R. Hill Profile picture
7 Apr, 11 tweets, 4 min read
Of interest to advanced users.

uBlock Origin can function as a fully-fledged script blocker in default-deny mode:

1) Check "Disable JavaScript" in Settings pane
2) Enable "Medium mode"

Result when visiting a typical webpage (note the "domains connected" figure, and the pluses in overview pane in the screenshots).

Only passive content resources allowed, such as images, CSS, etc.
Result when turning off the no-scripting switch.

This will allow only 1st-party JavaScript to execute.
A capability specific to uBO: allow scripts from a specific 3rd-party domain, but ONLY for the current site: scripts from disqus\.com are given permission to execute. With NoScript, allowing disqus\.com would allow it everywhere, on all sites.
But then if you really want to allow disqus\.com everywhere by default, it's just a matter of creating a global rule for it.
If you do not have time/patience to find the minimal set of 3rd parties which are needed to un-break a site, you can also just remove the block rule for all 3rd-party scripts (and frames) -- this will affect ONLY the current site.
If you have block rules for specific domains, they will still be enforced when removing the block rule for 3rd-party scripts, because they are more specific.
Note that at any step, uBO creates rules which are temporary. Use the padlock if you want to keep the changes -- this ensures you are not bloating your ruleset with every single change. Typically, your permanent ruleset is for sites you visit regularly.
Gray ("no-op") rule means "remove block rules affecting this cell, but keep applying filters from lists".

When you disable block rules, you will never ever end up being less protected than you would be with default settings/lists ("Easy mode" in graph).
You can assign a keyboard shortcut to the "Relax blocking mode" command, to lower blocking mode in steps, without having to visit the popup panel:

No JavaScript => No 3rd-party JavaScript => block as per filter lists.
Sorry for the noise, I had to re-post one of the tweet, it had too many typos in it, and I want to be able to use this thread as a reference.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with R. Hill

R. Hill Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @gorhill

5 Apr
These instances of wrongdoings have been made public 11 years ago by Wikileaks
I have this mental image of a large dark canvas representing all the wrongdoings still not brought to light with a few pixels representing the light shone on the instances reported in this documentary Image
Excerpt, @johnpilger: "You must remember that the attack on Iraq -- although presented as a war -- was not a war, it was so one-sided, and it became an attack on the civilian population"
The same documentary on Youtube if you have issue playing it with the other link:
Read 5 tweets
31 Jul 20
Too often I hear misinformed statements regarding JS-based content blockers -- worse when made in an authoritative manner.

So here I benchmark uBO's static filtering engine (responsible for enforcing EasyList et al.) with over 820K network filters.
This is the results using the built-in benchmark:
github.com/gorhill/uBlock… (you can try it for yourself).

I get ~11µs/request on average, which is no different than if I had benchmarked with just the default filter lists.
This is uBO's memory footprint with the over 820K network filters after visiting the 30 sites on the front page of HN, and after closing the tabs and leaving the browser idle for a minute.
Read 7 tweets
24 Jun 20
An article concerning "Acceptable Ads" product from @ResPrivacy:

My thoughts regarding some parts of the article.
We do not actually know whether the several "Acceptable Ads" products are completely independent of each other:

Adblock Plus → Eyeo
Adblock Browser → Eyeo
Crystal → Eyeo
AdBlock → BetaFish
AdBlock Premium → Betafish
uBlock (not uBO) → Betafish
Note that the same year (2015) BetaFish (owner of AdBlock) was sold to an anonymous buyer, a new investment item, 13.466K EUR (converted from USD), was declared on Eyeo's balance sheet -- described as "shares in affiliate companies".
Read 9 tweets
13 Jun 19
"Since Google's stated goal is to make ad blockers safer, The Register asked Google whether any ad blockers have actually abused webRequest. We've not heard back."

The abuse I've seen repeatedly is not of webRequest API: unethical blockers ripping the code base of legitimate blockers, but with an added permission which allows execution of remote code in extension context.

Just to show how easy it is to stumble onto these, I found another one within seconds (I believe this one uses code base of AdBlock despite "uBlocker" name).
Read 6 tweets
13 Jun 19
This changes nothing of what I said regarding uBlock Origin.

The "whole website" can still be seen by a passive webRequest API -- so why is "some sensitive data" even used as an argument to justify declarativeNetRequest API? Additionally, content scripts can also access sensitive data.
From uBO's perspective, a better wording is:

"Hey WebExtensions-capable browser, let me see all the network requests so that I can decide whether to cancel them according to my OWN matching algorithm, and report ALL what I see and do (and why I do it) to the user"
Read 7 tweets
30 May 19
It is not possible for uBlock Origin ("uBO") to retrofit its matching algorithm into the set-in-stone matching algorithm of the declarativeNetRequest API.
Matching algorithm logic of:

declarativeNetRequest API (Easylist-like filtering):

- if sb and not sa then block

uBO (*simplified* to not drown in details):

- if db then block
- else if not da then
- if sbb or (sb and not sa) then block
Also, I have this long-term goal of having a user's static filters take precedence over 3rd-party static filters:

- if db then block
- else if not da then
- if usbb or (usb and not usa) then block
- else if not usa and (sbb or (sb and not sa)) then block
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!