Using NoScript for fun, just to see how ridiculous effective the Brave shields are (for add blocking and limiting third-party exposure)

  • Thread starter ForgottenSeer 107474
  • Start date

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
617
The problem I've seen with Brave is that when a website's content is broken, such as video playback in theweathernetwork[dot]com, the only way to fix it is to disable Brave Shields or the filter that breaks the video. Unless I'm missing something, I see no way to fine-tune a site the way you can with uBlockO. Other than that, I like pretty much everything else about Brave.
 

Alexai

Level 3
Aug 12, 2023
149
IMO uBO is redundant when using Brave shields (with Brave shields you can add filters and write your own).

Why do you need uBO, when you use AdGuard desktop? The AG extension is as good as uBO and will be Mv3 compliant!
The possibility to block 3rd party things just with the click on uBlock interface, is not tied by anyone, if I'm not wrong
 
  • Like
Reactions: vtqhtr413
F

ForgottenSeer 107474

Thread author
The possibility to block 3rd party things just with the click on uBlock interface, is not tied by anyone, if I'm not wrong
NoScript provids simular functionality.

Blocking third-party iframes and scripts as a security(counter) measure in an updated Chromium based browser is like inviting all your friends for a big price celebration party after having bought a lottery ticket. Advanced malware can use any third-party connection (e.g.through text file or ) to fetch javascript and execute this as eval(). The usefullness of medium mode third-party blocking for privacy is demonstrated by this thread (see attachement of first post).

When you want to reduce risks simply block scripts on HTTP everywhere. Just browse to abuse.ch to see that 95% of malware comes from HTTP websites. Additionally you can use JanWilly's tip for easy medium mode in AdGuard.
 
Last edited by a moderator:

Alexai

Level 3
Aug 12, 2023
149
NoScript provids simular functionality.

Blocking third-party iframes and scripts as a security(counter) measure in an updated Chromium based browser is like inviting all your friends for a big price celebration party after having bought a lottery ticket. Advanced malware can use any third-party connection (e.g.through text file or ) to fetch javascript and execute this as eval(). The usefullness of medium mode third-party blocking for privacy is demonstrated by this thread (see attachement of first post). I agree with you

When you want to reduce risks simply block scripts on HTTP everywhere. Just browse to abuse.ch to see that 95% of malware comes from HTTP websites. Additionally you can use JanWilly's tip for easy medium mode in AdGuard.
You give me the idea to test brave shield + noscript (will it support mv3?)

Ok.. noscript seems to be not easy to use

I wrote these:
http://*^$script,subdocument
https://*^$subdocument,third-party
 
Last edited:
F

ForgottenSeer 107474

Thread author
You give me the idea to test brave shield + noscript (will it support mv3?)

Ok.. noscript seems to be not easy to use

I wrote these:
http://*^$script,subdocument
https://*^$subdocument,third-party
Better replace them with
|HTTP://*^$scrip
|HTTPS://*^$third-party,script,subdocument,denyallow=CC1|CC2|CC3|com|edu|io|net|org|TLD6|TlD7

where CC are country codes of the languages you speak and TLD the top level domains you might need (e.g. cloud or tv) for some media/streaming services
 
F

ForgottenSeer 107474

Thread author
scrip should be script (on festival in NL while it is raining an just over 11 degrees)
 
  • Like
Reactions: vtqhtr413
F

ForgottenSeer 107474

Thread author
Denyallow doesn't work in AG for Windows (desktop). I don't know an alternative. But it's o.k. in Brave.
:cry:
Developer of uBO introduced a much simpler static syntac using FROM and TO, maybe TO works in combination with not (~), e.g.

|HTTPS://*^$script,frame,to=~NL|~BE|~DE|~UK|~EU|~com|~cloud|~edu|~io|~net|~org|~tv
 
Last edited by a moderator:

Alexai

Level 3
Aug 12, 2023
149
I have AG for Windows and Brave, but don't use them as duo (Brave excluded in AG). The level of ad- and tracker blocking of Brave is on par with AG.
How can you disable AdG for a browser? @Jan Willy
Sorry, seems that AG has transfered to uBO like syntax, replace subdocument with frame (line below is accepted by AG extension)
Code:
|HTTPS://*^$third-party,script,frame,websocket,denyallow=NL|BE|DE|UK|EU|com|cloud|edu|io|net|org|tv
This no
Developer of uBO introduced a much simpler static syntac using FROM and TO, maybe TO works in combination with not (~), e.g.

|HTTPS://*^$script,frame,to=~NL|~BE|~DE|~UK|~EU|~com|~cloud|~edu|~io|~net|~org|~tv
This yes!
 
Last edited:
F

ForgottenSeer 107474

Thread author
@Alexai you have found a Scoop! This also reveals that AG's shared rules engine (used in DNS, desktop and extension) is using a lot of uBO as primary rule syntax! :cool:

So . . . .uBO Mv3 could be developed using Adguard's open source engine! :whistle:
 
Last edited by a moderator:

Jan Willy

Level 13
Verified
Top Poster
Well-known
Jul 5, 2019
600
How can you disable AdG for a browser?
Go to Settings > Network > Traffic filtering > open List of filtered applications, untick Brave (or any other browser you want).

Schermafbeelding 2024-04-21 110237.jpg
 

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
617
The problem I've seen with Brave is that when a website's content is broken, such as video playback in theweathernetwork[dot]com, the only way to fix it is to disable Brave Shields or the filter that breaks the video. Unless I'm missing something, I see no way to fine-tune a site the way you can with uBlockO. Other than that, I like pretty much everything else about Brave.

Well I figured out how to unblock the required content for theweathernetwork[dot]com by creating custom filters in the tutorial here:


My unblock filters are:

@@||cdn.jwplayer.com
@@||s1.twnmm.com
@@||videos-cloudfront-usp.jwpsrv.com

Not exactly a straightforward and quick way of fixing a broken website, but it works and it doesn't seem that I have any issues with my other frequently visited bookmarked sites :) My custom filters are:

Brave Custom Filters.png
 
F

ForgottenSeer 107474

Thread author
@wat0114

Good that you found it, but it is strange that jwplayer is blocked. It is a much used video player. The Hagezi DNS blocklist has the denyallow parameter, which Brave might not facilitate. At least that is what I think to remember, when I checked what uBO parameters Brave supports after installing Linux on my old Desktop (but that was a few months ago) after I had read that Brave was in the process of implementing uBO compatibility.

The reason for me adding NoScript is because Brave soes not have a logger. That is why I sort of started with a minimal set (Brave blocking Ads only) with the paywall filter and Kees1958 Mv3 plus Addendum to Edge/Firefox. I used NoScript to check on tracking networks slipping through Kees1958 lists.
 

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
617
@wat0114
Using Brave with default Shields settings, will not break playing video on theweathernetwork[dot]com. So you have to find the problem in the (unnecessary?) filterlists you added.

Yes you are right. It's in the Yokofing list, but if I disable that list to fix the weathernetwork issue, then I get some undesirable ads in other websites. Is there a way to modify a custom list to fix breakage issues?
 

oldschool

Level 84
Verified
Top Poster
Well-known
Mar 29, 2018
7,525
Yes you are right. It's in the Yokofing list, but if I disable that list to fix the weathernetwork issue, then I get some undesirable ads in other websites. Is there a way to modify a custom list to fix breakage issues?
You need to make a custom exception rule for weathernetwork, not modify the list.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top