µBlock, a lean and fast blocker

Security:
When you compare your base line (EAM/EIS+WSA+ERP/VS+HMPA/MBAE) with mine. . . I would not be concerned. I would rather not use Firefox without a sandbox solution (since Firefix has no sandbox like Chrome or Edge), so consider changing to Chrome on your Dell (or install SBIE also when you prefer Firefox)

Privacy:
Add Privacy Badger, although not as paranoid as Matrix against browser fingerprinting, it claims to have more intelligent protection rules against pixel tags than both uMatrix and uBlock.

 

Can you please give me a link where it says, about uBlock and/or uMatrix. And any example, where it blocks that uBlock does not. Would like to see how it fares with my custom config (uBlock Origin in Medium Mode)

My limited set of test (browsed for 5 days) against uBlock Origin (with medium blocking mode), is not positive (see here and here).

 

You would lose -

- Specific Privacy Options not present in uBlock Origin

- Ability to Spoof User Agents
- Ability to delete non-blocked cookies at specified intervals
- Ability to clear cache every X minutes
- Strict HTTPS: forbid mixed content.
- Spoof HTTP referrer string of third-party requests.
​

- Block specific request types per domain (Cookies, Images, Plugin, XHR)

- reg. Cookies: You would loose the ability to block specific 1st party cookies. 3rd party cookies can be configured to be denied by you firefox itself.
- reg. Images: This is a nice feature though, where you would loose an explicit option to block 3rd party images. I hope one day we will have this option in uBlock Origin itself.
- reg. Plugins: You can set your firefox browser to "ask to activate" per site i believe.
- reg. XHR: I wouldn't worry much about it. As these are the requests usually initiated by scripts, which can be controlled through uBlock Origin's Dynamic Filtering/Dynamic URL Filtering.​

And with uBlock Origin:

- You can explicitly control requests of type popup/fonts.
- Also, with dynamic URL Filtering you can easily block/allow any kind of request type at much more granular level than uMatrix i think​

With that said above, i myself started using uBlock Origin only (dropped uMatrix in favor of a single addon).

 

Thanks for the advice re Sbie ...
I do in fact have Privacy Badger also.

 

Thank you for giving a more explicit answer to my more shorter reply.
It is indeed nice to be able to globally block remote fonts & popups in uBO and then to allow them on sites that seem to need them:

no-popups: * true
no-remote-fonts: * true

Even Wilderssecurity has 3 remote font requests on this thread. These options are the same kind as ones in uM, meaning that you can disable say medium filtering (uBO) or matrix filtering (uM) and still have these protecting.

I really don't find running uM together with uBO too much of a bother and would miss one and it's options if I had to choose. One requirement is as I mentioned to the default blocking mask of being rather with similar allowances in both. Then it is just a matter to decide which one to use for dynamic filtering.

 

Thanks @Jarmo P and @harsha_mic for your detailed reply. Will need to play around and see.

 

IN REGARD TO PRIVACY

The ad networks not honoring these self regulatory policies make use of advanced features which are not closed down by uBlock origin or uMatrix. Both have no specific mechanisms to defend against pixel tags. The block third party pictures is just to crude (not granular enough). Also the user agent spoofing of uMatrix and blocking WebRTC is a counter measure against browser fingerprinting, but it does not cover all canvas fingerprinting practices.

That said, I hope that the developers of uBlockOrigin will implement some of the behavioral protection of Privacy Badger

When you use uMatrix to block third party only, simply using uBlock origin in advanced mode is a good alternative. Sure you will miss some features when switching over to uBlock Origin in advanced mode, but in real life practice it won't make a big difference in privacy.

 

I hope some one can show me a real live example where it blocks and uBlock Origin does not block. (i can test it in FF v42 Private Browsing mode + uBlock Origin Medium blocking mode)

Remember, as i noted in previous links, i was able reproduce the issue with PB again. i.e., Privacy Badger detects it blocked 1 potential tracker (blocked youtube.com cookie) on androidpolice.com. However, as Firefox browser should take care of it, as i only cong'd to accept 1P cookies only.
Can some one explain this anomaly?

Installed it again to see if it catches anything! Will have it for a week and see what it says..


Just my observation (pls. correct if i said anything incorrect)..
As far as i see, PB has heuristics to detect and block the trackers. But for it to block, first the trackers had have to be tracked already on alteast one site

And for other blockers, will block based on the rules. If there is no rule, no blockage. At this point, both the users would have been tracked. And once the rules have been added, there is no tracking. And coming to uBlock Origin Dynamic Filtering allows it to be operated in default-deny mode at various levels (i.e., request types). Which i believe is more safer approach.

 

I guess it is only Raymond, the author behind HTTPSwitchboard/uBlock Origin/uMatrix.

Sure there are many contributors (some are really great), who helped what these extensions are today. Like bringing it to more platforms..

 

@harsha_mic

Re cookie blocked: maybe PB blocked a 'super cookie' (e.g. flash), which is something else than the text cookies you can block in FF

Re heuristics: correct because some data is always available and some data is hidden in normal data (e.g. a one-pixel tag).

 

Thanks will check. However anybody having chrome with uBlock, can see if they are really super cookies are being set. I believe they can do it so by looking at local storage in the dev console. I dont have chrome right now.

@gorhill
While testing Privacy Badger with various sites, i stumbled upon http://naturalsoapboutique.com/, where the request types to google.com are logged differently in uBlock Logger when compared to Firefox Dev Console

STR -

1. FF v42 + uBlock v1.3.6
2. Goto http://naturalsoapboutique.com/
3. check the request type for the request

Code:

https://wallet.google.com/merchant

4. As shown in my screenshot, in Firefox it is listed as type HTML, where as in uBlock Logger, it is listed as CSS type.

Is this an expected behavior?

 

hi
may i ask 2 question ?
1)
is there ublock orign for opera ?
2)
in ublock orign for firefox , under filters , i have auto update filter list on
but some lists are marked obsolete and the update now is light orange
may i know how does it work the auto update ?

thanks

 

Yes, it is. For Blink based engine only. You can get it from here. Remember it is published under the name of "µBlock", as the opera store does not allow to change the name!

It will be updated one by one slowly, in order to reduce the load on the server (github). Maybe in the span of an hour or so, all the filter lists should be updated once they are marked for update.

 

thanks!
i guess i have the right ublock for opera
about the update i got it , they are slit not updated (some list ) ,just a bit of patience

but the i have never seen some image , i mean the left side (3rd..eweek.com and so on)
http://i.imgur.com/nm6cuuu.png

 

hmm.. I did not understand your question. Sorry.
However, if you are using v0.9.4.5 (per your screenshot), i would advise you to immediately update to latest version. it is sth like v.1.3.6

 

Click 'requests blocked'.

 

hi
i grabbed the screenshot from the opera extension
i can't click on requests blocked
here real screenshots firefox
http://i.imgur.com/GyvRhc6.png


opera
http://i.imgur.com/WwMtpyJ.png

 

Hi @gorhill

I've noticed an extension in the Chrome web store called "U block For Origin", supposedly from "www.xp0099.com". Summary is

"Ublock Origin, an efficient ad blocker. Thousands of popular block ads."

It looks like malware trying to pass as the real thing. Figured I should notify you about this.

 

nothing is blocked in opera on linux when starting with the command --user-agent=""

edit: vivaldi and ublocko works just fine with that command

 

In that specific case, yes, it is expected. uBO will show the type as per request. The Network pane shows the type as per response. The request is made for a `text/css` resource, the server responds with a `text/html` resource.

 

uBlock Pro is also offered, one of the downsides of open source, it can be copied and used for questionable purposes.

Best practices when something is on open source and no fork exists: STAY AWAY

 

Ok Thanks.

So, how would uBlock behave in the scenario below hypothetically -
1. Set uBlock to Medium block mode.
2. A request is made with 'text/html'. since it is not a iframe nor a script, the request is allowed.
3. Server responds with "text/javascript", and a js resource is returned.

I believe this js resource is executed if no static filter for it? Is it not the case?
Just curious! I have not come accross such a test case though!!

 

I've been using uBlock with Dynamic Filtering (Firefox) for quite some time along with several 3rd party filters. And while I'm very comfortable with this setup, it drives my wife nuts as she tries to 'surf' around (BTW. . . she uses my computer). So in trying to come up with somewhat easy remedy that will suit both of us, can someone tell me exactly what and how much I'm giving up if I just go with the Standard (non-advanced user) version of uBlock with no Dynamic Filtering.?

 

The blocking mode you're asking about (Easy mode) is found here along with other suggested Blocking modes. You might be interested in Easy mode + enhanced security/privacy or Easy mode + more privacy. The latter two modes block iframes by default which will enhance security with little or no breakage to websites.

I suppose you could also set up a separate account for your wife with uBlock set to a lighter blocking mode.

 

i read about "surrogate" in the noscript thread here
https://www.wilderssecurity.com/threads/noscript.381175/page-3#post-2544702

at least is it possible to "redirect" or "replace" an online script with an offline script to avoid ads?

Code:

http://st.wetteronline.de/dr/1.0.645/js/lib/mootools/library-1.4.5-1.4.0.1.js

that script is needed for several functions on that site but it was modified to place ads.