New Update [GUIDE] How to block Hyperlink Auditing with Adguard extension

[Tiamati]

If you want to block Hyperlink Auditing with Adguard.

Open Adguard extension config
--> My Rules
--> put this:

||*^$ping

Done.
You can test if it's working here.

IMPORTANT: $ping only works for the version 3.4+ of the browser extension

edit: privacy badger and ublock are able to block it too (but they don't block beacon api)
edit 2: i tested with Chrome, Edge and Brave

edit 3: after adguard config, It should seem like this:

 

[Parsh]

Is this the right way? Added it to Content Blocking >> User Rules. Couldn't make it work.
Also for info, can this break things?

 

[HarborFront]

When I enable 'Disable hyperlink auditing' in uBO in Ungoogled Chromium it shows the below picture. However, When I enable 'Block hyperlink auditing' in ClearURLs it shows the above picture. I think the one in uBO is NOT working

 

[HarborFront]

@Tiamati

Adding your rule to AdGuard Adblocker it works when tested in Brave. Removed ClearURLs in Brave now since Adguard Adblocker can do its job

 

[SeriousHoax]

When I enable 'Disable hyperlink auditing' in uBO in Ungoogled Chromium it shows the below picture. However, When I enable 'Block hyperlink auditing' in ClearURLs it shows the above picture. I think the one in uBO is NOT working

View attachment 238311



View attachment 238310

Works for me in uBlock Origin on Firefox.

 

[toto_10]

@Tiamati My AdGuard Desktop by deafult settings blocks CSP Report. When I add your rule it doesn't block Beacon API nor Ping. What am I doing wrong?

 

[Tiamati]

Is this the right way? Added it to Content Blocking >> User Rules. Couldn't make it work.
Also for info, can this break things?

I forgot to mention that at the moment, $ping was added only for the extension version. I don't believe it would break anything. It does the same configs as other extensions (like pink block and probably clearURLs), by blocking ping and beacon API. If you find any incompatibilities, pls let me know.

When I enable 'Disable hyperlink auditing' in uBO in Ungoogled Chromium it shows the below picture. However, When I enable 'Block hyperlink auditing' in ClearURLs it shows the above picture. I think the one in uBO is NOT working

Both are correct. ublock origin blocks only Ping (hiperlink auditing) and CSP reportes (i'm posting an image only with ublock too). Privacy badger does the same for ping without blocking Beacon API and CSP reports.

Btw, I tried to make Adguard block CSP report trough rules like: (...)$csp=reports-uri or but it didn't work.

I don't use ClearURLS but it's probably that its configs cover beacon API too.

Adding your rule to AdGuard Adblocker it works when tested in Brave. Removed ClearURLs in Brave now since Adguard Adblocker can do its job

Brave acts like privacy badger and ublock (considering only $ping) even without any extension. Only Brave and Firefox are configured by default to disable hiperlink audition. So, unless you want to block API beacon too, there is no need to make any change in Brave.

@Tiamati My AdGuard Desktop by deafult settings blocks CSP Report. When I add your rule it doesn't block Beacon API nor Ping. What am I doing wrong?

Until now, the $ping command only works for the extension version 3.4+. I'll edit my post to make it clear. Ty for reminding me. I guess they will add to the windows version soon.

 

[ForgottenSeer 85179]

I wonder why you want blocking CSP. Gorhill say that's not needed

 

[oldschool]

Removed ClearURLs in Brave now since Adguard Adblocker can do its job

Yes, except ClearURLs also prevents tracking injection over history API.

 

[Tiamati]

I wonder why you want blocking CSP. Gorhill say that's not needed

In 2017 Gorhil expressed some concern about CSP reports.

There are privacy considerations arising from CSP reporting, as spelled out in Reporting API / Privacy Considerations.

One key excerpt which explains well the rationale for the proposed new per-site switch (my emphasis):

That said, it can’t be the case that this general benefit be allowed to take priority over the ability of a user to individually opt-out of such a system. Sending reports costs bandwidth, and potentially could reveal some small amount of additional information above and beyond what a website can obtain in-band ([NETWORK-ERROR-LOGGING], for instance). User agents MUST allow users to disable reporting with some reasonable amount of granularity in order to maintain the priority of constituencies espoused in [HTML-DESIGN-PRINCIPLES].

I currently know no way in either Chromium or Firefox to "disable reporting with some reasonable amount of granularity", let alone do it easily.

I am also concerned that in the Reporting API document, it is said that network requests of the new Reporting API are made "out of band", which I believe could mean "behind-the-scene" in uBO parlance, and which is of concern as behind-the-scene requests are not fed to uBO's filtering engine by default.

Can you elaborate why would he say that is not needed? ty

 

[ForgottenSeer 85179]

Can you elaborate why would he say that is not needed?

I doesn't find that anymore but here some reading material about CSP:

sticky: unofficial: the extension csp header modification game [1462989 + 1635781 resolved 78 / ESR78.1] · Issue #664 · arkenfox/user.js

Anyone want a game of craps? required reading: #265 bugzillas: 1421725, 1417249 marked duplicate of 1477696, and 1462989 short description: when two or more extensions use CSP injection to modify h...

github.com

&

uBO is blocking legitimate CSP reports. · Issue #3140 · gorhill/uBlock

Describe the issue uBO is blocking the sending of legitimate CSP reports. One or more specific URLs where the issue occurs I have a policy setup on https://scotthelme.co.uk which fires multiple rep...

github.com

 

[Tiamati]

I doesn't find that anymore but here some reading material about CSP:

sticky: unofficial: the extension csp header modification game [1462989 + 1635781 resolved 78 / ESR78.1] · Issue #664 · arkenfox/user.js

Anyone want a game of craps? required reading: #265 bugzillas: 1421725, 1417249 marked duplicate of 1477696, and 1462989 short description: when two or more extensions use CSP injection to modify h...

github.com

&

uBO is blocking legitimate CSP reports. · Issue #3140 · gorhill/uBlock

Describe the issue uBO is blocking the sending of legitimate CSP reports. One or more specific URLs where the issue occurs I have a policy setup on https://scotthelme.co.uk which fires multiple rep...

github.com

Yep. There is an article on ghacks talking about it too and exposing Gorhil opinion

 

[HarborFront]

Yes, except ClearURLs also prevents tracking injection over history API.

If history is cleared on exit will it prevent tracking injection over history API..................well, unless one wants to keep history?

 

[ForgottenSeer 85179]

Looks like nobody here use uMatrix.

Check this screenshots:

all requests blocked:


still all requests blocked, but allowed "frame":


only Beacon request with allowed "other":


Beacon + CSP request with allowed "frame" + "other":


All requests + allowed "hyperlink auditing" in uMatrix (disabled on above screens):


So it looks like uMatrix can block every requests by itself
I will now try the AdGuard rule

 

[oldschool]

Looks like nobody here use uMatrix.

I don't know why, but looking at the GUI makes my head spin!

 

[HarborFront]

Works for me in uBlock Origin on Firefox.

Now, in FF, I disable hyperlink auditing/block CSP reports in uBO, disable hyperlink auditing in ClearURLS and disable ping protection in Trace I get the following