Zurück

@rufposten @accrescent @GrapheneOS
Ich denke der Hintergrund ist ein grundsätzlich unterschiedliches Verständnis von Datenschutz in verschiedenen Bubbles der Privacy-Community.

Auf der einen Seite ist es mehr absolut: Was eine App kann, das müssen wir auch annehmen, dass sie das auch tut. Ob es faktisch Tracking gibt oder nicht, ist dabei fast egal, genauso wer die Daten bekommt (weil er ja weitergeben könnte). Der einzige wirksame Schutz ist, die zugreifbaren Daten zu reduzieren.

@pixelschubsi @rufposten @accrescent That is how GrapheneOS approaches privacy as an OS but it is not how we approach privacy in terms of recommending apps and services. They're different things. Technical measures in the OS can't be based on enumerating badness and implementing easily bypassed barriers which don't work if adversaries are aware of them. Privacy/security features need to hold up to an adversary aware of it and which can actively adapt to it in order to be a serious approach.

@GrapheneOS @rufposten @accrescent
> Privacy/security features need to hold up to an adversary aware of it and which can actively adapt to it in order to be a serious approach.

See, this is what I mean. I totally agree with you on the one hand, but on the other hand, I understand people consider, for example, an ad blocker a useful tool, because it works reasonably well in practice even if technically, it can be bypassed easily.

@pixelschubsi @rufposten @accrescent

Content filtering based on enumerating things that are only used for ads, tracking, etc. and not for anything useful is inherently incapable of fundamentally protecting privacy. It can only provide an opportunistic reduction in exposure to privacy invasive practices. In practice, adblockers cannot and do not block services which are used for both useful functionality and ads/tracking. It is not simply that they are easy to bypass due to enumerating badness.

@pixelschubsi @rufposten @accrescent There's a big difference between fundamental privacy improvements and increasingly weak approaches for opportunistically improving privacy. The opportunistic privacy improvements get increasingly less useful as development practices change to integrate the privacy invasive code without having an easy way to block it. The more coarsely the filtering is done, the easier it is to render it useless as an approach. Sharing with 3rd parties can be done server side.

@GrapheneOS @rufposten @accrescent
I know all this. But again: In practice ad blockers work reasonably well. Yes, some ads manage to pass through, but most get blocked. It effectively improves the user's experience.

The absolute stance would be to say that either you have to accept the websites render ton of ads, because there is no guaranteed way of blocking them, or you stop using the web. But some people prefer the non-absolutist way, that is to use an ad blocker.

@pixelschubsi @rufposten @accrescent GrapheneOS has a Vanadium browser project which includes an adblocker. We do not present it as an important privacy feature. It uses EasyList + EasyPrivacy and enables language specific lists based on which languages the user has enabled to avoid it being additional fingerprinting attack surface. The content filters are shipped in a signed APK via our App Store. It is not a fundamental improvement to privacy. It only opportunistically eliminates some stuff.

@GrapheneOS @rufposten @accrescent
Please realize how I was talking about ad blocking and ad blocking only here, not that some ad blocker lists also include tracking blocking.

I use the ad blocker example because it's a perfect analogy that is much easier to grasp. The effect of privacy blocking is almost impossible to quantify, because you don't know how much less data about you is collected due to using them. With ad blockers you can easily see yourself how effective they are.

@GrapheneOS @rufposten @accrescent
If ad blockers work reasonably well in practice, it is likely that privacy blockers do so as well. They're not perfect, they will let some data slip through, so any absolute approach is to be preferred when available and applicable. But they likely are a good addition to provide opportunistic improvements for what absolute approaches can't do (yet).
Opportunistic improvements are still better than no improvements.

@pixelschubsi @rufposten @accrescent No, that is not a reasonable thing to infer because privacy works fundamentally differently from displaying ads and can't be seen and corrected when they slip through. Invasion of privacy including sharing data with third parties after it's obtained does not require any direct contact to third parties from the client side, which is what those are focused on filtering, but only when it doesn't break functionality of sites. They can't block dual use tracking.

@GrapheneOS @rufposten @accrescent
Also, there's privacy laws (at least here in the EU). Forwarding the user's IP address from your server to Google for Analytics would be illegal without good reason, but connecting to Google servers for Analytics and there for effectively sharing the user's IP address as well is considered legal because it's technically required.

@GrapheneOS @rufposten @accrescent And lastly, Google doesn't even provide proper APIs to pass data into Google Analytics without using their tracking library. So using a tracking blocked which blocks their tracking library in fact does effectively block the app from sending tracking data to Google. Yes, a win against Google is just a small win, but it's a win that can be reached.

@pixelschubsi @rufposten @accrescent Sites use plenty of APIs which are genuinely useful to users and therefore don't get blocked by a content filter. Third party tracking does not have to be a service called analytics. It can be a bunch of useful functionality such as maps, push, etc. they include in the site which is not going to be blocked by any normal adblocker since it would break sites. Look into how the adblocker lists work. They permit tracking if sites break without it.

@pixelschubsi @rufposten @accrescent One of the most simple and successful ways to do it is where requests are sent through a third party service for click tracking which involves a redirect to the service and then to the site where it has to be followed to get the destination. Adblockers have exceptions for these in the privacy filters since blocking them would break sites. These also bypass cookie isolation used by Firefox, Brave, etc. to restrict cross-site cookies by matching heuristics.

@GrapheneOS @rufposten @accrescent
All you write is correct and still it is totally missing the point.

Try the following: Install a popular ad blocker into your web browser and configure ad and privacy filters. Now open the developer tools to monitor all requests done. Navigate to a few popular websites and check how many invasive cookies are set and how many tracking endpoints data is sent to. Now reset and repeat the same with the ad blocker disabled.

You'll see the blocker blocked a lot.

@GrapheneOS @rufposten @accrescent
If those resources and cookies blocked had not been of purpose to the tracking/ads/... industry, they would not have been requested. Thus, while certainly not perfect, it reduces how much tracking happens and/or how much data is shared and/or how many receive it.

It might not be perfect, but it did some good. And that's better than doing nothing just because you can't be perfect.

@pixelschubsi @rufposten @accrescent We never said to do nothing and after all our Vanadium browser includes content filtering with a privacy list in addition to an ads list. It doesn't mean we think it's a strong privacy feature or a fundamental privacy improvement. It's an opportunistic privacy improvement with rapidly dwindling value.