HTTP Switchboard for Chrome/Chromium:

Discussion in 'other software & services' started by apathy, Nov 25, 2013.

  1. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    Last edited: Jul 21, 2014
  2. gorhill

    gorhill Guest

    Issue #298: "Feature request: Option(s) to hide blocked elements"

    HTTPSB doesn't collapse blocked elements (yet). uBlock does, but the request above was blocked by HTTPSB, and uBlock has no idea about this because uBlock is hooked to chrome.webRequest.onBeforeSendHeaders ("Easy way to find out what other blockers do not block what they should block"), while ABP is hooked to chrome.webRequest.onbeforeRequest (which makes it aware of the request).

    Because of this, if using uBlock along HTTPSB, and if you want to not see that blocked facebook iframe, let uBlock block Facebook, instead of blocking with HTTPSB, that is until HTTPSB supports the removal of blocked elements.
     
  3. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    sorry to be picky here..

    when uMatrix comes into picture, how would be the behavior of the blocked elements by uMatrix, if both uMatrix and uBlock are installed?
     
    Last edited: Jul 21, 2014
  4. gorhill

    gorhill Guest

    Not sure I understand the question... Whatever uMatrix blocks, uMatrix will collapse it, and whatever uBlock blocks, uBlock would collapse it (like it already does). In short, each would collapse whatever they block themselves. That's actually a nice companionship, they work at different point in the request pipeline, thus eliminating duplicate works. If uBlock had been working at the same point in the pipeline as uMatrix, they would both block and try to collapse the blocked element, i.e. redundant work (one would not be able to find th element since it would have been removed by the other).
     
  5. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Thanks Gorhill. I was wondering whether element hiding capability will be put in uMatrix or not. So, raised a question reg. the same. I am good now. Also, it seems blocking resources with uBlock later in the pipeline seems to reduce complications when it works together with uMatrix :)
     
  6. gorhill

    gorhill Guest

    Just to be sure, I will clarify that to me, "collapsing blocked elements" is not "element hiding". Cosmetic filtering (aka "element hiding") is definitely not part of uMatrix. Collapsing blocked element is much more simple code, and it makes sense to have it for both extensions, to be applied for whatever they block themselves.
     
  7. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    815
    Location:
    India
    Ok. Thanks for Clarification. I understand, element hiding should not be a part of uMatrix.
     
  8. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    I'm using opera-developer and love the fact that HTTPSB sticks with me ;) I think I've run into a cookie related bug, i have non-blocked sesssion cookies to be wiped every 15 mins but I looked at cookies after closing the browser yesterday and a ton of those cookies were still there. I do know that those blacklisted cookies aren't being sent to the server but I thought you should know.
     
  9. gorhill

    gorhill Guest

    We would have to validate when was last time these cookies written to. It's possible javascript code regularly update a cookie, so that it's being seen as being used by HTTPSB. If you could give me something which I can try to reproduce on my side, like a site/cookie for which it happened, I could investigate.

    Workaround for now would be to check "Keep data until I close my browser", that should wipe out everything clean, including those storages which are out of reach of HTTPSB.
     
  10. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    That's a possibility, definitely. I saw your tweet on fingerprinting with the Ars Techica article. We don't have to worry about that ;) I will dare to say that HTTPSB is in the same class as NoScript if not better ;)
     
  11. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    Cookie info:

    [
    {
    "domain": ".eonline.com",
    "expirationDate": 1406345109.262034,
    "hostOnly": false,
    "httpOnly": false,
    "name": "adEdition",
    "path": "/",
    "secure": false,
    "session": false,
    "storeId": "0",
    "value": "us",
    "id": 1
    },
    {
    "domain": ".eonline.com",
    "expirationDate": 1406345109.261847,
    "hostOnly": false,
    "httpOnly": false,
    "name": "edition",
    "path": "/",
    "secure": false,
    "session": false,
    "storeId": "0",
    "value": "us",
    "id": 2
    }
    ]

    My privacy settings are set to delete blocked cookies and wipe session cookies every 15 mins. I wiped all my cookies and went to a random site and waited for 30 mins and that cookie is still there. I can send you my settings info also if you need it. Eonline.com is not whitelisted at all and I have cookies, scripts, xhr, frames blocked by default.

    EDIT: I've tested this in Opera-developer and Chromium-nightly and after hours the cookies are never removed.
    http://i.imgur.com/WiIpKRV.png
     
    Last edited: Jul 25, 2014
  12. gorhill

    gorhill Guest

  13. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    Gorhill what is the advantage of using ublock with http switchboard?
     
  14. gorhill

    gorhill Guest

    uBlock's pattern filtering engine is more advanced than HTTPSB's one. It has features people have asked for in HTTPSB for a while. I won't port them back into HTTPSB. HTTPSB will become uMatrix, a matrix-based filtering engine alone. uBlock is the pattern-based filtering engine + the sought after yet useless privacy-wise cosmetic filtering engine. So they complement each other. If you end up using uBlock aside HTTPSB, disable all ABP filtering in HTTPSB, plus unselect all ABP-compatible lists. Make HTTPSB list selection look like this:

    to-forum.png
     
  15. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello gorhill,

    I have been using uBlock since it was introduced and am loving it. I thought about going ahead and using HTTPSB also but have decided to wait until you release uMatrix. When you get close and if you need aditional beta testers, let me know. Thanks for the time and effort you put into giving us excellent software!
     
  16. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Using Chromium 35.x.x.x on Linux platform with pepper flash...really liking it for its speed, and since I'm trying to strike a balance between security and efficiency, I've disabled under Privacy: "Enable phishing and malware protection" and instead enabled the Malware domains checkboxes under Ubiquitous rules in httpsb. Does this approach make sense, or would it be better to utilize Chromium's built-in phishing and malware protection instead? I don't want to use both because of the already strong Linux sandbox and additional Apparmor enforcement I'm using on Chromium. Thanks!
     
  17. gorhill

    gorhill Guest

    Ideally I suppose both are good to have as I have no idea whether they intersect completely. I think Chromium would warn if it encounters a malware site, so that is something good to be informed about. Otherwise it comes down whether someone mind having to ping Google to download its own internal lists. Even Firefox does it now. Short answer: I have no strong opinion about this.
     
  18. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Thanks Raymond. It's tough to decide, because Google analyzes the site and will warn if it seems to be dangerous, which is a nice feature. OTOH, this "feature" seems a little intrusive, so I'll probably just stick with using the httpsb lists only.
     
  19. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
    uMatrix, interesting when is this being released?
     
  20. gorhill

    gorhill Guest

    I haven't worked much on it lately, too busy on uBlock. It seems to more you add what people want, the more requests for features come in. It can be discouraging at time. But at this point I think uBlock is mature enough to work well for most people without adding stuff to it for a while (aside fixing occasional filter-related breakage).
     
    Last edited by a moderator: Jul 28, 2014
  21. apathy

    apathy Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    461
    Location:
    9th Circle of Hell(Florida)
  22. iCurious

    iCurious Registered Member

    Joined:
    Aug 9, 2014
    Posts:
    17
    I started using this and I love it so far! Thank you @gorhill, I'm currently using it on my mac with uBlock, and thanks for the nice tutorial @apathy!
     
  23. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
  24. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    I'm looking for opinions on what the order of importance is on "Request types". IOW, the ones that pose the biggest threats if they are enabled for a given web site. I'm thinking "script" and "frame" probably are 1-2? These are the only two I have as blacklisted, so that httpsb is set up similar to NoScript. Any thoughts on "css", especially given the true type font exploit threat?

    EDIT

    It would be interesting to see how others have this extension set up. I've changed mine from a NoScript setup to a combination of NoScript and Request Policy setup. So I have all request types graylisted except script and frame both of which are blacklisted, and under Settings I have Auto whitelist page domain and Enable strict blocking selected.
     

    Attached Files:

    Last edited: Aug 17, 2014
  25. gugarci

    gugarci Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    288
    Location:
    Jersey
    I just started using this extension with UBlock. So far it's working well. Before that I was using ScripSafe & ABP.
    I have both disable at the moment.
    Thanks.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.