Tiamati

Level 8
Verified
If you want to block Hyperlink Auditing with Adguard.

Open Adguard extension config
--> My Rules
--> put this:
||*^$ping

Done.
You can test if it's working here.

IMPORTANT: $ping only works for the version 3.4+ of the browser extension

edit: privacy badger and ublock are able to block it too (but they don't block beacon api)
edit 2: i tested with Chrome, Edge and Brave

edit 3: after adguard config, It should seem like this:

1588170163958.png

1588170015375.png
 
Last edited:

Tiamati

Level 8
Verified
Is this the right way? Added it to Content Blocking >> User Rules. Couldn't make it work.
Also for info, can this break things?
I forgot to mention that at the moment, $ping was added only for the extension version. I don't believe it would break anything. It does the same configs as other extensions (like pink block and probably clearURLs), by blocking ping and beacon API. If you find any incompatibilities, pls let me know.

1588170362735.png



When I enable 'Disable hyperlink auditing' in uBO in Ungoogled Chromium it shows the below picture. However, When I enable 'Block hyperlink auditing' in ClearURLs it shows the above picture. I think the one in uBO is NOT working

Both are correct. ublock origin blocks only Ping (hiperlink auditing) and CSP reportes (i'm posting an image only with ublock too). Privacy badger does the same for ping without blocking Beacon API and CSP reports.

Btw, I tried to make Adguard block CSP report trough rules like: (...)$csp=reports-uri or but it didn't work.

I don't use ClearURLS but it's probably that its configs cover beacon API too.

1588170641104.png


Adding your rule to AdGuard Adblocker it works when tested in Brave. Removed ClearURLs in Brave now since Adguard Adblocker can do its job

Brave acts like privacy badger and ublock (considering only $ping) even without any extension. Only Brave and Firefox are configured by default to disable hiperlink audition. So, unless you want to block API beacon too, there is no need to make any change in Brave.

@Tiamati My AdGuard Desktop by deafult settings blocks CSP Report. When I add your rule it doesn't block Beacon API nor Ping. What am I doing wrong?
Until now, the $ping command only works for the extension version 3.4+. I'll edit my post to make it clear. Ty for reminding me. I guess they will add to the windows version soon.
 

Attachments

  • 1588170767474.png
    1588170767474.png
    52.3 KB · Views: 66
Last edited:

Tiamati

Level 8
Verified
I wonder why you want blocking CSP. Gorhill say that's not needed

In 2017 Gorhil expressed some concern about CSP reports.

There are privacy considerations arising from CSP reporting, as spelled out in Reporting API / Privacy Considerations.

One key excerpt which explains well the rationale for the proposed new per-site switch (my emphasis):

That said, it can’t be the case that this general benefit be allowed to take priority over the ability of a user to individually opt-out of such a system. Sending reports costs bandwidth, and potentially could reveal some small amount of additional information above and beyond what a website can obtain in-band ([NETWORK-ERROR-LOGGING], for instance). User agents MUST allow users to disable reporting with some reasonable amount of granularity in order to maintain the priority of constituencies espoused in [HTML-DESIGN-PRINCIPLES].
I currently know no way in either Chromium or Firefox to "disable reporting with some reasonable amount of granularity", let alone do it easily.

I am also concerned that in the Reporting API document, it is said that network requests of the new Reporting API are made "out of band", which I believe could mean "behind-the-scene" in uBO parlance, and which is of concern as behind-the-scene requests are not fed to uBO's filtering engine by default.


Can you elaborate why would he say that is not needed? ty
 

security123

Level 26
Verified
Can you elaborate why would he say that is not needed?
I doesn't find that anymore but here some reading material about CSP:
&
 

Tiamati

Level 8
Verified
I doesn't find that anymore but here some reading material about CSP:
&

Yep. There is an article on ghacks talking about it too and exposing Gorhil opinion
 

security123

Level 26
Verified
Looks like nobody here use uMatrix.

Check this screenshots:

all requests blocked:
blocked.jpg

still all requests blocked, but allowed "frame":
blocked_with-frame.jpg

only Beacon request with allowed "other":
beacon_with-other.jpg

Beacon + CSP request with allowed "frame" + "other":
beacon+csp.jpg

All requests + allowed "hyperlink auditing" in uMatrix (disabled on above screens):
ping_allowed.jpg

So it looks like uMatrix can block every requests by itself :)
I will now try the AdGuard rule
 
Top