µBlock, a lean and fast blocker

Thanks for the info. This is great news for Palemoon users. Installed 9.9.2-dev.2 and it's working great in Palemoon.

 

I really like the idea but I'm not sure how it works, when "@@HTTPS://*^$script,third-party" is called ? Since you have block all 3p requests with dynamic filter, a noop rule is needed somewhere ? Because with with all 3p blocked and no noop rules, uBlock "doesn't care" about "@@HTTPS://*^$script,third-party".. It confuses me since yesterday !

 

You are right, it does not work Thanks for pointing it out to me It has to be other way around I should change my avatar to dumbo

Only block third party-iframes in uBlock and add a block rule in My Filters (using adblock syntax) for third party HTTP Scripts: hxxp://*^$script,third-party

THIRD PARTY SCRIPTS ARE STILL BLOCKED FOR HTTP



THIRD PARTY SCRIPTS ARE ALLOWED FOR HTTPS, NO MORE HASSLE WITH LOG-IN'S AND PAYMENTS (paypal and ideal for instance are third-party when buying from a webshop).



DOWN SIDE:
You need to ALLOW in stead of using NOOP, when defining exceptions, but that does not makes any difference in this setup, since all ads and trackers of third-party are blocked without using third party filters (reason for NOOP-ing is when using filters of easylist et cetera).

UPSIDE:
Since uBlock does not has an option to filter inline scripts or pixel tags of ad-networks, nor anti-fingerprinting features (like uMatrix), you won't be noticing any difference in functionality. Without these "advanced" tracking blocking options, you are still being followed by ad-networks (not subscribing the self regulation manifest), even when you enable all filters available in uBlock. So increased security, useability and performance without the simular anti-ad/tracking functionality.

CHROME
Browser script settings, set to block by default, allow all dutch + COM websites and some secure websites from other high level domains:
[*.]NL ALLOW
[*.]COM ALLOW
HXXPS://[*.]ORG ALLOW
HXXPS://[*.]NET ALLOW
HXXPS://[*.]EDU ALLOW
HXXPS://[*.]EU ALLOW

 

Yeah, much better this way, thank you.

I will using this for few days and see how it works, probably with few filters lists.

 

About the new permissions in Origin, Raymond explains what needs to be looked before judging a product
https://github.com/gorhill/uBlock/wiki/Can-you-trust-uBlock?

 

I believe uBlock has an explicit option to control inline scripts thru mini-Matrix UI. I don't think chris stripped it

What is pixel tags? Is it not image tag?
If it is, I am afraid, uBlock has it in its mini-Matrix UI

Curios on this statement. So, excluding spoofing thing, what is that loss of Functionality, if One using Fingerprinting measures available in uMatrix/Origin.
I don't think performance differs..

 

the screenshot windows_security himself shared shows that ublock has the option to block/allow inline scripts. so he must've missed it.

as for the pixel tags, they are hidden blocks of 1-pixel images on a webpage to track a website's visitor's browsing history. i'm not sure whether or not ublock blocks them.

 

which filter lists can be used along with "fanboy+easylist ultimate list" without having overlapping issues?
is "ultimate + peter lowe + dan pollock + hphosts + mvps hosts + malvertising by disconnect + malware domain list + malware domains + malware by disconnect + spam404" an overkill?
if it's, which ones should be used together? for instance out of malware domains lists?
thanks

 

uBlock removes all duplicates so there is no overlapping issues

Here are lists that I have enabled:

 

You don't need both Fanboy annoyances and fanboy social blocking list

as fanboy annoyances already includes Fanboy social blocking

remove the social one otherwise double rules may slow down the PAGE loading

regards
kantry123

 

OK, I removed it. The number of filters hasn't change. Doesn't uBlock remove duplicates and use only single rule for each filter?

 

thanks. didn't know it was able to do that.

i've just taken a look at ublock's docs. it says now you can tell which filter is responsible for any blocking. so my question is have you ever come across anything blocked by those extra filters, esp. malware lists?
because even though ublock eliminates duplicates, still, the more entries you got in your lists, the more memory gets consumed. so i'm trying to minimize the entries while maximizing the protection (from ads or whatever).

 

No you can block or allow inlne scripts, not filter them as mentioned. As far as I known, uBlock does not check source and document references in inline scripts being listed in a third-party block lists. Maybe you could ask Gorhill whether uBlock/uMatrix also filters inline scripts for blacklisted references

As @imdb explained, Show me where I can block all 1x1 pixel tags, or block 3x3 or smaller tags coming from ad-networks or block all third-party images smaller as 5x5 pixels?

Off Topic: Why are you afraid to be right? Am I missing something in translation?

I intended to explain that there is no loss in functionality as long as uBlock does not filter inline scripts or pixel tags for blacklist references (in Third-party blcklists like easylist etc). I am not using any third-party filter list, uBlock will still block ads and trackers. As long uBlock does not has spoofing plus advanced tracking protection, uBlock without third-party filter lists is as effective against ads and trackers as uBlock with all third-party ad and tracker blacklists enabled.

 

The above looks like critism, but that is not the case. Gorhill has (by far) created the best adblocking/scriptblocker available today with uMatrix. Unless you apply a default deny, rigoureus block of scripts (website can have flaws in its protection) or third-party content (when you allow something once, because it is hosted on another site, every time you visit your trusted website, this third-party content can be changed).

So as soon as you add exception rules, your 'pseudo-deny' setup is as solid as the easier to use 'block http third-party only'. Remember with a whitelist you control things on your network or your computer. The "whitelist" of a webfilter, controls content hosted on someone elses computer. Because it is impossible to check whether the content is changed on that other computer, it is security wise not a whitelist (that is the reason why Anti-Executables check the hash of a whitelisted item).

The theoretical loss of protection of your more rigid uBlock (less user friendly) setup compared with my 'one adblock filter rule ONLY' setup is compensated by using the build-in options of Chrome (only allowing scripts on some high-level domains, blocking 60-80% of the malware sources), ergo my 95% uBlock with 60-80% Chrome protection, is problably as good as your (less user friendly) 97-98% protection uBlock in pseudo-deny state.

 

Shouldn't uBlock Origin's Dynamic URL Filtering be able to achieve this?

 

Inline scripts are a mistake from the passed. New HTML standards will reduce the risk and nuisance caused by inline scripts. The problem with inline scripts is that have to interpret inline scripts to determine whether they contain references to third-party content. Looking at the logs, I don't have the impression that it looks into inline scripts, it allows or blocks inline scripts. But ask the developer.

To be honest, given the limitations which extensions have in Chrome (which is good thing, browsers which are less restrictive are also less secure), it is a remarkable feat that Gorhil managed to achieve blocking of inline scripts in Chrome. The writer of the original Firefox Noscript for instance did not have a clue on how to achieve this and therefore never ported Noscript to Chrome (*).

Note *
Let me make clear that I don't want to put Giorgio Maone away as a programmer with limited skills. On the contrary! Many of his Noscript innovations have been implemented in IE and Chrome itself and their engines. So all IE and Chrome users have also benefited from mr. Maone's ideas.

 

Hi guys,

I've been very happily using ublock origin for several months now. Thank you, gorhill, for this great utility.

I do have problems loading the comments section on some sites. One of them is www.theblaze.com.

I have tried turning off all ad lists. I have tried unblocking scripts both locally and globally (I see that the comments section at theblaze is javascript fired).

When I use the eyedropper to block the comments section (when ublock filtering is disabled for the site) I come up with www.theblaze.com###comContain. I then change that to www.theblaze.com comContain allow in the custom rules section, but it doesn't work.

I have searched this thread and found nothing. Does anyone know how to allow the comments section to get through?

Thanks much.

 

@paul1149

Hello,

It is impossible for me to say if your issue are the same or only similar but I have had that problem too, I mostly had problems with the "facebook plugin" that some sites use for the comments.

At first I thought it was a list in uBlock0 that caused it, but it turns out that it wasn't (for me at least)
I don't know what browser you use, I use the latest Firefox. What I did was that I created a new Firefox Profile so all about:config changes were default, installed uBlock0 and set it up the same way as when I had problems...and the comments section loaded just fine. So for me, a new Firefox profile sorted this, and it was not caused by uBlock0 in my case.

I would love to find out which changes I did in about:config that breaked this, but I simply don't have time to troubleshoot this anymore.

I am no expert on this so you may get better suggestions from others But this is how I fixed my problem with the comments section.

 

Thanks, @SweX . You got me thinking and I may have found the solution.

I should have mentioned that I'm on the Slimjet browser, a derivative of Chromium. I have four profiles, and I have tried this on others, but I now went back and tried it on the third profile, which is the 2nd-most clean. To my surprise, the comments section loaded.

I went back to my normal profile and Reset ublock to its default settings. Then I noticed that the block lists were now all out of date, so I corrected that. Still nothing.

But then I tried something that I had tried earlier but also neglected to mention in my post. I turned off Cosmetic blocking (third icon at the bottom of the toolbar menu). Surprisingly the comments now loaded in this profile. It seems something in the combination of Resetting ublock and refreshing the lists made Cosmetic Blocking work now. At least that's the best I can figure. So thanks much for getting me on the right road!

Does anyone know if it's possible to fine-tune Cosmetic blocking, or does cosmetic blocking have to be turned either all off or all on?

Thanks.

 

@paul1149

I was able to get the comments on a FF based browser with the following rule:

Code:

@@||ajax.aspnetcdn.com$script,domain=theblaze.com

 

Wow, that seems to work fine. I deleted the cosmetics allow Rule, then added yours as a Filter (it wouldn't "take" in Rules). Then comments loaded, and quite a bit faster than before. Is that because only comments are allowed by this filter, and all the other junk (and there is a lot of it) remains blocked? In any case, thanks much!

I should also add I'm on ublock-origin.

 

When will ublock include the Anti-Facebook filters?

Edit: "Anti-ThirdpartySocial" is already blocking Facebook?!

 

I also have the same problem even if I gave the new additional permission. How do I fix this?

 

O.K. problem solved by installing latest version...

 

using the eye-dropper element picker, i get a black screen that shows solid pink boxes as i hover over elements. as they are solid and not outlines or at least somewhat transparent it is horrendously difficult to ensure you have selected the element you intended. is there any way to fix this? also if you accidentally select the wrong one, there is no undo last function. wading thru menus to get to a point you can access the dashboard is also a pain. can you access the dashboard more easily somewhere i've missed?