Add uBlock Origin to the Tor Browser
I suggest that we add Ublock Origin to the Tor Browser. Ublock Origin has the following advantages:
- FOSS under GPL3. See https://github.com/gorhill/uBlock
- It is actively maintained and very popular.
- It's designed to be efficient on CPU and memory. See https://github.com/gorhill/uBlock#performance
uBlock Origin is not an ad blocker; it's a general-purpose blocker. Furthermore, advanced mode allows uBlock₀ to work in default-deny mode, which mode will cause all 3rd-party network requests to be blocked by default, unless allowed by the user.
Its behavior is governed through filter lists, which are maintained by Adblock Plus, Disconnect, the community, or other sources. Users can control which lists are downloaded and most are fetched through HTTPS.
I have read through https://www.torproject.org/projects/torbrowser/design/#philosophy, but this was written several years ago and I believe that the landscape has changed and that it's time to revisit those assumptions. Arguments include:
- Default denial of cross-site (3rd party) requests, unless allowed by the users. This eliminates CSRFs and prevents contact with ad networks and trackers in the first place. This supplements browser security by prevent ad networks from tracking users across a browser session.
- If all users use Ublock Origin, then everyone has the same fingerprint.
- Adblockers are now relatively common by tech-savvy users, to the point where they now consider webpages to be broken if ads get in their way. The existence of ads may drive a user to install an insecure adblocker or to use their native non-Tor browser.
- Ublock Origin would save significant bandwidth, reducing the load on the Tor network and increasing the responsiveness of webpages in the Tor Browser.
might be good to revisit these assumptions, but make sure to read on in the design document to get the full understanding I wonder how many people install adblockers anyway. I have like 4 extra extensions for ad/tracking blocking true that my memory was fuzzy but I recall there also being some concern that blocking ads might increase sites' contempt towards tor users, but this was like 2011-2012 and the situation was quite different It seems like it follows some kind of design antipattern to me; "Assuming that we deliver security with X, Y adds no additional security. Therefore, not Y." then again, I am not a TB person and do not want to step on their toes here the world has changed wrt to ad blockers being seen as anti-social... Apple now supports them after all. helix: so many non-Tor users use adblockers that I doubt that Tor users would make a significant impact kernelcorn: I agree now - I'm saying that the timeframe in which that decision was made had a different landscape I think it's probably worth revisiting the topic to see if it's still true
Ticket #10914 (moved) is related.