F
ForgottenSeer 97327
I am happy for you, but is a nonsense test. I am using a Windows PC, so will never encounter OPPO or Xiami OEM trackers
Which Ubo filters do you use ?
- Thread starter floalma
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
Yes, the rule has a limited effect, what I've already said in my post Need Advice - What are your Site Permission settings for daily browsing?
I agree with your observation about disabling JIT. I haven't still studied all possibilities of Netcraft, but it sounds interesting.
BTW, talking about extensions, this one could also be interesting:
NoEval - Disable Eval() - Chrome Web Store
Disable window.eval() in all websites and improve your online security!
chrome.google.com
https://raw.githubusercontent.com/yokoffing/filterlists/main/privacy_essentials.txt
Source: GitHub - yokoffing/filterlists: Collection of filters to fill in the gaps
His GitHub page is very good resource, including his own, excellent lists. In fact, I just added this https://raw.githubusercontent.com/yokoffing/filterlists/main/click2load.txt
You'll need to purge caches and update, as often is the case.
Last edited:
F
ForgottenSeer 97327
@oldschool, tkanks for the links, I noticed yokoffing is also including LennyFox ubo medium mode.
F
ForgottenSeer 97327
@Jan Willy THANKS
I moved to a two profile approach: added this extension in my hardened profile
My Filters in uBo for hardened mode is (removed *##+js(noeval)
I moved to a two profile approach: added this extension in my hardened profile
My Filters in uBo for hardened mode is (removed *##+js(noeval)
You're welcome. I also added LennyFox's video list and reinserted Fanboys Enhanced Tracking lists. With my current setup most of the filters in Fanboys list are actually used (vs using it with default lists where many of its filters are superfluous). So now my setup is as follows:@oldschool, tkanks for the links, I noticed yokoffing is also including LennyFox ubo medium mode.
I'm very happy with this setup. It suits my browsing style.
Finally I got 100 with uBlock origin, on the toolz site. 
Two interesting sites about blocking XSS :
Two relevant quotes:
1. With medium or hard mode in uBO, all third-party XSS, which is often the case to attack behind the scene, are blocked unless the very vulnerable site is somehow 3p-nooped.
First-party XSS is possible, but for this the attacker has to make you to click a crafted link. Even then, a simple practice of isolating browser profile, i.e. don’t browse random sites with the same browser profile you logged into something, protects you from almost all XSS damage – now what the attacker can do will be at most some mischief.
2. AFAIK uBO doesn't have a dedicated XSS protection because blocking third party resources inherently protects you. XSS = Cross-Site-Scripting = Third-Party-Scripting = Loads stuff from unknown third party = well blockable with uBO.
F
ForgottenSeer 97327
@Jan Willy
These topics are a bit colored by uBO fans. It is not untrue what they are posting, only also not fully true either.
Firstly there are more ways of getting stuff in or out of a website (websocket, webrtc, xmlhttprequest, fetch and even with plain html), so medium mode is only a half baked feel good protection in regard to XSS-protection.
Only when you block all third-party I agree that uBO offers protection against server side XSS. But be honest how many websites function properly in hardmode? On top of that. I bet that in 99% of the websites you have to noop, provide the website your visiting with content. Nevertheless for third-party exposure applies less is more. I also agree fully with
See thread : Using two profiles for more privacy and security.
XSS attacks are stil daily reality, but that is more because the website builders mess up their code. The browsers have gotten better protection against client side XSS and web-standards and coding best practices have evolved. I think your (Jan Willy's) rule to allow only third-party of some common Top Level Domains and using two different profiles is a much more pragmatic way of dealing with this hyped risk. Nevertheless I have added NetCraft extension on my wife's laptop (she uses only 1 profile) Better be safe than sorry, Netcraft is s non-intrusive extensions and has a good reputation in phishing protection also.
These topics are a bit colored by uBO fans. It is not untrue what they are posting, only also not fully true either.
Firstly there are more ways of getting stuff in or out of a website (websocket, webrtc, xmlhttprequest, fetch and even with plain html), so medium mode is only a half baked feel good protection in regard to XSS-protection.
Only when you block all third-party I agree that uBO offers protection against server side XSS. But be honest how many websites function properly in hardmode? On top of that. I bet that in 99% of the websites you have to noop, provide the website your visiting with content. Nevertheless for third-party exposure applies less is more. I also agree fully with
See thread : Using two profiles for more privacy and security.XSS attacks are stil daily reality, but that is more because the website builders mess up their code. The browsers have gotten better protection against client side XSS and web-standards and coding best practices have evolved. I think your (Jan Willy's) rule to allow only third-party of some common Top Level Domains and using two different profiles is a much more pragmatic way of dealing with this hyped risk. Nevertheless I have added NetCraft extension on my wife's laptop (she uses only 1 profile) Better be safe than sorry, Netcraft is s non-intrusive extensions and has a good reputation in phishing protection also.
Last edited by a moderator:
It isn't, but Fanboy's "Problematic Sites" (a subset of the latter) still is: https://www.fanboy.co.nz/fanboy-problematic-sites.txt
However, that list seems to be mostly anti-circumvention filters for ABP, so I've dropped it from uBO. I think uBO's built-in privacy list covers what the ETL did, but it uses different techniques like neutering tracking scripts to prevent breakage, so a direct comparison is not feasible.
Do you mean Easy Privacy or uBO's Privacy list?
The uBO Privacy list, but also the uBO Unbreak list when used with e.g. the Peter Lowe 'Ad and tracking server' list. Many anti-adblock fixes are also in the uBO Ads list.
F
ForgottenSeer 97327
I am a uBO user, but I like to share this picture as a mind teaser for all uBO-users.
Some facts (which can't be denied)
1. Adguard filters have advanced functions and unbreak correction included in their filters
2. Adguard filters are well maintained. They also have a feedback mechanism to optimize the rules set (cleaning out stale rules automatically)
3. Easylist filters are in standard ABP-format (uBO's advanced rules are not used in Easylist).
4. Using one source for your filters reduces the need for unbreak rules (using different filters sources causes more overlap and possible website breakage)
5. Number of rules in uBO-assets keep on growing, while (in contrast) EasyList filters have been kept under 70.000 rules since 2020 (due to Brave employing Fanboy to optimize Easylist filters), see pcture 2
6. The practical value of more rules reduces exponentially (it maxes out like, see picture 3)
When you prefer uBO over AG, below numbers are food for thought for dropping uBO's default set and using AG-filters instead
(because uBO processes 90% percent of AdGuard's advanced functionality)
To make it a fair comparison I did not use AG's optimized filters also the rule count is not the issue here. The issue is that ABP-standard format is just not that advanced as uBO or AG advanced functionality. uBO's optimizing reduces the overhead to only 30.000 rules compared to using AG-rules.
You can find AG's region specific filters here : AdGuard filters | AdGuard Knowledge Base
Picture 2 - Easylist stopped growing (source Brave - employer of Fanboy)
Picture 3 - Only 201 rules of EasyList account for 90% of the blocks (source Brave - warning for stale rules)
Both Peter Low (less than 4000 rules) and former MT-member Kees1958 (less than 7000 rules) explain why you don't need 300.000 plus rules
Some facts (which can't be denied)
1. Adguard filters have advanced functions and unbreak correction included in their filters
2. Adguard filters are well maintained. They also have a feedback mechanism to optimize the rules set (cleaning out stale rules automatically)
3. Easylist filters are in standard ABP-format (uBO's advanced rules are not used in Easylist).
4. Using one source for your filters reduces the need for unbreak rules (using different filters sources causes more overlap and possible website breakage)
5. Number of rules in uBO-assets keep on growing, while (in contrast) EasyList filters have been kept under 70.000 rules since 2020 (due to Brave employing Fanboy to optimize Easylist filters), see pcture 2
6. The practical value of more rules reduces exponentially (it maxes out like, see picture 3)
When you prefer uBO over AG, below numbers are food for thought for dropping uBO's default set and using AG-filters instead
(because uBO processes 90% percent of AdGuard's advanced functionality)
To make it a fair comparison I did not use AG's optimized filters also the rule count is not the issue here. The issue is that ABP-standard format is just not that advanced as uBO or AG advanced functionality. uBO's optimizing reduces the overhead to only 30.000 rules compared to using AG-rules.
You can find AG's region specific filters here : AdGuard filters | AdGuard Knowledge Base
Picture 2 - Easylist stopped growing (source Brave - employer of Fanboy)
Picture 3 - Only 201 rules of EasyList account for 90% of the blocks (source Brave - warning for stale rules)
Both Peter Low (less than 4000 rules) and former MT-member Kees1958 (less than 7000 rules) explain why you don't need 300.000 plus rules
Last edited by a moderator:
Quite some time ago I've tested uBO with and without it's own filterlists on several notorious tracking sites, such as cnn.com. My conclusion was that uBO's own lists didn't add something to the results I achieved with my custom lists as shown in Question - Which Ubo filters 2023 do you use ?
This morning I repeated the test (only) on cnn.com. Blocked elements without uBO's own lists 8 (19%) and with uBO's own lists 7 (17%)! In both cases 5 domains were blocked.
Neutering tracking scripts to prevent breakage (as remarked by South Park in post #91) could be the cause of the lack of effectiveness of uBO's own lists.
My testing was rather limited. Maybe someone tested more extensive and achieved better results.
Edit: Connected domains
without uBO's own filters 4 out of 9
with uBO's own filters 3 out of 8
So in both cases 5 blocked.
It's not my intension to start a competition to figure out which filterlists do the best job on cnn.com.
This morning I repeated the test (only) on cnn.com. Blocked elements without uBO's own lists 8 (19%) and with uBO's own lists 7 (17%)! In both cases 5 domains were blocked.
Neutering tracking scripts to prevent breakage (as remarked by South Park in post #91) could be the cause of the lack of effectiveness of uBO's own lists.
My testing was rather limited. Maybe someone tested more extensive and achieved better results.
Edit: Connected domains
without uBO's own filters 4 out of 9
with uBO's own filters 3 out of 8
So in both cases 5 blocked.
It's not my intension to start a competition to figure out which filterlists do the best job on cnn.com.
Last edited:
@Max90 @Jan Willy I tested cnn.com with these filters:
Medium mode: 6/29 domains connected
Easy mode: 15/33 domains connected
Then I added Adguard Base Optimized with this result:
Medium mode: 2/27 domains connected
Easy mode: 8/28 connected
Medium mode: 6/29 domains connected
Easy mode: 15/33 domains connected
Then I added Adguard Base Optimized with this result:
Medium mode: 2/27 domains connected
Easy mode: 8/28 connected
It's a pity that AG's ads filter isn't optimally tuned to uBO. It shows 23 errors. Perhaps not essential, but it could be the impact of the increased complexity of filter rules.
Indeed, I saw that and won't use it for that reason. Your suggestion to use Easy List & Privacy minified instead seems like a good one.
Last edited:
This is beside the point that testing shows them to be pretty ineffective.
You may also like...
-
Anyone knows why some of the default filters in uBO do not get updated regularly?
- Started by brambedkar59
- Replies: 9
-
Brave slashes memory use of its ad-blocker by at least 45 megabytes on all platforms- Started by lokamoka820
- Replies: 12
-
-
Phishing Scam Uses Clean Emails and PDFs to Steal Dropbox Logins- Started by Brownie2019
- Replies: 2
-
