[Done] Better privacy for ABP - suggestion

Various discussions related to Adblock Plus development
Howdy

[Done] Better privacy for ABP - suggestion

Post by Howdy »

Hello!

First of all I would like to tell you that I really do like Adblock very much and use it constantly for a few months.

Recently I have opened the Adblock "Settings" to discover that ABP monitors the number of times a rule has been activated. While this is very useful for debugging, it introduces privacy problems - anyone who has access to my computer can read those counters, EVEN IF I USED the "clean private data" Firefox option.

I know (and set) an appropriate option in about:config but still it required googling...

Now my suggestions:
1) [Extremely important, easy] Implement an easy-to-use menu option to disable rule counting. It MUST NOT require editing of about:config.
2) [rather important, no idea about difficulty] Implement to clean all counters when "clean private data" is selected in Firefox. Maybe add an option (default: OFF) to keep them if some power user needs that?

To sum it all up: "clean private data" MUST clean ALL traces of *EVERY* visited page; it must not be possible to tell anything about visited pages by looking at ANY firefox menu, option or file.
Ares2
Posts: 1275
Joined: Fri Feb 15, 2008 12:47 pm

Re: Better privacy for ABP - suggestion

Post by Ares2 »

Howdy wrote:1) [Extremely important, easy] Implement an easy-to-use menu option to disable rule counting. It MUST NOT require editing of about:config.
Firefox 3.5 (formerly 3.1) will include a "Private Browsing" mode and Adblock Plus respects it by not counting hits as long as it's activated.

http://adblockplus.org/en/changelog-1.0#core
Added support for private browsing mode in Firefox 3.1, hit statistics are disabled automatically
Howdy

Re: Better privacy for ABP - suggestion

Post by Howdy »

Ares2 wrote:Firefox 3.5 (formerly 3.1) will include a "Private Browsing" mode and Adblock Plus respects it by not counting hits as long as it's activated.
What if it is NOT activated (e.g. I have forgotten to turn it on)? Don't you think Adblock should honor "clean private data" regardless of Private Browsing? Either it is "private data" or it is not. If it is - it must be cleaned. If it is not - why bother?

Since the Developers decided to honor "Private browsing", they regard those as "private data". Hence I still think my suggestions are valid.

While "private data" setting is a step in a right direction, I still think that at least an easy option for turning the counting off (regardless of any Firefox mode) should be provided without fiddling with about:config.

Could someone comment on this? Am I right or am I missing something? Do you think it is sensible?
friend

Post by friend »

I have no idea whether FF extensions can hook (listen for) the "Clean Private Data" command.

I understand your position, Howdy, and although I personally don't worry about the counts for each filter as a privacy matter, they could conceivably be significant, forensically.

Looking forward, the best / easiest suggestion I can think of is to have the "maintain counts" feature set to off when the ABP extension is installed; let the user find it in the options pane and enable it if they wish.
Wladimir Palant

Post by Wladimir Palant »

friend wrote:I have no idea whether FF extensions can hook (listen for) the "Clean Private Data" command.
Me neither.

Anyway, there is a preference to switch off hit counting: extensions.adblockplus.savestats (you find it in about:config).
Howdy

Post by Howdy »

Wladimir Palant wrote:
friend wrote:I have no idea whether FF extensions can hook (listen for) the "Clean Private Data" command.
Me neither.
I do :)
The DownThemAll extension has such functionality. Take a look at https://addons.mozilla.org/en-US/firefox/addon/201 (I haven't been able to locate a screenshot showing this so you will have to install it and try for yourself
Wladimir Palant wrote:Anyway, there is a preference to switch off hit counting
Yes, there is. But I had to google for it to find it. That is why I proposed this setting to be directly available to users via an appropriate option in the ABP settings - please see my first post. It is IMHO too important to consider a power-user option (which about:config is).
Wladimir Palant

Post by Wladimir Palant »

Howdy wrote:The DownThemAll extension has such functionality.
I checked. Sure enough:

Code: Select all

overlay chrome://browser/content/preferences/sanitize.xul	chrome://dta/content/privacy/overlaySanitizeUI.xul
overlay chrome://browser/content/sanitize.xul	chrome://dta/content/privacy/overlaySanitizeUI.xul
overlay chrome://browser/content/sanitize.xul	chrome://dta/content/privacy/overlaySanitizeCode.xul
So they are basically hacking the dialog. Sorry, I am not going to anything like this in Adblock Plus, way too much trouble. If there is some official and documented API - yes. But not like this.
Howdy

Post by Howdy »

Wladimir Palant wrote:Sorry, I am not going to anything like this in Adblock Plus, way too much trouble. If there is some official and documented API - yes. But not like this.
I understand your decision. Do you think it is possible (and sensible) to include an option in the Adblock settings to easily disable the counting without going to about:config?
Wladimir Palant

Post by Wladimir Palant »

The hit statistics have a very low privacy impact. I doubt that a visible option is really justified here.
Howdy

Post by Howdy »

Wladimir Palant wrote:The hit statistics have a very low privacy impact. I doubt that a visible option is really justified here.
I tend not to agree :). This only proves that we need more people to comment on my proposal. To make one thing clear - I fully agree that it has minimal impact on privacy. Still minimal<>zero...

Could other people care to share their views on the issue I have raised? Do we need such an option or is it a space-waster in Settings/options menu?

I have submitted an enchancement to Mozilla to document an official way of dealing with such problems - see https://bugzilla.mozilla.org/show_bug.cgi?id=493199
Wladimir Palant

Post by Wladimir Palant »

Yes, I got a notification about this bug already - it is in the wrong component, I will move it.
zeniko

Post by zeniko »

Wladimir Palant wrote:
friend wrote:I have no idea whether FF extensions can hook (listen for) the "Clean Private Data" command.
Me neither.
Easiest would be to observe the "browser:purge-session-history" notification - that's what e.g. the Error Console, Session Restore, etc. do.

With Firefox 3.5 there's also the "browser:purge-domain-data" notification for clearing stats related with an individual domain.
Wladimir Palant

Post by Wladimir Palant »

zeniko wrote:Easiest would be to observe the "browser:purge-session-history" notification - that's what e.g. the Error Console, Session Restore, etc. do.
You are right, this notification is sent out when "Browsing and Download History" is checked in the dialog - sounds appropriate to clean out hit statistics for that event then.

PS: I put this on my to-do list for Adblock Plus 1.1.
Howdy

Post by Howdy »

Wladimir Palant wrote:PS: I put this on my to-do list for Adblock Plus 1.1.
Cool - I can't wait to test it out when 1.1 is released :). Problem solved!
ziutek

Post by ziutek »

Wladimir Palant wrote:PS: I put this on my to-do list for Adblock Plus 1.1.
Do you have a public version of your todo list somewhere? I think it could be useful.
Locked