Well, I'm not gorhill, but if you look into his latest commits you'll find a lot of them referencing Firefox. So I suggest to be patient. It's ready when it's ready
I prefer to not allow the other coumn in the behind-the-scene-scope. This is how it looks a couple of minues after I started Chrome today: I don't know what google-analytics.com was trying to do. I suppose that it happened when Chrome checked the webstore for updates. And although GA is blacklisted, uMatrix wouldn't have been able to block GA otherwise as extensions are disabled on the webstore. So this is an example how uMatrix is able to control a lot of things happening in the background (by the browser itself or other extensions). I don't want to forego that.
@The Red Moon Yes you can, absolutely. You need to go https://adblockplus.org/en/subscriptions click on homepage of selected filter you are after and copy (from the browser URL) the homepage into umatrix. (down the bottom box and click "Parse" Example the filters for easylist will be https://easylist-downloads.adblockplus.org/easylist.txt and Fanboys annoyances will be https://easylist-downloads.adblockplus.org/fanboy-annoyance.txt regards.
No, you can't. This is an absolutely bad advice. Support for pattern-based filtering - and this includes ABP compatible filterlists - was removed when gorhill published uMatrix as the successor of HTTP Switchboard (which is no longer maintained). uMatrix does not support the ABP filter syntax but only hosts file type filterlists. Adding ABP filterlists results in many entries simply not being applied at all or incorrectly interpreted. If you want to use those filterlists I suggest that you use uBlock.
I don't like either to allow it. If there was only some certain sites I read pfd-files, I could make a rule into that behind-the-scene scope matrix to allow other only in those sites. But they are too many and also most times I am operating sandboxied so I can't even make permanent rules to those sites. Also this is such a bother, because most times I am running Chrome in incognito mode. And as you know, to bring the chromium-behind-the-scene matrix, it will open a normal window, another window. As it is now this sucks and I am reluctant to use some pdf-reader extension. I really wish, even if gorhill posted in the link you gave what he did, that some sort of solution to this would be possible.
I had a very interesting observation today. After starting Chrome I looked into the statistics tab of uMatrix and found one entry marked as blocked which I had never seen before: Code: 11:31:09 other <a> http://cache.pack.google.com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP11V-NR4wY58jM2HOPewEhQCTjk48snqnsU2rm1fVen1u99EtaTfgtZ8BprsPAYdhy_L9vqIsambYGz71InXepQAMZSmuUoegAE-h6tTWvOxcWJ0VBJ6r9FVg/extension_0_1_0_0.crx Obviously a Chrome extension because of the crx suffix. I clicked the uMatrix symbol to open the chromium-behind-the-scene matrix and confirmed that there was a blocked request in the "other" column for cache.pack.google.com. I tried to open above link because I knew that Chrome would prevent its installation - and indeed, I got a message by Chrome that no apps, extensions or user scripts could be installed from that site (good!). Nevertheless, the extension was downloaded. I renamed it to extension_0_1_0_0.zip and extracted it. Here's the manifest.json file: Code: { "update_url": "https://clients2.google.com/service/update2/crx", "manifest_version": 2, "icons": { "128": "images/icon_128.png", "16": "images/icon_16.png" }, "display_in_launcher": false, "version": "0.1.0.0", "minimum_chrome_version": "29", "display_in_new_tab_page": false, "permissions": [ "identity", "webview", "https://wallet.google.com/", "https://wallet-web.sandbox.google.com/", "https://www.google.com/", "https://www.googleapis.com/*" ], "name": "__MSG_APP_NAME__", "app": { "background": { "scripts": [ "craw_background.js" ] } }, "default_locale": "en", "oauth2": { "auto_approve": true, "scopes": [ "https://www.googleapis.com/auth/sierra", "https://www.googleapis.com/auth/sierrasandbox", "https://www.googleapis.com/auth/chromewebstore", "https://www.googleapis.com/auth/chromewebstore.readonly" ], "client_id": "203784468217.apps.googleusercontent.com" }, "description": "__MSG_APP_DESCRIPTION__" } And metadata/verified_contents.json contained Code: [{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W ..... Has anybody seen anything like this before? I think that one of my extensions tried to sideload that stuff which is obviously a payload. I will try to investigate which one is the culprit. In any case: This example is a confirmation for me that blocking behind-the-scene requests in uMatrix is highly recommended. I don't know if it had been possible otherwise that this sideload would be installed in Chrome. But it's good to know that uMatrix blocks such attempts right from the beginning.
I'm not a user of uMatrix, but I can confirm that my pretty basic install of Chrome includes this Google Wallet extension as well. Sadly, I am very familiar with Chrome side-loading a lot of things behind the scenes. One example that Chrome brings in after the fact is that Windvine Content Decryption Module plugin. Also, depending on what other software is on your system, Chrome will install that Software Removal Tool in the user folder as well without confirmation. There are a handful of built-in extensions for Chrome like YouTube, Docs, Drive, etc. that you used to be able to see (and remove) from Extensions (chrome://extensions/). But those built-in extensions are simply just hidden now. The Google Wallet extension in my basic Chrome install is the same version listed in your manifest.json file. There is a lot of stuff going on behind the scenes in Chrome, unfortunately, without confirmation from the user. I may look into using uMatrix if this is able to easily control what is stuffed into Chrome after the fact.
Interesting. I've recently installed Chrome on several Linux distros in Virtualbox and I've always seen (and removed) those extensions. Perhaps because I always enable developer mode? I had never seen that before. It would be interesting to know if this also applies to Chromium. The degree of control provided by uMatrix is simply unmatched. Please note that behind-the-scene requests are allowed by default in order to avoid breaking things. This HTTPSB wiki entry is still valid. And this old post of mine might be helpful, too. EDIT: Please also note that by blocking behind-the-scene requests uMatrix itself (!) cannot update its hosts files anymore unless you allow XHR in the chromium-behind-the-scene matrix for the corresponding websites. This applies also to other extensions like uBlock. Once you save those rules, everything works flawlessly.
Okay, at least this suggests that it's nothing malicious which is sideloaded by some other extension, isn't it?
What would be easy when figuring out what to allow on a page? ==> A quick access to the logs (illustrated with a square with hashtag in it) see picture.
I just can't wait. I was forced (long story) to switch from Chrome to FF and now I am really missing it. Policeman is a PIA to use, when compared to uMatrix.
Well, not really. I had to give up with Chrome because of new company's policy. Still it is my preferred one but I cannot use it on my work PC.
From the link you gave tlu, it shows that the latest release is 0.8.1.4 Mine is still 0.8.1.3 as the above version is still not in Chrome web store. I wonder why? I do hope the new 0.9 release or from it developed official release gets into that "store".
I mean't that when you from Chrome/Settings/Extension/Get more extensions, you will go to Chrome web store. Then type into the search box: uMatrix, then available extension will be 0.8.1.3 not 0.8.1.4. Nor will my uMatrix update to 0.8.1.4. So it is a clear sign to me that it is not available in that store. I am of course interested in the 0.9 version, but I will wait for the next official release to install.
Hallelujah!!!! Man, gorhil has made my year!! Umatrix on FF is the best thing since sliced bread and rum.