PureOS should install package xul-ext-ublock-origin by default, to limit advertisements.
That package should be included in the default set in calamares and debian-installer.
Description
Description
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Wontfix | jonas.smedegaard | T147 Rework purebrowser packaging | ||
| Wontfix | jeremiah.foster | T519 PureOS isn't as secure as it says it is | ||
| Resolved | jonas.smedegaard | T272 PureOS tolerates advertisements in Mozilla applications by default |
Event Timeline
Comment Actions
Package purebrowser used to depend on package xul-ext-ublock-origin (and xul-ext-adblock-plus too? See issue T108), but we better solver this independently from PureBrowser, to provide the freedom of opt-out to _not_ installing the plugin.
Comment Actions
@mak I believe you are the one orchestrating what constitutes "default install of PureOS".
Comment Actions
@jonas.smedegaard I would actually prefer that PureBrowser recommends the extensions we want to ship with it - it would make logical sense for the browser package to pull in the extensions we recommend, instead of the system's seed depending on those directly.
By having PureBrowser just recommend the package, users can still easily uninstall it later.
Comment Actions
xul-ext-ublock-origin now recommended by the metapackages pureos-gnome and pureos-plasma.
(Keeping this issue open until the change reaches green).
Comment Actions
This issue should be fixed by now (60.1.0esr-2pureos1 released to landing on August 17th).
Comment Actions
We should have Privacy Badger in PureBrowser.
Privacy Badger is blocking trackers through heuristics. That includes pixel cookie sharing detection and will find newest developed trackers through heuristics. Apparently thats the way cleaner and by far more lighwight way as to rely on maintained lists like ublock-origin:https://www.eff.org/deeplinks/2019/07/sharpening-our-claws-teaching-privacy-badger-fight-more-third-party-trackers
Privacy Badger is from EFF; It will kept further deveoped and improved. Furthermore it's pre-trained on the most popular websites on the Web: https://ssd.eff.org/en/blog/giving-privacy-badger-jump-start
Privacy Badger is forcing DNT, that is already implemented in Firefox. 'Do Not Track' standard has broad consensus on webpages and is world wide known: https://www.eff.org/issues/do-not-track
Personally i strongly recommend removing ublock-origin for ethical reasons. Advertisement can keep webpages alive. List-based blocking addons are susceptible for corruption and manipulation.
Addons 'Brivacy Badger' combinded with 'HTTPS-Everywhere' and correct Firefox-Settings (yes, its a list by Disconnect.me) serves a charming browsing-feeling! FF-Settings:
X - Cookies: Cross-site and social media trackers
X - Tracking content: In all Windows
X - Cryptominers
X - Fingerprinters
Send websites a “Do Not Track” signal that you don’t want to be tracked: Always
X - Delete cookies and site data when Firefox is closed
~~ I appreciate your work; Thanks a lot.
Comment Actions
Furthermore it evades Facebook link shims, removes the referer headers and performes link unwrapping for Twitter: https://www.eff.org/deeplinks/2018/05/privacy-badger-rolls-out-new-ways-fight-facebook-tracking
Comment Actions
Please file a _new_ issue instead: It might make good sense to use other addons, but that does not mean that the currently used addons are not working and therefore this issue is wrong to have "open".
Comment Actions
Arguably, PureBrowser no longer blocks advertisements, as tracked specifically in T814.
Only "arguably", because recent Firefox (including PureBrowser) provides its own "content-blocing" which does a similar albeit milder job: https://support.mozilla.org/en-US/kb/content-blocking
Comment Actions
Here is why we should tolerate some advertisements on webpages by default:
Many advertisements are removed by blocking tracking. Thats because this ads include tracking functionality and by this they are affacted and tackled by trackingblockers. So tracking and advertisement is often occuring in the same context.
Non - intrusive (in terms of not affecting your privacy immediately) ads are visible than. The user can still see and interact on such content willingly, with consent. Thats the way to go. We could still advertise further adblocking addons but in the same time point out why we dont have them activated by default: If it brings no privacy gain we dont want to harm sites by default that support themselves through advertising revenue.
https://tracker.pureos.net/T807 is the issue for the PrivacyBadger request.
Impressive example from a paper about Firefox: https://www.ieee-security.org/TC/SPW2015/W2SP/papers/W2SP_2015_submission_32.pdf
As an example, www.weather.com loads in 3.5 secondswith Tracking Protection versus 6.3 seconds without andresults in data usage of 2.8 MB (98 HTTP requests) versus4.3 MB (219 HTTP requests), respectively. Even thoughTracking Protection prevents initial requests for only 4 HTML<script>elements, without Tracking Protection, an ad-ditional 45 domains are contacted.