[Done] Better privacy for ABP - suggestion
[Done] Better privacy for ABP - suggestion
Hello!
First of all I would like to tell you that I really do like Adblock very much and use it constantly for a few months.
Recently I have opened the Adblock "Settings" to discover that ABP monitors the number of times a rule has been activated. While this is very useful for debugging, it introduces privacy problems - anyone who has access to my computer can read those counters, EVEN IF I USED the "clean private data" Firefox option.
I know (and set) an appropriate option in about:config but still it required googling...
Now my suggestions:
1) [Extremely important, easy] Implement an easy-to-use menu option to disable rule counting. It MUST NOT require editing of about:config.
2) [rather important, no idea about difficulty] Implement to clean all counters when "clean private data" is selected in Firefox. Maybe add an option (default: OFF) to keep them if some power user needs that?
To sum it all up: "clean private data" MUST clean ALL traces of *EVERY* visited page; it must not be possible to tell anything about visited pages by looking at ANY firefox menu, option or file.
First of all I would like to tell you that I really do like Adblock very much and use it constantly for a few months.
Recently I have opened the Adblock "Settings" to discover that ABP monitors the number of times a rule has been activated. While this is very useful for debugging, it introduces privacy problems - anyone who has access to my computer can read those counters, EVEN IF I USED the "clean private data" Firefox option.
I know (and set) an appropriate option in about:config but still it required googling...
Now my suggestions:
1) [Extremely important, easy] Implement an easy-to-use menu option to disable rule counting. It MUST NOT require editing of about:config.
2) [rather important, no idea about difficulty] Implement to clean all counters when "clean private data" is selected in Firefox. Maybe add an option (default: OFF) to keep them if some power user needs that?
To sum it all up: "clean private data" MUST clean ALL traces of *EVERY* visited page; it must not be possible to tell anything about visited pages by looking at ANY firefox menu, option or file.
Re: Better privacy for ABP - suggestion
Firefox 3.5 (formerly 3.1) will include a "Private Browsing" mode and Adblock Plus respects it by not counting hits as long as it's activated.Howdy wrote:1) [Extremely important, easy] Implement an easy-to-use menu option to disable rule counting. It MUST NOT require editing of about:config.
http://adblockplus.org/en/changelog-1.0#core
Added support for private browsing mode in Firefox 3.1, hit statistics are disabled automatically
Re: Better privacy for ABP - suggestion
What if it is NOT activated (e.g. I have forgotten to turn it on)? Don't you think Adblock should honor "clean private data" regardless of Private Browsing? Either it is "private data" or it is not. If it is - it must be cleaned. If it is not - why bother?Ares2 wrote:Firefox 3.5 (formerly 3.1) will include a "Private Browsing" mode and Adblock Plus respects it by not counting hits as long as it's activated.
Since the Developers decided to honor "Private browsing", they regard those as "private data". Hence I still think my suggestions are valid.
While "private data" setting is a step in a right direction, I still think that at least an easy option for turning the counting off (regardless of any Firefox mode) should be provided without fiddling with about:config.
Could someone comment on this? Am I right or am I missing something? Do you think it is sensible?
I have no idea whether FF extensions can hook (listen for) the "Clean Private Data" command.
I understand your position, Howdy, and although I personally don't worry about the counts for each filter as a privacy matter, they could conceivably be significant, forensically.
Looking forward, the best / easiest suggestion I can think of is to have the "maintain counts" feature set to off when the ABP extension is installed; let the user find it in the options pane and enable it if they wish.
I understand your position, Howdy, and although I personally don't worry about the counts for each filter as a privacy matter, they could conceivably be significant, forensically.
Looking forward, the best / easiest suggestion I can think of is to have the "maintain counts" feature set to off when the ABP extension is installed; let the user find it in the options pane and enable it if they wish.
Me neither.friend wrote:I have no idea whether FF extensions can hook (listen for) the "Clean Private Data" command.
Anyway, there is a preference to switch off hit counting: extensions.adblockplus.savestats (you find it in about:config).
I doWladimir Palant wrote:Me neither.friend wrote:I have no idea whether FF extensions can hook (listen for) the "Clean Private Data" command.
The DownThemAll extension has such functionality. Take a look at https://addons.mozilla.org/en-US/firefox/addon/201 (I haven't been able to locate a screenshot showing this so you will have to install it and try for yourself
Yes, there is. But I had to google for it to find it. That is why I proposed this setting to be directly available to users via an appropriate option in the ABP settings - please see my first post. It is IMHO too important to consider a power-user option (which about:config is).Wladimir Palant wrote:Anyway, there is a preference to switch off hit counting
I checked. Sure enough:Howdy wrote:The DownThemAll extension has such functionality.
Code: Select all
overlay chrome://browser/content/preferences/sanitize.xul chrome://dta/content/privacy/overlaySanitizeUI.xul
overlay chrome://browser/content/sanitize.xul chrome://dta/content/privacy/overlaySanitizeUI.xul
overlay chrome://browser/content/sanitize.xul chrome://dta/content/privacy/overlaySanitizeCode.xul
I understand your decision. Do you think it is possible (and sensible) to include an option in the Adblock settings to easily disable the counting without going to about:config?Wladimir Palant wrote:Sorry, I am not going to anything like this in Adblock Plus, way too much trouble. If there is some official and documented API - yes. But not like this.
I tend not to agree . This only proves that we need more people to comment on my proposal. To make one thing clear - I fully agree that it has minimal impact on privacy. Still minimal<>zero...Wladimir Palant wrote:The hit statistics have a very low privacy impact. I doubt that a visible option is really justified here.
Could other people care to share their views on the issue I have raised? Do we need such an option or is it a space-waster in Settings/options menu?
I have submitted an enchancement to Mozilla to document an official way of dealing with such problems - see https://bugzilla.mozilla.org/show_bug.cgi?id=493199
Easiest would be to observe the "browser:purge-session-history" notification - that's what e.g. the Error Console, Session Restore, etc. do.Wladimir Palant wrote:Me neither.friend wrote:I have no idea whether FF extensions can hook (listen for) the "Clean Private Data" command.
With Firefox 3.5 there's also the "browser:purge-domain-data" notification for clearing stats related with an individual domain.
You are right, this notification is sent out when "Browsing and Download History" is checked in the dialog - sounds appropriate to clean out hit statistics for that event then.zeniko wrote:Easiest would be to observe the "browser:purge-session-history" notification - that's what e.g. the Error Console, Session Restore, etc. do.
PS: I put this on my to-do list for Adblock Plus 1.1.