.17.194])
 by eugeni.torproject.org (Postfix) with ESMTP id 92EB4370F6
 for <tor-talk@lists.torproject.org>; Sat, 29 Aug 2015 08:29:04 +0000 (UTC)
Date: Sat, 29 Aug 2015 01:28:54 -0700
From: Mike Perry <mikeperry@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20150829082854.GI5822@torproject.org>
References: <20150828230041.747D340496@smtp03.mail.de>
 <20150829020151.GG5822@torproject.org>
 <55E1163E.3050506@freedom.press>
 <20150829030517.GH5822@torproject.org>
 <20150829044821.GD27092@localhost>
MIME-Version: 1.0
In-Reply-To: <20150829044821.GD27092@localhost>
Subject: Re: [tor-talk] Privacy Badger
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============4150208336597657476=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============4150208336597657476==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="poJSiGMzRSvrLGLs"
Content-Disposition: inline


--poJSiGMzRSvrLGLs
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=D0=90=D1=80=D1=82=D1=83=D1=80 =D0=98=D1=81=D1=82=D0=BE=D0=BC=D0=B8=D0=BD:
> On Fri, Aug 28, 2015 at 08:05:17PM -0700, Mike Perry wrote:
> > Garrett Robinson:
> > > On 8/28/15 7:01 PM, Mike Perry wrote:
> > > > sg.info@email-postfach.info:
> > > >> Hi guys and girls, are there security issues using the privacy
> > > >> badger from eff.org with the tor browser ?  Or: Is there are a
> > > >> need to use privacy badger or is this utility dispensable ?
> > > >=20
> > > > The filters in use by Privacy Badger are fingerprintable - it is
> > > > possible for sites to determine that you have it installed.
> > >=20
> > > Since Privacy Badger uses a learning heuristic based on the sites
> > > you visit, it actually might possible for it to leak information
> > > about your browsing history too.
> >=20
> > Yikes! I didn't know this. This is especially bad, especially if
> > Privacy Badger has custom storage mechanisms for this that aren't
> > cleared regularly (which you touch on below). It may also result in
> > browsing history leaking to disk, which wouldn't normally happen in
> > the default Tor Browser.
>=20
> Mike, I'm interesting, You personaly are using some adblockers or
> Noscript in Your everyday webserfing?

I "eat my own dog food" as the saying goes. I almost exclusively use Tor
Browser. I do not use any additional addons other than the default
(which includes NoScript). I do not use an adblocker.

I tend to use the Medium-High Security Slider level most of the time
(which among other things blocks Javascript for all non-https pages) so
I occasionally need to tell NoScript to allow scripts on http sites.
Thankfully, more and more sites appear to be either moving to https, or
ensuring that they work without Javascript. I use the default Tor
Browser NoScript settings.


There was a time when I used to do some things over non-Tor (like
watching Hulu), but since the loss of a reliable and regularly updated
flash player on Linux, I quit doing that. Since I managed to break that
habit, I'm unlikely to start doing it again, even if the DRM EME shit
ends up being supported by Hulu/Netflix/whatever.

I also don't think the current EME implementations are specified well
enough to be sure that the closed-source components are properly
sandboxed against insecurities and/or malicious operation. Mozilla's
implementation of EME came close, but until the sandbox itself can be
built reproducibly, it is really hard to say what is in the binaries
that Mozilla is giving us (especially when a new one arrives every
couple weeks). So for now at least, there appear to be only two choices:
live free, or die! ;)

--=20
Mike Perry

--poJSiGMzRSvrLGLs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJV4W1GAAoJEEEC+JXS8eGGSSkP/0cDcYQAXOf3oDYs6d1AAi9H
BaJHtvjXp6DlqfKilVoq1MynYdcgLoOoFfNzAvX5EYBW5boOxxXJRdgUzbTUrnN4
OylifPQwfm0RZtKQAkWadmpbr3FX0+GeRHk6u7fDHflM9XJjq1ih5MT29v7KHX+7
kKStbY1dSsYGtJODZJL7TP3AGZx8Wn9+fZ0IAzF4F2nkE3hUIUALj3FOTEkdvqKe
/ybtmrI07fUG4uIBcrSBWJDJS2FIcIrMbEIki+9u+gGzmm5j7KAsTz1fItVQpbKb
eZpHn1FwgY+Ai2fq8I9yVyykBJHdvUunoSLjnNi9qPMO0/T5s4jablI5ZISxucHO
YXsc3ZiQURFoQ9xgdJrBaWQh4B4lB2vgwecQ8yUSAwrTZExTL8+mHwUysus+iLLl
CkevovVDRHpywCkL6eJ/BBHKMIImSCF5dDreVCJlXdloh+c8RPCOTdVWg9k1cJ39
w2UFYpwp3NIhnAEg/cIxC9I92TjElF7gQilk6hT9KSMYvdOkffUFPpcRDq7pXRTr
SKSHoe3dnfXG7Xd+eFbaEg3FlXHTLevTM/DxT57BI2eL61WwW3TwMjYrKk7N+hZy
iJZ80ci5kd6mUxNGf2D6xeCoWQNAmycfkLuZPRtESTJwLtuxIK01aWq50K0hB7AZ
0CxC4Qq2ikrBwfLTd4na
=XmHS
-----END PGP SIGNATURE-----

--poJSiGMzRSvrLGLs--

--===============4150208336597657476==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============4150208336597657476==--

