plat1098

Level 17
Verified
This has already been posted several times and it bears repeating. (y) Specifically for ad-blocker extensions, it's less now about the extension itself and more about what I can tweak and import. This info here has been posted several times already but it merits repeating yet again. Worthwhile to add a modern filter that addresses the latest attempts to evade adblockers and mask tracking ability.

I refer to more than three extensions as"trinkets." Too many trinkets in your browser, you start clacking and rattling a little much, like a charm bracelet. I try to streamline and app-multi-task. AdGuard is really cheap right now, right?


Source
 

Lenny_Fox

Level 10
@Sampei Nihira

2 secs for website appears (remember this is an 11 year old dual core celeron laptop :) )
I immediately tried the search function (thought to be smart) but I had to enter a category
I guessed Azione was action so selected that category (took me five seconds to figure out)
Rambo first blood was displayed within less than 2 seconds, but did not play
Trial on error allowing less than 5 secs
Movie started to play, but stopped. It took 3 secs before I understood it was an invitation to join for free, simple click away and it was gone

So just hit the 20 second mark, screen print (2x forgot uMatrix GUI to show)
1579375180808.png
 
Last edited:

Sampei Nihira

Level 6
Verified
@Sampei Nihira

2 secs for website appears (remember this is an 11 year old dual core celeron laptop :) )
I immediately tried the search function (thought to be smart) but I had to enter a category
I guessed Azione was action so selected that category (took me five seconds to figure out)
Rambo first blood was displayed within less than 2 seconds, but did not play
Trial on error allowing less than 5 secs
Movie started to play, but stopped. It took 3 secs before I understood it was an invitation to join for free, simple click away and it was gone

So just hit the 20 second mark, screen print (2x forgot uMatrix GUI to show)
View attachment 232444
(y) :);)

I definitely give up.
 

ErzCrz

Level 4
Verified
So, having played around with uBlock, I've ditched NoScript in favor of uBlock in Medium mode which performs the same function to a certain extent though Hard mode would be a more extreme approach. Whatever the case, seems to be working well and didn't take that much to get to grips with ;) Accompanying uBlock with Privacy Possum
 

Burrito

Level 23
For you to keep it real on this forum comes with a lot of backlash for example (off topic a lil) ablock, ablockplus, ghostery and adguard are simple stuff for simple blocking the only thing is adguard can do it system wide but then here is where it's weak blocking xhr (Fetch), frames,cookies, xss and malware you got to add things to supplement for those inherent weaknesses of adguard, now with umatrix it's not system wide but browser related 1 weakness if being critical, but on the bright side it blocks all the above and more it's just not for lazy people but for people who are willing to learn ( no insults intended just facts) now ublock origin was left last for a reason, here is why, ublock origin has in these symbols ++ -- on certain tabs that stands for many in 1 or 1 host name with similar host so by pressing green or noop on that host you're letting through a few some needed some unwanted but with umatrix that's a no no.
Next ublock has a problem sometimes where u may noop a filter by mistake and it disappears never to see it again (once padlock is pressed) that is annoying and frustrates me, but with umatrix that never happens. When i hear people talk about netcraft, cookie auto delete, bitdefender traffic light, privacy badger, zenmate firewall, malwarebytes guard, emsisoft malware extension and many other add-ons i laugh because i was 1 of those people, just educate yourself and be humble, all things take time whether good or bad. By the way noscript is a great app on firefox, i just find umatrix more fulfilling.
I've been avoiding uMatrix.... as I don't want to spend time on this..

But that was a pretty good motivational talk.

I guess I'll find a little time to learn about uMatrix.



You are using so much legacy stuff, that you create an image of a man who is to old to adopt to new technology. Come on you are never to old to learn something new. Let's do something different and try some recent stuff like uMatrix.
No way buddy.

I'm sticking with Windows XP and AdBlock Plus.


1579377081301.png
 

Azure

Level 25
Verified
Content Creator
For those using uBlock origin/ uMatrix., I wanted to link this statement from its creator Gorhill

https://www.reddit.com/r/uBlockOrigin/comments/ek384g/_/fd9omdo "This is completely nonsensical, uBO is not an anti-virus (and this is not claimed anyhere), it does not scan the content of downloaded resources for known virus signatures. I don't know what got into the author of this article to include uBO along anti-viruses."

Also, be careful with uMatrix addon that is currently on the Microsoft Store. Might be for the best to stay clear from it.
https://www.reddit.com/r/uMatrix/comments/ep7b6d/_/fehw6mg
 

Lenny_Fox

Level 10
RE: uMatrix on Microsoft App store.

It is possible to report apps in the Microsoft store (scroll down at the right bottom corner). I reported the App.

Having looked at the uMatrix license mr GorHill applied on Github, he explicitly has allowed others to use any patents he has (allow Patent use). The company says it charges you not for the App itself but for packaging it onto the Microsoft store. By using the original product name and source reference, they block others from packaging uMatrix and offer it for free.

In short, it may feel as not legit, but it is probably legal.
 

Terry Ganzi

Level 24
Verified
For those using uBlock origin/ uMatrix., I wanted to link this statement from its creator Gorhill

https://www.reddit.com/r/uBlockOrigin/comments/ek384g/_/fd9omdo "This is completely nonsensical, uBO is not an anti-virus (and this is not claimed anyhere), it does not scan the content of downloaded resources for known virus signatures. I don't know what got into the author of this article to include uBO along anti-viruses."

Also, be careful with uMatrix addon that is currently on the Microsoft Store. Might be for the best to stay clear from it.
https://www.reddit.com/r/uMatrix/comments/ep7b6d/_/fehw6mg
When i include malware in my statement i knew someone or person will bring up stuff like this so let me simplify umatrix for those to whom doesn't know. umatrix is a browser firewall so where viruses (malware) is concerned it does not care what the said site is infected with it does not care about tracking list it does not care about adblocking list it does not care about xss all i cares about once configured correctly is that only good stuff can get pass once the person that tweaked it knows what he or she is doing. example say i go to a site that have drive by dirty stuff it will have to drive pass my browser because all holes for it is blocked, other example is xhr most people don't protect the browser from most stuff that comes through there but with umatrix it's covered, scripts next potential hole covered again by umatrix only god know what is the name of the bad stuff being blocked, umatrix does not care about class in bad stuff it just blocks it. IT does not care what virus it is because that isn't it's job it is a browser firewall so it covers all dangerous potential holes, if someone goes to a porn site the stuff that people press on and get infected with, will be blocked by umatrix and it does not care what category it come under hope that help clear things up. It is not a malware, trojan, drive by or what ever you can think of blocker it's a browser firewall simple.
 
Last edited:

Lenny_Fox

Level 10
When i include malware in my statement i knew someone or person will bring up stuff like this so let me simplify umatrix for those to whom doesn't know. umatrix is a browser firewall so where viruses (malware) is concerned it does not care what the said site is infected with it does not care about tracking list it does not care about adblocking list it does not care about xss all i cares about once configured correctly is that only good stuff can get pass once the person that tweaked it knows what he or she is doing. example say i go to a sit that have drive by dirty stuff it will have to drive pass my browser because all holes for it is blocked, other example is xhr most people don't protect the browser from most stuff that comes through there but with umatrix it's cover, scripts next potential hole covered again by umatrix only god know what is the name of the bad stuff being blocked, umatrix does care about class in bad stuff it just blocks it. IT does not care what virus it is because that isn't it's job it is a browser firewall so it covers all dangerous potential holes, if someone goes to a porn site the stuff that people press on and get infected will be blocked by umatrix and it does not care what category it come under hope that help clear things up. It is not a malware, trojan, drive by or what ever you can think of blocker it's a browser firewall simple.
I am with you, but uMatrix can't block some sneaky popups either. When the pop-up includes a redirect the redirected website becomes first-party. So it does not cover all potential dangerous holes. I am not going to point you to a test-it-yourself-websites (learned that lesson (y):ROFLMAO:). uMatrix's power is restricted to the API it can use, so it does not qualify as a browser firewall (again I could point you to websites which evade uMatrix filtering capabilities)
 

Terry Ganzi

Level 24
Verified
On chrome yes sir but on firefox no sir i have and idea what you are talking about where a person needs a dns resolver but those day are gone.
First photo reveal canonical names. check it yourself.
It was hard to find sites using it but now microsoft, kaspersky, reddit, gsmarena and plenty more use these dirty tactics now, not so hard to find anymore.
People use this filter which came out for ublock origin first to uncloak cname: https://hostfiles.frogeye.fr/firstparty-trackers-hosts.tx
Is that what you meant or something else.
I'm not a master at ubo or umatrix, everyday i learn something new so you can share your knowledge no problem here champ.
And by the way i'm not trying to suggest the umatrix is a perfect tool everything
has it quirks but it works well.
 

Attachments

Last edited:

Terry Ganzi

Level 24
Verified
I am with you, but uMatrix can't block some sneaky popups either. When the pop-up includes a redirect the redirected website becomes first-party. So it does not cover all potential dangerous holes. I am not going to point you to a test-it-yourself-websites (learned that lesson (y):ROFLMAO:). uMatrix's power is restricted to the API it can use, so it does not qualify as a browser firewall (again I could point you to websites which evade uMatrix filtering capabilities)
2o7.net_full.txt 2o7.net first party trackers, both alias & CNAME
2o7.net.txt only alias
cname.sqfs cleaned up version of freely available rapid7 cname database
ebis.ne.jp_full.txt ebis.net.jp first party trackers, both alias & CNAME
ebis.ne.jp.txt only alias
eulerian.net_full.txt eularian.net first party trackers, both alias & CNAME
eulerian.net.txt only alias
omtrdc.net_full.txt omtrdc.net first party trackers, both alias & CNAME
omtrdc.net.txt only alias

for rest of the missing first party trackers, check:

Using cname.sqfs on Linux
-------------------------
NOTE: you must have Squashfs and Squashfs XZ either as
a built-in or as a module in your kernel.
If you have file /proc/config.gz or something like that you can use the
following command to quickly check if you have the needed pieces, if not,
then kernel compiling time!

zgrep -e SQUASHFS=y -e SQUASHFS_XZ=y -e SQUASHFS=m /proc/config.gz

If the pieces are there you see this for built-in:
CONFIG_SQUASHFS=y
CONFIG_SQUASHFS_XZ=y

Or if there is squashfs module with XZ compression support:
CONFIG_SQUASHFS=m
CONFIG_SQUASHFS_XZ=y



mkdir tmp
sudo mount -o loop cname.sqfs tmp
cat tmp/cname and watch the s**** scroll....around 170 million alias/CNAME combos ...

Note that the cname.sqfs is just raw data dump of cnames collected
by rapid7 project (updated once per month). I just removed the
extra stuff (like timestamps) from their json file to make it
more readable.
So not everything there is first party (or third party)
tracker!

However, here's how you can make your own tracker lists based on
that valuable raw data:

Let's say you found another company that has started using this
dirty first party tracking technique (like ebis.ne.jp).

You can create your very own tracker list by giving the following
Linux command (of course, after having mounted the cname.sqfs like above):

grep "\.ebis\.ne\.jp$" tmp/cname > ebis.ne.jp_full.txt

That gives full version with both alias and cname included. That
list is mostly just for information purpose. Because that grep
pattern is a regular expression it's recommend to escape
dot (.) characters with \ and put dollar ($) sign at the end.
To minimize the likehood of false positives ending into the list.

The following however, gives you the real deal:
grep "\.ebis\.ne\.jp$" tmp/cname | sed 's/\(.*\)\t\(.*\)/\1/g' > ebis.ne.jp.txt

That gives you generic version of the tracker aliases without the
target cnames.

If you already know the specific format you are going to need it's easy
to modify the above command (there are just too many various formats
for various programs out there, that's why I only have very generic ones
listed here. Maybe later I add hosts file format .... and Unbound.
But that's all)


For example the following variation gives you hosts file format of the
above:

grep "\.ebis\.ne\.jp$" tmp/cname | sed 's/\(.*\)\t\(.*\)/0.0.0.0\t\1/g' > ebis.ne.jp_hosts.txt

Finally, if you just want to know how many specific trackers there
are in the data dump do this:

grep "\.ebis.ne\.jp$" tmp/cname | wc -l



Other stuff ...
------------------------------
I have work on progress for a (quick!) cname enumerator &
will kick it here when it's ready.


P.S.

Ad blocking should be ideally two layer process:

1. First line of defense should be either hosts file or local caching DNS server.
If you only need to block few addresses then hosts file is okay for that.
But if you wan't to block all the s**t that's out there (and keep coming),
then it is strongly recommended to use local DNS server instead of hosts file
because in the end, they are more flexible and more importantly, more
scalable than rigid, non-regular expression entries in the hosts file.

You can't even use wildcards in hosts file. So in the end the resulting hosts
files will be multiple times larger than the special zone files used for ad blocking
in local DNS servers. Some have tried to tackle the problem of managing
ever growing hosts files with separate program (it still don't fix the scalability problem)
So if you need separate program for that, then why not just use local DNS server?

Also, as a nice bonus, if you put ad blocking local DNS server into your
router/gateway/etc.. then your whole private LAN will benefit from the junk filtering.
Including your Wifi using smartphones.

2. After the bad domains (and subdomains) have been blocked at DNS level, the remaining
trackers will be handled by the browser extension (like uBlock origin).
Even thought the first line should have blocked 90% of the stuff out there, the
second line is still very important. For example, many "good" sites will track their
users with scripts (like ga.js or analytics.js). No DNS blocking will help there
because you can only block (sub)domains with that and you can't block the otherwise
"good" site that just have only one, or two (or one million) tracker scripts littered
on it's pages. That's where the browser ad blocking extension picks up and filters
the remaining, non-domain specific junk.

Note: It is also possible to use special proxy software (like privoxy or squid) to
filter the non-DNS stuff. But only if they come over HTTP....
In theory you could do also ad blocking in squid proxy for HTTPS connections
but it would mean that you would have to configure it with your own SSL-certificates
which is not exactly fun and might be dangerous too. You would be basically MITM your
own secure HTTPS connections!

P.S2:
And yes Geoffrey....still reading the logs :)

And that a old file. so is this what you mean?
 

Marko :)

Level 15
Verified
I see some are saying that new Edge is better in terms of privacy than Chrome. Yes, Edge has few privacy options on by default, but you can achieve all that with Chrome too. All you need to do is install uBlock Origin, uBlock Origin Extra (which you'll install in Edge anyway), turn off 3rd party cookies and disable Google's services.

I find it interesting that everyone calls Edge a "privacy-focused browser" when SmartScreen (which it uses for protection) sends full URLs of the sites you visit to Microsoft. You can disable this, but then you don't have browser's malware and phishing protection.

Chrome does this very different and, in fact, in a more private way. Chrome won't send full URLs to Google - that's truth. Instead, it will connect to Google's servers, download list containing malware and phishing sites and check if the site you've visited is in that list. All of that is done locally, on your device and Google haven't got any information on what site you've visited.
If you visit known phishing site and Chrome finds it in the list, encrypted and only part of the URL is sent to Google.
Everything is nicely explained in Chrome's privacy policy...

And @TairikuOkami you can still search for filters on filterlists.com. Click on the small magnifier between Name and Description column.

Screenshot_1.png
 
Last edited:

RKRN3

Level 3
Verified
Personally, I equip my browser to keep it as simple as possible. At the moment:
  • uBlock Origin (several ads, tracking and privacy lists - MALWARE & SPAM lists disabled)
  • BitDefender TrafficLight (disable check engine searches)
As an extra, these are really light:
  • PopUp Blocker strict (to avoid redirection and popups)
  • Universal Bypass (to avoid paid shorteners like adfly and similar, just makes you go straight to the original link source)
My antivirus solution (KIS2020) has the "web injection" and "scan encrypted sites" OFF.

To be honest, my browsing is super fast and light, plus it's secured and addless.
Thanks for the extras!
 

Correlate

Level 12
Verified
Malware Tester
Remove friends without unfollowing them. Remove unwanted and promoted tweets. Remove ads on Facebook.
Filter tweets based on keywords. Automatically removes Twitter and
Facebook ads.
No need to log into your Twitter or Facebook account through this browser
 

SeriousHoax

Level 25
Verified
Malware Tester
I've been using uMatrix for 1.5 years and since yesterday trying out uBlock Origin in medium mode. Reagrding uMatrix, it's a great program but it has problems too. Sometimes but rarely it won't show all the domains a site is actually connecting to but uBlock Origin does. I was failing to play videos on Zdnet some weeks ago for that and today also found that it doesn't show and automatically allowing one third party script in Geforce driver download page while uBlock Origin in medium mode succesfully blocks it. The creator gorhill/raymond himself talked about few issues of uMatrix in the past but I don't remember what those were and he personally uses uBlock Origin in medium mode and devotes less time in fixing uMatrix.
 
Top