This is what concerns me most about as blockers; the potential for collusion. Without transparency around rulesets, they are fundamentally untrustworthy.
That comment in the iOS content blocker screen where it says that a blocker cannot send information back to the app is very literal; while it can't communicate with the app, it could communicate with the outside world.
I wrote a proof of concept showing how a content blocker can be used to disclose a unique tracking token across all domains - seeing collusion happening with one of the biggest blockers makes me think that this could actually happen. It's a little inelegant, but it shows that it's possible.
That comment in the iOS content blocker screen where it says that a blocker cannot send information back to the app is very literal; while it can't communicate with the app, it could communicate with the outside world.
I wrote a proof of concept showing how a content blocker can be used to disclose a unique tracking token across all domains - seeing collusion happening with one of the biggest blockers makes me think that this could actually happen. It's a little inelegant, but it shows that it's possible.
Proof of concept for those interested - https://github.com/MattOfNZ/Hypercookie
Any feedback on how practical this seems would be appreciated, I am not sure if my concerns are real or unfounded.
Edit: swapped 'seeing this' for 'seeing collusion'