26 comments

[ 4.7 ms ] story [ 70.7 ms ] thread
> if you search for «illegal Irish potato recipes», it’ll inject similar searches such as «fun Irish drinking games» and «funny potato pictures». Google will now see your relevant but also irrelevant queries making it hard to distinguish what you actually searched for. This will give us a layer of «plausible deniability» in case anyone accuses you of a crime you never committed based on your search history stored at Google.

This is pretty implausibly deniable.

"Yes, officer, I know my computer searched for that, but that's only because I installed some software to deliberately search for things so that if I ever got suspected of a crime based on my search history I'd be able to tell you that it might not have been me"

In a time before the current political generation we actually created laws against surveillance. These laws are also valid for executive organs like police and secret services. Time to bring that back.
You could go for the plausible insanity defense angle, having it occasionally inject things like: "How to sculpt myself an imaginary friend from butter"
It's also pretty self-defeating at all other layers of privacy.

There are, obviously, a lot of ways to get away with a crime: you can try to ensure people don't know anything happened; that they don't know what happened was a crime; that they don't know you did it; or that they can't prove you did it. If you want to commit a crime for which you will be suspected but escape conviction, plausible deniability (which this isn't) can be a reasonable approach. If you want to live your life without undue surveillance and intrusion, generating 'chaff' like this is ludicrously counterproductive. It amounts to making your search patterns more unusual and adding search terms which might be suspicious in all sorts of ways you didn't foresee.

If I search "hot car how long milk safe to drink", it's pretty obvious what I'm thinking. If the extension adds "hot car safety" and "hot car how long", those are more ambiguous. And if it grabs popular suggested searches and picks "hot car kid safety", now it's adding potential surveillance triggers to an innocuous search. Less hypothetically, we already know that the NSA runs full-take collection against people who make certain searches relating to Tails Linux. If you make a non-tracked search on the topic, this could easily permute it into one of the tracked searches.

Even philosophically, I'm pretty baffled by the idea that I should improve my privacy by adding an extension which does unpredictable things in my name online...

> we already know that the NSA runs full-take collection against people who make certain searches relating to Tails Linux

Wow, is this actually true? For how long do they continue to collect everything you do? Do you have a source?

So all this time people have been saying "lol I'm probably on a list now", they were actually right?!

Seemingly yes, I don't know if they continue, yes, and yes. I think that my IP at least is probably on a list, along with a lot of other HN readers.

This is a mid-2014 story which didn't get a ton of press traction, I assume for no deeper reason than "people were burned out on specifics-of-surveillance stories after 2013". Original source [1, 2] was Tagesschau, a branch of German public broadcasting, by two high-profile German journalists and Jacob Appelbaum. (People other than Applebaum did review the technical side of things. [3]) It's since run in the standard English publications (Ars, TechDirt, El Reg, etc). I first got it from Bruce Schneier. [4]

The document source is somewhat unclear; the publisher hasn't said and it doesn't appear to be from Snowden's leaks. It was published around the time the TAO leaks started. But the document's accuracy (and that of the TAO leaks) is undisputed, and the NSA responded by defending the program instead of denying the report. [5]

The surveillance targets were numerous: emails, page visits, usage, and web searches variously relating to Tor, Tails (which was described as "advocated by extremists"), proxy services, and even the Linux Journal! The surveillance scope is unclear; the outlined system targets the full data of a single action then logs the IP for possible followup. One published code segment used deep packet inspection to find emails with links to the Tor homepage, then extracted the full body of those emails. This collection was part of XKeyscore, and presumably had the same targeting standards as the larger program. [4, 5]

As for being on a list, the Tor-homepage email filter had an exemption for IPs based in Five Eyes countries. But the other's didn't, so domestic users would presumably have at least been flagged. [4] The presence of a location filter in one tool sort of implies location wasn't being filtered later in the flow, but it's also possible non-email mediums were being filtered in other ways. The NSA statement was of course unhelpful, but includes "The communications of people who are not foreign intelligence targets are of no use to the agency." Given the NSA history of exact-words paltering, it seems significant that it calls those other communications useless, but doesn't say they're not collected. [5]

So yes; I think a large fraction of techies and Linux fans probably are on lists for completely innocuous searches.

[1] http://www.tagesschau.de/inland/nsa-xkeyscore-100.html

[2] https://translate.googleusercontent.com/translate_c?depth=1&...

[3] http://daserste.ndr.de/panorama/aktuell/nsa230_page-1.html

[4] https://www.schneier.com/blog/archives/2014/07/nsa_targets_p...

[5] https://arstechnica.com/tech-policy/2014/07/report-rare-leak...

I've always taken the "I'm probably on a list now" to be the product of cognitive dissonance, and a kind of flirting with the idea of being an outlaw.

It's not like the NSA has to optimize to spend fewer resources. Their only constraint is finding a justification for the level of surveillance against any specific individual. And when considering how quick social networks fan out, I would think that's game over for anyone posting here.

Honestly given how programmers can be indifferent to legal concerns, I wouldn't be surprised if the actual implementation was optimized to just a list of specific targets to not retain surveillance on. And it's probably comprised of a single herd of cows in Wisconsin.

It's prudent to just assume we're all on "a list".

Most forms of plausible deniability rely on enough people casually adopting them so that the presence of the software is expected rather than abnormal. This extension is not there yet.

Which means yes, if your intent is to commit a crime, then it's a poor idea to install this extension. But if you're an innocent person who simply wants to protest/undermine the idea of surveilled searches, then it makes sense to increase adoption.

Even better would be to get say Mozilla to include it in the default install. Although I'd personally be happy if they just worked on addressing the security issues highlighted by Panopticlick.

On Firefox, this one needs to be on: "privacy.trackingprotection.enabled", so without the ".ui" part specified in the article.
Setting tracking protection to on also forces Do Not Track to turn on, which can be counterproductive if you want to avoid fingerprinting. I prefer to use uBlock Origin and Privacy Possum.
Switch to uMatrix if you have enough know-how to fix websites that break. It is the single best plugin I know. I use it on Firefox mobile and it speeds up websites faster than AMP.
uMatrix is cool, and I respect the hardcore approach to privacy, but it's a ton of work for most sites. I found there's usually a lot of trial and error trying to figure out the minimum combination of things needed to get the site to work, during which I usually enable something I wish I hadn't and wasn't required anyway. On top of that, web sites change, a lot, so getting the right mix is usually temporary.

I feel the community maintained filters, while possibly imperfect, will be better than my custom filters especially when my patience runs low.

uBlock Origin gives a similar matrix with "I'm an advanced user" on. I have a personal rule of never fully whitelisting a domain, or even a single page. The only matrix level rule I have is for one of my bank accounts that requires an iFrame to make a payment. Any other site that breaks, I leave.

Firefox Mobile on Android is the best thing to ever happen to mobile browsers. Without it, I would never use my phone for browsing. Every other browser can optimize until the cows come home, the typical web bloat is still going to grind them to a halt.

I used the advanced mode in uBlock Origin with default-deny on all 3rd-party frames and scripts for a while. It does get tiring after a while to go in and noop sites to fall back to the filter lists, and reload. Rinse and repeat until the site works. It's especially annoying on mobile.

It especially tends to break online payment solutions, I've had more than one purchase go haywire, including one where I just got the "order confirmed!" page instantly, without ever entering any payment details. Their support guy was a little bit confused about that one ;-)

So now I put my trust in the block lists, Privacy Possum, Decentraleyes and Firefox' built-in fingerprinting resistance function ("privacy.resistFingerprinting" in about:config).

The latest additions are Multi-Account Containers and Temporary Containers. Every new site opens in a sandboxed temporary container that gets deleted 15 minutes after I close the last tab in it. This discards all cookies, cache, everything stored about that site, except browsing history entries. Think of it as a cookie autodelete on steroids. I have permanent containers set up for sites where I want to store the login or other information, such as HN or FB. Each site can only see its own container, so there's no cross-site tracking.

You seem to be a privacy expert. PrivacyWall will not break these payment solutions. We'd love your feedback on PrivacyWall. It's free for download at http://www.privacywall.org
(comment deleted)
“This article is probably full of potholes, errors and half-baked thoughts.”

To chip in some thoughts:

1. If you use chrome, you cannot fully disable tracking. Even if you use chromium, you can’t enable sign-in, which pretty well neuters a lot of great features. Even Firefox collects info about you so you need to configure it more than he says.

2. AdNauseam, etc esp with Adblock seems extremely questionable.

3. If you use Google.com, Android OS, or any google services, they track you. So much for installing Firefox and uBlock...

4. Install a privacy tool like Privacy Badger or Disconnect. Surprised I didn’t see this on the list, even from 2017.

We built PrivacyWall to address many of these concerns. PrivacyWall provides host level blocking so it prevents Firefox and Chrome from exfiltrating your data and it's free for download at http://www.privacywall.org for those who don't feel like the existing tools offer sufficient protection.
Good read, thanks for sharing. For chrome users I'd advise using these extensions: I use Surfshark chrome extension for a VPN, PrivacyBadger, cookieautodelete, HTTPS everywhere, User Agent switcher if you're being sort of paranoid. I have CCleaner installed too, but usually there's nothing to clean since extensions handle most of it.
I'd encourage you to give Firefox a go if you haven't already. The new version is really good, and I personally trust Mozilla a lot more. :)
Thank you, Firefox is one of my main browsers, I use Chrome basically for youtube playlist :D
I assume surfshark is a "free VPN" extension? If so, you're probably doing the opposite of protecting your privacy by using it.

Using Chrome is also generally a poor choice.

Surfshark is a paid VPN, I would never choose to use a free VPN. Furthermore, Surfshark has been audited by Cure53 to check their browser extension security and got a good review https://cure53.de/pentest-report_surfshark.pdf To put it short they earned my trust.

And I use several browsers, totally agree Chrome is a poor choice but I don't expect people stop using it, might as well use it as safely as possible :)

Out of curiosity, why would you choose a browser extension over an actual VPN that tunnels all of your traffic?