what's up with privacy badger?

[anarcat]

why is privacy badger necessary, on top of ublock? the docs say:

Privacy Badger dynamically detects attempts to track your browsing behavior and blocks content from these trackers. Privacy Badger is not designed to stop ads, so it is not a replacement for uBlock, but it includes some security features that uBlock does not have.

What are those security features exactly?

[elijh]

cooper said:

I would say that one advantage of privacy badger over µblock is that privacy badger will block third party resources from setting/getting cookies and getting referrers, which µblock will not block at all. For example maps.google.com, amazonaws, cloudflare, etc.

also, the hope with privacybadger is that it is also able to detect tracking and block tracking sites that no one knows about yet and have not shown up on any block list.

on the other hand, i was not heartened by peter's response to my request that privacybadger prevent IP address leakage via WebRTC. i would be fine with removing privacybadger if we determine that there is in practice no effective benefit.

[anarcat]

well, i guess i don't see the benefit over uMatrix or request policy, basically.

uMatrix can disable third-party cookies and referers...

[ghost]

I also don't understand how privacy badger offers benefit over ublock or umatrix, unless I'm misunderstanding something.

ublock has a dynamic filtering mode which blocks all 3rd-party by default. uMatrix blocks ALL 3rd-party cookies and referrers by default.

ublock can block IP leakage via WebRTC. Also, plugins by @ChrisAntaki are handy if you need addons to block WebRTC leakage, plugin enumeration and link leakage: https://addons.mozilla.org/en-US/firefox/user/ChrisAntaki/

[elijh]

the question is not if umatrix is awesome and should be recommended, but at what level.

the current write up has this:

level 1: ublock and privacy badger
level 2: umatrix

I think this is probably appropriate, since ublock and privacy badger are easy, work fine without any user input, won't break much. privacy badger also has nice user friendly replacements for the facebook/twitter/g+ share/like buttons that allows you to enable them if you want.

umatrix is obviously the best thing to install if you are a user who wants to go beyond casual anti-tracking measures, but it is not at all designed for a general audience like ublock and privacy badger.

for it to make sense to entirely remove privacy badger from the recommendations, we would need to conclude there is no privacy benefit over ublock. what is this dynamic filtering mode? I don't see anything about it in the ublock options panel.

[anarcat]

i am not sure about this. out of the box, umatrix isn't too intrusive and can work well without breaking sites out of the box, in the default configuration. it enables good privacy protections, similar to privacy badget, if i understand correctly, out of the box, but enables users to do much more.

i think it would be fine to split this in two levels, but i don't see the point in privacy badger, really, if umatrix can do it all, and more.

[elijh]

To clarify, I am perfectly fine with recommending that people DON'T use privacy badger, if there are good reasons for this, but I don't think we have those reasons yet.

I like the idea of privacy badger, but I was not at all happy about their response the the WebRTC ip leakage.

[elijh]

i think gorhill's comment is helpful: gorhill/uMatrix#32 (comment)

There are significant differences aside the ones you mention.

Matrix-based filtering and its inheritance model (cell/rows/columns/scopes) can't be obtain with uBlock. uBlock follows ABP-filtering semantic, which is very simple:

• Allow everything
  • Unless there is a matching block filter
    • Unless there is a matching allow filter
      Then it stops there. You can't override beyond this.

There is no such restriction with matrix-filtering, it is fully hierarchical with no limit, and since it's written from the ground up this way, it far more efficient than pattern-based filtering. However, a higher granularity can be obtained with pattern-based filtering. So they complement each other in a way.

But a majority of users just want an install and forget blocker, and this is uBlock. Power users however like to be fully informed about what web pages do, and be able to act on that information with a tool that makes it all easy, this is uMatrix.

Just like RequestPolicy can't fully replace Adblock Plus and vice versa, and using one doesn't prevent using the other.

[ghost]

Wiki pages on uBlock Dynamic Filtering:

• https://github.com/chrisaljoudi/uBlock/wiki/Dynamic-filtering
• https://github.com/gorhill/uBlock/wiki/Dynamic-filtering

After reading up on PB, I think uBlock + Privacy Badger makes sense for the "Install and Forget It" crowd.

As far as I understand it, Privacy Badger is attempting to build an algorithmic approach to blocklists.
Whereas uBlock default is a static blocklist approach.

So these do have some overlap, but over time Privacy Badgers' algorithm will hopefully add benefits to uBlock's basic filtering mode.

But uBlock Dynamic Filtering + Privacy Badger is redundant. Because PB algorithm mode gets in the way of the user trying to have full control over their browser.

But both static or dynamic blocklists are inferior to user-managed approaches like uBlock dynamic, uMatrix or NoScript. So even Privacy Badger's algorithm is inferior compared something like uMatrix which exposes everything to the user, and allows them full control over what is loaded into their browser.

It's a difference of philosophy. PB is an attempt to build a plugin that does it all for you. This works with uBlock default mode. But it's contrary to the philosophy behind uBlock Dynamic and uMatrix, and therefore detrimental to use these together.

Here's some more regarding Privacy Badger: pyllyukko/user.js#16

You should consider changing text to:

Privacy Badger dynamically detects attempts to track your browsing behavior and blocks content from these trackers. Privacy Badger is not designed to stop ads, so it is not a replacement for uBlock, but it includes some security features that uBlock Default Mode does not have.

And make distinction about uBlock default vs uBlock Dynamic Filtering.

[elijh]

sorry for the delay. i like this suggestion and have updated the text in d380a2e

[ghost]

Nice. uBlock default mode has been much improved of late. It can now do the following:

• Disable pre-fetching (to prevent any connection for blocked network requests)
• Disable hyperlink auditing/beacon
• Prevent WebRTC from leaking local IP addresses

I don't use PB since I use uMatrix, but I think PB and uBlock Defaut Mode should work well together.

[elijh]

Prevent WebRTC from leaking local IP addresses

sadly still not enabled by default

[ghost]

sadly still not enabled by default

Ah true! Good point.