by johnscript » Sat Jul 30, 2016 10:22 am
Guest wrote:How would someone detect ABE rules? I can detect Javascript on/off and the NoScript addon, but not ABE rules. I think this is impossible. This is the same with iptables rules.
Maybe not : although ABE is generally described as a firewall for convenience, I think it's not just comparable to an iptables-based normal firewall.
With iptables, you are basically allowing/denying/restricting some IPs, there's probably not much to infer from that - with ABE, however, you are interacting with a webserver selectively allowing/denying elements from a website, modifying somehow the expected interaction between your browser and the server in a way that (possibly?) goes beyond what common adblockers do.
Something like that, maybe:
Thrawn wrote:If you're blocking a request, but allowing JavaScript on the site, it's theoretically possible for the site to detect that it gets errors trying to send that request.
I guess there is after all some fingerprinting material there for someone really interested in that, and we all know that websites are going to great lengths to accurately fingerprint and track users (even more so across different devices) - but then we know that NoScript is a security suite, not (strictly speaking) a privacy tool, therefore I'm certainly not complaining here.
I was just thinking about this particular aspect.
[quote="Guest"]How would someone detect ABE rules? I can detect Javascript on/off and the NoScript addon, but not ABE rules. I think this is impossible. This is the same with iptables rules.[/quote]
Maybe not : although ABE is generally described as a firewall for convenience, I think it's not just comparable to an iptables-based normal firewall.
With iptables, you are basically allowing/denying/restricting some IPs, there's probably not much to infer from that - with ABE, however, you are interacting with a webserver selectively allowing/denying elements from a website, modifying somehow the expected interaction between your browser and the server in a way that (possibly?) goes beyond what common adblockers do.
Something like that, maybe:
[quote="Thrawn"]If you're blocking a request, but allowing JavaScript on the site, it's theoretically possible for the site to detect that it gets errors trying to send that request.[/quote]
I guess there is after all some fingerprinting material there for someone really interested in that, and we all know that websites are going to great lengths to accurately fingerprint and track users (even more so across different devices) - but then we know that NoScript is a security suite, not (strictly speaking) a privacy tool, therefore I'm certainly not complaining here.
I was just thinking about this particular aspect.