notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-12 15:40:48 +05:30
Code Issues Releases Wiki Activity

Updated Ghostery (markdown)

yokoffing
2020-08-09 08:38:03 -04:00
parent 53be445075
commit 1b89538745
1 changed files with 21 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Ghostery.md
+20 -18
@@ -5,6 +5,10 @@ Last updated: 8 August 2020 | [download](https://github.com/ghostery/ghostery-ex
Ghostery helps you browse smarter by giving you control over ads and tracking technologies to speed up page loads, eliminate clutter, and protect your data.
which blocks third-party cookies and also detects and prevents fingerprinting attempts.
Ghostery clears **cookies from tracking domains that you did not visit as first parties** after an hour or so, hardening the protection further.
Ghostery we introduced (alongside the traditional content blocker or adblocker), an [anti-tracking feature](https://0x65.dev/blog/2019-12-19/blocking-tracking-without-blocking-trackers.html) which is not based on blocklists, and is able to remove unsafe datapoints (e.g. fingerprints, third-party cookies, unique identifiers, etc.) from requests without having to block them, drastically reducing breakage.
### ❤️ Why Betterfox Loves Ghostery
* Blocks ads and trackers effectively. Annoyances, too!
@@ -50,7 +54,7 @@ Ghostery helps you browse smarter by giving you control over ads and tracking te
## Extension Comparisons
### Why would I use Ghostery over uBlock Origin?
[uBlock Origin](http://https://ublockorigin.com) is an amazing extension, no question. There are still differences with Ghostery, though, which would make people use one or the other. Putting the UI aside (some people really like the Ghostery UI and the way it allows to gain insight about what was blocked for example), there are differences in the privacy protection built-in.
[uBlock Origin](http://https://ublockorigin.com) is an amazing extension, no question. There are still differences with Ghostery, though, which would make people use one or the other.
Ghostery extension contains multiple features aiming at preventing tracking, blocking ads, etc. There are three main mechanisms for this, layered and complementary:
@@ -60,11 +64,11 @@ Ghostery extension contains multiple features aiming at preventing tracking, blo
3. **An** [**anti-tracking technology**](https://0x65.dev/blog/2019-12-19/blocking-tracking-without-blocking-trackers.html), which blocks third-party cookies and also detects and prevents fingerprinting attempts. [The methodology we use to power this feature](https://whotracks.me/blog/how_cliqz_antitracking_protects_users.html) is unique and you will not find it anywhere else.
Around May 2020, Ghostery added the option to [block annoyances](https://postimg.cc/30BX3Xp8) as well. Ghostery uses a mix of community-driven lists such as uBlock filters Annoyances or EasyList cookie, as well as some custom filters.
Around May 2020, Ghostery added the option to [block annoyances](https://postimg.cc/30BX3Xp8) as well. Ghostery uses a mix of community-driven lists such as uBlock filters Annoyances and EasyList cookie, as well as some custom filters.
uBlock Origin is a content blocker (and a very good one, [Gorhill](https://github.com/gorhill) is doing an amazing work with uBO), but **blocklists have well-known limitations which make them an imperfect privacy protection tool** (i.e. because of slow updates, limited coverage and exceptions for some domains/requests to not break websites), which is why an approach like (3) is desirable.
Of course it depends on how you setup uBlock Origin, the more you block the better, but it also increases breakage and you will never be able to block everything (this would break a lot of websites and you would have to whitelist some requests, leaving your privacy un-protected).
Of course, it depends on how you setup uBlock Origin: The more you block the better, but it also increases breakage, and you will never be able to block everything (this would break a lot of websites and you would have to whitelist some requests, leaving your privacy unprotected).
On top of the part actively protecting privacy like anti-tracking and content blocking, there are other features to clear cookies from tracker domains to keep a "clean slate", etc. (A bit like what [Safari](https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/) and [Firefox](https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Redirect_tracking_protection) have implemented). For example, Ghostery clears **cookies from tracking domains that you did not visit as first parties** after an hour or so, hardening the protection further. [^1]
@@ -75,16 +79,14 @@ On the other hand, in Ghostery we introduced (alongside the traditional content
It's great to offer customization options, but this does not automatically translate into better privacy (and there are other ways to increase the privacy protection and reduce breakage). In the end these features are targeted at power users, but I would argue that they are not necessarily increasing the privacy offered by the extension (e.g., Ghostery anti-tracking does not require any customization but still allows to remove unsafe data points from all requests with lower breakage rate than content blockers).
To summarize, I agree that uBlock Origin gives more customization options, but I don't think this is necessarily the most relevant metric to compare extensions. I would rather focus on the privacy protection offered (especially out-of-the-box, since most users will likely not change the settings). [^4]
Be sure to [check out](https://github.com/yokoffing/Better-Fox/wiki/Ghostery#my-recommended-build) the Betterfox recommended setup for Ghostery!
To summarize, I agree that uBlock Origin gives more customization options, but I don't think this is necessarily the most relevant metric to compare extensions. I would rather focus on the privacy protection offered (especially out-of-the-box, since most users will likely not change the settings). Be sure to [check out](https://github.com/yokoffing/Better-Fox/wiki/Ghostery#my-recommended-build) the Betterfox recommended setup for Ghostery! [^4]
### Limitations of conventional content blockers
How can you be sure that all trackers are blocked by static lists? How long does it take to create a filter when a new tracker domain is created? As far as I can see, there are a lot of exception filters to unbreak sites, what happens if these request send unsafe datapoints which can track users?
How can you be sure that all trackers are blocked by static lists? How long does it take to create a filter when a new tracker domain is created? There are a lot of exception filters to unbreak sites, but what happens if these request send unsafe datapoints which can track users?
Take some random domains and look for cases of requests containing unsafe data being sent while having uBlock Origin enabled (default settings). Check `lesnumeriques.com`, visit a few pages and look for `ultimedia.com`: it tries to set a tracking cookie. Same for `economist.com` (check `tinypass`, not blocked but sets a tracking cookie, Ghostery removes the cookie from request), same on `msn.com`, visit a few pages and check `platform.twitter`, tries to send tracking cookie (blocked by Ghostery but not uBlock Origin), etc. Of course, **you could arbitrarily harden the settings of your content blocker**, block all third-party cookies, etc., but this comes with breakage; and **unless you block everything, you will never be sure that all trackers are blocked**.
Take some random domains and look for cases of requests containing unsafe data being sent while having uBlock Origin enabled (default settings). Check `lesnumeriques.com`, visit a few pages and look for `ultimedia.com`: it tries to set a tracking cookie. Same for `economist.com` (check `tinypass`, not blocked but sets a tracking cookie, Ghostery removes the cookie from request), same on `msn.com`, visit a few pages and check `platform.twitter`, tries to send tracking cookie (blocked by Ghostery but not uBlock Origin), etc. Of course, you could arbitrarily harden the settings of your content blocker, block all third-party cookies, etc., but this comes with breakage; and unless you block everything, you will never be sure that all trackers are blocked.
My point is not that uBlock Origin is doing a bad job; in fact, I think that this is an amazing content blocker. But there are some fundamental limitations to content blocking which prevent it from being able to perfectly protect privacy, for few reasons:
My point is _not_ that uBlock Origin is doing a bad job; in fact, I think that this is an amazing content blocker! But there are some fundamental limitations to content blocking which prevent it from being able to perfectly protect privacy:
* Not all requests can be blocked (or you break websites, login workflows, etc.), so you need to create exceptions and whitelist requests, which leaves privacy of users at risk.
* It can take time for maintainers to create rules for new trackers. For some less known websites, rules might not even exist (yet).
@@ -95,18 +97,18 @@ Privacy Badger is, to the best of my knowledge, the only other popular extension
For example, Privacy Badger will try to learn over time which domains are "tracking" you then block these in the future, based on locally analyzed information. In contrast, Ghostery's anti-tracking is working out-of-the-box and privacy protection is derived from a global knowledge of trackers on the Web.
Another big difference is that Privacy Badger will block requests, but **Ghostery's anti-tracking is able to drop unsafe data-points from requests without having to block them completely** (e.g. fingerprints, tracking cookies, unique ids, etc.); this in turn leads to much lower breakage of websites. To be clear, Ghostery also employs a traditional content blocker, but the privacy of our users does not depend on us blocking all requests (which is impossible by the way, unless you want to break lots of websites). So the anti-tracking will sanitize any request which was not already blocked, to ensure privacy is not at risk.
Another big difference is that Privacy Badger will block requests, but **Ghostery's anti-tracking is able to drop unsafe data-points from requests without having to block them completely** (e.g. fingerprints, tracking cookies, unique ids, etc.); this in turn leads to much lower breakage of websites. To be clear, Ghostery also employs a traditional content blocker, but the privacy of our users does not depend on us blocking all requests (which is impossible by the way, unless you want to break lots of websites). So **Ghostery's enhanced anti-tracking will sanitize any request which was not already blocked, to ensure privacy is not at risk**.
Also, a heuristic approach like Privacy Badger is limited by just having local knowledge. In many cases it will not know if data sent is unique to a user (this can only be tested by opening another browser and checking if a different value would be sent). Thus some kind of collaboration is required between users to determine what data is safe, and what is not—and this is the method Ghostery's anti-tracking uses.
We do identify potential user-identifiers (i.e. any value which would allow to identify a user uniquely over time) if only one user is sending such data. The assessment is done as a quorum, where only data that a lot of users are sending is considered safe, since it could not be used as a way to link records by a third-party, hence track. To do this only with local information is impossible, and while it can offer a good degree of protection, the collaborative effort implemented as part of Ghostery is much stronger.
We do identify potential user-identifiers (i.e. any value which would allow to identify a user uniquely over time) if only one user is sending such data. The assessment is done as a quorum, where only data that a lot of users are sending is considered safe, since it could not be used as a way to link records by a third-party, hence track. To do this only with local information is impossible; and while it can offer a good degree of protection, the collaborative effort implemented as part of Ghostery is much stronger.
[![Screenshot-2020-08-08-at-12-31-10-PM.jpg](https://i.postimg.cc/63gGv9rp/Screenshot-2020-08-08-at-12-31-10-PM.jpg)](https://postimg.cc/Q9gtLZY2)
<br>https://s3.amazonaws.com/cdncliqz/wp-content/uploads/2016/07/08101643/cliqz_whitepaper_tracking1.pdf
Also, all messages are anonymized and no record linkage can be done on the server side (we have no way to know if two messages come from the same users). We wrote extensively how this is possible in our two blog posts about Human Web and our anonymization network layer. Of course, this means that there is no unique identifier attached to messages.
Last but not least, yes the data you mention is useful for building features that are yet to come. For example, we needed data before we could launch the tracking protection feature few years back. There is a chicken and egg problem. Some seem to be very focused on the data part, without attempting to evaluate if that data compromises the privacy of the users in any way. Sorry, but it is not always the case that data implies lack of privacy, we wrote about it [here](https://0x65.dev/blog/2019-12-02/is-data-collection-evil.html). [^6]
Last but not least, yes the data you mention is useful for building features that are yet to come. For example, we needed data before we could launch the tracking protection feature few years back. There is a chicken and egg problem. Some seem to be very focused on the data part, without attempting to evaluate if that data compromises the privacy of the users in any way. It is not always the case that data implies lack of privacy. We wrote about it [here](https://0x65.dev/blog/2019-12-02/is-data-collection-evil.html). [^6]
***
@@ -164,6 +166,12 @@ Again, all of this can be turned ON or OFF at any time from settings, but we mak
### I'm not really comfortable with the supposedly anonymous data being collected.
Totally fair, not everyone has to be. This is also a tricky matter for us because we have to get some data in order to build a competitive search engine [1]. But we really do not want to collect any personal information at all about users. For this reason, we spent years coming up with a system to achieve this goal: Human Web. We wrote at length about its implementation on our tech blog [2] as well as the network anonymization layer that we built to ensure anonymity at the network level [3] (HPN). [^13]
[1]: https://0x65.dev/blog/2019-12-02/is-data-collection-evil.html
[2]: https://0x65.dev/blog/2019-12-03/human-web-collecting-data-in-a-socially-responsible-manner.html
[3]: https://0x65.dev/blog/2019-12-04/human-web-proxy-network-hpn.html
## Rewards Program
### What is Ghostery Rewards?
Ghostery Rewards is an optional, private-by-design feature that delivers you high-value offers as you browse and make purchases online. Rewards can be viewed, managed, and turned on or off at any time within the Ghostery extension or Ghostery Tab. It is powered by our sister company, [MyOffrz](https://cliqz.com/en/cliqz-angebote).
@@ -206,12 +214,6 @@ Regarding the experiment, I think it would be more correct to say "Mozilla's exp
We [wrote more about this](https://0x65.dev/blog/2019-12-11/the-pivot-that-excited-mozilla-and-google.html) on our tech blog recently if you are interested. [^12]
[1]: https://0x65.dev/blog/2019-12-02/is-data-collection-evil.html
[2]: https://0x65.dev/blog/2019-12-03/human-web-collecting-data-in-a-socially-responsible-manner.html
[3]: https://0x65.dev/blog/2019-12-04/human-web-proxy-network-hpn.html
### I heard Cliqz has shut down. Does that mean Ghostery has too?
The Ghostery extension is alive and well.