First off, thank you for everything you do with Privacy Badger—it's been a staple in my browser for years. I really appreciate you taking the time to poke holes in this.
You’re absolutely right about HTTPS Everywhere; that was a oversight in my initial write-up. Since it's now integrated into the major browsers, that’s one less 'fragment' to worry about.
To answer your questions on the 'why' behind the other features:
Phishing detection: The main gap I see with built-in Safe Browsing is the telemetry. Most users don't realize that 'Enhanced Protection' often means sending URLs/metadata back to a central server. I’m exploring a local-first approach (using bloom filters or highly optimized local sets) to keep that check entirely on-device.
Cookie auto-delete: While Total Cookie Protection (Firefox) is great, many browsers still only clear data 'on exit.' For users who keep their browser open for weeks, I see value in 'active' cleaning (e.g., clearing site data 15 minutes after a tab is closed) to minimize the session-tracking window.
The 'All-in-one' goal: My hypothesis is actually driven by the fingerprinting concern you've likely seen discussed. Using uBO + PB + a cookie manager creates a very unique extension fingerprint. I'm wondering if a single, consolidated open-source tool could actually help a user 'blend in' better than a stack of three different ones.
I’m still in the 'talking myself out of it' phase, so this technical pushback is exactly what I was hoping for. Thank you again ghostwords!
"Thanks for the honest feedback—this is exactly the kind of 'cold water' I need to make sure I’m not building in a bubble.
On the trust point: You’re 100% right. Trust is the one thing you can’t 'feature-complete' your way into. My goal is to use things like reproducible builds and eventually a third-party audit to bridge that gap, but I recognize that for many, there is no substitute for a proven track record over years.
Regarding subscriptions: I hear you. The 'subscription fatigue' is real, especially for utilities. I’m strongly considering a 'pay-once' model or a 'donation-supported' version for individuals to avoid that 'software rental' feeling.
And on Manifest V3: I share your frustration. It’s a major reason why I’m prioritizing a Firefox-first (and potentially a Brave-optimized) version where those restrictions aren't as crippling as they are in the standard Chrome implementation.
I really appreciate you taking the time to share these perspectives—it helps me refine the roadmap before I write too much code."
You’re absolutely right about HTTPS Everywhere; that was a oversight in my initial write-up. Since it's now integrated into the major browsers, that’s one less 'fragment' to worry about.
To answer your questions on the 'why' behind the other features:
Phishing detection: The main gap I see with built-in Safe Browsing is the telemetry. Most users don't realize that 'Enhanced Protection' often means sending URLs/metadata back to a central server. I’m exploring a local-first approach (using bloom filters or highly optimized local sets) to keep that check entirely on-device.
Cookie auto-delete: While Total Cookie Protection (Firefox) is great, many browsers still only clear data 'on exit.' For users who keep their browser open for weeks, I see value in 'active' cleaning (e.g., clearing site data 15 minutes after a tab is closed) to minimize the session-tracking window.
The 'All-in-one' goal: My hypothesis is actually driven by the fingerprinting concern you've likely seen discussed. Using uBO + PB + a cookie manager creates a very unique extension fingerprint. I'm wondering if a single, consolidated open-source tool could actually help a user 'blend in' better than a stack of three different ones.
I’m still in the 'talking myself out of it' phase, so this technical pushback is exactly what I was hoping for. Thank you again ghostwords!