Privacybadger: Why is unlimited storage permissions for update required?

Same question from me, why does a tool which should prevent ad sites and trackers getting data of me now want to store data itself. This is a paradox pure and simple. Do I replace now many evil ad's and trackers with another evil?

Privacy Badger requires storing which domains track you (and where the tracking took place) in order to function. Extension storage (chrome.storage.local) is by default limited to ~5 MB. A user ran over this limit (#1717); adding unlimitedStorage was the most straightforward way to deal with the immediate problem.

I understand you are concerned about Privacy Badger using too much space. You can check how much space (approximately) your Badger uses now by running the following code in your Badger's background page:

chrome.storage.local.get(null, r=>console.log(
  parseFloat(JSON.stringify(r).length / 1024 / 1024).toFixed(2), "MB"));

To get to the background page console in Firefox, visit about:debugging, enable add-on debugging, click Debug next to Privacy Badger, click the OK button on the popup warning about remote debugging, and enter the above script into the console after the >>.

We plan on reducing and optimizing what Badger stores in the future (most likely starting with #1446).

So this is about local storage only? I'm not so concerned if I store my own data on my own drive including browsing and do not track settings. I was more concerned if that data is getting transmitted as well. And to be honest seeing something pop-up in firefox saying something wants the permission to store an unlimited amount of client-data, simply gets my alarm bells ringing. (see attached screen-shot)

Strangely, we used to have the "unlimitedStorage" permission, but removed it in https://github.com/EFForg/privacybadger/commit/67588e00a518eda2fcface97ff1b3a3723bf2c62#diff-4b1eb3dc48c4e16d49db5b42298fe654. We might have overreacted to warnings from Firefox dev tools (https://github.com/EFForg/privacybadgerfirefox-legacy/issues/208#issuecomment-239054130).

uBlock Origin declares "unlimitedStorage" as well (and documents Privacy Badger as having it): https://github.com/gorhill/uBlock/wiki/About-the-required-permissions.

Adding the "unlimitedStorage" permission does not produce any additional warnings in Chrome (https://github.com/EFForg/privacybadger/issues/1717#issuecomment-338282900). You could argue this is another breaking change in Firefox's implementation of WebExtensions.

@Videonauth Correct, this data stays on your local machine. Agreed, Firefox's notification provokes needless concern. See my above comment regarding how this notification shouldn't even exist in Firefox.

Yes thank you this makes it more clear, in fact this pop-up made me come here, I honestly wonder why this thread not already has thousands of people in it. My first thought was hell what who is go and store that unlimited amount of data and foremost what data is going to be stored :) I changed from ABP to badger because I want no one to have my data. Your last text for sure made it clear, Thank you.

I opened a Bugzilla issue for Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1411999.

Yeah. It's really an awkward prompt for a user for that particular thingy. Probably doesn't evoke what would be a significant change to an add-on. On the other hand, doing so may give pause for add-on devs to consider tinier ways to achieve the same purpose in an add-on without relying on large data sets.

woah. How did you get a real name from a username on github? ... or maybe it's someone _else's_ name 0_o. You're freakin' me out @SuperSluether

ooh... well my name is actually Zotan The Destroyer. Hope that clears things up :D

@SuperSluether Yeah, I'm not sure what's going on with uBlock Origin on Firefox, but uBlock Origin on Chrome does declare "unlimitedStorage".

Im still unhappy that unlimited storage may be abused and would prefer a more hands on user side control on this.

You could argue this is another breaking change in Firefox's implementation of WebExtensions.

I could argue a great deal on how Mozilla is killing Firefox by removing what made it stand out in first place, I could argue but I wont.

please consider allowing user to set own limits rather than current design, it would be nice if you just get notified, "hey I need a few more MB to store your data".

@the-j0k3r How much storage does your Badger use now (https://github.com/EFForg/privacybadger/issues/1745#issuecomment-339691221)?

SuperSluether thanks for your interest, Ive voiced my concerns already and asked some valid questions even made some suggestions, there is nothing to be added of value by repeating myself.

@the-j0k3r How much storage does your Badger use now (#1745 (comment))?

@ghostwords it says 0.20 MB

I'm sorry but you made a boo boo here. You opted to allow a firefox extension unlimited storage instead of advising users with this issue to change dom.storage.default_quota in their browser to a higher value.

That's opening the gates for future exploitation imho.

A minority of users are filling their local storage so everyone must now allow an extension unlimited storage to solve that problem.

We can't say how this would be exploited but one guess is to simply randomize domains loaded until the storage is filled, like a DoS against the client. I have no insight into the code base but I feel that this issue is more about common sense.

Point is that unlimited storage is unnecessarily dangerous.

Does uBlock Origin really use unlimited storage?

No, I removed the permission before releasing uBO/webext because it was causing a warning of unsupported permission at the browser console back then. Apparently support for unlimitedStorage was added recently. uBO uses indexedDB to store its large chunks of data (which sum up to beyond 5 MB) -- I don't know if declaring the unlimitedStorage permission will be required by uBO for using indexedDB.

To those who freak out about this unlimited storage permission, keep in mind that with _all_ legacy extensions there was no limit whatsoever. The only difference is that now you are _informed_ about extensions which requires unlimited storage (you were not before). So to see this current permission as being an issue makes no sense considering how things were before WebExtensions.

💯 @stemid is on the right track, especially on a day and age where you read multiple news daily about lesser holes being exploited by nefarious and unscrupulous 3rd parties in exotic ways to achieve their goals.

@gorhill it doesn't matter what the previous state of affairs was, in reality I agree that the previous situation was not right, I wouldn't use that as an argument to dismiss the issue, it's is pretty much how that sounds.

Just a reminder, while it's fine to disagree, let's please remain respectful and constructive as we do so.

Let's wait for the 2017.10.25.1 update to finish rolling out, and then replace this issue with a new issue to remove the "unlimitedStorage" permission once Badger becomes unlikely to exceed 5 MB through regular use (after #1446 and related issues).

As https://github.com/EFForg/privacybadger/issues/1745#issuecomment-339914562 points out, "unlimitedStorage" probably does introduce the risk of somebody messing with your browser by making Badger learn a lot of garbage data. We should look into it anyway.

@ghostwords #1747 is not an impatience driven issue, Just posted now is all.

This topic is a good place to discuss the semantics, will look forward to future mitigation improvements.

Thank you,

@the-j0k3r

it doesn't matter what the previous state of affairs was, in reality I agree that the previous situation was not right

I use the argument to point out that blaming Privacy Badger _now_ makes no sense, things were worst before when you were not informed. If you feel the "unlimited storage" permission is wrong, you need to report to Bugzilla, this is a WebExtensions feature, which extensions use at their discretion.

@gorhill just to clarify.I was just pointing out your previous reply just left a somewhat open question in the air, nothing more.

If you feel the "unlimited storage" permission is wrong, you need to report to Bugzilla, this is a WebExtensions feature, which extensions use at their discretion.

I cant say what I will or wont do in that respect, The short reply is. just because you can buy a hammer to hammer down a nail or five, it doenst mean its right to use that hammer to crack someone's head, yet things are misused all the time.

The long reply is, Im not a tinfoil-hat kind of guy even if some people may misunderstand my reasons or motivations (the internet/technology has this magical way of twisting things in unintended ways) but I do read tech news and that message is loud and clear.

The point I really want to drive home is that In a perfect world, developers and users alike shouldn't be as complacent now or in future as they were before and perpetuating bad practices is terrible for everyone,

@gorhill and @SuperSluether Is there a reason to not just use dom.storage.default_quota in firefox?

Understandable but in this case I think it would be easier better to make that config change once a user hits that limit than blanket all users with what Firefox devs and others seem to consider an invasive permission.

Even if we're only just now seeing these warnings it's still relevant to a group of privacy conscious users, just like android permissions and other things in that vein.

Why would you need to change addon specific settings in about:config which is a browser configuration thing? You dont/wouldnt simpy put.

@stemid agreed.

@SuperSluether its abundantly clear you disapprove and disagree with the issue of this topic. Just because your friends are less technically minded is again an excuse. People should be educated to understand that using 12345 as password is wrong and that allwoing things that can be abused in reality is also wrong, particularly in the age that we are in where almost anything is being hacked and abused by the millions every day.

just because you can buy a hammer to hammer down a nail or five, it doenst mean its right to use that hammer to crack someone's head, yet things are misused all the time.

Yes Im comparing this unlimited storage to a hammer, but technology in general can be shunted into this analogy.

To extend on that analogy, if you saw your friends hammering their own fingers, I would like to believe you would teach them how to use the hammer, or if you saw someone trying to crack your friends head with that hammer, again Ide like to believe you would try to stop them.

As @ghostwords explained this unlimited storage was a quick and simple solution (that acts like a hammer) to resolve a extreme use-case issue until better garbage collection https://github.com/EFForg/privacybadger/issues/1446 will make it possible to disable in future.

But I suspect you disagree with that also which is your right.

@gorhill for implementing similar in ublock origin