Author Topic: Ad Sanitizer  (Read 2150 times)

Offline TJay

  • Newbie
  • *
  • Posts: 2
Ad Sanitizer
« on: December 04, 2015, 09:37:15 PM »
Blocks scripts that should be allowed. I need to unblock specific scripts, not whole sites.

Offline WxMan1

  • Comodo's Hero
  • *****
  • Posts: 819
Re: Ad Sanitizer
« Reply #1 on: December 05, 2015, 05:34:56 PM »
PrivDog doesn't function in the manner that you suppose.  Read the putative purpose designed into PrivDog here: https://forums.comodo.com/news-announcements-feedback-privdog/an-overview-to-privdog-view1-t96008.0.html

PrivDog operates at a fairly course granularity, i.e., the domain level, e.g., example.com, and that web-site can host content and script that is serviced by as many 3rd party hosts.  Much of that is related to Facebook & Google.  PrivDog focuses on invasions of privacy at the domain level.  If the granularity of control required extends to the script level, then an extension such as NoScript would be suggested.

With that extension each and every script is blocked by default, unless explicitly allowed.  For example on this page NoScript is blocking a script hosted by SSL.google-analytics.com.  I'm confident that domain is benign; its part of this web-page.  But my druthers be not to allow any Google script to run unless absolutely necessary for web-page functionality.  Then I allow them temporarily per incident as required.

For example, TVGuide.com initially loads with 2 out of 4 domains hosting 17 scripts total are allowed.  When I temporarily allow the blocked two domains, and reload the page 6 out of 16 domains are permitted hosting 36 scripts.  Unblocking the additional 10 domains results in 16 out of 21 domains permitted hosting 38 scripts.  Unblocking the additional 5 domains yields no additional blocking, 43 scripts have executed.

That PrivDog hasn't barked, its astonishing the amount of permeability allowed by one click w/out NoScript.  This doesn't even address the issue of cross-site scripting (XSS) and cross-site POST requests that are transparently transormed into data-less GETS.  These are 'benign' HTML methods to glom onto your personal attributes.  Not to ignore potential pinging of destination URLs, META redirections, XSLT, UI redressing and cross-site request forgery attacks.  These potential exploit vulnerabiities are mitigated by NoScript ABE, i.e., application boundary enforcer (SEE: https://noscript.net/abe/

The fact is, with NoScript's fundamental protections - by default - PrivDog will still bark about things.  And I see many scripts being blocked by default and yet the basic functionality of the web-page is still usable.  The question arises if ALL scripts on any arbitrary web-page are allowed - at least temporarily - and critical functionality is unavailable due to PrivDog blocking, then the evaluation must be made how badly one wants to access the web-pages functionality at the risk of their privacy being invaded?

PrivDog is focused on maintaining your anonymity, while NoScript is focused at a very granular level to protect malicious intrusion and that, by extension, translates to privacy; scripts that can't run can't phone home.  Most of the time when dealing with NoScript, is dealing whcih particular CDN domain is necessary to avail oneself to desire functionality on a web-page.  CDN is content delivery hosting, and is essential for multi-media, e.g., Flash, and download functions.  So the trick is to find which CDN is required specifically, or combination thereof, to view a Flash video, or download a file.

In the case of TVGuide.com, desptie allowing - temporarily - 21 domains and 43 scripts permission to run, most are for Google, Facebook, et ali, undoubtedly phoning home to the NSA and / or DHS.  These are universal scripts hosted by web-sites across the interwebs.  Now PrivDog doesn't see any one of these in and of themselves as nepharious - and so doesn't alert - but the data accumulated across your travels of the interwebs, over time, can be aggregated so as to develop a profile of you.


 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek