I'm pretty far in the pro-user privacy camp, but I feel this conflates things unnecessarily and confuses the end user. Private browsing now keeps your local clean of history and site data on close, but also kind of does some other disconnect/ghostery stuff? If you're privacy conscious you've already tuned your browser, if you're not and believe private browsing does that, you're misinformed.
Information regarding a lot of the configuration options for this purpose is scattered across the web. To get some idea for what settings are useful for privacy and security in Firefox, I have found https://github.com/pyllyukko/user.js an extremely useful starting point.
IIRC "Tracking Protect" has been available for some time in Firefox, it was just located somewhere in the about:config menu as an experimental feature. Is this the same option simply moved to a menu option visible to the end-user, or something different?
While I like the mechanism, I am not too certain about the policies. From the paper [1], they use "a subset of approximately 1500 domains from Disconnect’s privacy-oriented blocklist to identify these unsafe origins". Further, they update the block list every 45 minutes. Which means, a service which wants to track the user can use domain names outside that block list of 1500, and change it every 45 minutes (in case it becomes popular and the block list catches up).
Am I understanding this right?
Aside, I realize that there are no easy solutions for this. As the paper also says, it is hard to identify which requests belong to third parties because of the prevalent practice of using third-party CDNs.
I believe one approach is to disable cookies, javascripts and other sensitive functionality from all third-parties, without any biases or curation, and to provide the tools to enable them selectively. The only drawback is that it won't fly with non-tech-savvy users. However, I think the tech-savvy segment is large enough and growing, to make it worthwhile.
This is the approach that the uMatrix addon, and gngr, the browser that we are developing, take. It would make me very happy if other browsers integrate such a facility within them.
[+] [-] verusfossa|10 years ago|reply
[+] [-] gajjanag|10 years ago|reply
[+] [-] sonnyp|10 years ago|reply
[+] [-] AdmiralAsshat|10 years ago|reply
[+] [-] ehsanakhgari|10 years ago|reply
[+] [-] hrjet|10 years ago|reply
Am I understanding this right?
Aside, I realize that there are no easy solutions for this. As the paper also says, it is hard to identify which requests belong to third parties because of the prevalent practice of using third-party CDNs.
I believe one approach is to disable cookies, javascripts and other sensitive functionality from all third-parties, without any biases or curation, and to provide the tools to enable them selectively. The only drawback is that it won't fly with non-tech-savvy users. However, I think the tech-savvy segment is large enough and growing, to make it worthwhile.
This is the approach that the uMatrix addon, and gngr, the browser that we are developing, take. It would make me very happy if other browsers integrate such a facility within them.
[1]: https://kontaxis.github.io/trackingprotectionfirefox/resourc...
[+] [-] abhv|10 years ago|reply
[+] [-] aroch|10 years ago|reply
It works like a combination of safebrowsing and Disconnect. Basically they cache a list of "bad" URIs and block them at request-time
[1] https://kontaxis.github.io/trackingprotectionfirefox/resourc...
[2] monica-at-mozilla.blogspot.com