InformAction Forums

Heads up to all EasyPrivacy users: http://forums.lanik.us/viewtopic.php?f=62&t=19083 (yes, same barbaz)

Summary: I've been a longtime user of the EasyPrivacy list for ABP. Apparently, recently, the EasyPrivacy maintainers have added at least one whitelist that protects tracking of the sort their written policy clearly says should be blocked (on multiple counts at that). I reported the example I spotted on their forums, under the assumption that someone was just being careless, and despite at least one maintainer being around, my thread has dropped off the first page of the forum and no action was taken. So I'm posting this fact publicly here, as a warning to this security- & privacy-conscious community.

Until they remove the shady whitelisting, I cannot reasonably recommend to anyone to use EasyPrivacy, because a false sense of privacy is worse than a real sense of no privacy.

Thanks for the heads-up. I don't normally bother with ABP, though, because plain static ads don't pay as well as dynamic ones - so everyone uses active content for their ads, and NoScript wipes it out .

And Self-Destructing Cookies takes care of the rest.

Still no response or action, so..
mozillaZine thread: http://forums.mozillazine.org/viewtopic ... &t=2882975

With the kind assistance of LoudNoise @ mozillaZine, I've now also reported this to ABP:
https://adblockplus.org/forum/viewtopic.php?f=2&t=25773

I think Privacy Badger plugin from the EFF should block those whitelists also...

Yeah that filter exception is dubious indeed. EasyPrivacy openly makes exceptions for site compatibility all over the place, so you can just turn off all EasyPrivacy exceptions. It's quick: Just select all exceptions and press space.

I don't trust just disabling the whitelists because they might change on an auto update and thus get re-enabled...

Luckily the Easy project is open source so personally I rather fork the whole project for myself, that gives me the most control including the ability to review any filters I question and delete them if I don't want them.

I can remove the entire whitelist, but if doing that may break some sites, how is one supposed to know just which of those entries to remove? Maybe overkill, but I'm also running Ghostery concurrently, which is blocking the shit out of everything, and which can often be a big PITA until the tracker or item is identified and paused. But at least its items can be disabled individually (and, unlike EP, those individual items are viewable per site) or all blocking temporarily paused.

In that case, maybe I can do without EP entirely? Seems like there's probably very little that EP catches that Ghostery doesn't?

kukla wrote:I can remove the entire whitelist, but if doing that may break some sites, how is one supposed to know just which of those entries to remove?

If you fork EasyPrivacy from the repository for personal use, this document might help you there.

Also sometimes you can tell just by looking at the filters. For example, there were a couple filters of the form IMO that's always too broad for a whitelist that fixes site breakage, so I removed those as well, but YMMV.
Or if you know something about the structure of the site a whitelist applies to then you can use that knowledge to decide whether the whitelist is necessary for you.

Bear in mind as well that NoScript surrogates will fix some of the site breakages for which EasyPrivacy has to use whitelists.

kukla wrote:Maybe overkill, but I'm also running Ghostery concurrently,

Yep, Ghostery + EasyPrivacy is overkill (even more so if you have NoScript).

kukla wrote:But at least its items can be disabled individually (and, unlike EP, those individual items are viewable per site)

Sure you can view EasyPrivacy items per site - that's how I found out about this in the first place.
ABP menu > Open blockable items

kukla wrote:In that case, maybe I can do without EP entirely? Seems like there's probably very little that EP catches that Ghostery doesn't?

I can't say because I've never used Ghostery...

Thanks for all the information.

Another heads up: it's looking like this is not an isolated incident in the Easy project...

Watch these spaces:
https://forums.lanik.us/viewtopic.php?f=62&t=21910
https://forums.lanik.us/viewtopic.php?f ... 907#p69041
(That poster is a moderator on the Adblock Plus forums.)