The performance has been shown not to hold for adblocking extensions (https://whotracks.me/blog/adblockers_performance_study.html), and there are many other problematic webextension APIs w.r.t. privacy.
The solution to these issues should be institutional, not technical. Google should impose performance constraints on extensions, and audit what data extensions are sending home. However, looking at the rampant malware on all their stores, this is something they're unlikely to do, so instead they'll nerf extension's capabilities.
Disagree with this article's thesis that the Webextension webrequest API should be removed.
By moving to a declarative blocking API you are limiting the possible ways for extension to function to blocking and redirecting. This is a very narrow use-case, based on the current prevalence of blocking extensions.
But this is not the only way to solve problems such as blocking ads and improve privacy, as shown by privacy badger and Cliqz' tracking protection.
A product's privacy claims are only as good as its default settings.
Providing options to change the default privacy-violating settings in some "Advanced" section doesn't make your product a privacy-respecting one.
@liaizon Mastodon would need to be able to speak over the dat protocol and make the query to confirm. so we'd have to add a dependency to Mastodons server of a library that can essentially do "curl dat://" and then use that to confirm the link
Great post by a colleague on benchmarking adblocking engines. The level of optimisations in these engines is incredible! https://whotracks.me/blog/adblockers_performance_study.html
Was excited about this talk almost more than any other at #fosdem.
@ExodusPrivacy@twitter.com is doing amazing work in identifying surveillance patterns in native apps on Android.
And their learnings are set up to be dev-ready, easily used in your own projects.
Donate to support them!
I forgot this convention when I first setup my instances (though I'm also not sure of the reach on a single user instance).
I develop privacy features for Cliqz and Ghostery browser extensions and Apps, and helped to build the whotracks.me transparency tool.
I'm also interested in the p2p web, specifically DAT, where I'm pushing for dat:// protocol support in Firefox via the dat-fox and dat-webext browser extensions!
Over the last couple of weeks we've developed a #WebExtension emulator, which enables the profiling of browser extensions outside of the browser by running them in a node VM. Already we've identified significant performance gains for @cliqz and @ghostery: https://github.com/cliqz-oss/webextension-emulator
2. Platforms tend to craft their APIs to match what they want you to do. Ghostery on Safari and iOS is much more limited in terms of the privacy protections we can deploy because their APIs only allow certain use-cases.
Now Chrome is considering moving to the same model for blocking requests, which would mean much of the tech I develop could no longer run on chrome: https://bugs.chromium.org/p/chromium/issues/detail?id=896897&desc=2#c23
On why being beholden to a platform sucks:
1. You get blamed when the platform breaks your stuff: A couple of weeks ago Ghostery had a load of angry Chrome users complaining we were triggering the popup blocker for all links. Turns out Chrome pushed out a bug which broke the API we were using. Only once we proved it was their fault did they revert the changes. (See the change once we provide the minimal extension code: https://bugs.chromium.org/p/chromium/issues/detail?id=918268)
“Demanding privacy from surveillance capitalists,” says Zuboff, “or lobbying for an end to commercial surveillance on the internet is like asking old Henry Ford to make each Model T by hand. It’s like asking a giraffe to shorten its neck, or a cow to give up chewing. These demands are existential threats that violate the basic mechanisms of the entity’s survival.”
The year is 2019 and I can’t buy a good majority of consumer technology because we lack privacy legislation and consumer protections. Example: it’s absurd that my TV came with spyware that can’t be turned off or avoided; I had to stop it from phoning home at the network level. It also came with an arbitration clause and a clause waiving the right to a class action lawsuit.