µMatrix - the HTTP Switchboard successor

Discussion in 'other software & services' started by tlu, Oct 25, 2014.

  1. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    I just changed to allow 1st party images only and I'm just adding allow to individual 3rd party images where needed. Kills a lot of unnecessary crap I don't need.
     
  2. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,902
    1. Switch to global scope and click the css and image column headers in order to disallow them.
    2. Click the css and image cells in the 1st-party row in order to allow them.
    3. Save those rules with the padlock.
    4. Switch back to domain-specific scope.
     
  3. intel

    intel Registered Member

    Joined:
    Mar 17, 2016
    Posts:
    6
    I know that I can do that, I wonder if there's any real privacy improvement. Disabling even third-party CSS and images breaks a lot of sites, for example Reddit, Steam and The Guardian.
     
  4. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,902
    Well, blocking 3rd party images prevents web bugs. However, the included hosts files in uMatrix already block virtually all adservers and trackers. And most tracking pixels are also blocked by the Adblock Plus - filterlists used in uBlock Origin. So no - I don't think that there is any real privacy improvement.
     
  5. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    864
    Location:
    Canada
    To add to this: even without blocking 3rd-party images/css (and whatever else passive content used as web bugs), and without using uBO with EasyPrivacy and such, web bugs can be taken care in uMatrix with the following settings:

    - Blocking 3rd-party cookies -- this can be done in the browser, and/or using * * cookie block in uMatrix.
    - Enabling "Clear browser cache every [...] minutes" in uMatrix.
    - Enabling "Spoof HTTP referrer string of third-party requests" in uMatrix.
     
  6. 7hohPAyXMd

    7hohPAyXMd Registered Member

    Joined:
    Mar 7, 2014
    Posts:
    11
    When I have any Google page open, and then go to any website from my locally saved browser bookmarks, I see references (cookies, images, XHR) to Google in uMatrix.

    sample screenshot:
    Untitled.jpg


    Does anyone know what is happening exactly?
     
    Last edited: Mar 29, 2016
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,018
    3rd-party data
    there is absolut no need for your settings as given. but you block cookies for wilders, that is 1st-party data

    my first lines
    in special the last 4 lines seems weird but so many sites are loading stuff from that servers to work proper and it has nothing to do with spying.

    your google may be a result of an insertation of a google plugin. check your plugins - wilders dont show google here.
     
  8. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    You're seeing the referral page. If you go to the privacy setting and check off spoof HTTP referer that should stop.
     
  9. 7hohPAyXMd

    7hohPAyXMd Registered Member

    Joined:
    Mar 7, 2014
    Posts:
    11
    Thank you for the reply but I'm not sure I understand your post completely. I don't have any Google plugin. And this issue is not limited to wilderssecurity.


    Thank you for the reply. I did not have spoof HTTP referer enabled in uMatrix settings.

    This happens ONLY if I am logged in to a Google service, and then browse away to another site.
     
  10. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    Sorry I may have said that wrong - I meant to check the box for http referer.
     
  11. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    830
    Location:
    Ireland
    I have noticed, if scripts are enabled for google.ie, when I click on a result, google.ie is shown in the matrix of that result. "Spoof HTTP referrer string of third-party requests." makes no difference.

    umatrix.jpg umatrix2.jpg
     
  12. dmiranda12

    dmiranda12 Registered Member

    Joined:
    May 28, 2016
    Posts:
    1
    Location:
    Timbuktu
    Thanks for your work on this. I installed this extension and ublock origin last night, and after getting rid of adblock plus and noscript, I have started playing around. As https://github.com/gorhill/uMatrix/wiki/Examples-of-useful-rulesets, you touch briefly on facebook. I managed to make it work fully, including videos from FB and youtube (have not ried yet with googlevideo) with the following settings. I wonder if they could be further constrained. Please note that I am blocking all the FAMA + Yahoo and Google by default. I add also rules for google that get me most of search and gmail. Thanks for your work in this!
    • facebook.com * block
    • facebook.net * block
    facebook.com akamaihd.net * allow
    facebook.com facebook.com * allow
    facebook.com facenet.net * allow
    facebook.com fbcdn.net * allow
    facebook.com staticxx.facebook.com frame allow
    facebook.com www.facebook.com frame allow
    facebook.com youtube.com * allow
    facebook.com youtube.com frame allow
    facebook.com ytimg.com * allow

    * google.com * block
    google.com google.com * allow
    google.com google.com frame allow
    google.com ssl.gstatic.com script allow
    google.com www.gstatic.com script allow
     
  13. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,902
    For those of you who are using uMatrix on Firefox alongside Noscript: They work together well if you globally allow scripts in Noscript. However, there was an incompatibility discussed in this issue which is fixed in uMatrix 0.9.3.5rc2 released just a couple of minutes ago. Available in the dev channel on AMO.
     
  14. DickP

    DickP Registered Member

    Joined:
    May 27, 2011
    Posts:
    12
    Noticed that on Amazon's pages, many CSS and image files are treated as "plugins", is that a bug?

    uMatrix_Amazon_plugins_2016-07-15.gif

    uMatrix 0.9.3.6 on Firefox 45
     
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    40,385
    I see it in the log too.
    uMatrix 0.9.3.6 (Firefox 48beta + Palemoon 26.3.3)
    But i can't see them in Chrome.
    Then it's maybe a firefox-related bug.
     
  16. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    I have several amazon url's default to allow. There are almost ubiquitous so many sites use amazon servers.

    amazonaws.com script allow
    amazonwebapps.com script allow
    images-amazon.com * allow
    s3.amazonaws.com * allow
    ssl-images-amazon.com * allow

    and at least one set to block

    amazon-adsystem.com * block
     
  17. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,018
    nice list, thank you. but instead allow you should stick with noop in parts

    allow means allow all - noop means allow but not ads content (eg. ad scripts)

    PS i use amazon germany, not outside. com is for product research only
     
  18. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    Noop in uMatrix?
     
  19. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,902
    There are no noop rules in uMatrix.
     
  20. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    I know that. Geezus.

    I was responding to the rather condescending post by Brummelchen telling me in a uMatrix thread that I should 'stick with noop'.
     
  21. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,902
    I know - my post was meant to confirm you :)
     
  22. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    740
    Location:
    United States
    Sorry to snap at you.
     
  23. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    4,018
    sorry, was wrong (ublock). in uM it should called "inherit" which obeye superseeded rules
     
  24. Auxigen

    Auxigen Registered Member

    Joined:
    Dec 14, 2016
    Posts:
    3
    Location:
    Germany
    Deactivating does not work / Missing log entry

    What exactly is the difference between deactivating uMatrix for a given domain (in the add-on's UI) and deactivating the add-on altogether (in Firefox's about:addons)? When deactivating it in the UI, the log does not show any blocked query but still the page does not load completely. Specifically, I cannot get https://developers.google.com/android/images#bullhead to show me the full page (including the file list) unless I completely de-activate uMatrix.
     
  25. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,902
    Well, this site works for me without the need to deactivate uMatrix (if the right cells are whitelisted). Something else must cause this. Have you cleared the cache before loading that site again?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.