harden uBO against fingerprinting
What is the purpose for including uBO? IDK. Why did Tails do it?
- reduce network traffic / latency
- reduce attack surface (ads/third party)
- look good on privacytests.org
😄 like arkenfox and librewolf😄 although we all know that FPI/dFPI already takes care of this - anything else besides providing a more pleasant experience?
- edit: reduced cost e.g. metered connections
- edit: convergence w/Tails (and TB?)
What is the affect of users adding their own rules, filters? Fingerprinting if scripts dig deep enough (this is perf costly and not likely to be used IMO)
We (MB/Tails) could lock uBO down
- decide on the blocking mode
- select/enforce/add the block lists wanted
- allow a per session eTLD+ scheme temp disable for problematic sites - or maybe it's enough to remove the padlock on changes?
- lock everything else down - e.g. lists
- do we allow list updates - or just update with the extension itself and with MB builds?
IANAExpert on extensions. Does this mean a special uBO build to be bundled? Someone should reach out to gorhill. I am not sure what Tails have done in this space
edit: see https://github.com/mullvad/mullvad-browser/issues/147
- consider uBO Lite instead?
Edited by Thorin