Can websites somehow detect your ABE rules?

Post a reply

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: Can websites somehow detect your ABE rules?

Re: Can websites somehow detect your ABE rules?

by Thrawn » Mon Aug 01, 2016 11:00 pm

johnscript wrote:But that's what I meant exactly: my apologies if it wasn't so clear... the "free stuff" thing was actually referred to them.
Ah, thanks.

We're all volunteers here except Giorgio, so "giving away free stuff" is what we do in general.

Re: Can websites somehow detect your ABE rules?

by johnscript » Mon Aug 01, 2016 9:13 pm

But that's what I meant exactly: my apologies if it wasn't so clear... the "free stuff" thing was actually referred to them.

And thinking of it again, if *I* thought about this, they
Thrawn wrote: No need to give away free help and code samples to people who want to fingerprint you.
must have figured this out already - I guess it's the well known security vs. privacy dilemma.

Re: Can websites somehow detect your ABE rules?

by Thrawn » Sun Jul 31, 2016 11:33 pm

johnscript wrote:no need to give away free stuff.
No need to give away free help and code samples to people who want to fingerprint you.

Re: Can websites somehow detect your ABE rules?

by johnscript » Sat Jul 30, 2016 10:24 am

barbaz wrote:Yes and no. It depends on the purpose of your ABE rules.
I'm not giving more information in a public thread.
Well yes, I can understand that: no need to give away free stuff.

Re: Can websites somehow detect your ABE rules?

by johnscript » Sat Jul 30, 2016 10:22 am

Guest wrote:How would someone detect ABE rules? I can detect Javascript on/off and the NoScript addon, but not ABE rules. I think this is impossible. This is the same with iptables rules.
Maybe not : although ABE is generally described as a firewall for convenience, I think it's not just comparable to an iptables-based normal firewall.

With iptables, you are basically allowing/denying/restricting some IPs, there's probably not much to infer from that - with ABE, however, you are interacting with a webserver selectively allowing/denying elements from a website, modifying somehow the expected interaction between your browser and the server in a way that (possibly?) goes beyond what common adblockers do.

Something like that, maybe:
Thrawn wrote:If you're blocking a request, but allowing JavaScript on the site, it's theoretically possible for the site to detect that it gets errors trying to send that request.
I guess there is after all some fingerprinting material there for someone really interested in that, and we all know that websites are going to great lengths to accurately fingerprint and track users (even more so across different devices) - but then we know that NoScript is a security suite, not (strictly speaking) a privacy tool, therefore I'm certainly not complaining here.
I was just thinking about this particular aspect.

Re: Can websites somehow detect your ABE rules?

by Thrawn » Wed Jul 27, 2016 11:54 pm

If you're blocking a request, but allowing JavaScript on the site, it's theoretically possible for the site to detect that it gets errors trying to send that request.

Re: Can websites somehow detect your ABE rules?

by Guest » Wed Jul 27, 2016 4:13 pm

How would someone detect ABE rules? I can detect Javascript on/off and the NoScript addon, but not ABE rules. I think this is impossible. This is the same with iptables rules.

Re: Can websites somehow detect your ABE rules?

by barbaz » Wed Jul 27, 2016 3:38 pm

Yes and no. It depends on the purpose of your ABE rules.
I'm not giving more information in a public thread.

Can websites somehow detect your ABE rules?

by johnscript » Wed Jul 27, 2016 10:34 am

We know that websites can kinda easily detect if you are using NoScript (well, scripts are blocked...) so much so that I often spot some specific "noscript" elements in page sources (maybe they are adding those to "unbreak" the page if scripts are blocked?) : but can they also detect if you are using some custom ABE rules from the requests that your browser is sending (after all ABE can modify the behavior in peculiar ways) , and therefore track you based on that?

Top