Submitted by rot in AskRaddle

I use ublock on firefox and noscript doesn't seem to get all the ads that ublock can. Looking to maintain privacy.

8

Comments

You must log in or register to comment.

ziq wrote

Don't install anything that would change Tor's default footprint.

5

quandyalaterreux wrote

Ad Block on Tor?

Are you talking about the Tor Browser? If so, then please avoid that. Any change that makes you deviate from the standard Tor Browser will make you an easier target of browser fingerprinting.

3

rot OP wrote

I was trying to get around that. Even noscript?

1

gweur wrote

Guardian project recommends that you don't add any extensions onto the browser, as it makes you a target. You will just have to live with the adds that slip through.

3

celebratedrecluse wrote

Except the ads are also tracking you, usually to companies like Google who do defense contracting work, and blocking them from loading will prevent a wide variety of attacks as well...

There's no good solution that addresses every problem, but there are plenty of threat models in which using an adblock with Tor isn't a bad idea. In fact, one of Tor browser's weaknesses is that it doesn't do much to block these trackers and avoiding loading remote resources.

3

quandyalaterreux wrote

Except the ads are also tracking you

The Tor Browser's first-party isolation (and first-party stream isolation, i.e. a different circuit for every first-party website) and anti-fingerprinting features already defend against that. For more details there's the Tor Browser design document: https://www.torproject.org/projects/torbrowser/design/

2

celebratedrecluse wrote

https://trac.torproject.org/projects/tor/ticket/24351

http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html

The measures currently in place for TBB re: fingerprinting do a great job, but this is an ongoing arms race. I think it is advisable to assume there are going to be holes in whatever we use for mission critical purposes, even if the protection is actually better than the worse case scenario. This article illustrates my point:

https://medium.com/message/everything-is-broken-81e5f33a24e1

1

celebratedrecluse wrote

You can just install ublock on Tor Browser, and it works fine. Just make sure you're aware of what everyone else said; it will alter the fingerprint of the browser, making you look different than the vast majority of Tor Browser users, and making it easier to identify you as a unique user.

However, if you're concerned about government (as opposed to corporate) surveillance, it has been for a long time trivial to correlate exit nodes' (connections to clearnet sites) activity to Tor Browser clients' activity and deanonymize them. At this point, I'd think the largest tech companies (who are also defense contractors) also probably have the capability to do this type of correlation by obtaining the Tier 1 providers' data streams, although I don't have direct evidence to support that.

2

rot OP wrote

I'd like as much anonymity as possible. I was looking for an adblock that would block ad elements without compromising tor

2

celebratedrecluse wrote

Nothing will do what you ask.

If you want more security, then install adblockers and realize it will single you out as a different tor user than the rest of the crowd, decreasing your anonymity.

If you want more anonymity, don't install adblockers, and realize your Tor Browser will load a bunch of ads, trackers, and other bullshit, decreasing your security.

EFF has a good primer on the differences and relationships between security, anonymity, and privacy. Unfortunately, it's basically a zero-sum game.

In general, regardless of your choices, assume Tor Browser activity on clearnet sites (hidden services less so) is easily discernible by a concerted law enforcement surveillance inquiry (correlation attacks), and is also subject to a lot of corporate surveillance (through the ad networks, etc).

If you want anonymity, don't use the clearnet, even over tor.

3

quandyalaterreux wrote

In general, regardless of your choices, assume Tor Browser activity on clearnet sites (hidden services less so) is easily discernible by a concerted law enforcement surveillance inquiry (correlation attacks), and is also subject to a lot of corporate surveillance (through the ad networks, etc).

Bad advice, the Tor Browser already offers the strongest first-party isolation and anti-fingerprinting defenses that you can hope for.

1

celebratedrecluse wrote

fingerprinting is an entirely different issue from correlation attacks, so I do not think you understand my point. Here is a discussion which describes what I am getting at

https://security.stackexchange.com/questions/48502/tor-traffic-correlation-attacks-by-global-adversaries

1

quandyalaterreux wrote

Do you realize that there is not a single low-latency anonymity network that is immune from this attack?

1

celebratedrecluse wrote (edited )

yes, absolutely! Tor is not uniquely vulnerable to this, it's just (by far) the most commonly used anonymizing network which bridges to the clearnet (these attacks seem to me to be less easy when attacking a hidden service, such as I2P, or the .onion sites, but yeah it is still possible if you can monitor all internet traffic in a region/globally)

don't get me wrong, I use tor. I think everyone should, it's a great tool! http://lfbg75wjgi4nzdio.onion

However, these tools are a far cry from a free & open internet. Even while using tor, people should be aware that the powers of the corporate and government surveillance apparatuses are fucking incredible, and that certain actors will always be able to circumvent even the best practices for online safety.

So my point is that we cannot expect that these individualist measures will overcome the fundamental political economy of the internet, which is of course capitalist, just as the rest of this mass society is part of the overall capitalist system. What we need goes beyond these individual opsec measures, it must encompass an overall transformation of the political economy of the internet, from this oligarchic capitalist mode of production, to a democratic anarchist system that is built to not require trusting centralized authorities (ISPs, CAs, DNSs, router manufacturers, cellphone companies, etc), and in emplacing popular democratic control over whatever centralized institutions/practices might still need to exist (eliminating end-user fees for internet service, mandating universal standards for production of devices and networks to resist surveillance/abolish censorship/respect privacy, etc)

Using tor is a great, but easy, first step. Other things that you can get involved with are the creation of meshnets, local ISPs, and municipal/rural ISP projects (careful of the neolibs involved with the latter, though...government-controlled internet has a very dark potential). Here is an example of people taking things into their own hands in Detroit, using digital technology to empower marginalized people & serve their communities better internet in a less capitalist way https://www.youtube.com/watch?v=1B0u6nvcTsI

We need mass movements, local and global networks, to take back our privacy & abolish the surveillance state. Take individual steps, but walk a collective path-- and let no one be left behind!

It's a long road, but I like for people to consider the big picture, and be careful of not getting overconfident with their particular praxis-- especially if that praxis is isolated at the level of individual consumer choices.

2

rot OP wrote

Got it. New to this sort of stuff so this info is helpful.

1

celebratedrecluse wrote

I figured. Glad to see more people looking into this stuff! And very happy to help, to the extent of my knowledge. :^)

3