Should I install a new add-on or extension in Tor Browser, like AdBlock Plus or uBlock Origin?

It’s strongly discouraged to install new add-ons in Tor Browser, because they can compromise your privacy and security. See this Support article: Should I install a new add-on or extension in Tor Browser, like AdBlock Plus or uBlock Origin? | Tor Project | Support

1 Like

U’re damned if u do and damned is u don’t;
Using bare install Tor doesn’t block many malicious ads, and users get multitude of regular ads to the point it’s ridiculous. It also slows net traffic, sometimes to a crawl.

…or spyware developed by Israelis, NSA etc. which when clicked on takes over whole OS seamlessly in the background. Doesn’t matter which regular OS you’re using. Only way to block such spyware is to use encrypted privacy hardened OS = whonix, obscurix, securityonion, etc

There are millions of PPL using Ublock etc. as Tor doesn’t come with a comprehensive ads blocker. So their fingerprint is not that unique.

Please read the Tor Browser Design document:

2.3 Philosophy

  1. No filters

Site-specific or filter-based addons such as AdBlock Plus, Request Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe that these addons do not add any real privacy to a proper implementation of the above privacy requirements, and that development efforts should be focused on general solutions that prevent tracking by all third parties, rather than a list of specific URLs or hosts.

Implementing filter-based blocking directly into the browser, such as done with Firefox’ Tracking Protection, does not alleviate the concerns mentioned in the previous paragraph. There is still just a list containing specific URLs and hosts which, in this case, are assembled by Disconnect and adapted by Mozilla.

Trying to resort to filter methods based on machine learning does not solve the problem either: they don’t provide a general solution to the tracking problem as they are working probabilistically. Even with a precision rate at 99% and a false positive rate at 0.1% trackers would be missed and sites would be wrongly blocked.

Filter-based solutions in general can also introduce strange breakage and cause usability nightmares. For instance, there is a trend to observe that websites start detecting filer extensions and block access to content on them. Coping with this fallout easily leads to just whitelisting the affected domains, hoping that this helps, defeating the purpose of the filter in the first place. Filters will also fail to do their job if an adversary simply registers a new domain or creates a new URL path. Worse still, the unique filter sets that each user creates or installs will provide a wealth of fingerprinting targets.

As a general matter, we are also generally opposed to shipping an always-on Ad blocker with Tor Browser. We feel that this would damage our credibility in terms of demonstrating that we are providing privacy through a sound design alone, as well as damage the acceptance of Tor users by sites that support themselves through advertising revenue.

Users are free to install these addons if they wish, but doing so is not recommended, as it will alter the browser request fingerprint.

2 Likes

There’s an open issue about bundling uBO:

Just for the sake of explaining (part of) the downside risks of using these things, besides making the tor browser user stick out:

  • The more third-party stuff gets added the more work there is to do in tracking changes in those things and making sure those changes are safe.
  • Ghostery is owned by Cliqz, which is majority owned by a major German media company.
  • AdBlockPlus has strategic partners in the ad business that get whitelisted in exchange for money.
  • etc etc etc

IMO people need to think more critically about what this entails … instead of just piling more stuff into an already-complicated browser technology stack. 11.0.1 switched Firefox recommendations off by default, which is a good thing. I would like to see more of that – let’s put more effort into seeing what low hanging fruit exists that we can turn off or remove, before we put effort into adding new things into the default install.

1 Like

@gus
Not so fast … numerous anti-virus / internet suites come bundled with all kinds of ad-blockers and add-ons to browsers, including for Tor. Some install such by default. Many don’t tell you how they are doing it or what’s happening in the background. There goes your “Philosophy”.
So, either a user is protected or has to uninstall that full anti-virus / internet suite and be vulnerable to compromising whole OS.
If user installs AdBlock Plus exe for IE, Edge, Opera or Firefox it also installs into Tor. When there’s an option which browser to install to many users choose “all” without knowing the warning to not install into Tor. Which is most non-savvy users.
This is just the start of multitude of apps that are available for OS protection.
Like it or not Tor developers have to take this into consideration.

Could you please give an example.

Some versions of Chinese 360 total security install add-ons in background.
Any that have shopping protection, browsing protection and other add-ons
Google search and anything Google does massive data gathering on your browsing, fingerprinting etc. from Tor and all browsers.
These scan your browser and report home. Although they deny giving personal info to government or spy agencies by United Sates statutory law they are obligated to turn over any and all info upon request, if they are a registered licensed business. Any other entities do not = societies, groups, organizations, projects, clubs etc.
By United States business law ALL businesses have to leave a back door in their software for law enforcement. Others do not.
As United States is controlled via British business [ Federal Reserve ] it’s actually part of British Empire. Anywhere in British Empire businesses are subject to similar. It’s why many not part of such empire have blocked British software and developed their own.
But the worst of all on this planet is Israeli add-ons and spyware.

Sorry @g7777 , I don’t get it.

Into Tor Browser? I’d like to see prove of this.
Could you give me a concrete example?

Besides all of this, maybe Tails is worth a try for you? It provides a clean OS + Tor Browser.

1 Like

@Leibi
I do not own a paid for copy of Chinese 360 total security nor am I going to buy that piece of junk. Which BTW uses cloud engine to check for viruses and spyware … a major privacy & security flaw for any scanner.
If you read my first comment in thread it might explain which OS I might use. Definitely not this win7/win10 box which is used for testing and as a deception to prying eyes. Besides, Tails has it’s pros and cons, good enough for average to medium users … not for what I need. If it’s not triple encrypted it’s of not much use to me.
Hint; https://privacytoolslist.com/

1 Like

How is triple encrypted better than forensically erased? A lot of the stuff on that list is just contradictory rubbish. It says all VPN companies spy despite this being proven untrue and recommends you use some obscure hardened OS I’ve never heard of instead of TAILS, it reminds me of years ago when there was a rival secure OS called HEADS, so you had to literally choose heads or tails. The article about Brave contained many self corrections after the publisher made false claims… surrounding false claims. It was pretty funny to see one of the recommended resources giving out a discount code for those pesky spy VPNs.

All in all after reading that muddled dross I’m left with just one question which I’d like answered: When using TAILS OS would it be better to keep uBlock as it comes or would it be better to remove the addon leaving just NoScript and the soon to die HTTPSEverywhere.

Thanks.

1 Like

How “safe” is any add-on or extension that requires:
This extension will have permission to:
Access your data for all websites
Access browser tabs
Access browser activity during navigation

Learn more

Very few extensions do not have these required permissions prior to installation.

1 Like