> Resilience doesn't sell out your privacy with "acceptable ads". Resilience won't be blocked by your web browser's developers.
Excellent. I'm glad to see uBlock Origin getting some much needed competition, and a good take on Chrome's adblocking downgrade.
>Transparent HTTP/HTTPS proxy for Windows, Linux and macOS.
Not so great. Getting HTTP/1 right is hard, getting SSL right is hard, integration is quite hard just as well. And then there's HTTP/2, and WebSockets and other protocols. Possible results of failure: connection reset, encryption downgrade attack, malicious script injection, credentials stealing, browsing history stealing, XSS, SSL spoofing, IDN homograph attack. Sadly Chrome seems to leave no better option at this point.
OTOH, in the longer run it makes sense for ad blockers & similar tools to be ran as a wholly separate process, offering one more layer of separation.
> I'm glad to see uBlock Origin getting some much needed competition,
Why does uBO need competition? It appears to me that it offers the best combination of features and performance out there.
Moreover, the choice to implement as a proxy has some serious drawbacks, features like uBO's cosmetic filters won't be practical to implement in a proxy.
Competition in any space is extremely valuable. If for whatever reason uBlock Origin went away tomorrow there would be a void to fill. Furthermore, competition drives innovation. A separate project may figure out a better or more efficient way to accomplish the same goals and they could potentially share their findings with the uBlock team or vice versa and everyone benefits.
This. It is exactly what happened about a year ago when this performance study[1] was published. In the months that followed, uBlock Origin, Brave and Adblock Plus all worked pretty hard on improving the performance of their content blocking engine, and used the benchmark and open-source dataset from the study to measure their optimizations.
The result is that now, all users of either of these extensions benefit from a better and faster product, thanks to emulation between competing projects. This would not necessarily happen in the absence of competition. In the end, users benefit.
(Disclaimer: I am one of the authors of the performance study)
> If for whatever reason uBlock Origin went away tomorrow there would be a void to fill.
If for whatever reason uBlock Origin went away tomorrow there would be a fork. uBlock Origin is the second (or third, I forget) fork of the original project.
uBlock Origin is still almost exclusively maintained by the original author: Raymond Hill. He was already behind uBlock and is now working on uBlock Origin (the original uBlock being basically stale).
Sure, no argument there. But the original comment said that in this case it is "much needed", suggesting something more specific than just "competition is generally good".
Lots of comments here are making non-specific arguments that "competition" leads directly to improvements in products/technology. It seems to me what is missing here is a concrete idea for making an ad-blocker work better, not an avenue for making a new/different approach available. (In particular, the goals of this project seem to be much more about working around upcoming Chrome extension changes rather than about improving the behavior in some way)
I use, appreciate, and recommend uBO to everybody.
Having said that, competition both puts some pressure to improve more, and also explores some alternative, possibly better, avenues. Historical example: Firefox was significantly better than IE 6 / 7 / 8, and yet ended up improving much more in the course of competing vis a vis Chrome.
All in all, a staunch-and-fair competitor is good to have.
(Hopefully) the OS enforces memory protection between the adblock process and any HTTP client process, thus limiting attacks to only the data that resides in, or flows through, the adblock process.
With a bit more advanced setup, you could also completely cut off the adblock process from accessing any files or any other resources related to the browser, further nailing down security.
Sure, it is possible to have similar (or equivalent) setup for browser plugins, but it requires some special engineering done in the browser - and in that scenario no other apps benefit from the protection. Let's not forget there's many more crucial HTTP user agents than just the web browser.
>(Hopefully) the OS enforces memory protection between the adblock process and any HTTP client process, thus lowering the direct attack surface to only the data that resides in, or flows through, the adblock process.
>With a bit more advanced setup, you could even completely cut off the adblock process from accessing any files or any other resources related to the browser, further nailing down security.
How would that even work? The adblocking process has full access to whatever's being passed through it, and therefore it can eavesdrop or tamper (eg. inject malicious js) with the contents.
>Sure, it is possible to have similar (or equivalent) setup for browser plugins, but it requires some special engineering done in the browser - and in that scenario no other apps benefit from the protection. Let's not forget there's much more crucial HTTP user agents than just the browser.
Sounds useful, but it's a lot like dns based adblockers or hosts file, only worse because it only works locally, and only for applications that support/respect the proxy settings.
>>With a bit more advanced setup, you could even completely cut off the adblock process from accessing any files or any other resources related to the browser, further nailing down security.
>How would that even work? The adblocking process has full access to whatever's being passed through it, and therefore it can eavesdrop or tamper (eg. inject malicious js) with the contents.
A web browser is so much more than just the network traffic. Consider the mouse & keyboard input, the browsing history, the cache, the security credential store, the connection to display, GPU, USB and Bluetooth devices, microphones & cameras... the list goes on. This includes ability to read and write local files, start new processes, compile and run code. And then there are other HTTP user agents, like automatic software update tools.
Most of this functionality shouldn't be needed by, nor accessible to, an ad blocker.
Lastly, you could put much stricter resource usage limits (CPU time, operating memory) on an adblocking process than on a web browser, thwarting whole classes of resource exhausting attacks.
>only worse because it only works locally
You can apply varying levels of restricting any net traffic not passing through the adblock, up to and including dropping any such traffic. Ability to ad-filter HTTP traffic of an email client, RSS reader (i know, 2020) and similar user agents would be good.
>A web browser is so much more than just the network traffic. Consider the mouse & keyboard input, the browsing history, the cache, the security credential store, the connection to display, GPU, USB and Bluetooth devices, microphones & cameras... the list goes on.
Access to those resources are either gated behind a permission (which adblockers shouldn't have access to), or can be accessed by any website, in which case a malicious ad blocker can exploit by injecting its malicious js into the http response.
>Lastly, you could put much stricter resource usage limits (CPU time, operating memory) on an adblocking process than on a web browser, thwarting whole classes of resource exhausting attacks.
Seems theoretical to me. If your adblocker is a cryptominer, you probably have bigger issues. If whatever site you're going to is mounting DoS attacks on your adblocker, you probably don't want to stay on the site anyways.
>You can apply varying levels of restricting any net traffic not passing through the adblock, up to and including dropping any such traffic. Ability to ad-filter HTTP traffic of an email client, RSS reader (i know, 2020) and similar user agents would be good.
I'm not doubting whether it works, it's just that it's worse (or marginally better) than dns/hosts adblockers.
I welcome more competition in this space, especially ones that operate at a different abstraction level than others, but this one doesnt look active anymore.
I know brave isnt the most popular product / business model, but their rust reimplementation of the Adblock Plus syntax, a rewrite of uBlock Origins and Cliqz, might hopefully be a valuable contribution to the open source world.
Regardless of how people feel about the ethics of ad blocking, being able to dynamically block parts of websites has become as or more important than anti-virus, for safety.
Although it will make troubleshooting a nightmare, necessary protection at multiple levels of the stack is becoming a reality. NextDNS (or quad9, pihole, adguard) combined with Brave (or uBlock Origin, Cliqz) in combination are going to keep people safer, despite the shortcomings of both dns based and active page filters and parsing.
It would be nice to be able to manage and maintain filter list configurations across all browsers, devices, and dns. Some sort of central management that updates and propagates NextDNS, Brave, uBlock Origin, uBlock Matrix, and Dark Reader. uBlock Matrix and Dark Reader are especially cumbersome to use between Chrome and Firefox on different devices.
Many people don't like ad blockers that let in ads. That's the obvious issue with the brave browser. The shocking thing to me is that some people tolerate this behavior. I'll take an ad blocker that blocks all ads myself, not one coming from the ad industry itself. Nowadays, this applies to chrome and safari too if they've gotten rid of their old plugin apis that enabled ublock (hard to keep track of spyware features).
Do you know of any website that accepts them? I've seen them on some exchanges, but the current procedure is to sell them directly. Who's buying them (besides speculators)?
I am working on a matrix/xmpp/mastodon paid hosting, which I am racing to get the Ethereum token payment gateway finished by the end of the month and planning to accept BAT/DAI/ETH.
Does anyone remember Privoxy https://www.privoxy.org/ ? I've been filtering and removing junk from the web since the early 2000s.
With https now prevalent, filtering with a proxy server remains annoying. I vastly prefer the model of uBlock Origin for desktops, and a combination of Firefox + uBlock origin and a dns blocker (Blokada) on Android.
I'm still using it and very happy with it. It's showing his age but it still works well and it's very powerful: I'm not just blocking ads and trackers but I also have some fancy redirects and filters.
I hacked together a solution for https that uses a proxy to strip and rewrap TLS. It's not ideal and I would like replace it with something more reliable and fast but I couldn't find any software that does this.
Tor is by far the best browser. However as a part of compartmentalisation I use un-googled chromium and right now it is struggling to install anything (others have this issue.)
Once we've all blocked ads from every possible angle, what is the model we'll be using to pay for social media, photo sharing, email, video sharing,. instant messaging and so on?
I dislike ads as much as the next person but I don't comprehend what monetary model is being lined up to replace their revenue generating abilities, for service providers
(full disclosure: Protonmail and VPN subscriber, donate to Marcel Borkhorst M66B for his excellent Netguard app, never had FB/IG accounts, and only used Twitter once to solve an issue with TMobile's TForce, which was shockingly efficient, never had the app).
This is great; a proxy is definitely the way to go given how many processes use http.
I used to use glimmerblocker but it gradually stopped really working. One great feature was that it was a rewrite proxy so I could, for example, suppress auto play videos, a feature I had missed since Omniweb almost 20 years ago
Can anyone explain the following text taken from the site?
"Chrome executives: I know you think this won't get traction because it'll never be as easy to install as uBlock. Watch me as I make it every bit as easy by the time you finish switching to declarativeNetRequest."
PiHole is nice because you can protect all the devices in your house at the same time, but it’s annoying bec if you want to unblock something bec a page is messed up you need to go to PiHole service to unblock it and it’s not easy to set up temp unblocks
Excellent. I'm glad to see uBlock Origin getting some much needed competition, and a good take on Chrome's adblocking downgrade.
>Transparent HTTP/HTTPS proxy for Windows, Linux and macOS.
Not so great. Getting HTTP/1 right is hard, getting SSL right is hard, integration is quite hard just as well. And then there's HTTP/2, and WebSockets and other protocols. Possible results of failure: connection reset, encryption downgrade attack, malicious script injection, credentials stealing, browsing history stealing, XSS, SSL spoofing, IDN homograph attack. Sadly Chrome seems to leave no better option at this point.
OTOH, in the longer run it makes sense for ad blockers & similar tools to be ran as a wholly separate process, offering one more layer of separation.