µMatrix - the HTTP Switchboard successor

Discussion in 'other software & services' started by tlu, Oct 25, 2014.

  1. fs2com

    fs2com Registered Member

    Joined:
    Sep 20, 2014
    Posts:
    118
    Okay I disabled Ghostery and try for couple of days to see how it works for me then tlu...
    After investigate looks like imgur is blocked by my Internet provider... I can access it using free proxy..
    So it's not because the extension lol...

    well cutting the ads will load up the page faster... so I prefer to get rid as much as I can
     
  2. oneeyed25

    oneeyed25 Registered Member

    Joined:
    Nov 26, 2013
    Posts:
    21
    Opera has the same extension framework as Chrome/Chromium. A few things have changed names, but overall it's mostly the same. So no there's no need to "port".
    Makes sense since Opera 15+ is just Chrome with speed dial.
     
  3. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    864
    Location:
    Canada
    I wonder if stormy-henderson is going to come back try the new version. At the time there was no way I could implement this with the code base as it was. I did try at one point to see if I could do it, but I gave up, there was just no way. And what I was trying to implement was the easier, inflexible way, i.e. no intermediate scopes, just the local one and then a jump to the global one (no such limitation with µMatrix).
     
  4. tlu

    tlu Guest

    I'm sure he would be delighted :) Raymond, you've done a great job :thumb:
     
  5. Pilou42

    Pilou42 Registered Member

    Joined:
    Oct 4, 2014
    Posts:
    66
    I don't know where you live but there's a good chance problem is on your side. I think Imgur is blocked only by companies proxy.

    PS: If you don't control your security tools, they are worst than virus.
     
  6. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I removed HTTPSB and got uMatrix from Chrome store. Thank you Raymond for reaching the official release of this.
    Now a few questions since I am a bit lazy to read all the documentation and also I would not probably understand them the right way:

    1. uMatrix is now on the default settings and it seems the settings for the 1st party allow everything. Scripts, cookies, plugin, XHR, frames and other. If I go to other sites will these allowed ones be able to spy etc. me etc. with them. If so, what to do with the 1st party settings? Set a more restricted template I guess to it with * scope? Or to block the 1st party option?

    2. Is the default domain scope safe enough or I better use www.site.x scope.

    3. I made a new rule for my public broadcast site: yle.fi akamaihd.net * allow. Will that mean that those sites are allowed everywhere now as also 3rd party ones?

    EDIT: The main meaning of this post is to get some advises for new users how to make uMatrix protect better than with the default installation settings. I have also uBlock and it is also with the default install ones, but my questions are for uMatrix. General advises how to make them work best together are also appreciated.

    Jarmo
     
    Last edited: Nov 8, 2014
  7. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,286
    Location:
    EU
    Any way to import rules from HTTPSB to uMatrix?

    Also, is uBlock now redundant with uMatrix? My set-up was HTTPSB+uBlock.
    Thanks.
     
  8. fs2com

    fs2com Registered Member

    Joined:
    Sep 20, 2014
    Posts:
    118
    As it turn out my country blocked imgur and vimeo starting this month... The gov tried to cut out the porn stuff or something...
    I think it is just plain stupid to just blocked the whole site... they just paranoid... while a lot of people complaining here when vimeo is blocked..
    Well I never know if vimeo and imgur are being used by someone to upload porn stuff... well no biggie since I can access it using proxy

    I don't quite understand your meaning of "If you don't control your security tools"... did you mean I had to control my AV in some way?
     
  9. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    864
    Location:
    Canada
    No way to import rules. Scopes are sandboxed in HTTPSB, and fully layered in uMatrix, so rules are incompatible. uMatrix is not redundant to uBlock, rather the opposite: "µMatrix and µBlock are both spin-off of HTTP Switchboard ... µMatrix inherited the task of matrix-based filtering, while µBlock inherited the task of pattern-based filtering"
     
  10. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    864
    Location:
    Canada
    For 1) and 2), I can't answer for you, you decide according to your own concerns. I am unable to answer with broad answers, I prefer specifics.

    For 3), the rule reads: everything from "akamaihd.net" will be allowed while visiting a web page on "yle.fi".

    For advices, the wiki has some, and I will add as time goes. Duplicating everything from the wiki to the forum here is too time consuming.
     
  11. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I understand Raymond, then what are the settings you are using for general browsing in internet in uMatrix?

    I used HTTPSB quite hardcore knowing it breaks a lot and will have uMatrix the same, except not too hc if it is not needed. I do hope that wiki gets expanded some more, maybe i am stupid but I could not find answers to my questions there.

    And I know you want uMatrix be easy used, but with the default install settings I do think NoScript does a better protection.

    Your answer to the 3rd questions satisfies me. It means akamaihd site is not allowed generally, but only what the yle.fi site needs :) I was thinking it is a multiple rule as general to both sites. I will be making yle.fi also www specific I think.
     
    Last edited: Nov 8, 2014
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,789
    Location:
    The Netherlands
    Very cool. Opera Blink currently does not have any good script-blockers available. :thumb:

    I didn't know that, I thought you had to modify it. I did read about some other Chrome based browser, I think it was Sleipnir, that claimed you can install Chrome extensions directly from the Chrome store. But apparently Opera has chosen to keep control of their own extensions.
     
  13. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    864
    Location:
    Canada
    Add "* * script block" to "My rules" and scripts will blocked from everywhere by default:

    Click Edit and paste the rule on a single line, then click Save.

    a.png

    Click Commit if you are satisfied with the rule.
     
    Last edited: Nov 8, 2014
  14. tlu

    tlu Guest

    How so ?
     
  15. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    Thanks gorhill, I will add that. What does doc mean? I think I will try to do those things from the matrix gui also for xhr, frames etc if that is possible to do. I am going to read that wiki some more before asking new questions. Usually I stay away from any non gui stuff, but as told I will add that script rule.

    tlu, I remembered wrong the Embeddings. NoScript also acts by allowing a lot for the whitelisted site so I stand corrected. It is just I had HTTPSB so tightly configured, this 1st-party thing feels allowing much in comparison. And NoScript does not whitelist the first party items automatically. Of course uMatrix has the blacklists to compensate some, but as a general privacy tool I feel the urge to change the default settings that it comes installed with.

    I must study uMatrix more, especially try to make sense of the gui. It looks like HTTPSB, yet many things are different.
     
    Last edited: Nov 9, 2014
  16. gorhill

    gorhill Developer

    Joined:
    Nov 12, 2013
    Posts:
    864
    Location:
    Canada
    "doc" is the root document loaded in a browser tab. When it is blocked you end up with the red-pattern block frame page.

    If all the rules on the 1st-party bother you, just un-whitelist "1st-party" and "frame" for the "1st-party" row while in the global scope. You will end-up like HTTPSB was originally.
     
  17. tlu

    tlu Guest

    You can also do the same in the matrix. Just select the global scope, blacklist any cell you want in the 1st party row and click the padlock.
     
  18. oneeyed25

    oneeyed25 Registered Member

    Joined:
    Nov 26, 2013
    Posts:
    21
    @gorhill : could you implement some sort of profile system that applies pre-defined rules ?

    While rebuilding all my websites rules these past few days I've noticed most of them fall in categories, something like (my global is allow only css/images) :
    * COOKIES : allow cookies for source hostname
    * TRUSTED : allow all for source hostname
    * AD-HEAVY : block-all images except source hostname

    With profiles, it would be much faster when visiting a new site that needs custom rules. And if you provide pre-defined profiles with uMatrix, it might also ease the configuration for newbies...
     
    Last edited: Nov 8, 2014
  19. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    That was a good advise. I saved that setting for the 1st-party row on the global scope, doing so minimal change to the default installation one, but a radical change in how the protection works. Now also the 1st_party row makes actually sense to me. It is used as a toggle.

    Doing what you suggested one can surf with the paranoids safety of allowing only css and image. If the site looks good you can whitelist it so easy (using the non global scope) with the 1-st party toggle.

    From the protection/privacy point of view one can really understand that toggle only when starting with it being made blocked as a default setting for the unknown sites. So I really needed to do what you advised.

    EDIT: To tlu, I prefer keep all the things in the 1st-party whitelisted, except the frames. And as Raymond's advise to keep 1st-party blocked as default. I know it will make many sites not working, but when I need to whitelist them, it is easier to do so than if I had blacklisted any on the 1st-party as global:) And then put if I need to to them what restrictions I want and and to my fave sites also to add them as rules. Anyways thank you for your advise to you too.
     
    Last edited: Nov 9, 2014
  20. tlu

    tlu Guest

    I don't think that profiles are necessary as everything can be easily done in the matrix already:

    Let's take

    www.nytimes.com

    as an example.

    Just whitelist the cookie cell in the nytimes.com row, and cookies are allowed (-> graylisted) for all related sub-domains.

    Just whitelist the nytimes.com cell.

    Just blacklist the images column in the global scope and allow images in the 1st party row by default.

    I'm not convinced that this would be faster or easier. I guess, many users still think that they have to whitelist one cell after the other although it's much easier to simply whitelist the domain cell in the left column. In many cases addtional whitelisting for 3rd party domains (like brightcove.com, googlemaps, youtube, etc) will be necessary but this is also the case if you apply one of the profiles you requested. You would have to decide which profile to use, and in the second step additional finetuning would be probably necessary in most cases. Besides, how do you know beforehand which profile to chose in order to un-break a site? That's not obvious in many cases. And those profiles overlap. nytimes.com might be TRUSTED for you, so why don't you allow COOKIES although that site is rather AD-HEAVY. Oops ;)

    If you want to avoid this altogether - well, just whitelist the "All" cell in the matrix, and everything is allowed which is not explicitly blacklisted.
     
    Last edited by a moderator: Nov 9, 2014
  21. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,388
    Location:
    Canada
    I've been doing that for domains or especially sites like admin.brightcove.com I go to the Scope Selector, choose global scope, whitelist them, then back to the Domain scope, so then i don't have to repeatedly allow them for other domains.
     
  22. tlu

    tlu Guest

    Agreed! I'm doing the same.
     
  23. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    This extension seems great. Inspecting the 'My rules' tab along with the Rules syntax page in the documentation makes you understand how much better this protects than say NoScript in Firefox, I think. I know nothing about those Chrome behind the scene stuff. The default install allowing 1st-party automatically disabled to simulate how NS works of course.

    Anyone using uMatrix should disable dynamic filtering in uBlock, if they have it enabled. They are overlapping and doing the same thing. I guess dynamic filtering was introduced to uBlock for those people not using uMatrix.

    One question about the compatibility of these 2 extension: The uMatrix 'Hosts files' has all checked. The uBlock has '3rd-party filters' and some checked and unchecked files. I have not checked any more from the default install except one regional file of my language filter. Are those default install settings compatible between the 2 extensions?
     
  24. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,388
    Location:
    Canada
    Where is this Dynamic filtering option found?? I've looked all over for it in Options but can't find it.
     
  25. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.