Opened 7 years ago

Closed 7 years ago

Last modified 6 years ago

#4188 closed defect (wontfix)

tbb as a privacy enhancement tool - add ghostery and adblock

Reported by: cypherpunks Owned by: mikeperry
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords:
Cc: erinn Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Keeping in tune with not presenting Tor as a censorship circumvention tool but instead mainly as a privacy enhancement tool, the Tor Browser Bundle should look into including privacy related Firefox addons.

tbb already includes these external extensions:
1) HTTPS Everywhere
homepage https://www.eff.org/https-everywhere

2) NoScript
on firefox addons https://addons.mozilla.org/en-US/firefox/addon/noscript/
homepage http://noscript.net/

I suggest adding the following extensions:

1) Ghostery
on firefox addons https://addons.mozilla.org/en-US/firefox/addon/ghostery/
homepage http://www.ghostery.com/

2) Adblock Plus
on firefox addons https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
homepage http://adblockplus.org/

Including these addons has these benefits:

1) Increased browsing speed and less load on the Tor network. Tor network is at times slow for normal web browsing. By including the new addons, the users browser needs to perform fewer DNS requests and download less data in scripts/images. This should speedup the browsing experience.

2) Additional security. By not downloading advertisements and by preventing tracking from questinable entities, the user is exposed to fewer external entities than the website that they are on.

3) Additionaly privacy. Without adblocking and tracking protections, it is possible to get a fingerprint of the user based on the websites they visit - when all the websites contain a Facebook like button or Google+ button etc. This way, there exists a theoretical possibility of identifying the user based on tracking their browsing habits when they use Tor.

There are a number of problems related to these extensions that should be discussed here:

1) By including these extensions, we are effectively choosing what content our users are seeing (and mainly not seeing) - and that is not exactly Tor's goals are. However, we are already including HTTPS Everywhere, enabled by default, which already chooses for the users to go to a different place than they asked for by redirecting to a secure version of the requested website. Similarly, NoScript, which is not enabled by default, prevents some content from running on the users client which can also be seen as us choosing what the user sees or can do.

Hence, I would not say that including additional extensions would set a dangerous precedent of us choosing what the user sees, since in a way we already do that and do not get complaints on the #tor irc channel or on trac or in comments.

2) These extensions can break some parts of the web or prevent users from accessing some websites (e.g. sites say "Please disable adblock to continue"). I do not the extent to which the web breaks with these addons, but have personally not experienced any trouble in a few months of using those tools, this of course needs to be tested more. Both Ghostery and Adblock Plus can be easily disabled from the toolbar without needing to restart the browser or any other problems.

3) The addons will need to be audited for leaking information. Both of them have autoupdate functionality which can easily be disabled by default in their options. Both of them have a privacy policy which states that they do not collect any information by default unless the user opts in. I would happily perform an audit of them - but I am not a trusted enough person on the Tor project for it which is a problem.

4) We need to decide whether these addons would be enabled or disabled by default. Currently, we have HTTPS Everywhere enabled by default and NoScript disabled by default. So we already have a precedent of shipping addons which are disabled by default. Having the new addons disabled by default gives the user the choice of running them if he/she wants to without having to download them from the mozilla addons webpage (and thus leave a trace on mozilla servers or be exposed to a theoretical MITM attack when trying to download them since mozilla servers are a very nice target). By having them enabled by default, we make the user encounter the problems in 2).

5) Advertisement and tracking companies will view Tor as more of a threat and hence the Tor project will gain new enemies.

There are probably more issues with including the new extensions in tbb, and there are also probably some other extensions that could help the users privacy, so I would like to discuss it here to get a feel for what people think is the best approach to this issue.

Child Tickets

Change History (10)

comment:1 Changed 7 years ago by ancientmariner

Who are the users of Tor? Are they computer savvy people who understand the function and purpose of these Addons? Or are they average non-tech people who want privacy while surfing the Web without having to understand many details? It's important to identify who exactly Tor is supposed to serve before deciding what Addons the Tor browser should have.

NoScript is a pretty complicated Addon and while it's easy for the savvy computer user, I think it would be a little overwhelming for the average person. Most ads on the web use Adobe's Flash so Adblock Plus would probably weigh down the browser unnecessarily since Flash is not included in the Tor browser in the first place.

comment:2 in reply to:  1 Changed 7 years ago by Sebastian

Component: - Select a componentTor bundles/installation
Owner: set to erinn

Replying to ancientmariner:

Who are the users of Tor? Are they computer savvy people who understand the function and purpose of these Addons? Or are they average non-tech people who want privacy while surfing the Web without having to understand many details?

Both groups. And everyone else who is a Tor user as well.

comment:3 Changed 7 years ago by erinn

Cc: erinn added
Owner: changed from erinn to mikeperry
Status: newassigned

comment:4 in reply to:  description ; Changed 7 years ago by rransom

Replying to cypherpunks:

4) We need to decide whether these addons would be enabled or disabled by default. Currently, we have HTTPS Everywhere enabled by default and NoScript disabled by default. So we already have a precedent of shipping addons which are disabled by default.

NoScript is enabled by default in TBB. We use it to block downloading of fonts and to block automatic execution of Flash programs if the user has installed and enabled Flash in TBB.

comment:5 in reply to:  4 ; Changed 7 years ago by ancientmariner

Replying to rransom:

NoScript is enabled by default in TBB. We use it to block downloading of fonts and to block automatic execution of Flash programs if the user has installed and enabled Flash in TBB.

I really would like to know how to install Flash in the portable Firefox. It was possible with old versions of Flash, but as far as I know it's not possible with the latest versions of Flash -- at least I haven't seen a successful way.

comment:6 in reply to:  5 Changed 7 years ago by mikeperry

Replying to ancientmariner:

Replying to rransom:

NoScript is enabled by default in TBB. We use it to block downloading of fonts and to block automatic execution of Flash programs if the user has installed and enabled Flash in TBB.

I really would like to know how to install Flash in the portable Firefox. It was possible with old versions of Flash, but as far as I know it's not possible with the latest versions of Flash -- at least I haven't seen a successful way.

#3974 is blocking us from supporting this on Windows (and possibly mac os). Right now, you have to twiddle some secret about:config plid settings to enable TBB firefox to find Flash. However, if flash cookies are still enabled, you will be immediately linked between Tor+Non-Tor.

comment:7 Changed 7 years ago by mikeperry

Resolution: wontfix
Status: assignedclosed

Re including Ghostery or Adblock, see point #5 of Philosophy section the shiny new TBB design doc: https://www.torproject.org/projects/torbrowser/design/#philosophy

The short answer is we are aiming to make filter-based addons unnecessary from a privacy perspective.

The network load and page load times are compelling points, but I think we already have enough social issues with sites dealing with abusive Tor users that to declare war on the entire revenue model would not be a good thing for Tor blockage, long term.

I'm going to close this, but if you feel I'm totally wrong for some reason and we can't have actual privacy without filters, please feel free to say why on this bug.

comment:8 Changed 7 years ago by cypherpunks

Resolution: wontfix
Status: closedreopened

I'm not the original sender but I wanted to update this topic.

Ghostery, now categorize the list of bugs as: Advertising, Analytics, Privacy, Trackers, Widgets

My suggestion is to block Analytics and Trackers so not the Advertisers. Also blocking the biggest companies from widgets specifically like Facebook Connect, Google +1, etc.

This will decrease the whole tracking ability, but mainly there will be less load on the network. But maybe I misunderstood, does "the entire revenue model" contain the Trackers too? Isn't Tor already an enemy of them by hiding the real IP's?

comment:9 Changed 7 years ago by rransom

Resolution: wontfix
Status: reopenedclosed

Ghostery cannot legally be redistributed.

comment:10 Changed 6 years ago by ethan20

This is what I was saying, how about include ABP and ghostery by default, if a user feels the need to allow adds they can configure it?

Note: See TracTickets for help on using tickets.