notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-12 07:30:47 +05:30
Code Issues Releases Wiki Activity

Updated Ghostery (markdown)

yokoffing
2020-08-08 13:06:03 -04:00
parent a4ea59e0ed
commit 93bbe56254
1 changed files with 103 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Ghostery.md
+102 -31
@@ -1,66 +1,137 @@
![](https://camo.githubusercontent.com/115cfc9688111836b599c30bd18fad1463e49977/68747470733a2f2f7777772e67686f73746572792e636f6d2f77702d636f6e74656e742f7468656d65732f67686f73746572792f696d616765732f67686f73746572795f6c6f676f5f626c61636b2e737667)
"Ghostery helps you browse smarter by giving you control over ads and tracking technologies to speed up page loads, eliminate clutter, and protect your data."
Ghostery helps you browse smarter by giving you control over ads and tracking technologies to speed up page loads, eliminate clutter, and protect your data.
# FAQ
1. Why would I use Ghostery over uBlock Origin?
2.
3.
4.
5.
6. Opt In / Opt Out
7.
8.
9.
10.
### Why would I use Ghostery? uBlock Origin has a sterling record and does what I want it to do.
### Why would I use Ghostery over uBlock Origin?
[uBlock Origin](http://https://ublockorigin.com) is an amazing extension, no question. There are still differences with Ghostery, though, which would make people use one or the other. Putting the UI aside (some people really like the Ghostery UI and the way it allows to gain insight about what was blocked for example), there are differences in the privacy protection built-in.
Ghostery extension contains multiple features aiming at preventing tracking, blocking ads, etc. There are three main mechanisms for this, layered and complementary:
1. A network request blocking mechanism based on a list of known trackers, categorized, which are shown in the UI as they are detected and blocked on each page visited (e.g.: tracking, advertisement, etc.).
1. **A network request blocking mechanism** based on a list of known trackers, categorized, which are shown in the UI as they are detected and blocked on each page visited (e.g.: tracking, advertisement, etc.).
2. An [adblocker](https://0x65.dev/blog/2019-12-20/not-all-adblockers-are-born-equal.html) feature of the like of uBlock Origin, AdGuard, or Adblock Plus. It uses the usual blocklists (such as Easylist and a few more by default) to identify requests to block to prevent ads from loading as well as some tracking. It also supports cosmetic filtering (aka elements hiding).
2. **An** [**adblocker feature**](https://0x65.dev/blog/2019-12-20/not-all-adblockers-are-born-equal.html) similar to uBlock Origin, AdGuard, or Adblock Plus. It uses the usual blocklists (such as Easylist and a few more by default) to identify requests to block to prevent ads from loading as well as some tracking. It also supports cosmetic filtering (aka elements hiding) and scriptlet injections.
3. An [anti-tracking technology](https://0x65.dev/blog/2019-12-19/blocking-tracking-without-blocking-trackers.html), which blocks third-party cookies and also detects and prevents fingerprinting attempts. [The methodology we use to power this feature](https://whotracks.me/blog/how_cliqz_antitracking_protects_users.html) is unique and you will not find it anywhere else.
3. **An** [**anti-tracking technology**](https://0x65.dev/blog/2019-12-19/blocking-tracking-without-blocking-trackers.html), which blocks third-party cookies and also detects and prevents fingerprinting attempts. [The methodology we use to power this feature](https://whotracks.me/blog/how_cliqz_antitracking_protects_users.html) is unique and you will not find it anywhere else.
4. Around May 2020, Ghostery has added the option to block annoyances as well. Ghostery uses a mix of community-driven lists such as uBlock Origin annoyances or EasyList cookie, as well as some custom filters. We do not use Fanboy's annnoyances list at the moment, though.
Around May 2020, Ghostery added the option to [block annoyances](https://github.com/ghostery/ghostery-extension/issues/504#issuecomment-630304421) as well. Ghostery uses a mix of community-driven lists such as uBlock Origin annoyances or EasyList cookie, as well as some custom filters.
[![Screenshot-2020-08-08-at-10-15-23-AM.jpg](https://i.postimg.cc/N00S0J9s/Screenshot-2020-08-08-at-10-15-23-AM.jpg)](https://postimg.cc/XrTQHgkm)
[![Screenshot-2020-08-08-at-10-15-23-AM.jpg](https://i.postimg.cc/kDrfFwgb/Screenshot-2020-08-08-at-10-15-23-AM.jpg)](https://postimg.cc/30BX3Xp8)
In short, uBlock Origin is (2) (and a very good one, Gorhill is doing an amazing work with uBO), but blocklists have well-known limitations which make them an imperfect privacy protection tool (i.e. because of slow updates, limited coverage and exceptions for some domains/requests to not break websites), which is why an approach like (3) is desirable. Of course it depends on how you setup uBlock Origin, the more you block the better, but it also increases breakage and you will never be able to block everything (this would break a lot of websites and you would have to whitelist some requests, leaving your privacy un-protected).
uBlock Origin is a content blocker (and a very good one, [Gorhill](https://github.com/gorhill) is doing an amazing work with uBO), but blocklists have well-known limitations which make them an imperfect privacy protection tool (i.e. because of slow updates, limited coverage and exceptions for some domains/requests to not break websites), which is why an approach like (3) is desirable.
On top of the part actively protecting privacy like anti-tracking and content blocking (explained above), there are other features to clear cookies from tracker domains to keep a "clean slate", etc. (A bit like what Safari does). For example cookies from tracking domains that you did not visit as first parties are cleared after an hour or so, hardening the protection further.
Of course it depends on how you setup uBlock Origin, the more you block the better, but it also increases breakage and you will never be able to block everything (this would break a lot of websites and you would have to whitelist some requests, leaving your privacy un-protected).
We're also working on a feature to automatically manage consent for you (all these cookie/GDPR notices). It's already in production in Cliqz, and we are considering to also porting it Ghostery eventually. The idea is that pop-ups are blocked, but also, consent is automatically denied on your behalf (if you opt-in to this feature), which is pretty unique.
[^1]
On top of the part actively protecting privacy like anti-tracking and content blocking, there are other features to clear cookies from tracker domains to keep a "clean slate", etc. (A bit like what [Safari](https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/) and [Firefox](https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Redirect_tracking_protection) have implemented). For example, Ghostery clears **cookies from tracking domains that you did not visit as first parties** after an hour or so, hardening the protection further. [^1]
### But I've heard that Ghostery couldn't be trusted...
You might be referring to the pre-2017 era where Ghostery belonged to a company named [Evidon](https://www.ghostery.com/faqs/who-is-evidon/) (which had a business model of collecting and selling data to other companies). It was then acquired by Cliqz (which builds a private and independent search engine as well as privacy-focused browsers). Since then the business model has been dropped, code has been [open-sourced](https://github.com/ghostery/ghostery-extension/) and Ghostery is now exploring ways to monetize through [paid products](https://www.ghostery.com/insights/), as well as client-side offers targeting called [rewards](https://www.ghostery.com/faqs/what-is-ghostery-rewards/). [^2]
### Rewards? So, does Ghostery collect and sell my data?
source https://www.reddit.com/r/news/comments/g565bs/disney_to_stop_paying_100000_workers_but_is_still/fo2ossl
### Does Ghostery collect and sell my data?
Ghostery neither collects nor sells data about users or trackers. In fact, we even open the insights we have about the tracking landscape via https://whotracks.me/, so that everyone can benefit from it. [^3]
Anti-tracking AI?
source https://www.reddit.com/r/firefox/comments/fa4twz/no_tracking_here_no_thank_you/fizyrow
### "Ghostery does not have much customization or fine-grained controls (dynamic filtering, medium mode, element picker etc.)."
Ghostery with uBlock Origin
source https://www.reddit.com/r/firefox/comments/fbb9wo/please_rethink_giving_the_extension_ghostery_the/fj71o66/
source https://www.reddit.com/r/technology/comments/f98tjg/firefox_turns_encrypted_dns_on_by_default_to/fir23ar/
This is an interesting point and I think it is worst pointing out that Ghostery is aiming at providing the best privacy protection out of the box. This also means that IMO there is less of a need for dynamic filtering and medium mode, which are (I think), mostly needed because of the limitations of content blocking (e.g. not all requests can be blocked otherwise websites are broken, so there needs to be a way to fine-tune the behavior manually).
Ghostery vs. Privacy Badger
source https://www.reddit.com/r/firefox/comments/fbb9wo/please_rethink_giving_the_extension_ghostery_the/fj44vf5/
On the other hand, in Ghostery we introduced (alongside the traditional content blocker or adblocker), an [anti-tracking feature](https://0x65.dev/blog/2019-12-19/blocking-tracking-without-blocking-trackers.html) which is not based on blocklists, and is able to remove unsafe datapoints (e.g. fingerprints, third-party cookies, unique identifiers, etc.) from requests without having to block them, drastically reducing breakage.
Ghostery Rewards?
source https://www.reddit.com/r/firefox/comments/f87xks/do_tracking_cookies_still_get_blocked_by_ff_if_i/fik2yfh
It's great to offer customization options, but this does not automatically translate into better privacy (and there are other ways to increase the privacy protection and reduce breakage). In the end these features are targeted at power users, but I would argue that they are not necessarily increasing the privacy offered by the extension (e.g., Ghostery anti-tracking does not require any customization but still allows to remove unsafe data points from all requests with lower breakage rate than content blockers).
Human Web
To summarize, I agree that uBlock Origin gives more customization options, but I don't think this is necessarily the most relevant metric to compare extensions. I would rather focus on the privacy protection offered (especially out of the box, since most users will likely not change the settings). [^4]
### Ghostery with uBlock Origin
How do you define a tracker? How can you be sure that all trackers are blocked by static lists? How long does it take to create a filter when a new tracker domain is created? As far as I can see, there are a lot of exception filters to unbreak sites, what happens if these request send unsafe datapoints which can track users?
Take some random domains and look for cases of requests containing unsafe data being sent while having uBlock Origin enabled (default settings). Check lesnumeriques.com, visit a few pages and look for ultimedia.com: it tries to set a tracking cookie. Same for economist.com (check tinypass, not blocked but sets a tracking cookie, Ghostery removes the cookie from request), same on msn.com, visit a few pages and check platform.twitter, tries to send tracking cookie (blocked by Ghostery but not uBlock Origin), etc. Of course you could arbitrarily harden the settings of your content blocker, block third-party cookies, etc. but this comes with breakage, and unless you block everything, you will never be sure that all trackers are blocked.
My point is not that uBlock Origin is doing a bad job; in fact, I think that this is an amazing content blocker. But there are some fundamental limitations to content blocking which prevent it from being able to perfectly protect privacy, for few reasons:
* Not all requests can be blocked (or you break websites, login workflows, etc.), so you need to create exceptions and whitelist requests, which leaves privacy of users at risk.
* It can take time for maintainers to create rules for new trackers. For some less known websites, rules might not even exist (yet).
* It is not necessarily possible to identify what a tracker even is by just looking at requests, without having a way to know if the values sent (e.g. cookies, query params, etc.) are unique to a specific users or shared by many. [^5]
### Do I still need Privacy Badger?
Privacy Badger is, to the best of my knowledge, the only other popular extension which uses some kind of heuristics to block tracking. There are some fundamental differences in how Privacy Badger and Ghostery work, though.
For example, Privacy Badger will try to learn over time which domains are "tracking" you then block these in the future, based on locally analyzed information. In contrast, Ghostery's anti-tracking is working out of the box and privacy protection is derived from a global knowledge of trackers on the Web.
Another big difference is that Privacy Badger will block requests, but Ghostery's anti-tracking is able to drop unsafe data-points from requests without having to block them completely (e.g. fingerprints, tracking cookies, unique ids, etc.); this in turn leads to much lower breakage of websites. To be clear, Ghostery also employs a traditional content blocker, but the privacy of our users does not depend on us blocking all requests (which is impossible by the way, unless you want to break lots of websites). So the anti-tracking will sanitize any request which was not already blocked, to ensure privacy is not at risk.
[![Screenshot-2020-08-08-at-12-31-10-PM.jpg](https://i.postimg.cc/63gGv9rp/Screenshot-2020-08-08-at-12-31-10-PM.jpg)](https://postimg.cc/Q9gtLZY2)
<br>https://s3.amazonaws.com/cdncliqz/wp-content/uploads/2016/07/08101643/cliqz_whitepaper_tracking1.pdf
Also, a heuristic approach like Privacy Badger is limited by just having local knowledge. In many cases it will not know if data sent is unique to a user (this can only be tested by opening another browser and checking if a different value would be sent). Thus some kind of collaboration is required between users to determine what data is safe, and what is not—and this is the method Ghostery's anti-tracking uses.
We do identify potential user-identifiers (i.e. any value which would allow to identify a user uniquely over time) if only one user is sending such data. The assessment is done as a quorum, where only data that a lot of users are sending is considered safe, since it could not be used as a way to link records by a third-party, hence track. To do this only with local information is impossible, and while it can offer a good degree of protection, the collaborative effort implemented as part of Ghostery is much stronger.
Also, as explained in my original answer, all messages are anonymized and no record linkage can be done on the server side (we have no way to know if two messages come from the same users). We wrote extensively how this is possible in our two blog posts about Human Web and our anonymization network layer. Of course, this means that there is no unique identifier attached to messages.
Last but not least, yes the data you mention is useful for building features that are yet to come. For example, we needed data before we could launch the tracking protection feature few years back. There is a chicken and egg problem. Some seem to be very focused on the data part, without attempting to evaluate if that data compromises the privacy of the users in any way. Sorry, but it is not always the case that data implies lack of privacy, we wrote about it [here](https://0x65.dev/blog/2019-12-02/is-data-collection-evil.html). [^6]
### Ghostery Rewards
Firstly, I understand that trust is something that takes time to build, but we try hard to be transparent, by having [all code being open-source](https://github.com/ghostery/ghostery-extension/) and visible to anyone with the time and skills to dig in (and I know not everyone can do it but this is something communities can do collectively; and they already do it, for example on Reddit); and also communicating openly about what we do and how.
Secondly, there is an on-boarding process for this feature. Here I installed Ghostery and on the first visit to a page which could potentially trigger a Reward the following pop-up asks if the user would like to see Rewards in the future or not [(screenshot)](https://imgur.com/a/Tr9Xixv). If the answer is "No", then the feature is disabled. We have also [written about it](https://www.ghostery.com/blog/ghostery-news/ghostery-rewards-beta-rollout/) on our blog. It's also part of the "Custom Setup" flow which is accessible from the Ghostery Hub (opens automatically on install).
Lastly, I'd like to challenge the idea that Rewards are juts like ads on the Web. We really took a different approach here (and this made things much harder for us than if we had taken the "usual" path of advertisement; but this would have been totally incompatible with our values so this was a no-go), put aside the trust issue addressed above, the fact that:
1. Everything happens client-side (there is no server-side aggregation of personal data for targeting or anything like that); the data remains under control of the user, on the device; that's where it belongs.
2. The Rewards are not shown on random pages (like usual ads), but we try to pick the moment where they would be most relevant. This means that they are shown less often and are hopefully more relevant.
3. The location where Rewards are shown is always the same and very predictable (top right of the screen, close to Ghostery menu), this also helps reduce the distraction when compared to ads on website which are usually placed they can capture your attention best (and is also where they are potentially the most annoying for users).
And of course this feature can be disabled, either during the onboarding described above or in the Ghostery settings at any point of time (menu "Opt In / Out").
### I'd rather just pay you for your software, and then we can have mutual trust.
This is great to hear, but you are unfortunately part of a tiny minority of users who would like to pay for a privacy-extension or browser. Our past experience shows that most users are not willing to do so, and this is why Reward became a thing. For everyone else, we invest heavily on paid products such as [Ghostery Midnight](https://www.ghostery.com/midnight/) and [Ghostery Insights](https://www.ghostery.com/insights/) so that people who are willing to pay to support us can do so. This is definitely the cleanest and most transparent way to support Ghostery, and we would love if more and more people would pick it.
We will continue to work hard to improve the communication and transparency in the future and your feedback is very helpful in this regard.
### So if one opts out of the "Rewards" system, no data is collected or stored, neither locally or anywhere else? Or is this data still collected in case user would have a change of mind and turn "Rewards" back on?
This is correct, when opted-out, the Rewards module is completely disabled and no data whatsoever is kept-track-of. The source code does not even run in fact. [^7]
### What is Human Web?
* [Human Web — Collecting data in a socially responsible manner](https://0x65.dev/blog/2019-12-03/human-web-collecting-data-in-a-socially-responsible-manner.html)
* [Human Web Proxy Network (HPN)](https://0x65.dev/blog/2019-12-04/human-web-proxy-network-hpn.html)
The second one is a bit more technical and covers how we implemented proxies as well as cryptographic scheme which allow to prevent network fingerprinting when clients make requests to our servers as part of Human Web (e.g. this way we do not even learn about their IPs).
Regarding your point about Ghostery still collecting some data on users. It's a great one, and I would like to give some more insights about why we think this is not a black or white situation. Ghostery does collect some anonymous data from users, which is not the same thing as collecting "user data". This usually takes the form of anonymous statistics which cannot be linked back to users on the backend, we make sure of that using [Human Web](https://0x65.dev/blog/2019-12-03/human-web-collecting-data-in-a-socially-responsible-manner.html) and [our network anonymization layer](https://0x65.dev/blog/2019-12-04/human-web-proxy-network-hpn.html).
The anonymous data is always collected in such a way that it is specific to a use case: for example powering the anti-tracking feature, and cannot be re-purposed for anything else (which basically makes the data useless except for the purpose it was initially intended for).
Detailing the anti-tracking use case a bit more, these anonymous statistics are used to learn about trackers throughout the Web and allow to protect all users in real time. It allows us to go beyond the usual blocklist approach (used by all adblockers) which requires humans to look at websites and create new rules (this can take days, putting privacy at risk); in contrast, our anti-tracking can detect new trackers in real time thanks to Ghostery users monitoring the internet and reporting new threats. We also open up these statistics to power https://whotracks.me/ so that anyone can learn about the tracking landscape (this is possible because the data is only about the trackers, not the users).
Of course, all of this can be turned-off if desired, but we make sure that there is no negative privacy side-effect if you don't. In fact, this helps protect the privacy of users (e.g. such as with anti-tracking described above which is made more powerful thanks to statistics contributed by users).
source https://www.reddit.com/r/privacytoolsIO/comments/f1bn8s/i_did_a_test_on_panopticlick_to_see_how_anonymous/fheg1x9
https://www.reddit.com/r/degoogle/comments/eshkp0/microg_android_almost_without_google_our/ffpzv9x
Who is Cliqz?
### Who is Cliqz?
Cliqz GmbH is a German company owned by Hubert Burda Media who has acquired the popular Ghostery brand and consumer products, including the anti-tracking browser extensions and mobile apps, from Evidon, Inc. Cliqz is a provider of innovative, privacy-focused browser technologies with integrated quick-search functionality. By combining algorithmic and blocklist anti-tracking approaches, Cliqz and Ghostery will together raise the benchmark in privacy protection. The acquisition of Ghosterys 10 million active users around the globe will spur Cliqzs international growth. [^ ]
https://www.ghostery.com/faqs/who-is-cliqz/
As a subsidiary company, Ghostery will collaborate closely with its parent company, Cliqz, on both new and existing products. This means that Ghostery will be implementing proprietary Cliqz technologies, such as its anti-tracking functionality with Human Web, and that the Ghostery product and brand will be available immediately for download on the Cliqz browser. Both companies will also participate in joint messaging to promote products and solutions.
Ghostery and Cliqz technologies will evolve in parallel and become more closely integrated as these two organizations strive to set a new benchmark in consumer privacy protection. [^ ]
https://www.ghostery.com/faqs/ghostery-work-cliqz/
I heard Cliqz shut down. Does that mean Ghostery has too?
### I heard Cliqz has shut down. Does that mean Ghostery has too?
The Ghostery extension is alive and well.
[^1]:https://www.reddit.com/r/technology/comments/f98tjg/firefox_turns_encrypted_dns_on_by_default_to/fir7npi/
[^2]:https://www.reddit.com/r/AskReddit/comments/f298x0/what_chrome_extensions_make_the_internet_100x/fheeoco
[^3]:https://www.reddit.com/r/news/comments/g565bs/disney_to_stop_paying_100000_workers_but_is_still/fo2ossl
[^4]:https://www.reddit.com/r/firefox/comments/fa4twz/no_tracking_here_no_thank_you/fizyrow
[^5]:https://www.reddit.com/r/firefox/comments/fbb9wo/please_rethink_giving_the_extension_ghostery_the/fj71o66/
[^6]:https://www.reddit.com/r/firefox/comments/fbb9wo/please_rethink_giving_the_extension_ghostery_the/fj44vf5/
[^7]:https://www.reddit.com/r/firefox/comments/f87xks/do_tracking_cookies_still_get_blocked_by_ff_if_i/fik2yfh