Simple question

[Decopi]

Hi @cowlicks !

First, thank you for PrivacyPossum. I downloaded, installed and I am testing it. I am not an expert, but I never liked fingerprint blockers, because in my ignorance, along time this blockers create an unique fingerprint. And if I am right, best fingerprint and privacy tools should not block, but should disguise, spoof, obfuscate information.

I use UMatrix, and please, I would like to confirm the level of redundancies or differences with PrivacyPossum.

For example, with UMatrix is possible to block 3rd-party cookies. Also, it is possible to "spoof

Please, if you can/want, I would like to understand where PrivacyPossum adds value to UMatrix.

Thank you!

PS: There are other add-ons/extensions based in spoofing rather than blocking. In my modest opinion, it will be great if you add a short text in your "about this extension" area, comparing PrivacyPossum with similar add-ons, explaining PrivacyPossum added values. This info will help users to chose PrivacyPossum.

[cowlicks]

Hello @Decopi. Congratulations, you are the first non-beta-tester user I've gotten feedback from. Thank you!

From a high level, UMatrix is a more versatile tool than Privacy Possum, but it also requires more user configuration. Privacy Possum is designed to detect and block trackers with zero configuration, while not breaking usability of websites. They can be used in conjunction with each other.

Privacy Possum (PP) has a novel fingerprinting detection technique, and it does indeed spoof information. To witness this you can visit http://valve.github.io/fingerprintjs2/ and click "get my fingerprintin" several times. You will see the information being spoofed. However it also blocks scripts it has detected fingerprinting from when they are loaded in a 3rd-party context. To my knowledge UMatrix does not do this.

3rd party referer headers are blocked, not spoofed, but this can be changed.

Can you link me to other extensions that "spoof" like you describe? I'd like to learn about them so I can add comparison information.

[Decopi]

Hi @cowlicks ... thanks for your answer. With regards to the links:

This one (https://addons.mozilla.org/en-US/firefox/addon/cydec-platform-antifingerprint) is a very interesting one. It is not a complete solution, but if you go to their webpage, you will see they have lot of tools focused in spoofing.

There are at least another 10 recently updated add-ons, related to spoofing techniques. Perhaps it will be better if you visit the Firefox add-on page, and you choose what you believe will be interesting for you in order to compare with PP.

Thanks again!

[cowlicks]

Hi @Decopi

I reviewed that CyDec extensions and wrote up a comparison here.

[Decopi]

Honestly @cowlicks ?... SPECTACULAR your comparison! A great fantastic job!

In my personal opinion, your comparisons are critical. Most of the users (like me) are not experts in spoofing or privacy techniques. And having more than 20 add-ons/extensions offering "spoofing, privacy etc", how to know which one to choose, if not by reading your comparisons? Again, for me your comparisons are both, the perfect way for average user to choose your PP add-on, and also the perfect way to promote your PP add-on.

I don't believe you need to compare PP with all add-on competitors. But if you let me a last suggestion, perhaps you can search at Firefox/Chrome extension page, which extensions (related to spoofing/privacy/etc) have more users. And then, you can compare PP with 2 or 3 of the most used extensions. A total of 4 comparison, in short texts, will be spectacular. If the comparison texts are short, you also should share them in the main PP description at Firefox/Chrome webpage.

Thank you again!

[cowlicks]

@Decopi I think that is a great idea. Thank you for the suggestion.

[Decopi]

Hi @cowlicks ! Two things that may interest you:

1) There is a new privacy add-on:

https://addons.mozilla.org/en-US/firefox/addon/absolutedouble-trace

2) I tested PP at the experiment attached in link below, and it didn't pass. As I said in previous comments, I am not a privacy expert. So, I don't know if it is important to pass/not to pass this test. I also don't know if PP failed. But perhaps you may be interested in this test:

https://lucb1e.com/rp/cookielesscookies/

Cheers

[cowlicks]

@Decopi I'll look into that add-on. I started writing a comparison with ghostery and cliqz. But that is a large project so it is taking a while.

The reason PP does not block that instance of etag tracking because it loaded as a first party. I wrote up a demo based on this exact site a few weeks ago, except the etag comes from a third party, to test this to confirm my etag tracker blocking was working.

The code is here, sorry it lacks documentation at the moment.

https://gist.github.com/cowlicks/b2984f6468eac45ac64efe3b36d58ca9

I'd like to add selenium tests for this use case soon.

[Decopi]

@cowlicks ... my understand is that Ghostery and Cliqz are focused on privacy but mainly as anti-trackers/ad-blockers etc. I think that any comparison with PP and similar add-ons will be better if focused on spoofing, fingerprint, obfuscation, disguising, canvas, HTTP referrers, hyperlink auditing etc. But this is just my opinion. You have the final word!

With regards to etag, if I understood your explanation, PP will block 3rd-party etags. I don't know how danger 1st-party etags can be, but it worries me to write some stuff, close my browser, reopen the browser, and the stuff I wrote was still there! It seems potentially dangerous. Playing with this test I sent you today, I saw that UMatrix by frequently deleting LocalStorage, Cache and other stuff... it can reduce effects of this kind of 1st-party etags. It doesn't wok immediately, it takes less than 15 minutes, but after that when I refresh the test page, everything is clean at the test page.

[Decopi]

Hi @cowlicks ,

I introduced/suggested your "Privacy Possum" as a must add-on, at https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1-Extensions

Here is my post at the end of the webpage:

ghacksuserjs/ghacks-user.js#294

PS: @Thorin-Oakenpants already posted a comment about your add-on. @cowlicks feel free to answer or not.

[cowlicks]

@Decopi I understand your concern, the ETag demo site is able to track when you come back to visit. This is indeed tracking, it is called first party tracking. However it is not the kind of tracking that most companies are able to use to gather valuable information about you.

Maybe this example will help:

You visit a.com then visit a.com again, a.com is usually can track that you are coming back, this is 1st-party tracking. But a.com does not know about your browsing with other websites.

If you visit two websites a.com and b.com and both embed a tracker from c.com, then c.com could use some 3rd-party tracking technique to gather data about you, like that you browsed to a.com and b.com.

The ETag demo you posted is like the first example. PP is designed to block c.com from using ETag tracking in the second example.

Thank you for recommending privacy possum to ghacks, I hope it is mature enough to make the list.

I created an issue on ghacks to discuss privacy possum. It is here.

[Atavic]

A comparison with both Ghostery and Cliqz is useless IMHO, as they both track their own users. I'd focus at comparing this webextension with the State of the Art, that's Gorhill uBo and uM.

[cowlicks]

@Atavic I agree that Ghostery & Cliqz tracking their users is bad. This will be included in the comparison. I'm also interested in comparing the anti-tracking techniques they use.

I'll start a comparison with uBo and uM too.

[Decopi]

Hi @cowlicks ,

Perhaps @Atavic meant the same I said: "Ghostery and Cliqz are focused on privacy but mainly as anti-trackers/ad-blockers etc. I think that any comparison with PP and similar add-ons will be better if focused on spoofing, fingerprint, obfuscation, disguising, canvas, HTTP referrers, hyperlink auditing etc."

I am sure @cowlicks you are a very busy person. Comparisons are great! But perhaps it is better to compare PP first with the most similar add-ons. UMatrix/UBlock also are more focused in anti-tracking, ad-blocking etc. So, I don't really see the need to compare PP with them.

At Firefox add-ons page, you can search add-ons by words. I suggest you to search the following words (one by one): Spoofing, Fingerprint, Obfuscation, Disguising, Canvas, HTTP referrers, Hyperlink auditing. Then, you can filter by quantity of users, and by reviews. I believe that if you choose 4 add-ons similar to PP, the 4 most used or best reviewed, then for PP comparison will more than enough.

Cheers!

[jawz101]

I feel like first-party tracking is worth concern as much as any other form of tracking. 3rd-party tracking should be obvious by now. If anything, you can simply block all 3rd-party connections and fix any functional or cosmetic breakage afterwards.

So first-party tracking seems like the obvious next big problem. You don't see it in uBlock unless you view the log and see each script come across and investigate.