
Privacy Badger - sbt
https://www.eff.org/privacybadger
======
natch
Nice. Some feedback: The "first run" page doesn't tell me clearly that
anything has been installed or has started working. This kind of information
should be really clear and prominent, the largest thing on the page. Instead
it's not even there at all, as far as I can see.

Edit: Please don't reply and say "you can check if it's working by blah blah
blah." That is missing the point. My point is that EFF should fix the
extension to make this communication clear for ALL users.

~~~
mister_m
Add an issue on the github project if you please!

------
click170
First place I went to was "I am an online advertising / tracking company. How
do I stop Privacy Badger from blocking me?".

If all it takes is MaliciousCompany.com from posting some text document in the
right spot to get PrivacyBadget to whitelist the page, how is this any better
than DNT?

Do they have a way of blacklisting domains that abuse this?

Edit: Also, I LOVE the idea behind this and installed it immediately to
compliment ABP and Ghostery.

~~~
synchronise
Firstly, isn't this designed to completely replace Ghostery?

Secondly, doesn't Ghostery have privacy issues by sending your browsing
history to a 3rd party?

~~~
pyroh
It's optional, off by default, and is anonymized (apparently).

------
PeterWhittaker
tl;dr: A browser add-on that blocks privacy invasive behaviour, not
necessarily ads. Some ads are permitted, others are blocked. Currently in
alpha, blocking only third-party objectionable behaviour; first-party blocking
on the roadmap.

Cool. I shall install this forthwith.

~~~
dang
All: please don't use "tl;dr" on Hacker News. It's fine, of course, to point
out relevant details from an article. But it should be part of a considered
comment of your own.

HN values intellectual substance. Good reading, writing, and thinking take
time. If we're to have high-quality discussion, we need to inhibit the reflex
to snap judgment and give the slower and quieter reflective process a chance
to function. Since memes like "tl;dr" are emblems of that shallow reflex, we
should heed the broken windows theory and not have them here.

(Not picking on any individual here; PeterWhittaker's comment is fine without
the "tl;dr". The concern is the symbol—symbols matter.)

~~~
afternooner
I wholeheartedly disagree. Much of the content on HN is long form journalism,
some is content that is so specifically specialized in a field, that only
those with thesis in that field will understand. Part of the brilliance of
conversation on the web is interactions between disparate fields. On may
articles, if I have to read all the way through a theoretical physics post and
understand it without a synopsis, I wouldn't be able to add any value to the
conversation, and the thread becomes an echo chamber. The initialism tl;dr
does matter, because it's a clean and easy way to identify the content that
someone looking for a synopsis will look for.

I understand the goal. HN doesn't want to become reddit, and values engaged
discussion. But tl;dr isn't reddit, and it isn't going away. Language is ever
evolving, and the way we talk today would have sent my granddad into a tizzy.
Part of being a platform, and HN is a platform for ideas and conversations, is
that the people will decide how to manage that relationship. Moderation can
only trim the edges, and remove the bad actors, but the tonne and tools will
not be set by moderation, but rather cultivation by the users.

~~~
dang
I agree with you about specialized content, but this has nothing to do with
"tl;dr".

The best HN threads are already great at giving context and making clear what
a story is about. (That's usually how I learn what stories are about.) And
yes, no one has time to read every specialized paper or the expertise to
understand all of them. That's why we often prefer a high-quality popular
article, when one exists, to specialized literature. Original papers typically
get linked to in the comments anyway, for those who want them.

All of this is good and necessary. But none of it requires "tl;dr".

"Tl;dr" is an equivalent in comments to the linkbait gimmicks that we edit out
of titles, and it should be kept out of HN comments for the same reason. We're
not asking you to make the effort of reading every article or understanding
every specialty, just the effort of looking at an HN thread for its content,
without gimmickry.

~~~
Omniusaspirer
I very much question the value of a comment from someone who is incapable of
understanding the source material linked in the submission in the first place.
If it's so technical you need somebody elses slimmed down (and likely faulty)
synopsis to even comprehend it how likely is it that your comment truly
contributes to the discussion?

~~~
afternooner
I would encourage you to re-think this stance. Interdisciplinary conversation
is a tremendous tool to approaching hard problems, conversions, and ideas.
I've encountered this enough in my life to know it to be very beneficial. We
get arrogant when we specialize, often missing simple solutions because we
assume that the solution has to be hard because we're very smart, and we
haven't effectively solved it yet.

I've often had aha moments when someone who didn't understand the problem,
framed a question in a way that caused me to reconsider my approach.

Besides, jargon, not comprehension, is what keeps many smart people out of
conversations that they can definitely add value.

------
jordanlev
I'm curious if the functionality is only enabled if I have the "Tell sites
that I do not want to be tracked" setting turned on in my browser preferences?
There is nothing explicitly said about this in the FAQ's, but there are
references to the purpose of this being "so sites will honor the Do Not Track
feature", so it seems to be implying that it only does its thing if I have "Do
Not Track" enabled?

Thanks!

~~~
akavel
Both in Chromium and Firefox, after installation, an embedded "firstRun.html"
page is shown, which includes the following statement:

 _[...] We send the Do Not Track header with each request, and our extension
evaluates the likelihood that you are still being tracked. [...]_

[Still, I didn't attempt to verify this in code or by sniffing packets.]

I, on the other hand, would be very interested to know if it is expected to
work OK with NoScript (and NoScript with it)?

 _[edit]_ From
[https://github.com/EFForg/privacybadgerfirefox/issues/73](https://github.com/EFForg/privacybadgerfirefox/issues/73)
and
[https://twitter.com/bcrypt/status/463750477075578880](https://twitter.com/bcrypt/status/463750477075578880)
I assume it is compatible with NoScript.

------
gyosko
Shall I remove ADB and ghostery and just go with Privacy Badger?

~~~
vsviridov
No, i tried that and it's not at the state to provide adequate replacement.
But I have high hopes.

~~~
gyosko
Thanks. I was thinking the same,but wanted to hear other opinions.

------
ashmud
"[...] in Firefox, Privacy Badger will be automatically deactivated when you
enter Private Browsing Mode [...]". This is kind of a deal breaker for me. I
frequently use Private Browsing to quickly open a single browser window
without waiting for all my session windows/tabs to open.

------
Gracana
Speaking of privacy badgering... Why won't firefox let me create a security
exception to view this page? Without a way to jump through that hoop, I can't
even view the page.

~~~
handsomeransoms
(Firefox dev here) When you say Security Exception, do you mean you're seeing
a certificate error on this page? The certificate is valid for me, so that
indicates something dodgy on your end (perhaps a captive portal, or middlebox
on a corporate network).

~~~
Gracana
I'm behind a simple NAT, but that's never caused trouble before. Other self-
signed certs work fine, but this one doesn't give me the "I understand the
risks" option.

Screenshot: [http://i.imgur.com/NTLY7ZB.png](http://i.imgur.com/NTLY7ZB.png)

You're saying it's completely valid though? Bizarre.

~~~
driverdan
Have you modified your trusted issuer certs? EFF's cert was issued by
"StartCom Class 2 Primary Intermediate Server CA"

~~~
Gracana
Oh, you know what? I think I have. IIRC there was news about a cert issuing
entity charging to remove insecure certs, so I removed it from my trusted
list. I'm sure that's what has caused this issue for me.

------
Karunamon
Neat! Adblock blocks ads, Noscript for dodgy scripts, and it looks like this
has some overlap with those as well as a cookie handler.

That looks like the unholy trinity of tracking systems dealt with.

~~~
canvia
Don't forget BetterPrivacy for removing flash cookies:
[https://addons.mozilla.org/en-
US/firefox/addon/betterprivacy...](https://addons.mozilla.org/en-
US/firefox/addon/betterprivacy/)

------
donniezazen
I haven't made up my mind if tracking is altogether bad. I certainly enjoy
Google showing me relevant ads in a non-malware-appearance. Privacy is good in
theory but out of convenience I keep using services that compromise my private
information and I myself willingly leave personal information online on
several websites. Anything is as strong as your weakest link. And their are
too many weak links in my online circle.

------
reedlaw
After reading about AdBlock Plus's effect on memory usage in Firefox[1] I
immediately disabled it. Seeing that this is also based on the ABP codebase, I
wonder if it will run into the same issue.

1\. [https://blog.mozilla.org/nnethercote/2014/05/14/adblock-
plus...](https://blog.mozilla.org/nnethercote/2014/05/14/adblock-pluss-effect-
on-firefoxs-memory-usage/)

~~~
papaf
Have you tried AdBlock edge? Its much faster. I have no idea if this is
because it is using less memory though.

------
baumbart
Could maybe someone explain to me: What exactly is wrong with Adblock Edge +
Ghostery? If not, why do they make another similar extension then? There is no
actual manual configuration needed, they don't use me for their business model
(or none of that I know).

~~~
UVB-76
> Although we like Disconnect, Adblock Plus, Ghostery and similar products (in
> fact Privacy Badger is based on the ABP code!), none of them are exactly
> what we were looking for. In our testing, all of them required some custom
> configuration to block non-consensual trackers. Several of these extensions
> have business models that we weren't entirely comfortable with.

------
atmosx
I wonder, is there any page worth visiting, where the icon does actually turn
green?!

~~~
fyrabanks
I don't think the color coding system is working quite right. It's red on
eff.org...

------
frncscgmz
Kinda off-topic but, am I the only one who thought that background was moving?

Had to blink a couple of times to get used to.

~~~
iamtew
It was the first thing I noticed indeed. I was thinking it was some animations
on the website first.

Very similar to the example gallery on this page:
[http://en.wikipedia.org/wiki/Motion_illusion](http://en.wikipedia.org/wiki/Motion_illusion)

------
pxndx
I disabled third party cookies in Chrome. Doesn't this basically do the same?

~~~
driverdan
Nope. That's a good first step but here are many ways to track you outside of
3rd party cookies. Google Analytics, for example, uses 1st party cookies.

~~~
psykovsky
and that's why I have the following in my hosts file, together with thousands
more.

127.0.0.1 google-analytics.com www.google-analytics.com

I find it doesn't slow down browsers as much as adblock and similar
extensions.

~~~
nacs
The host based approach won't block as well as Adblock (Edge/Plus) however as
those plugins can block ads at the DOM element level.

There are many sites that host/proxy their ads on their own domain name but AB
can block the <divs> and such by name or by other properties like size.

------
xyliamaxwell
Looks good - I'm going to try it when it's in Beta.

------
Create
We begin therefore where they are determined not to end, with the question
whether any form of democratic self-government, anywhere, is consistent with
the kind of massive, pervasive, surveillance into which the Unites States
government has led not only us but the world.

This should not actually be a complicated inquiry.

[http://snowdenandthefuture.info/events.html](http://snowdenandthefuture.info/events.html)

~~~
Create
They are not John Poindexter, they’re trying to sell advertising. But make no
mistake about it – they are in the surveillance business; that is how they
make money: they surveil people and use that to profit.

And so the effect is the same.

[http://privacy-pc.com/news/changing-threats-to-privacy-
moxie...](http://privacy-pc.com/news/changing-threats-to-privacy-moxie-
marlinspike-on-privacy-threats-at-defcon-part-2.html)

~~~
Karunamon
Call me when someone gets hauled off to Guantanamo because of ad demographics.

The lack of nuance here when it comes to "tracking" is insane. I can see
wanting to block them for whatever reason, but I can't understand this
reduction to the absurd chicken-little behavior when it comes to ad targeting.

~~~
pyrocat
Why? If company X tracks all the websites you visit, it's really not that hard
for the government to get a hold of that data. It doesn't matter who collects
the data or what it is initially used for; as long as the data is collected
you're at risk.

~~~
Karunamon
So we must hamstring all advertising and personalizing because somewhere a
government might abuse their power and get into the data.

That's absurd. Why should we change our behavior because bad actors exist
instead of dealing with the bad actors? The whole argument implies that
somehow blocking ads will keep $someScaryTLA from screwing with you, which is
silly on its face.

And on top of that, ad tracking data is all about aggregates. Ads are targeted
to "groups of people who like X", not "pyrocat, 123 foobar st, san francisco".

I really don't get this fear. I'd rather see ads for things that are relevant
to me.

~~~
denom
I thought the whole point of the various social graph implementations was to
build a datastructure that handles details on the level of an individual: who
your friends are, what you shop for etc.

[http://en.wikipedia.org/wiki/Social_graph](http://en.wikipedia.org/wiki/Social_graph)

E.g. I was browsing cutlery on Crate and Barrel, suddenly I'm seeing ads all
over the internet for products that I was viewing. I visited Digital Ocean's
site and I see ads everywhere offering their hosting. Same with New Relic.

If I had to guess, the economic systems that underpin these ad networks are
getting stronger and eventually they will all merge. Well, of course there
will still be big players like facebook, but you get my point.

