{Article} Privacy Badger Is Changing to Protect You Better
-
As @BoneTone said:
"For protection against tracking, nothing beats a default deny/allow exceptionally config in my opinion. It doesn't matter what data you would send to trackers if you never connect to the servers."
What to worry about the 16 sites Ghacks normally connect if they not connect at all?
-
@barbudo2005 , waht webs know about you, you can test in Browserleaks and adjust your blockings according to the results.
-
@Catweazle said in {Article} Privacy Badger Is Changing to Protect You Better:
Trace instead is at the moment the best alternative for PB
Eh, I'd say uBlock Origin and/or uMatrix are the best alternatives. Certainly that's what I have used since uninstalling PB quite some time ago. But I admittedly don't know Trace that well, and it could be equivalent to uBlock Origin. That graphic doesn't provide a lot of detail, though it's reminiscent of the blocking modes in UBO.
-
@Catweazle said in {Article} Privacy Badger Is Changing to Protect You Better:
@barbudo2005 , waht webs know about you, you can test in Browserleaks and adjust your blockings according to the results.
Tools like that provide only a partial picture of what can be collected & tracked. I haven't looked very recently, but I've never seen a complete one. Many often state that they are knowingly not using techniques that are known to be used by trackers, though they too frequently bury this info in non-obvious locations that can be difficult to find. I would be very wary of using any such tool as confirmation of protection. And as research has indicated, things like this displaying inaccurate info doesn't prevent people from still tracking you or determining the correct info.
Edit: it is just simpler and more effective to block than to try to deceive.
-
@BoneTone said in {Article} Privacy Badger Is Changing to Protect You Better:
it is just simpler and more effective to block than to try to deceive
uM with default-deny policy, thence individual sites let thru' on exception basis, just seems so obvious to me... but before i learned this, it was not obvious at all - ha!
-
I am using LocalCDN a fork of Decentraleyes (more frameworks and update more regularly)
https://codeberg.org/nobody/LocalCDN
https://chrome.google.com/webstore/detail/localcdn/njdfdhgcmkocbgbhcioffdbicglldapd
Are you using one of them?
-
@Steffie and uMatrix, by virtue of not being list based, doesn't need to receive regular updates of what new tracking sites exist. Lists still remain useful, especially as one is granting exceptions to provide visual guidance on what not to allow. When everything is initially blocked, however, obviously nothing is getting through. I even block first-party abilities by default.
-
@barbudo2005 I've been using Decentraleyes but I'll give this one a look when I find some time. Thanks.
-
@BoneTone said in {Article} Privacy Badger Is Changing to Protect You Better:
by virtue of not being list based
I hope i phrase this appropriately to not mislead, because i am not seeking to actually criticise or mock list-based methods, only place them in a proper perspective. All i do want to mention though is that at no point [even before discovering uMatrix years ago] did i feel "comfortable" about lists. I simply could not get it out of my mind that by definition the instant a given list is produced, it is on the path to obsolescence, when the "digital playground" [or rather, sadly more apt i suspect, the digital battlefield] in which it operates is so hyper-dynamic. I never could stop regarding lists as being merely digital whack-a-mole.
-
-
@Steffie said in {Article} Privacy Badger Is Changing to Protect You Better:
on the path to obsolescence,
You know I generally agree with the point, but even with uMatrix they remain useful... think of the sites that are "below the fold"... you almost never grant those exceptions. *Parts* of the lists will become obsolete, but never the lists themselves as long as they continue to be maintained. But your point about them being dated the moment they're released stands, which is what I think you were getting at. Even as you receive the update, there are likely some entries that are no longer necessary, and some servers are without a doubt not included. That's why we have so many lists in our settings -- different maintainers have different criteria. Some lists, to remain available for users, remove certain sites due to legal threats, necessitating the use of even more lists. Such is the state of the world.
I know some like to call the whole functionalclam episode an example of the Streisand effect, but it wasn't. The most popular blocker now doesn't include their servers as blocked (and worse is intentionally crippled by its developers for cash). The Streisand effect did not happen, except for those few users who are aware of the incident, and who then took action to add another list to their config. They reduced the number of people who are blocking them, the DMCA threat was successful.
Fortunately, someone with DMCA experience stepped in and literally challenged them to DMCA the list that person put out. It didn't happen, probably because the user of that list is so small, I don't know of any tool that includes it by default. But that person is apparently ready to fight it legally should it occur, which I don't anticipate happening any time soon if ever.
Back to the lists, and I apologize for the rambling, they remain useful if imperfect. Even within uMatrix and any other similar tools that might exist. There will always be a useful place for known bad sites. Just as a default deny firewall will remain the best protection for any foreseeable future. The two in unison are currently the best protection I can imagine.
-
@barbudo2005 Those stats don't really mean much to me. There's no comparison, nor any history of sites visited. But, I still appreciate the heads up, and when I've got the time will investigate the tool, possibly replacing Decentraleyes with it.
A neighbor just had her home robbed today. As I was explaining to others, it's good practice to revisit your threat model at least annually, and reevaluate the mitigations you've put in place. I'll be auditing or home security this weekend, and fixing any issues in the coming week. Poor woman, we've opened our home to her, even in this current pandemic. She knows that should she feel the need, she can immediately come to us for safety. It's not about the value of the material things they stole, though that sucks horribly. It's the theft of the feeling of being safe in your own home that is most violating. F... I'm about to tear up again. I've experienced this, and the material loss was minimal, nothing compared to hers, still it affected my life deeply.
Almost none of us really care about nation-state actors, the threat they present is extremely small in comparison to others. And the cost of mitigating against those threats is far too great to implement. It's the personal safety that is top priority, followed closely by personal data, with material possessions having high priority but incomparable to personal safety.
So, just because of today's events, I'd like to remind folks while they're thinking about their browser security to also sirens at least as much time on home security. Outside door jamb reinforcements, bump proof locks, security cameras and 24/7 monitoring on their alarms. And know a neighbor or two at least, someone you can run to in times of crisis.
Stay safe everyone. One love.
-
@BoneTone said in {Article} Privacy Badger Is Changing to Protect You Better:
them being dated the moment they're released stands, which is what I think you were getting at
Yes, indeed that was/is my point. My use of the word "obsolescence" possibly caused unintended misdirection, rather maybe i should have said "out-of-date / superseded", ie, no matter how wonderfully well a given list might have been curated at t=0, once it is released it is "frozen" until its next revision, but in all the time elapsing in-between, that toxic swamp that is the current web rolls on fast, & the profit-driven bad-actors definitely don't stand still.
If i were to give a Linux metaphor, IMO lists are the fixed-release distros whilst uMatrix [& to a lesser extent uBO, but damn few others afaik] are the rolling-distros... automatically up to date by design [more or less; the metaphor is certainly imperfect]. By a time just before the next fixed-release ISO drops [= the next list update], the staleness of the packages is maximised.
In no way do i criticise the list-component of uBO & uM, but i merely emphasise that if ALL these two defences had was lists, & thus if we did not have such fabbo user-amenable dynamic filtering rules, then they'd be no better than all the rest of the inferior defences. It is specifically the availability of this dynamic filtering that makes we users of these tools so attracted to them. Thank goodness for Gorhill.
-
I use DNS blocking with DNSCrypt and in the browser I still use ContentBlockHelper.
https://chrome.google.com/webstore/detail/contentblockhelper/ahnpejopbfnjicblkhclaaefhblgkfpdI like the granular breakdown of the page contents and the various domains it connects to.
It is an arbitrary stuff blocker so you can block what you want from where you want, including filetypes.
Can be used with or without blocklists you enable or add, and has a few other handy features.It isn't as user-friendly as most and no statistics, but those that can write regex expressions will get the most value, and out of the box it works well as a regular ad-blocker.
It is worth changing the defaults, for example limiting what sort of jscript activity is allowed, and if you limit cross-domain video content.(BTW. This is the security forum not the privacy sub-forum)
-
@Dr-Flay I've never used ContentBlockHelper, it sounds a little similar to uMatrix, and I prefer to use extensions for which the source is easily accessible. I can't even figure out if CBH is open source, but I don't read Chinese.
@Dr-Flay said in {Article} Privacy Badger Is Changing to Protect You Better:
(BTW. This is the security forum not the privacy sub-forum)
It's the "Security & Privacy" category. The subforum hasn't been used for the better part of a year.
-