New Update uBlock0rigin in Medium mode for Lighter and Stronger Protection, with Less websites breakage and hassle

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@koloveli

Are you sure uBo blocks man in the middle attacks? I don't think browsers compare network traffic from different network nodes to find out whether network traffic is intercepted. Intriguing how uBo would be able to discover man in the middle or man in the browser snooping. Do you have some links/info about this interesting uBo feature?
 

koloveli

Level 4
Well-known
Sep 13, 2012
191
@koloveli

Are you sure uBo blocks man in the middle attacks? I don't think browsers compare network traffic from different network nodes to find out whether network traffic is intercepted. Intriguing how uBo would be able to discover man in the middle or man in the browser snooping. Do you have some links/info about this interesting uBo feature?
i tested many years ago (i not have link)...
but you can test analyzing data in sites then acess via tool (inspector f12)...
 
  • Like
Reactions: Nevi

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@koloveli it "only" shows network requests

1622275195443.png

Software like SSLeye can compare SSL fingerprints by comparing the SSL fingerprint from several servers (link)
 
Last edited by a moderator:
  • Like
Reactions: Nevi

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
IMPORTANT UPDATE

I was reading on misuse of website data connections (e.g. third-party XMLHttprequest, Fetch, Websockets, etc) or hidden code in some data formats (remember the exploit which used the meta data of an image) and came across this post from Gorhill. Read his response "The only way to prevent this is to block all first-party scripts or third-party network requests"

1626341361100.png

Since blocking first-party scripts breaks all websites it is not an option for daily use, therefor it is better to change Kees1958 very easy medium mode setup from only blocking 3p-scripts and 3p-frames to blocking (all) 3p.

This might cause some websites to break (third-party CSS and images are also blocked now), but it prevents pulling in sneaky third-party code from top level domains you normally don't visit.

Suggested change, see picture below

1626341556100.png
 
Last edited:

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Using the tips of GorHill to falback from hard mode (blocking all 3p requests) to medium mode (blocking only 3p-script and 3p-frame), apply the following rules (save and commit them)
1626352186700.png



With one click you can NOOP the 3rd-party block for that website (see picture below) and re-establish the old blocking behavior (only 3p-script and 3p-frames allowed from whitelisted Top Level Domains)
1626369600300.png
 
Last edited:

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,609
IMPORTANT UPDATE

I was reading on misuse of website data connections (e.g. third-party XMLHttprequest, Fetch, Websockets, etc) or hidden code in some data formats (remember the exploit which used the meta data of an image) and came across this post from Gorhill. Read his response "The only way to prevent this is to block all first-party scripts or third-party network requests"

View attachment 259675

Since blocking first-party scripts breaks all websites it is not an option for daily use, therefor it is better to change Kees1958 very easy medium mode setup from only blocking 3p-scripts and 3p-frames to blocking (all) 3p.

This might cause some websites to break (third-party CSS and images are also blocked now), but it prevents pulling in sneaky third-party code from top level domains you normally don't visit.

Suggested change, see picture below

View attachment 259676
Have you got the source for this issue? I can't find it. :unsure:
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,609

rndmblk

Level 3
Nov 18, 2020
94
With one click you can NOOP the 3rd-party block for that website (see picture below) and re-establish the old blocking behavior (only 3p-script and 3p-frames allowed from whitelisted Top Level Domains)
Do you mean if you NOOP the 3rd-party block for a given website then only 3p-scripts and 3p-frames will be blocked for that website? When I tested it, I clicked 3rd-party and it changed to grey but 3p-script and 3p-frame stayed red i.e. blocking

Sorry Lenny, probably me just not understanding the blocking precedence
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
Do you mean if you NOOP the 3rd-party block for a given website then only 3p-scripts and 3p-frames will be blocked for that website? When I tested it, I clicked 3rd-party and it changed to grey but 3p-script and 3p-frame stayed red i.e. blocking

Sorry Lenny, probably me just not understanding the blocking precedence
Yes that is correct. When you have below rules
* * 3p * block
* * 3p-script * block
* * 3p-frame * block

and you noop 3p for that website, you fallback from hard mode to medium mode (only blocking 3p-scripts and frames). When you additionally noop 3p-script you falback from medium to easy mode. When you also noop 3p-frame you fallback to very easy mode (only using blocklists).
 

ErzCrz

Level 22
Verified
Top Poster
Well-known
Aug 19, 2019
1,168
Thanks. He considered it a non-issue while noting the overall threat environment and providing a fix for that click-jacking instance.

:LOL: One of my favorite artists! The Godfather of Grunge! :LOL:
🪨 Oh grunge memories from my growing up in WA, sadly to young to hit the bars/clubs around the time grunge came out but I knew people who knew people in bands etc.. Sorry for OT, just reminiscing.


Yes that is correct. When you have below rules
* * 3p * block
* * 3p-script * block
* * 3p-frame * block

and you noop 3p for that website, you fallback from hard mode to medium mode (only blocking 3p-scripts and frames). When you additionally noop 3p-script you falback from medium to easy mode. When you also noop 3p-frame you fallback to very easy mode (only using blocklists).
Thanks for clarification. Care to share your My Rules and My filters export?
 
  • Like
Reactions: Nevi and oldschool

qua3k

Level 1
Jul 18, 2021
19
@koloveli

Are you sure uBo blocks man in the middle attacks? I don't think browsers compare network traffic from different network nodes to find out whether network traffic is intercepted. Intriguing how uBo would be able to discover man in the middle or man in the browser snooping. Do you have some links/info about this interesting uBo feature?
WebExtensions can only request to see detailed certificate info natively on Firefox; other browsers would require your extension contact an external server to fetch certificate info. It isn’t really meant for preventing attacks and validating certificates isn’t the job of an extension in the first place.

I’m not sure why they equate content blocking to defending against MITM when that isn’t the case.
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,609
Thanks for clarification. Care to share your My Rules and My filters export?
Since you're already familiar with medium mode, you're probably better off using @Lenny_Fox 's core rules from post #106 bove and building the rest of your own rules as you surf. Or, combine your rules with his core and adjust as needed. My 2cents.
I’m not sure why they equate content blocking to defending against MITM when that isn’t the case.
Me neither. While the former can prevent some nefarious web elements, they are definitely not the same.
 

ErzCrz

Level 22
Verified
Top Poster
Well-known
Aug 19, 2019
1,168
Since you're already familiar with medium mode, you're probably better off using @Lenny_Fox 's core rules from post #106 bove and building the rest of your own rules as you surf. Or, combine your rules with his core and adjust as needed. My 2cents.

Me neither. While the former can prevent some nefarious web elements, they are definitely not the same.
Thanks ;)
 

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
@ErzCrz

I run Edge with two different Edge profiles Panda (for my bookmarks) and Ninja (for surfing). The Panda profile has most site permissions on block (see post on MalwareTips), Ninja hast the same with Microphone and Camera on block (in stead of ask). Ninja is the profile used when Edge starts.

I have copied MyFiles to Github, so my younger brother can also use them (link to my blocklists). In Panda profile I have uBlock Advanced mode disabled (only using Kees1958 lists and my own lists).

I copied my hardened Ninja profile settings below. I changed NL to UK for you. In the Ninja profile I use Easylist & EasyPrivacy optimized from Adguard.

! Block beacons, plugins and websockets everywhere
||*$ping,object,websocket

! Block potentially unsafe third-party content to unencrypted websites
|HTTP://*$third-party,~document,~stylesheet,~image,~media

! Block opening webpages on top level domains and countries I never visit
||*$document,~stylesheet,~image,~media,~script,~subdocument,~xmlhttprequest,domain=~com|~info|~io|~eu|~net|~org|~uk

! Inject javascript to blur Google FLOC interest tagging
*##+js(no-floc)

! Block switch to Chrome popop on google domains (search, maps, etc)
||ogs.google.*/widget/callout$all

! Block Google search URL paramater tracking
||google.*/search$removeparam=biw
||google.*/search$removeparam=bih
||google.*/search$removeparam=dpr
||google.*/search$removeparam=sa
||google.*/search$removeparam=source
||google.*/search$removeparam=aqs
||google.*/search$removeparam=sourceid
||google.*/search$removeparam=ei
||google.*/search$removeparam=gs_lcp
||google.*/search$removeparam=gclid

! youtube.com
||youtube.com/subscribe_embed?$third-party
||youtube.com/subscribe_widget$third-party
youtube.com###alert-banner > .ytd-browse > .yt-alert-with-actions-renderer
youtube.com###mealbar\:3 > ytm-mealbar.mealbar-promo-renderer
youtube.com###notification-footer
youtube.com###secondary-links
youtube.com###yt-feedback
youtube.com###yt-hitchhiker-feedback
youtube.com###yt-lang-alert-container
youtube.com##.yt-consent
youtube.com##.ytd-banner-promo-renderer.style-scope.ytd-banner-promo-renderer-content
youtube.com##.ytd-banner-promo-renderer.style-scope.ytd-banner-promo-renderer-background
youtube.com##.ytd-primetime-promo-renderer
youtube.com##.ytd-statement-banner-renderer
youtube.com##.ytp-ce-playlist
youtube.com##.ytp-pause-overlay
youtube.com##.ytp-title-channel
youtube.com##+js(json-prune, *.playerResponse.adPlacements)
youtube.com##+js(json-prune, *.playerResponse.playerAds)
youtube.com##+js(json-prune, 2.playerResponse.adPlacements playerResponse.adPlacements playerResponse.playerAds adPlacements playerAds)
youtube.com##+js(json-prune, 2.playerResponse.adPlacements)
youtube.com##+js(json-prune, playerResponse.adPlacements)
youtube.com##+js(json-prune, playerResponse.playerAds)
youtube.com##+js(set, ytInitialPlayerResponse.adPlacements, null)
youtube.com##div[class^="ytd-consent"]
youtube.com##ytd-popup-container > .ytd-popup-container > #contentWrapper > .ytd-popup-container[position-type="OPEN_POPUP_POSITION_BOTTOMLEFT"]
youtube.com#@##consent-bump
||gstatic.com/youtube/img/promos/*.jpeg$image,domain=youtube.com

no-csp-reports: * true
no-popups: * true

* * 3p block
* com * noop
* eu * noop
* io * noop
* info * noop
* net * noop
* org * noop
* uk * noop

behind-the-scene * * noop
 
Last edited:

czesetfan

Level 4
Dec 3, 2021
184
Why a seperate thread?

I got a few questions of the uB0 settings I posted in Old School's uB0 tips and tricks. In stead of stealing that thread I thought it might be better to create a new thread to explain these settings. I also got a question how to apply this on other browsers, so I left out the chromium specific settings, so members using Firefox can also apply these settings.

1. Stronger and lighter medium protection on HTTP websites.

Since let’s encrypt.org provides free DomainValidation certificates, 50% of the websites are encrypted now. Encrypted or secure websites have a padlock sign and have HTTPS before the domain, while unencrypted or insecure websites have HTTP (no last S of Secure) before the websites domain name.

While the DV-certificate ‘only’ guarantees that the website is operated by the person or organization claiming owning the domain, this low-level formality provides enough hassle for cyber criminals to choose the easy way and setup a HTTP website to source their malware. In the Netherlands a valid bank account and first payment to an official ISP is required to get a DV-certificate for your website.

uB0 alllows to write custom AdBlockPlus rules in the My Filters tab, lets write a AdBlockPlus rule to block nasty stuff from insecure/unsafe HTTP websites only (see picture below).

View attachment 215406

This simple single rule blocks all third-party requests (including XMLHTTPrequest, WebSocket, WebRTC, Ping, Object and ObjectSubrequests and Other e.g. beacons), so it provides more protection than uB0 medium mode protection which ‘only’ blocks third-party scripts and (i)frames (subdocuments in AdBlockPlus syntax).

When you enable this, you can disable the Malware Domain blacklist which are enabled by default in uB0, since 95% of the malicious websites are HTTP (insecure) websites. There are as many websites as there are people living on this planet, so a community maintained blacklist with 300.000 URL’s is only a water drop on a hot glowing plate. Also malicious websites are only active for days, so half of these Malware Domain URL’s are dead links anyway.

So with just one simple rule you can make uB0 lighter and have stronger than medium mode protection on HTTP websites! Together with Google's Safe browsing or Microsoft's SmartScreen this will provide excellent protection against malicious websites.


2. Less hassle and maintenance medium mode protection (on HTTPS websites)

Medium mode protection (blocking third-party scripts and frames) enhances security since it protects against cross site scripting on the websites you visit. It is much harder to completely take over a website (and plant first party scripts) than to use vulnerabilities in CMS systems or JavaScript Libraries to redirect to a websites which is operated by cyber criminals. Sadly uB0 medium mode also breaks most websites since most websites use third-party services to build, manage and operate their website. :(

Due to the increased popularity of adblock extensions many advertising and tracking services use URL, pixel and image-tags and other behind-the-scene tricks to circumvent third-party java script and (i)frame blocking. This reduces the effectiveness of medium-mode blocking against tracking and advanced advertising redirects. So medium-mode blocking breaks many websites while the benefits are declining in real world practice with modern day advertising and tracking services. :(

So why bother to enable medium mode protection anyway? Well when you look at data provided by Domain Name Services 50 percent of the malware originates from fancy Top Level Domains (like website.download, website.link, website.review, website.xys, website.zip, etc) and some country domains (e.g. Palua, Tokelau, Sint Maarten, Russia, Turkey, etc).

Most people only visit websites in their own or English language. So for me living in the Netherlands and not speaking Turkish,Russion, Ukraine or Chinese there is no much need to visit websites originating from these countries or having fancy (general) TLD’s.

With my internet habits most of the websites I visit have the TLD of NL (Netherlands), COM, NET and ORG. So by adding an exception (NOOP = no operant) for third-party requests to these TLD’s, I cut down the risk of malware on HTTPS websites by half again (this sounds spectacular but only reduces the risk from 5 to 2.5% :) ),

You need to enable advanced protection and add only a few rules to the default medium mode rules in My Rules tab (in my case only four NOOP rules to allow the COM, NET, NL and ORG Top Level Domains):

View attachment 215405

When you are English speaking in stead of NL (Netherlands), you could allow CA, IE, NZ, SA, UK, US or when you are German speaking in stead of NL you could NOOP the country codes D, AT, CH, when you are from Scandinavian language country (Denmark, Norway, Sweden or Iceland) you could allow DK, IS, NO, SE and when you are from Portugal you could enable the country codes of Portugal, Brasil, Angola, Mozambique, Cape Verde, Guinee-Bissau and so on.

So how does this work in practice? Let;s look at at website marked as malware

Let's use the Malware Domains List to evaluate the impact of these settings.
View attachment 215411

1. Stronger and lighter medium protection on HTTP websites.
When we go to the first active link 4dexports.com the website is displayed and it appears to look fine, because images and style sheets are allowed and all other third-party stuff is blocked by our single My Filters rule (HTTP://*^$third-party,~image,~stylesheet) as shown in uB0's logger which only see's the top document, CSS-style sheets and images (which are allowed by our single HTTP block rule)

View attachment 215409

2. Less hassle and maintenance medium mode protection
When we click on the uB0 icon, we can see that the third party references to the Google fonts is allowed (nooped because it is grey). When there was malware on this site it would be paralyzed (by our single HTTP block third-party rule) and only (remaining HTTPS) third-party references to COM, NET, NL and ORG Top Level Domains would be allowed by our Dynamic uB0 rules.

View attachment 215410


So how does this work in practice? Let;s look at at website known as goodware

1. Stronger and lighter medium protection on HTTP websites.


Because BBC.com is a HTTPS website, the static AdBlockPlus rule in My Filters has no effect
View attachment 215412

2. Less hassle and maintenance medium mode protection

Hey Kees, you promised less hassle, now the website seems to be broken! Yes that is easily explained by clicking on the uB0 icon. It seems that BBC.COM uses third party sources from CO.UK domains which we have not NOOPed (BBC.COM is dark grey means NOOPed, the two CO.UK domains are light grey, so have no exception)

View attachment 215413

How to fix BBC.COM?

Simply add a NOOP rule for the UK Top Level Domain.
View attachment 215414


BBC.COM will now render properly as third-party references to (country code) UK websites are allowed now

View attachment 215415

Less hassle and maintenance?

From now on all websites with third-party UK are NOOPed
View attachment 215417


But also websites with another TLD (e.g. INFO) which just use COM, NET, as third--party sources will render properly as this example shows. By clicking on the uB0 icon it shows that this INFO website only uses third-party references to COM and NET (and NL). Reason is that most web services have COM or NET or ORG as TLD, so even websites with a general fancy TLD (like hardware.info) will render properly (without adding a NOOP rule for INFO)

View attachment 215418

I only use My Filters (with most used add and tracking services) and DisConnect malvertising filter. Because Disconnect is used as default blocker in Firefox this list is clean and breaks near to zero websites.

View attachment 215419

I have attached my uBlock static filter list, so you can check how this ultra light uB0 setup works out for your browsing behavior.
My blocklist is based on WSTech research on most used ad and tracking networks and is offered as a default list in SmartAdBlock extension (the WsTech200 list), so it is not my determined by me (I would love to take the credits, but I just collected them and changed it in AdBlockplus format) :cool:

uB0 does not provide download protection, this is why uB0 was rated badly in a test. When you use a Chromium variant you can add a flag to close down the risk of drive-by's or unintended download of executables from HTTP websites.

View attachment 215421

TROUBLE SHOOTING TIP

Problem CNN.COM does not play VIDEO's.

STEP 1 NOOP 3rd-party scripts FOR THIS WEBSITE (you still have uB0 EASY and HTTP third-party protection )

in this example that was enough to allow videos to play (culprit was CNN.IO which was also blocked)

View attachment 215429



STEP 2 ALSO NOOP 3rd-party frames FOR THIS WEBSITE (you still have HTTP third-party protection)

View attachment 215430

How can ( it be edited to allow videos ?
Why a seperate thread?

I got a few questions of the uB0 settings I posted in Old School's uB0 tips and tricks. In stead of stealing that thread I thought it might be better to create a new thread to explain these settings. I also got a question how to apply this on other browsers, so I left out the chromium specific settings, so members using Firefox can also apply these settings.

1. Stronger and lighter medium protection on HTTP websites.

Since let’s encrypt.org provides free DomainValidation certificates, 50% of the websites are encrypted now. Encrypted or secure websites have a padlock sign and have HTTPS before the domain, while unencrypted or insecure websites have HTTP (no last S of Secure) before the websites domain name.

While the DV-certificate ‘only’ guarantees that the website is operated by the person or organization claiming owning the domain, this low-level formality provides enough hassle for cyber criminals to choose the easy way and setup a HTTP website to source their malware. In the Netherlands a valid bank account and first payment to an official ISP is required to get a DV-certificate for your website.

uB0 alllows to write custom AdBlockPlus rules in the My Filters tab, lets write a AdBlockPlus rule to block nasty stuff from insecure/unsafe HTTP websites only (see picture below).

View attachment 215406

This simple single rule blocks all third-party requests (including XMLHTTPrequest, WebSocket, WebRTC, Ping, Object and ObjectSubrequests and Other e.g. beacons), so it provides more protection than uB0 medium mode protection which ‘only’ blocks third-party scripts and (i)frames (subdocuments in AdBlockPlus syntax).

When you enable this, you can disable the Malware Domain blacklist which are enabled by default in uB0, since 95% of the malicious websites are HTTP (insecure) websites. There are as many websites as there are people living on this planet, so a community maintained blacklist with 300.000 URL’s is only a water drop on a hot glowing plate. Also malicious websites are only active for days, so half of these Malware Domain URL’s are dead links anyway.

So with just one simple rule you can make uB0 lighter and have stronger than medium mode protection on HTTP websites! Together with Google's Safe browsing or Microsoft's SmartScreen this will provide excellent protection against malicious websites.


2. Less hassle and maintenance medium mode protection (on HTTPS websites)

Medium mode protection (blocking third-party scripts and frames) enhances security since it protects against cross site scripting on the websites you visit. It is much harder to completely take over a website (and plant first party scripts) than to use vulnerabilities in CMS systems or JavaScript Libraries to redirect to a websites which is operated by cyber criminals. Sadly uB0 medium mode also breaks most websites since most websites use third-party services to build, manage and operate their website. :(

Due to the increased popularity of adblock extensions many advertising and tracking services use URL, pixel and image-tags and other behind-the-scene tricks to circumvent third-party java script and (i)frame blocking. This reduces the effectiveness of medium-mode blocking against tracking and advanced advertising redirects. So medium-mode blocking breaks many websites while the benefits are declining in real world practice with modern day advertising and tracking services. :(

So why bother to enable medium mode protection anyway? Well when you look at data provided by Domain Name Services 50 percent of the malware originates from fancy Top Level Domains (like website.download, website.link, website.review, website.xys, website.zip, etc) and some country domains (e.g. Palua, Tokelau, Sint Maarten, Russia, Turkey, etc).

Most people only visit websites in their own or English language. So for me living in the Netherlands and not speaking Turkish,Russion, Ukraine or Chinese there is no much need to visit websites originating from these countries or having fancy (general) TLD’s.

With my internet habits most of the websites I visit have the TLD of NL (Netherlands), COM, NET and ORG. So by adding an exception (NOOP = no operant) for third-party requests to these TLD’s, I cut down the risk of malware on HTTPS websites by half again (this sounds spectacular but only reduces the risk from 5 to 2.5% :) ),

You need to enable advanced protection and add only a few rules to the default medium mode rules in My Rules tab (in my case only four NOOP rules to allow the COM, NET, NL and ORG Top Level Domains):

View attachment 215405

When you are English speaking in stead of NL (Netherlands), you could allow CA, IE, NZ, SA, UK, US or when you are German speaking in stead of NL you could NOOP the country codes D, AT, CH, when you are from Scandinavian language country (Denmark, Norway, Sweden or Iceland) you could allow DK, IS, NO, SE and when you are from Portugal you could enable the country codes of Portugal, Brasil, Angola, Mozambique, Cape Verde, Guinee-Bissau and so on.

So how does this work in practice? Let;s look at at website marked as malware

Let's use the Malware Domains List to evaluate the impact of these settings.
View attachment 215411

1. Stronger and lighter medium protection on HTTP websites.
When we go to the first active link 4dexports.com the website is displayed and it appears to look fine, because images and style sheets are allowed and all other third-party stuff is blocked by our single My Filters rule (HTTP://*^$third-party,~image,~stylesheet) as shown in uB0's logger which only see's the top document, CSS-style sheets and images (which are allowed by our single HTTP block rule)

View attachment 215409

2. Less hassle and maintenance medium mode protection
When we click on the uB0 icon, we can see that the third party references to the Google fonts is allowed (nooped because it is grey). When there was malware on this site it would be paralyzed (by our single HTTP block third-party rule) and only (remaining HTTPS) third-party references to COM, NET, NL and ORG Top Level Domains would be allowed by our Dynamic uB0 rules.

View attachment 215410


So how does this work in practice? Let;s look at at website known as goodware

1. Stronger and lighter medium protection on HTTP websites.


Because BBC.com is a HTTPS website, the static AdBlockPlus rule in My Filters has no effect
View attachment 215412

2. Less hassle and maintenance medium mode protection

Hey Kees, you promised less hassle, now the website seems to be broken! Yes that is easily explained by clicking on the uB0 icon. It seems that BBC.COM uses third party sources from CO.UK domains which we have not NOOPed (BBC.COM is dark grey means NOOPed, the two CO.UK domains are light grey, so have no exception)

View attachment 215413

How to fix BBC.COM?

Simply add a NOOP rule for the UK Top Level Domain.
View attachment 215414


BBC.COM will now render properly as third-party references to (country code) UK websites are allowed now

View attachment 215415

Less hassle and maintenance?

From now on all websites with third-party UK are NOOPed
View attachment 215417


But also websites with another TLD (e.g. INFO) which just use COM, NET, as third--party sources will render properly as this example shows. By clicking on the uB0 icon it shows that this INFO website only uses third-party references to COM and NET (and NL). Reason is that most web services have COM or NET or ORG as TLD, so even websites with a general fancy TLD (like hardware.info) will render properly (without adding a NOOP rule for INFO)

View attachment 215418

I only use My Filters (with most used add and tracking services) and DisConnect malvertising filter. Because Disconnect is used as default blocker in Firefox this list is clean and breaks near to zero websites.

View attachment 215419

I have attached my uBlock static filter list, so you can check how this ultra light uB0 setup works out for your browsing behavior.
My blocklist is based on WSTech research on most used ad and tracking networks and is offered as a default list in SmartAdBlock extension (the WsTech200 list), so it is not my determined by me (I would love to take the credits, but I just collected them and changed it in AdBlockplus format) :cool:

uB0 does not provide download protection, this is why uB0 was rated badly in a test. When you use a Chromium variant you can add a flag to close down the risk of drive-by's or unintended download of executables from HTTP websites.

View attachment 215421

TROUBLE SHOOTING TIP

Problem CNN.COM does not play VIDEO's.

STEP 1 NOOP 3rd-party scripts FOR THIS WEBSITE (you still have uB0 EASY and HTTP third-party protection )

in this example that was enough to allow videos to play (culprit was CNN.IO which was also blocked)

View attachment 215429



STEP 2 ALSO NOOP 3rd-party frames FOR THIS WEBSITE (you still have HTTP third-party protection)

View attachment 215430

How can (HTTP://*^$third-party,~image,~stylesheet) be edited to allow videos ? :unsure:
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top