[tor-talk] Privacy Badger

Dave Warren davew at hireahit.com
Sat Aug 29 05:17:44 UTC 2015


On 2015-08-28 20:05, Mike Perry wrote:
> Yikes! I didn't know this. This is especially bad, especially if Privacy
> Badger has custom storage mechanisms for this that aren't cleared
> regularly (which you touch on below).

And if you do clear this list regularly, Privacy Badger is useless; it 
functions by learning which sites are legitimate and which are 
potentially tracking you based on the fact that by their nature, 
trackers are resources loading from a consistent location into various 
unrelated sites using cookies that are potentially uniquely identifying.

Resetting it's history leaves you vulnerable to tracking until it has 
re-learned your behaviour, by which time you're vulnerable to 
fingerprinting.

It might be possible to take the same concept and democratize it in some 
fashion that would share the heuristically learned data between users, 
such that users aren't individually fingerprintable (while uses of 
Privacy Badger itself would become more obvious), but then you have the 
problem of building a whitelist for resources that are actually useful, 
and potential malfeasance on the part of whitelist submissions, as well 
as the efforts to manage the whitelist. Without a whitelist, it will 
eventually break sites, and if you whitelist yourself, you again 
generate a fingerprint.

As much as I love Privacy Badger in general, I don't see how it can fit 
into the Tor model.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren




More information about the tor-talk mailing list