[Done] Better privacy for ABP - suggestion

Various discussions related to Adblock Plus development

[Done] Better privacy for ABP - suggestion

Postby Howdy » Thu May 14, 2009 10:05 pm

Hello!

First of all I would like to tell you that I really do like Adblock very much and use it constantly for a few months.

Recently I have opened the Adblock "Settings" to discover that ABP monitors the number of times a rule has been activated. While this is very useful for debugging, it introduces privacy problems - anyone who has access to my computer can read those counters, EVEN IF I USED the "clean private data" Firefox option.

I know (and set) an appropriate option in about:config but still it required googling...

Now my suggestions:
1) [Extremely important, easy] Implement an easy-to-use menu option to disable rule counting. It MUST NOT require editing of about:config.
2) [rather important, no idea about difficulty] Implement to clean all counters when "clean private data" is selected in Firefox. Maybe add an option (default: OFF) to keep them if some power user needs that?

To sum it all up: "clean private data" MUST clean ALL traces of *EVERY* visited page; it must not be possible to tell anything about visited pages by looking at ANY firefox menu, option or file.
Howdy
 

Re: Better privacy for ABP - suggestion

Postby Ares2 » Thu May 14, 2009 10:49 pm

Howdy wrote:1) [Extremely important, easy] Implement an easy-to-use menu option to disable rule counting. It MUST NOT require editing of about:config.

Firefox 3.5 (formerly 3.1) will include a "Private Browsing" mode and Adblock Plus respects it by not counting hits as long as it's activated.

http://adblockplus.org/en/changelog-1.0#core
Added support for private browsing mode in Firefox 3.1, hit statistics are disabled automatically
Ares2
 
Posts: 1275
Joined: Fri Feb 15, 2008 1:47 pm

Re: Better privacy for ABP - suggestion

Postby Howdy » Fri May 15, 2009 12:02 am

Ares2 wrote:Firefox 3.5 (formerly 3.1) will include a "Private Browsing" mode and Adblock Plus respects it by not counting hits as long as it's activated.


What if it is NOT activated (e.g. I have forgotten to turn it on)? Don't you think Adblock should honor "clean private data" regardless of Private Browsing? Either it is "private data" or it is not. If it is - it must be cleaned. If it is not - why bother?

Since the Developers decided to honor "Private browsing", they regard those as "private data". Hence I still think my suggestions are valid.

While "private data" setting is a step in a right direction, I still think that at least an easy option for turning the counting off (regardless of any Firefox mode) should be provided without fiddling with about:config.

Could someone comment on this? Am I right or am I missing something? Do you think it is sensible?
Howdy
 

Postby friend » Fri May 15, 2009 3:47 am

I have no idea whether FF extensions can hook (listen for) the "Clean Private Data" command.

I understand your position, Howdy, and although I personally don't worry about the counts for each filter as a privacy matter, they could conceivably be significant, forensically.

Looking forward, the best / easiest suggestion I can think of is to have the "maintain counts" feature set to off when the ABP extension is installed; let the user find it in the options pane and enable it if they wish.
friend
 

Postby Wladimir Palant » Fri May 15, 2009 8:28 am

friend wrote:I have no idea whether FF extensions can hook (listen for) the "Clean Private Data" command.

Me neither.

Anyway, there is a preference to switch off hit counting: extensions.adblockplus.savestats (you find it in about:config).
Wladimir Palant
ABP Developer
 
Posts: 8395
Joined: Fri Jun 09, 2006 6:59 pm
Location: Cologne, Germany

Postby Howdy » Fri May 15, 2009 9:39 am

Wladimir Palant wrote:
friend wrote:I have no idea whether FF extensions can hook (listen for) the "Clean Private Data" command.

Me neither.


I do :)
The DownThemAll extension has such functionality. Take a look at https://addons.mozilla.org/en-US/firefox/addon/201 (I haven't been able to locate a screenshot showing this so you will have to install it and try for yourself

Wladimir Palant wrote:Anyway, there is a preference to switch off hit counting


Yes, there is. But I had to google for it to find it. That is why I proposed this setting to be directly available to users via an appropriate option in the ABP settings - please see my first post. It is IMHO too important to consider a power-user option (which about:config is).
Howdy
 

Postby Wladimir Palant » Fri May 15, 2009 9:51 am

Howdy wrote:The DownThemAll extension has such functionality.

I checked. Sure enough:
Code: Select all
overlay chrome://browser/content/preferences/sanitize.xul   chrome://dta/content/privacy/overlaySanitizeUI.xul
overlay chrome://browser/content/sanitize.xul   chrome://dta/content/privacy/overlaySanitizeUI.xul
overlay chrome://browser/content/sanitize.xul   chrome://dta/content/privacy/overlaySanitizeCode.xul

So they are basically hacking the dialog. Sorry, I am not going to anything like this in Adblock Plus, way too much trouble. If there is some official and documented API - yes. But not like this.
Wladimir Palant
ABP Developer
 
Posts: 8395
Joined: Fri Jun 09, 2006 6:59 pm
Location: Cologne, Germany

Postby Howdy » Fri May 15, 2009 11:51 am

Wladimir Palant wrote:Sorry, I am not going to anything like this in Adblock Plus, way too much trouble. If there is some official and documented API - yes. But not like this.


I understand your decision. Do you think it is possible (and sensible) to include an option in the Adblock settings to easily disable the counting without going to about:config?
Howdy
 

Postby Wladimir Palant » Fri May 15, 2009 12:09 pm

The hit statistics have a very low privacy impact. I doubt that a visible option is really justified here.
Wladimir Palant
ABP Developer
 
Posts: 8395
Joined: Fri Jun 09, 2006 6:59 pm
Location: Cologne, Germany

Postby Howdy » Fri May 15, 2009 12:38 pm

Wladimir Palant wrote:The hit statistics have a very low privacy impact. I doubt that a visible option is really justified here.

I tend not to agree :). This only proves that we need more people to comment on my proposal. To make one thing clear - I fully agree that it has minimal impact on privacy. Still minimal<>zero...

Could other people care to share their views on the issue I have raised? Do we need such an option or is it a space-waster in Settings/options menu?

I have submitted an enchancement to Mozilla to document an official way of dealing with such problems - see https://bugzilla.mozilla.org/show_bug.cgi?id=493199
Howdy
 

Postby Wladimir Palant » Fri May 15, 2009 12:40 pm

Yes, I got a notification about this bug already - it is in the wrong component, I will move it.
Wladimir Palant
ABP Developer
 
Posts: 8395
Joined: Fri Jun 09, 2006 6:59 pm
Location: Cologne, Germany

Postby zeniko » Fri May 15, 2009 1:34 pm

Wladimir Palant wrote:
friend wrote:I have no idea whether FF extensions can hook (listen for) the "Clean Private Data" command.

Me neither.

Easiest would be to observe the "browser:purge-session-history" notification - that's what e.g. the Error Console, Session Restore, etc. do.

With Firefox 3.5 there's also the "browser:purge-domain-data" notification for clearing stats related with an individual domain.
zeniko
 

Postby Wladimir Palant » Fri May 15, 2009 1:42 pm

zeniko wrote:Easiest would be to observe the "browser:purge-session-history" notification - that's what e.g. the Error Console, Session Restore, etc. do.

You are right, this notification is sent out when "Browsing and Download History" is checked in the dialog - sounds appropriate to clean out hit statistics for that event then.

PS: I put this on my to-do list for Adblock Plus 1.1.
Wladimir Palant
ABP Developer
 
Posts: 8395
Joined: Fri Jun 09, 2006 6:59 pm
Location: Cologne, Germany

Postby Howdy » Fri May 15, 2009 6:01 pm

Wladimir Palant wrote:PS: I put this on my to-do list for Adblock Plus 1.1.
Cool - I can't wait to test it out when 1.1 is released :). Problem solved!
Howdy
 

Postby ziutek » Sun May 17, 2009 4:47 pm

Wladimir Palant wrote:PS: I put this on my to-do list for Adblock Plus 1.1.

Do you have a public version of your todo list somewhere? I think it could be useful.
ziutek
 

Next

Return to Adblock Plus development

Who is online

Users browsing this forum: No registered users and 3 guests