Q&A Privacy Badger Is Changing to Protect You Better

Add-on/Extension Page
https://privacybadger.org/

Gandalf_The_Grey

Level 47
Verified
Trusted
Content Creator
Apr 24, 2016
3,621
Privacy Badger was created to protect users from pervasive non-consensual tracking, and to do so automatically, without relying on human-edited lists of known trackers. While our goals remain the same, our approach is changing. It is time for Privacy Badger to evolve.

Thanks to disclosures from Google Security Team, we are changing the way Privacy Badger works by default in order to protect you better. Privacy Badger used to learn about trackers as you browsed the Web. Now, we are turning “local learning” off by default, as it may make you more identifiable to websites or other actors. If you wish, you can still choose to opt in to local learning and have the exact same Badger experience as before. Regardless, all users will continue to benefit from Privacy Badger’s up-to-date knowledge of trackers in the wild, as well as its unique extra privacy-preserving features like outgoing link protection and widget replacement.

Google Security Team reached out to us in February with a set of security disclosures related to Privacy Badger’s local learning function. The first was a serious security issue; we removed the relevant feature immediately. The team also alerted us to a class of attacks that were enabled by Privacy Badger’s learning. Essentially, since Privacy Badger adapts its behavior based on the way that sites you visit behave, a dedicated attacker could manipulate the way Privacy Badger acts: what it blocks and what it allows. In theory, this can be used to identify users (a form of fingerprinting) or to extract some kinds of information from the pages they visit. This is similar to the set of vulnerabilities that Safari’s Intelligent Tracking Prevention feature disclosed and patched late last year.

To be clear: the disclosures Google’s team shared with us are purely proof-of-concept, and we have seen no evidence that any Privacy Badger users have had these techniques used against them in the wild. But as a precaution, we have decided to turn off Privacy Badger’s local learning feature by default.

From now on, Privacy Badger will rely solely on its “Badger Sett” pre-trained list of tracking domains to perform blocking by default. Furthermore, Privacy Badger’s tracker database will be refreshed periodically with the latest pre-trained definitions. This means, moving forward, all Privacy Badgers will default to relying on the same learned list of trackers for blocking.
Full article:
 

oldschool

Level 59
Verified
Mar 29, 2018
4,807
I hope Privacy Possum is forking appropriately.
It's not actively developed. Loads of open issues and nothing of import from developer in a long time. Last update over a year ago.
I think it's based off Privacy Badger?
It was developed as an alternative to, but is completely different from PB.
 

Cheeseman

Level 1
Jun 10, 2020
14
Since ubo and adguard already did an arguably better job at blocking ads, trackers, etc.. than privacy badger (one is specified to block 3rd-party fingerprinting only, ubo and adguard are blocking ads, trackers (1st and 3rd party)). To me, there's no reason to use a tool that has way better alternatives with better and more options to choose from. Granted, the extension learns as you browse is a good idea, but having the old, more relyable filters (how can a software component decide what ad should be blocked and what not (besides the creator(s)' "decision" obviusly)). The best would be a hybrid both addon-learning and human-made filterlist combo...
 

Gangelo

Level 4
Verified
Jul 29, 2017
189
I never invested much time in this tool. In it's early days, it was a mediocre tracker blocker which broke plenty of webpages. It got a little better with later versions but once Adguard Premium was tested and purchased I never used anything else. Now that Google castrated it's only unique feature, it is practically useless.

Besides, when Manifest V3 becomes mainstream, it will be unable to block anything.

Quote

An overview of the Manifest V3 proposal's impact upon Privacy Badger​

Privacy Badger is a browser extension that automatically learns to block invisible trackers.

Instead of keeping lists of what to block, Privacy Badger learns by watching which domains appear to be tracking you as you browse the Web. Privacy Badger sends the Do Not Track signal with your browsing. If trackers ignore your wishes, your Badger will learn to block them. Privacy Badger starts blocking once it sees the same tracker on three different websites.
The Manifest V3 proposal thoroughly breaks this description. It appears that Privacy Badger will no longer be able to dynamically learn to block trackers, report what it blocked on a page, block cookies from being set or sent, strip referrer headers, nor properly support EFF's Do Not Track policy.

If you remove what makes Privacy Badger unique, replacing it with basic list-based blocking, what are you left with?

Replacing persistent background pages with ServiceWorkers​

A non-persistent event-driven background page does not work well for extensions that need to keep ephemeral state.

  • Privacy Badger maintains per-tab data that includes things like which third-party domains were detected and/or blocked on the page.
  • It may be possible to continuously save and restore state from storage as a workaround, but this runs counter to the stated performance goals of moving away from persistent background pages. It seems that persistent background pages are a much better fit for certain (stateful) types of extensions.
  • As Privacy Badger requires the webRequest API (more on this below), a persistent background page is required as per Chrome extension docs:
    The webRequest API is incompatible with non-persistent background pages.
There are likely other issues (will a ServiceWorker background page support functioning in Incognito contexts, which is essential for privacy and security extensions?), but they are eclipsed by the fundamental mistake of trying to shoehorn stateful extensions into an exclusively event driven model.

Restricting origin access / Manifest Host Permission Specification​

Making users confirm extension access (host_permissions) does not seem to make sense for general-purpose content blocking (adblocker/privacy/security) extensions. Outside of edge cases (for example, a Facebook.com-specific extension), content blockers need access across all URLs. Redundantly prompting users for permission to run these scripts (on top of the existing notification users see when initially installing Privacy Badger) will be unhelpful and confusing.

As Chrome extension docs for permissions state:

Use required permissions when they are needed for your extension’s basic functionality.

Dynamic Content Scripts​

Many of Privacy Badger's content scripts need to run on all pages in order to do things like detect localStorage-based tracking and canvas fingerprinting, or deny JavaScript access to cookies and localStorage to "yellowlisted" third-party domains.

It would be great to finally have dynamic, before-anything-else injection of content scripts (478183 - chromium - An open-source project to help move the web forward. - Monorail). However, as per the host_permissions note above, it doesn't make sense to make users have to re-confirm this access via permission dialogs.

WebRequest​

Removing "blocking" (synchronous request/response interception) from webRequest will break core Privacy Badger functionality.

The declarativeNetRequest API is an entirely inadequate replacement as it supports onBeforeRequest blocking and redirection only (not header/body inspection or modification), and seems to support (a limited number of) hardcoded rules only.

  • Privacy Badger needs to dynamically create rules.
  • Privacy Badger's rules interact with each other. A request that would be blocked may be overriden to "cookie-blocked" instead by the user, or it may be registered as a DNT-compliant domain and thus allowed.
  • Rules need to be further qualified by things like whether the request/response domain is third-party to the top-level document.
  • Privacy Badger needs to report what it did (blocked, etc.) on a page.
  • Privacy Badger needs to be able to modify content headers (block cookies, strip referrers, perhaps modify ETag headers, ...).
  • Privacy Badger would benefit from being able to modify response bodies like WebExtensions can in Firefox. The webRequest API should be gaining, not losing functionality.
  • Privacy Badger needs to encourage privacy-respecting ads by continuing to enforce the EFF Do Not Track policy. This means Privacy Badger needs to continue being able to check blocked domains for declarations of DNT compliance.
The above is not meant to be an exhaustive list. The point is that it is a fundamental mistake to try to shoehorn all content intercepting extensions into the limited-by-design declarative model.

Unquote

Edit: Source Will the proposed Manifest V3 changes to Chrome break Privacy Badger? · Issue #2273 · EFForg/privacybadger
 
Last edited:
Top