His work has saved me gigabytes, if not terabytes of data, and hours, if not days of attention time. Thank you very much gorhill. If you ever need a place to stay or just a coffee, you are very welcome.
10+ million users on the Chrome App Store, 1GB saved per year per user for say 5 years (pulling these numbers out of nowhere really but I think they’re fairly conservative) = 50 exabytes.
Not the person you responded to, but doing the same thing. Had tried NewPipe for a while and it was great at first, but at the time it would frequently crash and act janky in other ways that I can't quite remember now. The mobile site was just smoother, but it might be time to give it another try.
It can certainly break if YouTube changes something on their side, but I've never had huge issues, so it's probably not something that happens very often. But the mobile site is a good fallback option.
I do experience pretty regular issues, but in really specific areas: listening to long music playlists can get janky if they're left open across multiple days, sometimes videos stop working after that and I need to force quit and restart the app (I assume it's doing something to refresh some cookie or connection).
Mostly the benefits outweigh the downsides for me, for a lot of reasons: data export is a big one. The ability to download videos/audio is another. Background listening is another. It's also way more battery efficient than any of Youtube's official apps for video or music.
One thing I would recommend, the version in the offical F-Droid repo works, but you can also install the direct source in F-Droid, which will get updates/bugfixes much more quickly.
Plus if you install the direct source in fdroid, it's signed by the same key as the official releases, so if you don't want to wait for fdroid to update all the other random repos you're too lazy to remove, you can still update directly from the notification/app/website.
I tried something like that - E: YouTube Vanced - but apparently sideloaded it from the wrong place and nearly got my identity stolen.
Long story short, it tried to use my phone as a disposable phone number. For about a month I was getting messages from adult dating sites, verification numbers for all sorts of services, and a few phone calls from bitcoin banks trying to verify my ID. Had I given the app permission to read my text messages, it would have been a catastrophe. Fortunately, I didn't and nothing bad happened.
I've been using the eye dropper a lot lately. It's great for making websites usable. It even works on mobile for disabling hostile ux elements such as "xyz is better with the app" nags.
I must’ve purged over 50% of visual elements from Fandom wikis with my uBlock filters. It’s outrageous how much garbage is served. I wonder what their UX design meetings look like.
A site:reddit.com/r/DaystromInstitute/ search with a plugin to redirect www. to old. if you're not logged in can replicate a lot of what Memory Alpha has from all the discussion. At least until Reddit finishes alienating everyone interested in weird niche discussion in favor of clickbait.
Even for areas where there is a community wiki (e.g. uesp, combineoverwiki), Google seems to prefer the Wikia/Fandom version with all the crap on the pages.
And a lot of those community wikis that originally set up not on Wikia intentionally, like minecraft, terraria and wowpedia wikis, ended up on Gamepedia which Wikia took over and reeled them back in.
Similarly, disabling the social features on SO was very useful. The "Hot network questions" block to the side is needlessly distracting and adds 0 value.
Well, the icons are just terrible, utterly insipid and lacking in power. It needs labels rather than icons, and better names for “zapper” and “picker” too (something like “remove elements from this page” versus “block elements from this site”).
I’m not sure if browsers apply height limits to these popups, but if not, almost every time there will be oodles of space for full labels and replacing the two single rows of buttons with columns. And even if scrolling is introduced, that’d still be better.
At least they now have tooltips - I remember when choosing "Advanced mode" (which you need for a lot of features) just disabled tooltips in the UI, on the theory that advanced users shouldn't need them! I (and likely many others) argued how crazy an assumption that was, that just because we understood how HTML and JS worked, we should remember a bunch of icons and what the dev decided they meant. Thankfully they were willing to listen and change the decision, and the UI is a lot better for it.
If you have some pull here, it would be really nice to have popups added to the grid in the middle of the dropdown where the colored boxes are. I use these very rarely and can never remember which column of colored boxes do what.
This is one of the best hidden features of uBlock. While we're on the topic, how does one effectively block facebook ads?
I've got simple rules to chop the ads from LinkedIn, but if you do an inspect on FB, they've been very sneaky about how the elements are set up, eg it doesn't just say "Sponsored" in a string, it's a weird mash that ends up looking like that when rendered but hard to nail down.
Then again I'm more of a backend dev, so maybe that's why I don't know what to do.
> weird mash that ends up looking like that when rendered but hard to nail down.
It is designed to be very hard to select automatically. It is also why I don't use Facebook more than 5 minutes a week - it is among the only services where ads annoy me.
> *Important News*: 4th September 2021: Sponsored Posts Issue: It seems Facebook have just changed their code for Sponsored Posts, so some people have started seeing Sponsored Posts in their Newsfeed again, I am working on fixing this, please be patient, thanks! *UPDATE* It seems for some people the sponsored posts are only getting through if your Newsfeed is set to "Top Posts", if you switch to "Most Recent", the Sponsored Posts should in theory disappear. The good news is that FBP has an option to keep you permanently on the "Most Recent" feed when you visit the Newsfeed, so that could possibly solve the issue for now, give it a try and let me know if that solves it for you. In the meantime, I will continue working on a more robust fix.
Open the FBP options screem by clicking the "FBP" button in the navigation bar at the top of the page.
Under the "Further options" heading there is a setting titled "News Sort: Most Recent". Tick that option, then click the "Save and Close" button.
As mentioned above this is not guaranteed to fix hiding the sponsored posts, but a lot of people are reporting success with it, as Facebook seem to pepper the "Top Posts" version of the Newsfeed with more ads than the "Most Recent" version, and "Top Posts" is Facebook's default setting for the Newsfeed.
This has the strange effect of removing every item in the feed, causing it to flash while waiting for a refresh, forever. Skeleton -> flash of new item -> skeleton -> etc
The eye dropper is also quite useful for writing userscripts and userstyles directly on Android; I tap the element, hit preview to see what happens (margins, padding, border collapse, etc), type a note at the end of the element name and sirens it to the clipboard, then move on. Back in the editor, I just paste my notes from the clipboard, and I can quickly write up a stylesheet override for a dynamic webpage without resorting to debugging on my desktop.
I don't understand why Firefox mobile can't be used to debug another Firefox mobile, I I'd love it if I could open devtools off to the side and see a live tree view instead of manually prefixing the URL with `view-source:` only to find out the html doesn't actually include any content.
This feature is so good but so confusing to use, really the best thing about ublock beyond the ad-blocking. I use very extensively, I almost wish it was a standalone tool, so that the filtering aspects could be shared more easily.
For some reason, Content Blockers on iOS only work on Safari. Other browsers on iOS are not allowed or able to implement them.
uBlock Origin is also more fully featured than Content Blockers, which don't have the on-demand whitelisting features and toggles. However, since uBlock Origin is only available as a browser extension, it can only be used with a browser that supports extensions. No browser on iOS is able to support uBlock Origin.
Firefox Focus on iOS blocks 78% with all tracker blocks are enabled, and 62% with the last “Block other content trackers” option disabled. Percentage figures are from test on https://d3ward.github.io/toolz/adblock.html.
Firefox Focus is a nice browser for certain use cases, but it can't compare to uBlock Origin, which scores 100% on that test for me on a fresh install with default settings (using Firefox on Android and desktop).
It's interesting how Firefox Focus on iOS also acts as a Content Blocker for Safari, but I find AdGuard to be more comprehensive on iOS.
Increasing YouTube ad display rates on mobile drove me to using the (somewhat clunky) AdGuard share button in safari that blocks ads when using YT in Safari. I’m just glad there is some option on iOS.
It is funny that Android has better adblock features (uBO on Firefox).
I was replying specifically to the first paragraph in the parent comment that other apps on iOS are not able to implement content blockers. Firefox Focus does appear to do just that. Obviously, not as effectively as uBlock Origin (thanks for testing!) but uBO isn’t yet available to install on Firefox on iOS.
(Edit since I can’t reply):
Firefox Focus does appear to implement iOS content blocker since it appears as an option under Safari settings for content blockers.
Firefox (standard and Focus) and other iOS browsers can block ads and trackers, but not as comprehensively as that API can. That API is limited to Safari due to platform restrictions, which I hope get removed in the future.
Firefox Focus appears under Safari settings > content blockers, along with more typical blockers like AdGuard. I think they both implement Content Blocker API.
The way Firefox Focus is implemented on iOS is a little complicated, since it's both a browser and a Content Blocker. As of 2017, Firefox Focus uses WKWebView as the webview component: https://github.com/mozilla-mobile/focus-ios/pull/507
WKWebView does not support the Content Blocker API. Ad blocking apps that use the Content Blocker API are only compatible with Safari and the SFSafariViewController component, which is very feature-limited and not suitable for a full web browser app:
As a workaround, Firefox Focus uses script injection to block ads and trackers within the browser part of itself, but the Content Blocker part of Firefox Focus only affects Safari:
However, both Firefox Focus and Safari (with the Firefox Focus Content Blocker enabled) score 78% on that test, so Firefox Focus might be good enough for web browsing on iOS if you're comfortable with its feature set and don't need the additional filter lists or custom rules that another third-party Content Blocker would offer.
Apple should still allow third-party browsers to use third-party Content Blockers, since this restriction is an unnecessary handicap for any non-Safari browser on iOS.
Brave on iOS only scores 77% for me with the default settings, which includes the "Block cross-site trackers" Shield setting. Do you have some other setting enabled?
One rather effective way to get much higher (approx 99%) on iOS is to use a DNS over HTTPS provisioning profile (or app), and use a DNS server that blocks ads.
If you run your own server, you can get to 100% by turning on blocking for a couple of hosts not in standard blocklists that this test has highlighted.
The DNS setting applies to most or all apps, as far as I can see, as it's applied as a system level provisioning setting. iOS 15 gives more visibility of this in the UI, but it works in iOS 14.
Yandex Browser on Android [which is based on Chrome] supports Chrome extensions. I'm running it with uBlock Origin, Privacy Badger and a few others. If an extension won't load directly from the Chrome Webstore you can toggle 'Developer Mode' under 'chrome://extensions' and load the downloaded and unpacked CRX directly.
I had high hopes for Kiwi Browser but, unfortunately its text-reflow feature has been broken since forever. Yandex Browser is the only one available on Android that ticks both those 'must have' boxes for me: full support for extensions and a functional text-reflow feature --without which a huge swathe of the web is unreadable for me, due to microscopic text sizes.
I know other browsers have their own built-in ad-blockers, but I prefer to use uBlock Origin across all my devices so, when I setup a new one, I can just import my existing rules & settings, built up and tweaked over many years, rather than start from scratch.
It also blocks the paywall in some webs that aren't too well designed (the content is loaded under a frame that hide it). It's great to have such a good tool.
I recently discovered that it also acts as a great anti-productivity page blocker. Simply add your top social and news addiction pages to the blacklist and you’re set.
I use Firefox only for work, which has helped me immensely to stay focused and not “just quickly check hacker news for the tenth time in an hour” (as much as I like to ;)).
I do something similar, I noticed that a link to a tweet in an article that I'm reading will always result in me clicking through and then wasting time catching up.
I used this filter, it makes twitter links look like normal text:
On my phone, I blocked the feeds for Hacker News, Reddit and a few other sites. I blocked notification badges on most sites. I can still get to individual pages from Google, but I can't mindlessly browse those websites.
It's really effective. I don't even know what to do with my phone any more.
> I don't even know what to do with my phone any more.
I hear there's some way you can use an app on your phone to have a voice conversation with someone else, but apparently you need to know a magic number?
I'm told there was even a time when the number only addressed a location, so you would have to figure out who was talking on the other end through a complex linguistic handshake.
And it didn't even have identity authentication, past a basic voiceprint!
Yes, the ability to block parts of pages is handy too.
I've not taken to blocking whole sites yet. But sites with "recommendations" attached to every page are a real distraction. I block them on stackoverflow, otherwise I end up reading about the etymology of some obscure word or advice for a dungeon master in a weird D&D scenario =)
Ironically, ublock origin does not work on this blog page & allows scripts such as google analytics to run because it is hosted under the umbrella domain addons.mozilla.org
I wish the exception for add-ons not working on the addons site would only apply to the actual add-on download portion of the site, and they don't host random non-addon-download content on the same domain.
> We now have two check boxes in our GA premium account that allows us to opt-out of additional usage of our data. Because Mozilla pushed Google so hard, those two check boxes are available to every other GA user in the world regardless if they have a premium account like we do. GA also doesn't track IPs or store PII within the tool.
I'm very confused. How the hell does Mozilla have enough lobbying power with Google to strong-arm them into providing an option for every user to undercut the very data collection Google provides GA for?
But this assumes you trust Google. Why would you trust an entity whose business model is against your interests and who has the ability to hide their misuse of data (given how many factors go into ad targeting, it's impossible to prove whether a particular ad was targeted based on data collected legally or not) and is big enough to successfully fob off privacy regulators (their consent flow is still not GDPR compliant)?
I just wish that they'd add a text or symbol in the top of the global and local dynamic filtering boxes. Every single time that I use it I have to look up which one's which, because it isn't obvious and I can't remember.
don't usually flex with tech but isn't uMatrix [1] just a little bit harder to learn and a million times more satisfying? at least on my often-used systems, I have a hard time imagining loading a website without being able to control the third party content in a matrix these days.
ublock can block everything umatrix can but reverse is not true. It had been the case from beginning but people are not aware. So I find ublock much more satisfying.
I think it might be true, but it's a lot harder to do uMatrix things in uBO, because the 'advanced mode' just gives you allow/disallow per domain, not the er matrix at CSS/image/media/scripts/XHR/frames/other granularity.
I think you can get that granular in the manual/text based rules edit of uBO in settings, but I stopped looking into it / considering switching fully at that point (I'd always used it in simple mode in addition to uMatrix, just to block cosmetic DOM stuff that uMatrix doesn't do) since I need it to be far easier and quicker than that, as it is jn uMatrix.
So switching to nuTensor (a light-touch security/necessary FF updates only sort of fork) has been on my to-do list.
My uMatrix default is all cookies blocked; third-party media, scripts, XHR, frames, other blocked. Of course I often then have to allow some third-party script, and I can do so in one click without also allowing XHR or frames to/from that domain.
uBO doesn't allow that (in the toolbar UI, 'advanced'/'more' mode), because it's missing the columns from the 'matrix', so you either allow/block a domain wholesale.
I don't really recommend it for anyone other than very bored devs, but it is very satisfying at times. The effort-to-utility ratio is honestly quite bad. Most of the *actually useful* functionality is redundant now with newer uBlock features.
I love the seratonin rush of one-click "disable 1p CSS" on an ugly website, or figuring out how to fuck with a clever-but-stupid paywall for the first time. :)
Also, the uMatrix UX is absolutely brilliant (that genius 2.5D green/red matrix).
If you want to avoid ads and tracking, the last browser you should use is Google Chrome. Google has been deliberately crippling Chrome so that ad blockers don't work properly.
uBlock Origin is amazing in that it has not succumbed to scammers. Every other blocker including AdBlock and the original uBlock have sold out to scummy companies. It's a problem with every successful browser extension, they all start getting offers from scammers to sell out.
We all owe a huge debt of gratitude that gorhill is a principled character and has stayed on to guide uBlock Origin all these years.
That's not an accident. uBlock Origin used to be called just "uBlock". The author of uBlock Origin gave up control of uBlock because he was frustrated with requests to the project.[0] He immediately regretted this decision, forked the original project and this event cemented his view that uBlock Origin would never be out of his control.
Absolutely. Ublock origin is probably one of the highest impact products on my life. I would have a measurably worse time if it didn't exist or didn't work as well as it does. And it is free!
The developer is a saint, and it just occurred to me that I should donate to their project.
Sadly uTorrent did succumb to darkness a while ago by bundling a bitcoin miner and other dodgy software with the client as installer opt-out checkboxes.
I’ve really been enjoying Firefox lately, and this just makes it better. I was historically suspicious of the idea of doing things in the browser, but for many things it now seems the most portable and privacy-preserving way to do most things, and I’ve given up many apps (e.g. I listen to podcasts now from the browser).
Using Firefox + uBlock will also increase battery saving - with uBlock Firefox makes fewer network connections (to the ads / trackers servers), fewer ad images / videos are loaded by the browser saving both processing power, memory and bandwidth, and cpu processing is reduced due to blocking of unwanted (ad / tracker) javascript.
From a French tech that deployed UO for quite a long time on hundred of computers, and stopped since a year or two :
UO started blocking or makes a lot of widely used french websites, hosters and services unusable since one or two year. Thus generating lots of requests and taking lots of time. Common webmail functions from french ISP and public services are impacted.
The blocking is done based on the filter list. Sounds like one of the included (and enabled by default) filter lists in uBO is causing issues.
Did you try disabling all uBO filters to see if the issue persists? If you can narrow it down to a specific filter list you can find the rule that is causing the issue and either disable that one rule or, better, raise a bug report so someone can look into what's going on and fix it in the filter list proper.
In case of trouble I use a browser without any extra Ad Blocker (Safari) but most of the time I surf with uBO installed on Firefox and Chrome. No need to switch back to ABP.
This a really interesting point I never considered, but Mozilla isn’t being paid by a ton of different advertisers to not implement blocking - are they? How would we know?
Side note, I would absolutely pay for a browser that rolled everything in without setting it up myself.
Still true. Apple makes money off adversting just like anyone else. they also get paid obsurd amounts of money to from Google to make them the default search engine in Safari.
I don't know why you are being downvoted for your curiosity.
To answer your question - it's because the major source of revenue for browser makers is search engines. Google, Yahoo, Bing etc. pay browser maker money to bundle their search engine in the browser, and also share a small percentage of revenue with them. Search engines make money from advertising. So obviously they discourage browser makers from including ad blocking tech in browsers. (Look at the money involved - Google Said to Pay Apple $15 Billion to Remain Default Search Engine on Safari in 2021 - https://gadgets.ndtv.com/apps/news/google-apple-default-sear... ... and you can understand why it is so difficult to say no to it).
Re the downvotes, I talk too much like Reddit. Dw though I don’t fall for the endorphin trap of seeking approval from my peers; it deters original thought.
Also this accounts a burner so I guess I do fall for the trap but downvote away if you like.
I too often wonder about this. The answer is conflicts of interest. We can't trust Google to maintain an effective ad blocker. Firerox is also funded by Google.
I too love ublock but your statement just smacks of stupidity. I don't want a mainstream browser to be so opinionated as to take it upon itself to block various domains. And the meme of calling everything you don't like "absolutely insane"... Take that shit back to Reddit imo
Sure, I get the censorship issue but there’d be nothing stopping you select a blocklist which you politically and socially align to. AFAIK unlock origin does this, so why baking that directly into the browser makes you so mad is beyond me.
And absolutely insane is a dig at this distopia where we’re allowing advertising companies to drive the technology which would arguably be more valuable than currency.
But sure, off to Reddit I go, just because you don’t like the way I talk.
I think your point about browser companies controlling blocklists is valid, particularly in the current landscape.
I’m all for data privacy and freedom of speech, but i also think we need to place revocable trust in other parties to curate our data in a way that improves signal to noise ratios while not impeding on actual freedoms (lest we revoke our trust).
But also browsers should just disable auto play videos they’re damn offensive.
Was worried about running all my web history through this extension for privacy reasons, has anyone gone through the source code to verify uBlock Origin’s privacy policy?
Please don't use DoH as an evil advertising bogeyman. It's a huge win in the fight against censorship and surveillance, and everything that it lets advertisers do can be equally done by hardcoding an IP address in the app instead.
And I already use trusted DNS providers (over TLS) so it's not really an issue. My provider can't see my DNS lookups. Also, in the EU providers are not allowed to use deep packet inspeciton so they only know your queries if you use their own DNS.
Hardcoding an IP is really difficult to do for adtech providers for 2 reasons:
1) They usually subcontract to cloud providers that don't
guarantee IPs
2) It breaks SNI (Server Name Indication), also heavily used on cloud services
There's better ways to do secure DNS than DoH, like DoT (DNS over TLS)
I like secure DNS but I still want my own server to be the middleman. With DoH this isn't easily possible, especially on mobile due to the root CA issue. DoH is normally implemented using a major player like CloudFlare. Sure, they promise not to look at it. But the phrase "Don't be evil" still is pretty fresh in my mind.
But anyway, it's a moot point. Even if we could block DoH somehow (we can't due to certificate pinning and Android no longer allowing to add a global root CA since Android 7), app providers could just implement their own lookup system or something. Whether we like DoH or not it's here to stay.
Sure, but that's only because your computer can't distinguish your Pi-hole blocking DNS to block ads from an evil ISP blocking DNS to censor you. And if your device supports DoH, can't you just point it to one of the many publicly-available DoH servers, or set up a DoH server on your Pi-hole and then point at that?
> It breaks SNI (Server Name Indication), also heavily used on cloud services
They can just hardcode the IP in the hosts file, not in the client program. Then SNI will still work normally.
> There's better ways to do secure DNS than DoH, like DoT (DNS over TLS)
Then the people who want to do censorship and surveillance will all just block port 853. It's a feature that DoH is hard to distinguish from other HTTPS traffic.
> I like secure DNS but I still want my own server to be the middleman. With DoH this isn't easily possible, especially on mobile due to the root CA issue.
Can't you set up your own DoH server with its own domain name, get a Let's Encrypt certificate for it, then point your mobile device at that?
> DoH is normally implemented using a major player like CloudFlare. Sure, they promise not to look at it. But the phrase "Don't be evil" still is pretty fresh in my mind.
Isn't the alternative that your ISP is definitely looking at it?
> Can't you set up your own DoH server with its own domain name, get a Let's Encrypt certificate for it, then point your mobile device at that?
Yes. But what’s the angle here? You trust “ISP(s) hosting your DoH server” but not “ISP providing phone connection?”
Might be a legitimate reason for that, but ultimately as with all these discussions it’s just a matter of who you’d rather give the data to.
And your ISP will still be able to see from SNI for the most part so… it boils down to “my ISP can see anyway (via SNI), should I also let someone else see (DoH provider)?”
> Yes. But what’s the angle here? You trust “ISP(s) hosting your DoH server” but not “ISP providing phone connection?”
Your own DoH server could just do the filtering you want and then hand off the work to another real DoH server like Cloudflare's.
> Might be a legitimate reason for that, but ultimately as with all these discussions it’s just a matter of who you’d rather give the data to.
True, but in most of the USA, your ISP is the least trustworthy choice for who to give your data to.
> And your ISP will still be able to see from SNI for the most part so… it boils down to “my ISP can see anyway (via SNI), should I also let someone else see (DoH provider)?”
> Then the people who want to do censorship and surveillance will all just block port 853. It's a feature that DoH is hard to distinguish from other HTTPS traffic.
Not an issue here in the EU. Alternative DNS is not blocked. Providers sometimes block the pirate bay but they're never obliged to block alternative DNS and they're not allowed to anyway as they're not allowed to do Deep Packet Inspection.
> Isn't the alternative that your ISP is definitely looking at it?
No, this is not allowed in the EU. They can see it if you use their DNS. Otherwise not.
I understand the feature that hiding the DNS traffic among other HTTPS traffic brings, but this is mainly a feature in countries without strong privacy laws. For me I would prefer to separate the traffic so I can control it myself.
And really if I'm in a country with such invasive censoring I would prefer to use a VPN and avoid their prying eyes altogether. DNS is only part of the equation. IP endpoints still tell them a lot. Especially on IPv6 as there's no more need for SNI.
I'm just not sure if it's a good idea to obfuscate core protocols of the internet, just to avoid an issue in certain countries that is not very well solved by this anyway. At the same time I have to give up a lot of valuable statistics, troubleshooting data and validation about whether apps do as they claim.
However like I said I can't stop an app doing this, precisely for the reason it's obfuscated. I won't use it on my own network however.
> Can't you set up your own DoH server with its own domain name, get a Let's Encrypt certificate for it, then point your mobile device at that?
I don't want to bother with getting public domain names and validate their IP with Let's Encrypt just because I want to use them internally. The renewal process is really complex for something that doesn't have a public IP and I don't want to have my internal DNS available on the internet (it also contains local domain names only available on my LAN and P2P VPN)
In fact encrypting that traffic on the local segment doesn't really add any value for me. I just encrypt the outbound part (from the pihole) with DoT.
> They can just hardcode the IP in the hosts file, not in the client program. Then SNI will still work normally.
How would that work? I control my host file. Apps can not mess with it. Not on my computer and not on my phone.
It's great that you live somewhere where you don't have to worry about any of these things, but a lot of us aren't so lucky.
> And really if I'm in a country with such invasive censoring I would prefer to use a VPN and avoid their prying eyes altogether.
Those countries block VPNs.
> Especially on IPv6 as there's no more need for SNI.
I can foresee CloudFlare offering a single-IPv6 shared endpoint for the sole purpose of making eSNI/ECH remain effective.
> At the same time I have to give up a lot of valuable statistics, troubleshooting data and validation about whether apps do as they claim.
Can't you get this information directly off of your endpoint device, whether or not the traffic is encrypted over the network?
> How would that work? I control my host file. Apps can not mess with it. Not on my computer and not on my phone.
I was thinking more about IoT appliances when I wrote that. For programs on your phone or computer, they can tell their TLS library to use whatever SNI you want, so even if they did hardcode the IP in the client program, SNI could still include the right hostname.
But to win against “surveillance” you need to make a smart, conscious decision about who you want to give your browsing history to.
For me, I’d rather my ISP sees my DNS, than all that data is sent to some American mega-corp keen to hoover up every last datapoint about me they can.
My ISP can for the most part look at HTTPS SNI field and see all the domains I access anyway. So switching to say, Google DoH, only means that now Google have that list as well as my ISP.
> some American mega-corp keen to hoover up every last datapoint about me they can
That's a really good description of both Comcast and Verizon. Not so much of Cloudflare though - they seem to actually care about people's privacy.
> My ISP can for the most part look at HTTPS SNI field and see all the domains I access anyway. So switching to say, Google DoH, only means that now Google have that list as well as my ISP.
Isn't this just an argument to hurry up and get eSNI/ECH rolled out everywhere?
Sure Cloudflare are better than those other big US ISPs.
But for those of us in the EU, where such practices are illegal, we may want to think twice about giving our data to Cloudflare (who are subject to requests from US govt for instance.)
Even in the EU, couldn't there still be a privacy benefit? Set aside for a minute what's legal and illegal, and just consider what entities are capable and incapable of. By using a DoH provider (that sees what domains your client IP is looking up) other than your ISP (that knows that your client IP goes with your real-life identity), there's now no single entity capable of associating your real-life identity with which domains you've looked up.
DNS over HTTPS. It is a new(ish) way to do lookups that deals with the insecurity of most DNS setups (where packets are often neither signed nor encrypted) by hitting a resolver over https. Often the application will hard code the resolvers it intends on using, which leads people to believe it is adtech as it allows apps to bypass blocking by PiHole and the like. It, like most tech, can be used or abused.
Once the system, or network admin would set the DNS servers up and everything on the system would use those. There is no reason why that paradigm couldn’t continue and move to DoH.
The other change is that applications are now bypassing the system-configured DNS and sending requests (and thus data about what you are looking at,) where the application wants. The “centralisation” issue also comes into this. But again, the change from a system-level to per-app setting could happen with regular old plaintext DNS.
DoH is part of the discussion in both cases, which clouds the debate.
I don't want to block ads on every site I go to, and having an extension rather than a DNS sinkhole makes toggling between blocking and not blocking much simpler.
I find both are needed. It is nice to see that I block a huge amount of data from getting used up by ads when pihole block it. And just in case it gets through ublock. ublock is usually ahead of the more sophisticated attacks.
It’s probably not ideal tbh. You can whitelist stuff that’s blocked, but it involves logging into the admin console and whitelisting either manually or via a recently blocked request, easy enough for techies but I wouldn’t back it for non techies.
I use a fairly aggressive Pihole list that breaks stuff reasonably often, there may be less strict lists which are “safer” in this regard.
Some sites breaking was a complaint my wife had when I set all devices on our network to use the pi-hole.
To solve this I setup a Shortcut on her iPhone so she can simply say "hey siri, stop pi-hole" and it will turn off the pi-hole for 5 minutes using a simple web request. The pi-hole turns itself back on after 5 minutes.
A bookmark works just as well but she prefers to use Siri as she never remembers where the bookmark is lol. It is mostly on her phone anyway that something doesn't quite work right so Siri was the best solution.
I also have Wire Guard setup and our phones configured to connect to it always for mobile data and unknown wifi so all our connections are routed via our home internet connection and via the pi-hole. As I have stupidly fast home internet (10Gbit EPON with free.fr) it works fantastically.
I found the most frustration came from links in emails not working as intended. For some reason many companies, government agencies, and schools use metrics tracking on emails.
Pi-hole has a nice temporarily disable blocking feature on its dashboard to help in those cases. Simple click to whitelist is also available.
If you want dns-level ad blocking, there's also nextdns.io. You can also use it outside of your home network. I'm on their free tier and very happy with them.
At present Firefox on android only allows a limited range of extensions from Addons Manager, but you're right, uBlock Origin is one of them. I really look forward to them being opened up so I can build my own without any hassle.
Can someone help me understand the possible negative impact of running ublock? Eg do some sites not work unless you disable it, etc? If so how do you go all-in on ublock without undue frustration?
I browse a lot and I'm an uBlock user for many years now. I'm even using more strict settings than the default. Yet I've only encountered a broken page once. It's really a non-issue.
Most "sites" work entirely fine with uBlock. Sometimes there will be an issue with form filling and web-apps with built in tracking (via mixpanel or something) will break, but it's a seconds worth of effort to disable it on a particular site.
If you run into repeated problems you can set permanent rules allowing certain domains. Overall it's a very minor hassle in the scheme of things.
One possible negative impact is being culturally out of touch due to not seeing ads. Otherwise I can't think of a negative. It's never broken a site for me but if it does you can just disable it from the toolbar.
Between uBlock Origin and PiHole, my web experience at home is so different from what I see visiting relatives and friends, it is startling. Yet, I cannot get (most) of them to try either one.
On chrome (and chromium based browsers afaik), the browser loads the web pages first and then loads extensions compared to firefox which loads extensions first and then the web pages.
just FYI, old.reddit.com still works (for now) and gives you the original site design including less bloat. you can use the "old" subdomain or enable it automatically in your preferences by un-checking the "enable new site design" setting.
visiting a particular page on the new reddit.com yeilded 27 blocked requests
visiting the same page on old.reddit.com with the same uBO set up yielded only 4 blocked requests
uBlock Origin is one of the 18 extensions that are pre-approved for use in Firefox for Android. To use any other add-ons from addons.mozilla.org, you'll need to use Firefox Nightly (https://play.google.com/store/apps/details?id=org.mozilla.fe...) and follow these instructions:
I'm not sure why Mozilla is refusing to allow these extensions on the Beta channel, since the WebExtensions support is definitely stable enough for Firefox Beta.
I'm not sure why companies think that restricting usage this way improves their product in any way. You need a different build, and an online account to do something that should require neither.
Heck, I can only partially understand the "click many times over crap" to enable experimental features, which should have been _enough_ to begin with (and certainly not a requirement in a beta build). How many hoops do I need?
After reading this, I was really /hoping/ Fennec would remove the requirement of having a Mozilla account, but no, you still need to create an account and an useless "collection".
TBH I use (and ever used) Firefox just due to the available extensions. The value proposition has decreased quite a bit with recent FF versions, and on Android uBlock is pretty much the only reason I stick to it.
I wish I had more alternatives, because clearly the browser duopoly isn't working.
uBlock Origin is cool, but the reason I stopped using it is that any web page stopped opening on my work PC. Never found out why, used Adblock Plus since. Considering going back now.
https://github.com/gorhill/uBlock/wiki