Question Which Ubo filters 2023 do you use ?

[floalma]

Hi friends,

Spoiler

This is an update to a previous thread here about Ubo filters lists.
These are my UBO filter lists.
Any comments or recommendations are welcome.
Thanks you for your contribution.

 

[ForgottenSeer 97327]

View attachment 277940

I am happy for you, but is a nonsense test. I am using a Windows PC, so will never encounter OPPO or Xiami OEM trackers

 

[Jan Willy]

@Jan Willy

I had read you globally blocked eval with *##+js(noeval). I liked the idea, but tested it on the link you provided, but it does not block the new Function () which more or less does the same (so it is a half baked solution). I think youare probabl better of disabling JIT or using Netcraft. When you use Edge and have enabled super duper mode, you also disable JIT . This also reduces memory not writeable area and prevents most of the EVAL string attacks. Your post was also the reason I was playing with the new Netcraft extension (because it blocks some client side XSS vulnerabilities).

I also noticed that some websites like Megekko.nl use eval command. I guess they use server side strings to make some parts of their website dynamic (which is okay because everything get compiled when page loads, also when JIT is enabled).

Yes, the rule has a limited effect, what I've already said in my post Need Advice - What are your Site Permission settings for daily browsing?
I agree with your observation about disabling JIT. I haven't still studied all possibilities of Netcraft, but it sounds interesting.
BTW, talking about extensions, this one could also be interesting:

NoEval - Disable Eval()

Disable window.eval() in all websites and improve your online security!

chrome.google.com

I tipped it earlier in my before mentioned post.

 

[oldschool]

Could share the link of that privacy essential filter?

https://raw.githubusercontent.com/yokoffing/filterlists/main/privacy_essentials.txt
Source: GitHub - yokoffing/filterlists: Collection of filters to fill in the gaps

His GitHub page is very good resource, including his own, excellent lists. In fact, I just added this https://raw.githubusercontent.com/yokoffing/filterlists/main/click2load.txt
You'll need to purge caches and update, as often is the case.

 

[ForgottenSeer 97327]

@oldschool, tkanks for the links, I noticed yokoffing is also including LennyFox ubo medium mode.

 

[ForgottenSeer 97327]

@Jan Willy THANKS

I moved to a two profile approach: added this extension in my hardened profile


My Filters in uBo for hardened mode is (removed *##+js(noeval)

 

[oldschool]

@oldschool, tkanks for the links, I noticed yokoffing is also including LennyFox ubo medium mode.

You're welcome. I also added LennyFox's video list and reinserted Fanboys Enhanced Tracking lists. With my current setup most of the filters in Fanboys list are actually used (vs using it with default lists where many of its filters are superfluous). So now my setup is as follows:

I'm very happy with this setup. It suits my browsing style.

 

[Jan Willy]

@oldschool

Is Fanboy's Enhanced Tracking List still maintained? Last update 18 Feb 2021.

 

[Nevi]

Finally I got 100 with uBlock origin, on the toolz site.

 

[Jan Willy]

I was playing with the new Netcraft extension (because it blocks some client side XSS vulnerabilities).

Two interesting sites about blocking XSS :




Two relevant quotes:
1. With medium or hard mode in uBO, all third-party XSS, which is often the case to attack behind the scene, are blocked unless the very vulnerable site is somehow 3p-nooped.
First-party XSS is possible, but for this the attacker has to make you to click a crafted link. Even then, a simple practice of isolating browser profile, i.e. don’t browse random sites with the same browser profile you logged into something, protects you from almost all XSS damage – now what the attacker can do will be at most some mischief.

2. AFAIK uBO doesn't have a dedicated XSS protection because blocking third party resources inherently protects you. XSS = Cross-Site-Scripting = Third-Party-Scripting = Loads stuff from unknown third party = well blockable with uBO.

 

[ForgottenSeer 97327]

@Jan Willy

These topics are a bit colored by uBO fans. It is not untrue what they are posting, only also not fully true either.

Firstly there are more ways of getting stuff in or out of a website (websocket, webrtc, xmlhttprequest, fetch and even with plain html), so medium mode is only a half baked feel good protection in regard to XSS-protection.

Only when you block all third-party I agree that uBO offers protection against server side XSS. But be honest how many websites function properly in hardmode? On top of that. I bet that in 99% of the websites you have to noop, provide the website your visiting with content. Nevertheless for third-party exposure applies less is more. I also agree fully with

Spoiler: Yuki advising to use two profiles

See thread : Using two profiles for more privacy and security.

XSS attacks are stil daily reality, but that is more because the website builders mess up their code. The browsers have gotten better protection against client side XSS and web-standards and coding best practices have evolved. I think your (Jan Willy's) rule to allow only third-party of some common Top Level Domains and using two different profiles is a much more pragmatic way of dealing with this hyped risk. Nevertheless I have added NetCraft extension on my wife's laptop (she uses only 1 profile) Better be safe than sorry, Netcraft is s non-intrusive extensions and has a good reputation in phishing protection also.

 

[South Park]

@oldschool

Is Fanboy's Enhanced Tracking List still maintained? Last update 18 Feb 2021.

It isn't, but Fanboy's "Problematic Sites" (a subset of the latter) still is: https://www.fanboy.co.nz/fanboy-problematic-sites.txt

However, that list seems to be mostly anti-circumvention filters for ABP, so I've dropped it from uBO. I think uBO's built-in privacy list covers what the ETL did, but it uses different techniques like neutering tracking scripts to prevent breakage, so a direct comparison is not feasible.

 

[oldschool]

think uBO's built-in privacy list covers what the ETL did, but it uses different techniques like neutering tracking scripts to prevent breakage, so a direct

Do you mean Easy Privacy or uBO's Privacy list?

 

[South Park]

Do you mean Easy Privacy or uBO's Privacy list?

The uBO Privacy list, but also the uBO Unbreak list when used with e.g. the Peter Lowe 'Ad and tracking server' list. Many anti-adblock fixes are also in the uBO Ads list.

 

[ForgottenSeer 97327]

I am a uBO user, but I like to share this picture as a mind teaser for all uBO-users.

Some facts (which can't be denied)
1. Adguard filters have advanced functions and unbreak correction included in their filters
2. Adguard filters are well maintained. They also have a feedback mechanism to optimize the rules set (cleaning out stale rules automatically)
3. Easylist filters are in standard ABP-format (uBO's advanced rules are not used in Easylist).
4. Using one source for your filters reduces the need for unbreak rules (using different filters sources causes more overlap and possible website breakage)
5. Number of rules in uBO-assets keep on growing, while (in contrast) EasyList filters have been kept under 70.000 rules since 2020 (due to Brave employing Fanboy to optimize Easylist filters), see pcture 2
6. The practical value of more rules reduces exponentially (it maxes out like, see picture 3)


When you prefer uBO over AG, below numbers are food for thought for dropping uBO's default set and using AG-filters instead
(because uBO processes 90% percent of AdGuard's advanced functionality)

To make it a fair comparison I did not use AG's optimized filters also the rule count is not the issue here. The issue is that ABP-standard format is just not that advanced as uBO or AG advanced functionality. uBO's optimizing reduces the overhead to only 30.000 rules compared to using AG-rules.
You can find AG's region specific filters here : AdGuard filters | AdGuard Knowledge Base


Picture 2 - Easylist stopped growing (source Brave - employer of Fanboy)

Picture 3 - Only 201 rules of EasyList account for 90% of the blocks (source Brave - warning for stale rules)

Both Peter Low (less than 4000 rules) and former MT-member Kees1958 (less than 7000 rules) explain why you don't need 300.000 plus rules

 

[Jan Willy]

Quite some time ago I've tested uBO with and without it's own filterlists on several notorious tracking sites, such as cnn.com. My conclusion was that uBO's own lists didn't add something to the results I achieved with my custom lists as shown in Question - Which Ubo filters 2023 do you use ?
This morning I repeated the test (only) on cnn.com. Blocked elements without uBO's own lists 8 (19%) and with uBO's own lists 7 (17%)! In both cases 5 domains were blocked.
Neutering tracking scripts to prevent breakage (as remarked by South Park in post #91) could be the cause of the lack of effectiveness of uBO's own lists.
My testing was rather limited. Maybe someone tested more extensive and achieved better results.

Edit: Connected domains
without uBO's own filters 4 out of 9
with uBO's own filters 3 out of 8
So in both cases 5 blocked.
It's not my intension to start a competition to figure out which filterlists do the best job on cnn.com.

 

[oldschool]

@Max90 @Jan Willy I tested cnn.com with these filters:

Medium mode: 6/29 domains connected
Easy mode: 15/33 domains connected

Then I added Adguard Base Optimized with this result:
Medium mode: 2/27 domains connected
Easy mode: 8/28 connected

 

[Jan Willy]

The issue is that ABP-standard format is just not that advanced as uBO or AG advanced functionality.

It's a pity that AG's ads filter isn't optimally tuned to uBO. It shows 23 errors. Perhaps not essential, but it could be the impact of the increased complexity of filter rules.

 

[nicolaasjan]

Considering uBO default update cycle those malware protection lists are pretty useless, I would endorse @oldschool's advice to dump them.

The Online Malicious URL Blocklist has an update frequency of 1 day:

! Title: Online Malicious URL Blocklist ! Updated: 2023-08-20T00:08:16Z ! Expires: 1 day (update frequency) ! Homepage: https://gitlab.com/malware-filter/urlhaus-filter ! License: https://gitlab.com/malware-filter/urlhaus-filter#license ! Source: https://urlhaus.abuse.ch/api

From the uBO Wiki:

Auto-update filter lists​

If you check this option, uBO will automatically update the currently selected filter lists at regular intervals. This option is checked by default (recommended).
Filter lists are automatically updated according to:

• the Expires directive if present in the filter list header (After 1.47.3b5, uBO supports an update period below 1-day).
• or the updateAfter attribute if found in the list entry in assets.json
• or every 5 days by default.

 

[oldschool]

It's a pity that AG's ads filter isn't optimally tuned to uBO. It shows 23 errors. Perhaps not essential, but it could be the impact of the increased complexity of filter rules.

Indeed, I saw that and won't use it for that reason. Your suggestion to use Easy List & Privacy minified instead seems like a good one.

 

[oldschool]

The Online Malicious URL Blocklist has an update frequency of 1 day:

From the uBO Wiki:

This is beside the point that testing shows them to be pretty ineffective.