Please check the user manual first (EN/DE) and find the knowledge base and answers to technical questions in the FAQs of the former eBlocker GmbH. Mac and iOS users please read this article in case of certificate issues.

Notifications
Clear all

HTTPS filtering - benefit and effort?  

  RSS

Active Member
Joined: 4 Tagen ago
Posts: 8
22/05/2020 8:37 am  

Dear all,

I am testing eblocker for a few days now - I already tried pi-hole and adguard home as alternatives.

First of all: eblocker is quite a thing - very good work.

But... from what I experienced so far, the https filitering is quite some pain in the ass. As soon as it was enabled on my smartphone and tablet devices almost no app was working any longer. I had to either manual record each step in order to create specific exceptions (without letting everything through) or examine a lot of http connection errors.

I thought about recommending this solution to friends and family but nobody will invest so much time in order to make this work.

Am I missing something or is it the only way?

Thank you for your answer, best regards

w.


Quote
Member
Joined: 6 Monaten ago
Posts: 216
22/05/2020 10:00 am  

If you are serious about online privacy, simple DNS blocking like with Pihole/adguard is not enough. Same like a tin foil hat agains nuclear radiation 😉 

Apps are the pest regarding privacy protection and should not be used - if you are serious about your privacy. Rather use the website of the service and everything (incl. https) works just fine.

But as @benne always says: „Privacy is like a diet. There is no magic pill. If you feel like eating ice cream sandwiches (=apps) all night, don‘t expect the magic pill to work. Only YOU can make a difference and the pill really helps, but that comes with a slight change of behavior: stay away from apps“

If you just need a 80-90% privacy solution, don‘t enable HTTPs or use a simple DNS-blocker or rather a get tin foil hat 😉 


Benne liked
ReplyQuote
Famed Member
Joined: 5 Monaten ago
Posts: 180
22/05/2020 10:43 am  

@webwude Check out section 4 (especially 4.6) in the eBlocker manual linked above the forum. It‘s all said there...


ReplyQuote
Active Member
Joined: 2 Monaten ago
Posts: 10
23/05/2020 6:26 pm  
Posted by: @random

Apps are the pest regarding privacy protection and should not be used - if you are serious about your privacy. Rather use the website of the service and everything (incl. https) works just fine.

I don't think recommending users not to use apps is the right answer here. First, there are quite some things that can only or much better be done using apps (I would even say that there are quite some cases where it's more secure to use an app). Second, it's a fact of life that many companies put much more effort into the development of apps than into websites, so apps often work much smoother than the websites. Of course, an app has more potential to harm your privacy than a website but that doesn't mean that it's bad pre se. (And a website can still have many privacy problems even when filtered through the eBlocker, just think of all the information contained in the terms you send to a search engine).

So it's certainly valuable to point the users to potential problems with using apps, but in the end, it's the users (hopefully deliberate) decision.

Posted by: @webwude

 

Am I missing something or is it the only way?

I guess you are aware that the eBlocker already comes with a set of predefined "trusted apps" and I'd say that this list provides the right means to let each user balance between "privacy" and "convenience". However, I have the impression that this list is not very up-to-date but you are certainly invited to post your app definitions (I'm not sure if there is a dedicated topic for this) so other users can benefit from your hard work.

Best regards,

Martin 


Benne and Random liked
ReplyQuote
Member
Joined: 6 Monaten ago
Posts: 216
23/05/2020 8:00 pm  

@mainzelm I agree. It‘s always a trade off between convenience and „real/felt“ privacy. People wanting all the privacy and all the convenience without a change will get caught in the so called privacy paradoxon.

New topic for sharing trusted apps is welcome.

Next level would be a community repo that could be accessed from local eBlocker... Imagine a „Publish my App to Community“ and „Search Community Apps“. Next level: A rating system for quality of Community apps. Next level: must have/recommended/curated Community Apps... (all ideas from GmbH times)

And yes, if anyone wants to jump in and take the role of updating/maintaining pre-defined apps or implementing Community Apps feature: you are very welcome! 


ReplyQuote
Famed Member
Joined: 5 Monaten ago
Posts: 180
23/05/2020 8:31 pm  

@random

If I remember right the Privacy Paradoxon describes that people want privacy but not scarify convenience.

And of course everyone wants a magic pill that yields 100% privacy but 0% change in usage habits. This does not exists, unfortunately - but eBlocker is close 😉 .

The deal is to individually decide privacy vs convenience on a per app basis: the trusted apps idea. Together with community generated apps @random discussed, this would be a great way to make the start smoother for beginners who are stick to their apps...

Anyone who wants to gather/maintain user defined apps to be added/update the standard apps?


ReplyQuote
Active Member
Joined: 4 Tagen ago
Posts: 8
23/05/2020 9:08 pm  

Very interesting discussion from my point of view 🙂

After the initial comments I started to delete a few apps in order to see if it is feasible for me. A few of them are more or less just the mobile website and can be used with chrome or any other browser (Der Standard, der Spiegel, ORF News, even Instagram and Amazon, at least partly etc.)

Other apps have functionality which cannot accessed via mobile site as SecTAN Apps or other TAN banking apps, some public transportation with ticketing etc.

A few more have a lot more functionality or the mobile sites are quite poorly developed (Shpock, willhaben).

I know, in the end everyone has to decide for him- or herself. Some guidance would be really appreciated.

What I realized during my initial definition of trusted apps: it is quite hard to judge what URLs are really needed and which are for tracking or other purposes. I mean, some URLs contain the information such as "ad" or even "bigdata", a lot of other ones just use "api" or "app" and makes it very hard to judge. 

Define the minimum from the https error or the manual recording would could benefit from some sort of initial categorisation of the URLs. When I enter a mobile site (eg kicker.de), the blocked trackers and ads are shown with the overlay menu - would it be possible to include this information (if available) on the https sites (error and manual recording) information as well? This would be very handy in order to try to define a minimum set of URLs per app.

From my point of view is this also the point why it is hard to maintain a repository: one would have to have quite a knowledge of what is needed and what is not in order to maintain a useful set of trusted app definitions. Otherwise a whole domain is granted and most of the blocking is disabled.

Best regards

w.


Benne liked
ReplyQuote
Member
Joined: 6 Monaten ago
Posts: 216
23/05/2020 11:12 pm  

With DNS blocking you get a 80-90% blocking coverage. 

With pattern blocker and https you might get some 99%.

Now if you decide to grant one tracker access you might punch a little hole of -0,01%. 

Trackers can usually be discovered by the fact that everything still works in their absence as they are 3rd partys and the app service does not rely on it.

The Trusted Apps are necessary as apps use certificate pinning. Due to that they discover eBlocker being man-in-the-middle and refuse connection.

If app tracking takes places then tracking by the first party (app publisher). There I see a small risk you might enable a (rare) 1st party tracker by chance.

At the end it’s a matter of try and error - and a little hope no big tracker got freed up 😉

Or disable https for the device. eBlocker will switch to DNS blocker which will cause less interference with apps but also has less coverage. Your choice, your Privacy Paradoxon 😜


Benne liked
ReplyQuote
Scroll to Top