VOTE: enable Tracking Protection [Edit: and SB] #103
Comments
|
If enabled, leave it on the relaxed branch only. |
|
We have uBlock Origin , uMatrix and soon full-fledged containers with "Always open in this conteiner". |
|
@Thorin-Oakenpants I think the issue at hand that needs resolving is bigger than Tracking Protection. The underlying issue you need to decide (or have the community decide if you prefer) is whether you consider uBO is an officially required addition to this The TP decision is just a manifestation of the issue, but there could be others in the future. |
|
I prefer it all disabled personally. uBlock Origin does a splendid job of handling tracking with on-the-fly control as well. There's too much of a grey area involving the companies and services that are supposed to prevent tracking. While I'm not 100% convinced that they are collecting and selling the very info that they protect us from I am certain I don't 100% trust any of them either. |
|
uBlock manages more lists that can be optionally activated. |
|
Question. Since TP is disabled by master switches: Is there really need to clear the following: ? |
Also used by the flash blocking lists.
Not currently used by anything. Also, if you disable updates via So even if we were doing |
|
Thank you @fmarier. Is |
|
It will be used in the future if we start serving lists that contain hash prefixes (they end in |
|
Just for to be sure. Otherwise, bravo, you are my Queen and long live the Queen. :) |
|
OK. What in short is your opinion (not related to user.js): to enable TP also in non-PB or not? |
no need to insult us, thx @fmarier what stops the big G from creating something like a rainbow table with SB hashes for every site they crawl and use it to easily know exactly which site someone visited when they send the hash to google for SB lookup? |
|
https://developers.google.com/safe-browsing/v4/lists
|
You're right, the pref name was wrong in my blog post. I've updated it. Thanks!
The input to the API for getting the full hashes is a list of prefixes. We never send the full hash. Also, the noise entries are real prefixes that are part of the list.
We're not using the Lookup API, we're using the Update API. Also, we're not yet using version 4 of the API, we're still on version 2.2 until Firefox 57 or 58. |
But here it says that
|
That's an ancient page talking about a long-gone version of Safe Browsing, back when it was a Firefox extension, not built into the browser. |
|
@earthlng, I never hide that I am for enabling TP and SB (without G of course) and I waited a long time before voting against TP for one simple reason, this was about hardened version and relaxing setting would fit into light version. Love you all, cheers |
|
@Thorin-Oakenpants thanks for taking the time to explain your decision so thoroughly. I don't think you need to be defensive about it though. @crssi wrote:
I have Tracking Protection ON for all browsing modes (easy list) because I just don't see any downside to using it. It is only triggered if uBlock Origin fails to catch a tracker so it doesn't replace uBO in any way, and it has yet to break a site in a way I've noticed. |
|
What exact entry do I need to reset to get these back? Been vacant for a very long time. |
Probably these:
|
|
Thank you. All of my "browser.safebrowsing.provider.mozilla.lists.*" entries were still set to blank values, resetting them did repopulate the Block Lists. Again, thanks very much.
|
Thorin-Oakenpants
changed the title
Exceptions: real time binary checks not in local lists are still blocked. Reporting URLs still blocked.
Exception: I am enforcing TP in ALL windows (default is PB Mode only). I have also added the info for which block list to use in TP. Also clarified that 0440 (flash blocklist) uses prefs in 0410d. Also made flash tracking blocklist pref (0440) inactive. Now all TP and SB is allowed, only real time google binary checks and reporting is disabled.
Isn't it oposite, the TP within FF acts first and then uBO? |
|
@Thorin-Oakenpants - I am aware of that, but what when it exists in both? |
|
@crssi wrote:
TP is definitely last in line. It's easy to check though.
Alternatively, you could look at this comment from one of the original authors of TP:
|
|
Thank you @RoxKilly |
The only leftover files are the If you want to clean up old files, you can also just delete that Safe Browsing cache directory and restart your browser. The lists that are needed will be re-downloaded within 5 minutes of startup if they're not available on disk. |
My blog post was incorrectly referred to
The So if someone wants to disable Safe Browsing only, they shouldn't touch the mozilla prefs. Similarly, if someone only wants to disable TP, they shouldn't touch the google prefs.
Yes, we've never used the Lookup API and never will. That's true both on v2.2 and v4.
Yes, we're aiming to move from
The two prefs control two different things (malware v. phishing). We have the ability to control both independently but we don't think it's worth the space in the UI, so we leave it in |
See comment #103 (comment) - `*safebrowsing.provider.mozilla.*` is for Flash & TP ONLY (original article by francois had a *slight!!* error since fixed) This means that 0410d was not shared by TP and SB and to clear it all up .. 0410d is moved to 0420's. 0420's also gets the flash pref 0440 moved into the 0420's. Now it's all tidy: 0410's = google and SB, 0420's = mozilla & TP+Flash
|
@fmarier - are there any plans for SB to migrate from G to shavar Mozilla? |
|
@Thorin-Oakenpants - just thinking out loud, not demandig or whining: Hmmm... this might be for a new topic? Love you all |
No plans. It's an incredibly expensive service to run, both from a network traffic point and list curation point of view. Given that the service is quite good, there are better uses of our money and engineers (e.g. working with Tor) IMHO. |
|
FYI: pyllyukko's gone relaxed-branch. |
|
^^ hmm: this one bothers me:
Comment: I have IndexedDB enabled on the contrary to ghacks, since it breaks a few pages that I really need. But wasn't aware that affects uBO too? |
|
It has been resolved. |
See comment arkenfox/user.js#103 (comment) - `*safebrowsing.provider.mozilla.*` is for Flash & TP ONLY (original article by francois had a *slight!!* error since fixed) This means that 0410d was not shared by TP and SB and to clear it all up .. 0410d is moved to 0420's. 0420's also gets the flash pref 0440 moved into the 0420's. Now it's all tidy: 0410's = google and SB, 0420's = mozilla & TP+Flash
see #102 for the discussion, and make comments there, so its in one place.
This issue is just so I can get a handle on what people want. I will make a decision on when I get some reasonable numbers of votes.
Vote by adding a reaction to this post
Proposal
In this user.js, the master branch, (we will have a lite/relaxed branch in future), to enable TP (tracking protection).
Notes:
the same list as uBoa list (note: there are two lists, simple+strict, default is simple and we would leave it at that but include the pref for info/enforcing strict)That's about it really. Either turn TP on in this branch (which is our default branch), or wait until a lite branch.
Note: this would require approx 4 prefs to be made inactive (and reset in about:config), plus one new pref (inactive), and some changes to the wiki and the user.js's readme, and the 0400 section header description. That's about it.
👍 = don't disable TP (in other words end users are at default, prefs become inactive)
👎 = hell no, leave TP disabled by the user.js
The text was updated successfully, but these errors were encountered: