Question Which Ubo filters 2023 do you use ?

Please provide comments and solutions that are helpful to the author of this topic.

floalma

Level 4
Thread author
Verified
Apr 5, 2015
182
Hi friends,

filter list1.PNG


filter list2.PNG
This is an update to a previous thread here about Ubo filters lists.
These are my UBO filter lists.
Any comments or recommendations are welcome.
Thanks you for your contribution. (y)
 

nicolaasjan

Level 5
Verified
Well-known
May 29, 2023
212
Thanks, I had Easy Privacy Dutch enabled in Next DNS, but that did not block much (nothing) for me. Is the AG version any better?
I don't know that one (Easy Privacy Dutch), nor can I find it :unsure:.
Do you mean EasyList Dutch?
https://easylist-downloads.adblockplus.org/easylistdutch.txt
The uBO team has replaced that one with EasyDutch:
The updated version of EasyList Dutch special for uBlock Origin.
This filterlist has been made because the EasyList Dutch filter isn't maintained often and the maintenance that is done, is very poor.
So I made this to provide you a better service!!
This list also handles anti-adblock, which isn't done by EasyList Dutch. See these comments for more information:
easylist/easylistdutch#11 (comment) and easylist/easylistdutch#30 (comment).
https://easydutch-ubo.github.io/EasyDutch/EasyDutch.all.txt
I use that one together with AdGuard Dutch and I don't have much issues on Dutch sites.
 
Last edited:
F

ForgottenSeer 107474

I don't know that one (Easy Privacy Dutch), nor can I find it :unsure:.
Do you mean EasyList Dutch?
https://easylist-downloads.adblockplus.org/easylistdutch.txt
The uBO team has replaced that one with EasyDutch:

https://easydutch-ubo.github.io/EasyDutch/EasyDutch.all.txt
I use that one together with AdGuard Dutch and I don't have much issues on Dutch sites.
Yes sorry I meant Easylist Dutch,.

I had studied Digital Marketing,so I was familiar with HTML, CSS and Javascript. But it is so many years ago, that (certainly for Javascript) knowledge is slipping away and websites are more and more obfuscating and randomizing names of selectors, so I am less and less inclined to quickly write a user rule for something.

Thanks for the tips I will add those two filters below (which are subfilters of both)
1709049749166.png
 
Last edited by a moderator:

nicolaasjan

Level 5
Verified
Well-known
May 29, 2023
212
Thanks for the tips I will add those two filters below (which are subfilters of both)
Note that uBO is much more effective than a DNS domain blocker.
https://old.reddit.com/r/uBlockOrigin/comments/fksfc7/using_ublock_origin_with_nextdns_and_now_changing/fky0a5p/
See /u/gwarser's comment.
You should not use lists like EasyList in NextDNS - this can cause issues.

Also note that it is recommended not to use multiple blockers (including DNS) at the same time as unexpected breakage/anti-adblock might happen and it's difficult to find which causes the issues.

Related (Pi-hole question):
https://old.reddit.com/r/uBlockOrigin/comments/epjlpw/can_anybody_explain_to_me_why_ublockorigin_works/

Maybe that's why EasyList Dutch in NextDNS hardly blocked anything for you?
 

oldschool

Level 85
Verified
Top Poster
Well-known
Mar 29, 2018
7,673
So in Brave I should only have uBlock Origin active and not also Brave Shields?
You should definitely use only one or the other. Brave Shields is its own rust-based adblocker using µBO default lists and some other optional lists, plus the ability to add custom lists. My view is it's unwise to use µBO unless you use it in advanced mode, either medium or hard.
 
F

ForgottenSeer 107474

@nicolaasjan @oldschool

Thank you for answering, I will stick with uBlock Origin then and deactivate Brave Shields.
I would advise the reverse. Brave shields should be superior to uBO because it is not limited to Web nor Net request capabilities. I only use Brave shields on my Linux PC. The option to increase or lower the protection per website is really an usage advantage.

To be honest the benefits of NoScript and uBO medium mode on Chromium based browsers for security is something from the passed. The isolation is so much improved. So I really don't see a reason to use uBO with Brave.
 
Last edited by a moderator:
F

ForgottenSeer 107474

Note that uBO is much more effective than a DNS domain blocker.
https://old.reddit.com/r/uBlockOrigin/comments/fksfc7/using_ublock_origin_with_nextdns_and_now_changing/fky0a5p/
See /u/gwarser's comment.


Also note that it is recommended not to use multiple blockers (including DNS) at the same time as unexpected breakage/anti-adblock might happen and it's difficult to find which causes the issues.

Related (Pi-hole question):
https://old.reddit.com/r/uBlockOrigin/comments/epjlpw/can_anybody_explain_to_me_why_ublockorigin_works/

Maybe that's why EasyList Dutch in NextDNS hardly blocked anything for you?
I only use Adguard DNS filter at DNS level. Rule of thumb is that it is best to do malware blocking at DNS level and advertisement and tracking blocking at browser level (because it is easier to solve website breakage).

I looked at the Dutch easylist blocklist and they have only one rule for for instance Volkskrant or NOS (ster), so I am not surfing (or very little) to the websites which are in the Dutch Easylist. AdGuard DNS is optimized for DNS level blocking. That is why I only added the third-party server sub filters. Also NextDns has an option to allow affilate marketing and remketing (but it zeroes out your IP) so people can still see the advertisements (often with discounts to lure you back)
 

SeriousHoax

Level 49
Verified
Top Poster
Well-known
Mar 16, 2019
3,863
I think it's fine to use Brave Shield + uBO and it's something I have used before with zero issues. It's just that if you face any issue then disable one or the other to identify the issue. Despite some advantages, for adblocking alone Brave is less capable than uBO & AdGuard on many things. On Brave adblock GitHub you'll find requests for many things that are not supported by their adblock but is by uBO & AdGuard. Filter lists like "Actually Legitimate URL Shortener Tool" is not fully compatible with Brave.
 

Jan Willy

Level 13
Verified
Top Poster
Well-known
Jul 5, 2019
607
To be honest the benefits of NoScript and uBO medium mode on Chromium based browsers for security is something from the passed.
Nevertheless you use this by uBO Medium Mode inspired rule.

! Block risky third-party content not coming from Top Level Domains I normally visit (being Dutch).
|HTTPS://*$third-party,script,websocket,object,ping,subdocument,denyallow=nl|be|de|uk|eu|app|com|edu|io|net|org|tv
 
F

ForgottenSeer 107474

Nevertheless you use this by uBO Medium Mode inspired rule.

! Block risky third-party content not coming from Top Level Domains I normally visit (being Dutch).
|HTTPS://*$third-party,script,websocket,object,ping,subdocument,denyallow=nl|be|de|uk|eu|app|com|edu|io|net|org|tv
Touche (y) :) I use that on my laptop with Chrome, never ever needed to add an exception. But I am security addict, we need to have some extra protection

On my Linux desktop with its far superior sandboxes for Chromium based browsers, I run Brave additionally in a flatpak container and even then I have one User Rule addition (the block of scripts on insecure HTTP websites), but using Brave's internal shields

I confess, I am a security addict and my name is Leonard, but people call me Lenny
 

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
Touche (y) :) I use that on my laptop with Chrome, never ever needed to add an exception. But I am security addict, we need to have some extra protection

On my Linux desktop with its far superior sandboxes for Chromium based browsers, I run Brave additionally in a flatpak container and even then I have one User Rule addition (the block of scripts on insecure HTTP websites), but using Brave's internal shields

I confess, I am a security addict and my name is Leonard, but people call me Lenny
Has me thinking about simplifying my setup to something similar to the line above.

! Block beacons, obsolete plugins and websocket biderectional data connections on insecure websites
|HTTP://*$ping,object,websocket,important

! Block potentially unsafe third-party content linking to unsafe unencrypted websites
|HTTP://*$third-party,~document,~stylesheet,~image,~media,important

! Warn when opening webpages on top level domains and countries I never visit
||*$document,domain=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov

! Block third-party scripts and frames linking to top level domains and countries I never visit
||*$third-party,script,frame,to=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov

no-large-media: behind-the-scene false
no-strict-blocking: avlab.pl true
no-strict-blocking: cyberlock.global true
no-strict-blocking: who.is true
no-strict-blocking: zorkas.fr true
* * 3p-frame block
* * 3p-script block
* com * noop
* eu * noop
* info * noop
* io * noop
* net * noop
* org * noop
* twitch.tv * noop
* uk * noop
www.direct.aviva.co.uk * 3p-script noop
behind-the-scene * * noop
behind-the-scene * 1p-script noop
behind-the-scene * 3p noop
behind-the-scene * 3p-frame noop
behind-the-scene * 3p-script noop
behind-the-scene * image noop
behind-the-scene * inline-script noop

On topic though, I just use the default rules for uBO and even then I've had to do whitelisting for some streaming sites to work okay.
 
F

ForgottenSeer 107474

Has me thinking about simplifying my setup to something similar to the line above.

! Block third-party scripts and frames linking to top level domains and countries I never visit
||*$third-party,script,frame,to=~com|~info|~io|~eu|~net|~org|~uk|~ms|~gov
Two comments

1. One of your static rules is not nessecary (obsolete)

Well the above static rule sort of achieves the same as your dynamic rules (although the static has MS but lacks TV compared to your dynamic rules).
I think @Jan Willy proposed these static rules as alternative for dynamic rules to AdGuard users because AG does not has dynamic rules.
So considering you are using dynamic rules, I would remove the (above) static rule blocking third-party scripts and frames linking to top level domains you never visit.


2. About simplifying your setup
When you have streamlined your user rules setup (and removed the overlap), you probably won't be running into website breakage anymore. Have a look at the URL House of Abuse.CH or uBO's build in malware lists. With your set of user rules, you probably block 95 percent of them.


See I am a security addict, I am not able to tell someone to throw away his extra set of security measures (Jan Willy probably ROFL when reading this). ;)
 
Last edited by a moderator:

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,208
Two comments

1. One of your static rules is not nessecary (obsolete)

2. About simplifying your setup
When you have streamlined your user rules setup (and removed the overlap), you probably won't be running into website breakage anymore. Have a look at the URL House of Abuse.CH or uBO's build in malware lists. With your set of user rules, you probably block 95 percent of them.
Thanks!

I've just removed the obsolete rule and ticked the uBO Malware Sites - Phishing URL Blocklist.

Not sure which urlhaus.ch list to use from the API page URLhaus | API but will have more of a look when I've finished work today.
 
  • Like
Reactions: oldschool and Nevi
F

ForgottenSeer 107474

Thanks!

I've just removed the obsolete rule and ticked the uBO Malware Sites - Phishing URL Blocklist.

Not sure which urlhaus.ch list to use from the API page URLhaus | API but will have more of a look when I've finished work today.
Sorry, mis communication from my side probably.

With your static user rules and dynamic easy-medium mode to limit attack surface from third-party domains, you don't need the uBO malware / phishing blocklists.

I mentioned the uBO and abuse.ch url house database (link) just as an example (go check them out and you will see you block 95% of them).

It is better to do malware blocking at DNS level and add an extension of a security vendor, simply because their blacklists are 1000x larger than the blocklists of uBO

With above approach you already have multiple layers (definitely no need to add a malware/phishing blocklist to your adblocker)
  1. At DNS level (Quad9, NextDNS, Cloudflare 1.1.1.2)
  2. Google Safe browsing or Microsoft Smartscreen filter in your browser
  3. Extension from a reputable security vendor (Bitdefender, Emsisoft, Netcraft)
  4. Most AV-'s have some network filtering or https-scanning module/mechanism
  5. a) For URL's your third-party exposure reduction rules in uBO or AG
    b) For downloads with MOTW - smartscreen again

Malware and phishing links usually live shorter than 24 hours. The default update frequency of blocklists in adblockers is once a day (or once every 48 hours), which makes them near to useless for short lived malware URL blocking.
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top