[tor-bugs] #4188 [- Select a component]: tbb as a privacy enhancement tool - add ghostery and adblock

Wed Oct 5 14:35:22 UTC 2011

#4188: tbb as a privacy enhancement tool - add ghostery and adblock
----------------------------------+-----------------------------------------
 Reporter:  cypherpunks           |          Owner:     
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  - Select a component  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------
 Keeping in tune with not presenting Tor as a censorship circumvention tool
 but instead mainly as a privacy enhancement tool, the Tor Browser Bundle
 should look into including privacy related Firefox addons.

 tbb already includes these external extensions:
 1) HTTPS Everywhere
 homepage https://www.eff.org/https-everywhere

 2) NoScript
 on firefox addons https://addons.mozilla.org/en-US/firefox/addon/noscript/
 homepage http://noscript.net/

 I suggest adding the following extensions:

 1) Ghostery
 on firefox addons https://addons.mozilla.org/en-US/firefox/addon/ghostery/
 homepage http://www.ghostery.com/

 2) Adblock Plus
 on firefox addons https://addons.mozilla.org/en-US/firefox/addon/adblock-
 plus/
 homepage http://adblockplus.org/

 Including these addons has these benefits:

 1) Increased browsing speed and less load on the Tor network. Tor network
 is at times slow for normal web browsing. By including the new addons, the
 users browser needs to perform fewer DNS requests and download less data
 in scripts/images. This should speedup the browsing experience.

 2) Additional security. By not downloading advertisements and by
 preventing tracking from questinable entities, the user is exposed to
 fewer external entities than the website that they are on.

 3) Additionaly privacy. Without adblocking and tracking protections, it is
 possible to get a fingerprint of the user based on the websites they visit
 - when all the websites contain a Facebook like button or Google+ button
 etc. This way, there exists a theoretical possibility of identifying the
 user based on tracking their browsing habits when they use Tor.

 There are a number of problems related to these extensions that should be
 discussed here:

 1) By including these extensions, we are effectively choosing what content
 our users are seeing (and mainly not seeing) - and that is not exactly
 Tor's goals are. However, we are already including HTTPS Everywhere,
 enabled by default, which already chooses for the users to go to a
 different place than they asked for by redirecting to a secure version of
 the requested website. Similarly, NoScript, which is not enabled by
 default, prevents some content from running on the users client which can
 also be seen as us choosing what the user sees or can do.

 Hence, I would not say that including additional extensions would set a
 dangerous precedent of us choosing what the user sees, since in a way we
 already do that and do not get complaints on the #tor irc channel or on
 trac or in comments.

 2) These extensions can break some parts of the web or prevent users from
 accessing some websites (e.g. sites say "Please disable adblock to
 continue"). I do not the extent to which the web breaks with these addons,
 but have personally not experienced any trouble in a few months of using
 those tools, this of course needs to be tested more. Both Ghostery and
 Adblock Plus can be easily disabled from the toolbar without needing to
 restart the browser or any other problems.

 3) The addons will need to be audited for leaking information. Both of
 them have autoupdate functionality which can easily be disabled by default
 in their options. Both of them have a privacy policy which states that
 they do not collect any information by default unless the user opts in. I
 would happily perform an audit of them - but I am not a trusted enough
 person on the Tor project for it which is a problem.

 4) We need to decide whether these addons would be enabled or disabled by
 default. Currently, we have HTTPS Everywhere enabled by default and
 NoScript disabled by default. So we already have a precedent of shipping
 addons which are disabled by default. Having the new addons disabled by
 default gives the user the choice of running them if he/she wants to
 without having to download them from the mozilla addons webpage (and thus
 leave a trace on mozilla servers or be exposed to a theoretical MITM
 attack when trying to download them since mozilla servers are a very nice
 target). By having them enabled by default, we make the user encounter the
 problems in 2).

 5) Advertisement and tracking companies will view Tor as more of a threat
 and hence the Tor project will gain new enemies.

 There are probably more issues with including the new extensions in tbb,
 and there are also probably some other extensions that could help the
 users privacy, so I would like to discuss it here to get a feel for what
 people think is the best approach to this issue.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4188>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online