Closed atomGit closed 5 years ago
tables... so it's using a list .. which would get updated from time to time .. like all the other TP lists, and it's just part of the options in Tracking Protection .. here's a pic from Nightly
that's what i figured, but i was a little curious whether it's using only a list(s) of domains(?) or if some of the detection is hard-coded ... doesn't seem to make much sense to me to depend entirely on lists for detecting JS miners
So i guess it's safe to activate?
it's better to use ublock - in it list of filters are configurable (though there is no indication which filters have hit and no feature to disable a list selectively). IDK why mozilla has this functionality built-in instead of just bundling ublock or an own fork of ublock.
there's at least several coin miner lists that uBlock can use - here's one
and yes, i would tend to agree that it's better to use uB than enabling the FF list
As a default for gazillion of Firefox users, it's all good (especially when they enable it all by default). Only 0.0001% of users are tech savvy wizard savant sneaky bastards like you lot
IDK why mozilla has this functionality built-in instead of just bundling ublock or an own fork of ublock
Because ... nothing to do, nothing to see, just works .. is the best setup for the default everyday end user. And they don't have to rely on thousands of volunteers to maintain a "sane" list, instead, for business reasons and "reliability", they have a contract.
I say "sane" and "reliable" because FF's idea of tracking here is very different to what you or I might think. I'm not an expert, but Francois kinda explained it once, that they are two "list parts", including some sub- and cross- domains (I think) - so it's not just a basic list, but a curated one.
Also, they wouldn't want to run it thru an extension, but internally where it has more options etc.
PS: don't get me wrong, I think uBO is far superior, but it's too complicated for the average user. Look at Opera, they too have a "simple" adblocker on by default as well. Indicates blockage, and you can click to turn it on/off per site. Anything harder than that, and 95% of users would freak out.
Cryptomining lists: they use https://github.com/disconnectme/disconnect-tracking-protection
base-cryptomining-track-digest256: domains in the Cryptomining category
content-cryptomining-track-digest256: placeholder list, currently empty. Intended to whitelist cryptomining domains (for some reason).
FYI this is the list they use
https://github.com/mozilla-services/shavar-prod-lists/blob/master/disconnect-blacklist.json
source: https://m.wiki.mozilla.org/Security/Tracking_protection#Lists
https://webtap.princeton.edu/blog/ (while it's still at the top)
(emphasis by me): Part of the topic, April 12, 2019 by Steven Englehardt
OpenWPM has a new home at Mozilla. After graduating in 2018, I joined Mozilla’s security engineering team to work on strengthening Firefox’s tracking protection. We’re committed to ensuring users are protected from tracking by default. To that end, we’ve migrated OpenWPM to Mozilla, where it will remain open source to ensure researchers have the tools required to discover privacy-infringing practices on the web. We are also using it ourselves to understand the implications of our new anti-tracking features, to discover fingerprinting scripts and add them to our tracking protection lists, as well as to collect data for a number of ongoing privacy research projects.
Automated Discovery of Privacy Violations on the Web (PDF) is about OpenWPM: https://senglehardt.com/pages/publications.html
this showed up in 66 i think? anybody know how it works? is it a hard-coded protection, or does it rely on lists, or both?
in
browser.safebrowsing.provider.mozilla.lists
i see...base-cryptomining-track-digest256,content-cryptomining-track-digest256
more prefs...