259 comments

[ 3.1 ms ] story [ 246 ms ] thread
I've been using the eye dropper a lot lately. It's great for making websites usable. It even works on mobile for disabling hostile ux elements such as "xyz is better with the app" nags.
Are you on Android? I keep hearing FireFox and extensions like uBlock work on mobile, but it doesn't seam to be the case on iOS.
I believe that's because all browsers on iOS are essentially safari wrappers
So the content blocker that you can use is those which relies on Safari's blocking.
For some reason, Content Blockers on iOS only work on Safari. Other browsers on iOS are not allowed or able to implement them.

uBlock Origin is also more fully featured than Content Blockers, which don't have the on-demand whitelisting features and toggles. However, since uBlock Origin is only available as a browser extension, it can only be used with a browser that supports extensions. No browser on iOS is able to support uBlock Origin.

Safari 13+ on macOS also no longer supports uBlock Origin due to platform restrictions: https://github.com/el1t/uBlock-Safari/issues/158

Firefox Focus on iOS blocks 78% with all tracker blocks are enabled, and 62% with the last “Block other content trackers” option disabled. Percentage figures are from test on https://d3ward.github.io/toolz/adblock.html.
Firefox Focus is a nice browser for certain use cases, but it can't compare to uBlock Origin, which scores 100% on that test for me on a fresh install with default settings (using Firefox on Android and desktop).

It's interesting how Firefox Focus on iOS also acts as a Content Blocker for Safari, but I find AdGuard to be more comprehensive on iOS.

Sure you can compare them. It’s 78/100 effective on that test.

And unfortunately, on iOS the alternative isn’t ublock origin.

Hmm, you're right. AdGuard on Safari also scores 78% on iOS. I guess that's as good as it gets on that platform.
The Brave browser on iOS gets around 90% interestingly.
Vanilla Safari on iOS 15 beta with tracking prevention activated gets 98% - not bad!
Brave on iOS only scores 77% for me with the default settings, which includes the "Block cross-site trackers" Shield setting. Do you have some other setting enabled?
Hm, ok - maybe it's because I'm also using Pi-hole in my network.
I was replying specifically to the first paragraph in the parent comment that other apps on iOS are not able to implement content blockers. Firefox Focus does appear to do just that. Obviously, not as effectively as uBlock Origin (thanks for testing!) but uBO isn’t yet available to install on Firefox on iOS.

(Edit since I can’t reply): Firefox Focus does appear to implement iOS content blocker since it appears as an option under Safari settings for content blockers.

Oh, I was using "Content Blockers" to refer to apps that implement Apple's Content Blocker API: https://developer.apple.com/documentation/safariservices/cre...

Firefox (standard and Focus) and other iOS browsers can block ads and trackers, but not as comprehensively as that API can. That API is limited to Safari due to platform restrictions, which I hope get removed in the future.

(And now I can reply, lol)

Firefox Focus appears under Safari settings > content blockers, along with more typical blockers like AdGuard. I think they both implement Content Blocker API.

I think that means Safari can use Firefox Focus as content blocker. Not the other way around.
The way Firefox Focus is implemented on iOS is a little complicated, since it's both a browser and a Content Blocker. As of 2017, Firefox Focus uses WKWebView as the webview component: https://github.com/mozilla-mobile/focus-ios/pull/507

WKWebView does not support the Content Blocker API. Ad blocking apps that use the Content Blocker API are only compatible with Safari and the SFSafariViewController component, which is very feature-limited and not suitable for a full web browser app:

- https://www.wwdcnotes.com/notes/wwdc20/10188/

- https://developer.apple.com/news/?id=trjs0tcd

As a workaround, Firefox Focus uses script injection to block ads and trackers within the browser part of itself, but the Content Blocker part of Firefox Focus only affects Safari:

- https://github.com/mozilla-mobile/focus-ios/blob/main/Blockz...

- https://github.com/mozilla-mobile/focus-ios/blob/main/Blockz...

- https://github.com/mozilla-mobile/focus-ios/issues/1761

However, both Firefox Focus and Safari (with the Firefox Focus Content Blocker enabled) score 78% on that test, so Firefox Focus might be good enough for web browsing on iOS if you're comfortable with its feature set and don't need the additional filter lists or custom rules that another third-party Content Blocker would offer.

Apple should still allow third-party browsers to use third-party Content Blockers, since this restriction is an unnecessary handicap for any non-Safari browser on iOS.

Increasing YouTube ad display rates on mobile drove me to using the (somewhat clunky) AdGuard share button in safari that blocks ads when using YT in Safari. I’m just glad there is some option on iOS.

It is funny that Android has better adblock features (uBO on Firefox).

Android also has Newpipe, which is the absolute best ad-free yt experience. It's one of the reasons I could not live with iOS.
SkyTube is also an excellent, open source YouTube client for android.
One rather effective way to get much higher (approx 99%) on iOS is to use a DNS over HTTPS provisioning profile (or app), and use a DNS server that blocks ads.

If you run your own server, you can get to 100% by turning on blocking for a couple of hosts not in standard blocklists that this test has highlighted.

The DNS setting applies to most or all apps, as far as I can see, as it's applied as a system level provisioning setting. iOS 15 gives more visibility of this in the UI, but it works in iOS 14.

Brave gets a 100% there. Interesting, I thought it was not as good.
hey what do you know crapple sucks shit and scroogle F's you in the A while you're asleep.

PM me when we're wheeling out the corporate guillotine.

On ios you have to use Firefox Focus. But it doesn't do as good a job as Firefox + uBlock Origin.
For me it's the element rules. Being able to hide every post that contains "____ liked this" on LinkedIn/FB actually makes them tolerable.
I recently did it to hide the social aspects on the GitHub homepage... no explore sidebar, no reactions in the main feed.
Similarly, disabling the social features on SO was very useful. The "Hot network questions" block to the side is needlessly distracting and adds 0 value.
Yeah, the new Wikia/Fandom design finally drove me to start taking very liberal usage of custom rules
I must’ve purged over 50% of visual elements from Fandom wikis with my uBlock filters. It’s outrageous how much garbage is served. I wonder what their UX design meetings look like.
I imagine lots of alcohol.
There are no UI, UX, or devs present, just marketing execs.
I just browsed Memory Alpha with filters off. Wow. I had no idea it had gotten so bad.
I so miss pre-Wikia Memory Alpha...
A site:reddit.com/r/DaystromInstitute/ search with a plugin to redirect www. to old. if you're not logged in can replicate a lot of what Memory Alpha has from all the discussion. At least until Reddit finishes alienating everyone interested in weird niche discussion in favor of clickbait.
Even for areas where there is a community wiki (e.g. uesp, combineoverwiki), Google seems to prefer the Wikia/Fandom version with all the crap on the pages.
And a lot of those community wikis that originally set up not on Wikia intentionally, like minecraft, terraria and wowpedia wikis, ended up on Gamepedia which Wikia took over and reeled them back in.
I never realized what this feature did. Thank you! (And thank you to the developers)
Well, the icons are just terrible, utterly insipid and lacking in power. It needs labels rather than icons, and better names for “zapper” and “picker” too (something like “remove elements from this page” versus “block elements from this site”).

I’m not sure if browsers apply height limits to these popups, but if not, almost every time there will be oodles of space for full labels and replacing the two single rows of buttons with columns. And even if scrolling is introduced, that’d still be better.

> It needs labels rather than icons

At least they now have tooltips - I remember when choosing "Advanced mode" (which you need for a lot of features) just disabled tooltips in the UI, on the theory that advanced users shouldn't need them! I (and likely many others) argued how crazy an assumption that was, that just because we understood how HTML and JS worked, we should remember a bunch of icons and what the dev decided they meant. Thankfully they were willing to listen and change the decision, and the UI is a lot better for it.

If you have some pull here, it would be really nice to have popups added to the grid in the middle of the dropdown where the colored boxes are. I use these very rarely and can never remember which column of colored boxes do what.
The top row of those have tooltips too. I can never remember either, and have to check them every time.
How do I use it on mobile? I can't find the download link for android.
For what browser? If Chrome, then you're out of luck: mobile Chrome doesn't support extensions. If Firefox, then just open the menu and go to Add-ons.
Yandex Browser on Android [which is based on Chrome] supports Chrome extensions. I'm running it with uBlock Origin, Privacy Badger and a few others. If an extension won't load directly from the Chrome Webstore you can toggle 'Developer Mode' under 'chrome://extensions' and load the downloaded and unpacked CRX directly.
Kiwi Browser also allows to install Chrome extensions. I keep it as an alternative browser with uBlock and other useful extensions.

Also, Vivaldi has a fairly complete adblocker built-in, with custom filter lists and also scores a solid 100% on that test.

I had high hopes for Kiwi Browser but, unfortunately its text-reflow feature has been broken since forever. Yandex Browser is the only one available on Android that ticks both those 'must have' boxes for me: full support for extensions and a functional text-reflow feature --without which a huge swathe of the web is unreadable for me, due to microscopic text sizes.

I know other browsers have their own built-in ad-blockers, but I prefer to use uBlock Origin across all my devices so, when I setup a new one, I can just import my existing rules & settings, built up and tweaked over many years, rather than start from scratch.

This feature is so good but so confusing to use, really the best thing about ublock beyond the ad-blocking. I use very extensively, I almost wish it was a standalone tool, so that the filtering aspects could be shared more easily.
This is one of the best hidden features of uBlock. While we're on the topic, how does one effectively block facebook ads?

I've got simple rules to chop the ads from LinkedIn, but if you do an inspect on FB, they've been very sneaky about how the elements are set up, eg it doesn't just say "Sponsored" in a string, it's a weird mash that ends up looking like that when rendered but hard to nail down.

Then again I'm more of a backend dev, so maybe that's why I don't know what to do.

> weird mash that ends up looking like that when rendered but hard to nail down.

It is designed to be very hard to select automatically. It is also why I don't use Facebook more than 5 minutes a week - it is among the only services where ads annoy me.

FB Purity seems to do a good job: https://www.fbpurity.com
Doesn't remove sponsored posts for me.
I found this on their FAQ page: https://www.fbpurity.com/faq.htm

> *Important News*: 4th September 2021: Sponsored Posts Issue: It seems Facebook have just changed their code for Sponsored Posts, so some people have started seeing Sponsored Posts in their Newsfeed again, I am working on fixing this, please be patient, thanks! *UPDATE* It seems for some people the sponsored posts are only getting through if your Newsfeed is set to "Top Posts", if you switch to "Most Recent", the Sponsored Posts should in theory disappear. The good news is that FBP has an option to keep you permanently on the "Most Recent" feed when you visit the Newsfeed, so that could possibly solve the issue for now, give it a try and let me know if that solves it for you. In the meantime, I will continue working on a more robust fix.

I don't see a "Most Recent" setting?
Open the FBP options screem by clicking the "FBP" button in the navigation bar at the top of the page.

Under the "Further options" heading there is a setting titled "News Sort: Most Recent". Tick that option, then click the "Save and Close" button.

As mentioned above this is not guaranteed to fix hiding the sponsored posts, but a lot of people are reporting success with it, as Facebook seem to pepper the "Top Posts" version of the Newsfeed with more ads than the "Most Recent" version, and "Top Posts" is Facebook's default setting for the Newsfeed.

This has been working for me for a while, though it seems lots of people get different html so it may not work for you:

  facebook.com##div[data-pagelet*="FeedUnit"]:has(div[aria-label="Sponsored"])
  facebook.com##div[data-pagelet*="FeedUnit"]:has(span[aria-label="Sponsored"])
  facebook.com##div[data-pagelet*="FeedUnit"]:has(a[aria-label="Sponsored"])
  facebook.com##div[data-pagelet*="FeedUnit"]:has-text(Suggested for You)
This has the strange effect of removing every item in the feed, causing it to flash while waiting for a refresh, forever. Skeleton -> flash of new item -> skeleton -> etc
It also blocks the paywall in some webs that aren't too well designed (the content is loaded under a frame that hide it). It's great to have such a good tool.
The eye dropper is also quite useful for writing userscripts and userstyles directly on Android; I tap the element, hit preview to see what happens (margins, padding, border collapse, etc), type a note at the end of the element name and sirens it to the clipboard, then move on. Back in the editor, I just paste my notes from the clipboard, and I can quickly write up a stylesheet override for a dynamic webpage without resorting to debugging on my desktop.

I don't understand why Firefox mobile can't be used to debug another Firefox mobile, I I'd love it if I could open devtools off to the side and see a live tree view instead of manually prefixing the URL with `view-source:` only to find out the html doesn't actually include any content.

If that wasn't *everything* you wanted to know about uBlock Origin, check out the (seriously impressive) documentation at

https://github.com/gorhill/uBlock/wiki

Thanks! The article should have been title “Intro to uBlock”
This just pushed me to try make a donation, as I realised just how much of a headache uBlock saves me every day.

They don't accept donations. Gorhill you are a beautiful person.

I second the gorhill thanking train.

ublock is almost required infrastructure on my machines. os, editor, mpv, browser+ublock

i'm so pissed that the courthouse admins didn't include it, our cripled network is filled with stupid ads that could have been avoided

His work has saved me gigabytes, if not terabytes of data, and hours, if not days of attention time. Thank you very much gorhill. If you ever need a place to stay or just a coffee, you are very welcome.
someone ought to extrapolate the ammount of bytes and (work-)hours saved by ublock
If you count up the hours saved and divide by the average lifespan, he has probably saved more lives than an ER doctor.
Likewise if you count up all the $$$ in ad spend that he has blocked, he would probably be in the top 100 richest people.
10+ million users on the Chrome App Store, 1GB saved per year per user for say 5 years (pulling these numbers out of nowhere really but I think they’re fairly conservative) = 50 exabytes.
don't usually flex with tech but isn't uMatrix [1] just a little bit harder to learn and a million times more satisfying? at least on my often-used systems, I have a hard time imagining loading a website without being able to control the third party content in a matrix these days.

1. https://addons.mozilla.org/en-US/firefox/addon/umatrix/

uMatrix is great, link for the chromium users: https://chrome.google.com/webstore/detail/umatrix/ogfcmafjal...
If you want to avoid ads and tracking, the last browser you should use is Google Chrome. Google has been deliberately crippling Chrome so that ad blockers don't work properly.
I don't really recommend it for anyone other than very bored devs, but it is very satisfying at times. The effort-to-utility ratio is honestly quite bad. Most of the *actually useful* functionality is redundant now with newer uBlock features.

I love the seratonin rush of one-click "disable 1p CSS" on an ugly website, or figuring out how to fuck with a clever-but-stupid paywall for the first time. :)

Also, the uMatrix UX is absolutely brilliant (that genius 2.5D green/red matrix).

> one-click "disable 1p CSS"

this is built in to firefox since it was netscape navigator, under view -> page style -> no style.

even the menu items have barely changed since then: http://www.alanwood.net/unicode/net7_encoding.gif

(comment deleted)
(comment deleted)
Didn't they delete the Encoding options with the last version?
it's like a little hacking minigame getting new sites to work while allowing javascript from the fewest domains
(comment deleted)
ublock can block everything umatrix can but reverse is not true. It had been the case from beginning but people are not aware. So I find ublock much more satisfying.
Is this downvoted because it's untrue? I've never used (and never found a need for) uMatrix, but I'm curious.
I think it might be true, but it's a lot harder to do uMatrix things in uBO, because the 'advanced mode' just gives you allow/disallow per domain, not the er matrix at CSS/image/media/scripts/XHR/frames/other granularity.

I think you can get that granular in the manual/text based rules edit of uBO in settings, but I stopped looking into it / considering switching fully at that point (I'd always used it in simple mode in addition to uMatrix, just to block cosmetic DOM stuff that uMatrix doesn't do) since I need it to be far easier and quicker than that, as it is jn uMatrix.

So switching to nuTensor (a light-touch security/necessary FF updates only sort of fork) has been on my to-do list.

Scripts, image and frames can be blocked.

* * 1p-script block

* * 3p block

* * 3p-frame block

* * 3p-script block

* * image block

* * inline-script block

CSS, media can be blocked if it has extension:

*.css

*.webm

*.mp4

*.mp3

*.aac

I don't like gifs, so I used to block it through *.gif, which I'm not sure if umatrix can do.

As I said, only in the manual rext entry rules in settings.

In uMatrix that's one click in the appropriate column per domain's row, in the toolbar drop-down.

Scripts, image and frames can be blocked with one click in ublock too.
One and not the others?

My uMatrix default is all cookies blocked; third-party media, scripts, XHR, frames, other blocked. Of course I often then have to allow some third-party script, and I can do so in one click without also allowing XHR or frames to/from that domain.

uBO doesn't allow that (in the toolbar UI, 'advanced'/'more' mode), because it's missing the columns from the 'matrix', so you either allow/block a domain wholesale.

Yes, uBO in it's current state can do everything uMatrix can do. I don't think this was true "from the beginning" but it is true now.
Not much harder to learn but so much more work..
(comment deleted)
I find pi-hole much better than browser extensions. It just works for all devices/ apps.
I don't want to block ads on every site I go to, and having an extension rather than a DNS sinkhole makes toggling between blocking and not blocking much simpler.
You can setup a link to disable pihole for a given number of seconds
I find both are needed. It is nice to see that I block a huge amount of data from getting used up by ads when pihole block it. And just in case it gets through ublock. ublock is usually ahead of the more sophisticated attacks.
How well does Pi-Hole work for people who aren't technical? My family member gets aggravated when ad blocking breaks a site for them
I never had a legitimate site breaks by pi-hole.

Pi-hole should be the easiest for family members, they don’t need to do anything at all.

On most sites, it simply leaves a blank space in where ad supposed to be.

I found the most frustration came from links in emails not working as intended. For some reason many companies, government agencies, and schools use metrics tracking on emails.

Pi-hole has a nice temporarily disable blocking feature on its dashboard to help in those cases. Simple click to whitelist is also available.

It’s probably not ideal tbh. You can whitelist stuff that’s blocked, but it involves logging into the admin console and whitelisting either manually or via a recently blocked request, easy enough for techies but I wouldn’t back it for non techies.

I use a fairly aggressive Pihole list that breaks stuff reasonably often, there may be less strict lists which are “safer” in this regard.

Pihole frequently breaks online tv like Disney+ and Hulu when viewed on our Roku TV. Preload trackers or ads get stuck and the show will never start.
I’ve never used pihole, but I’m assuming you could whitelist the Roku’s local ip?
Some sites breaking was a complaint my wife had when I set all devices on our network to use the pi-hole.

To solve this I setup a Shortcut on her iPhone so she can simply say "hey siri, stop pi-hole" and it will turn off the pi-hole for 5 minutes using a simple web request. The pi-hole turns itself back on after 5 minutes.

A bookmark works just as well but she prefers to use Siri as she never remembers where the bookmark is lol. It is mostly on her phone anyway that something doesn't quite work right so Siri was the best solution.

I also have Wire Guard setup and our phones configured to connect to it always for mobile data and unknown wifi so all our connections are routed via our home internet connection and via the pi-hole. As I have stupidly fast home internet (10Gbit EPON with free.fr) it works fantastically.

Although that's great too, uBlock has more features than just blocking requests to certain domains.
Pi-hole is great, but it cannot block all kinds of ads since it relies on DNS redirection. YouTube ads are notorious for this, for example
I don't think uBlock Origin can block YouTube ads either?
It can, and it does.
(comment deleted)
Yeah and its functionality is also being eroded by apps using things like DoH.

I use both but I don't think the network level blocking will work forever.

Please don't use DoH as an evil advertising bogeyman. It's a huge win in the fight against censorship and surveillance, and everything that it lets advertisers do can be equally done by hardcoding an IP address in the app instead.
DoH itself is fine.

But to win against “surveillance” you need to make a smart, conscious decision about who you want to give your browsing history to.

For me, I’d rather my ISP sees my DNS, than all that data is sent to some American mega-corp keen to hoover up every last datapoint about me they can.

My ISP can for the most part look at HTTPS SNI field and see all the domains I access anyway. So switching to say, Google DoH, only means that now Google have that list as well as my ISP.

> some American mega-corp keen to hoover up every last datapoint about me they can

That's a really good description of both Comcast and Verizon. Not so much of Cloudflare though - they seem to actually care about people's privacy.

> My ISP can for the most part look at HTTPS SNI field and see all the domains I access anyway. So switching to say, Google DoH, only means that now Google have that list as well as my ISP.

Isn't this just an argument to hurry up and get eSNI/ECH rolled out everywhere?

Absolutely reason to promote ECH.

Sure Cloudflare are better than those other big US ISPs.

But for those of us in the EU, where such practices are illegal, we may want to think twice about giving our data to Cloudflare (who are subject to requests from US govt for instance.)

Even in the EU, couldn't there still be a privacy benefit? Set aside for a minute what's legal and illegal, and just consider what entities are capable and incapable of. By using a DoH provider (that sees what domains your client IP is looking up) other than your ISP (that knows that your client IP goes with your real-life identity), there's now no single entity capable of associating your real-life identity with which domains you've looked up.
Well, it does break pihole.

And I already use trusted DNS providers (over TLS) so it's not really an issue. My provider can't see my DNS lookups. Also, in the EU providers are not allowed to use deep packet inspeciton so they only know your queries if you use their own DNS.

Hardcoding an IP is really difficult to do for adtech providers for 2 reasons:

1) They usually subcontract to cloud providers that don't guarantee IPs

2) It breaks SNI (Server Name Indication), also heavily used on cloud services

There's better ways to do secure DNS than DoH, like DoT (DNS over TLS)

I like secure DNS but I still want my own server to be the middleman. With DoH this isn't easily possible, especially on mobile due to the root CA issue. DoH is normally implemented using a major player like CloudFlare. Sure, they promise not to look at it. But the phrase "Don't be evil" still is pretty fresh in my mind.

But anyway, it's a moot point. Even if we could block DoH somehow (we can't due to certificate pinning and Android no longer allowing to add a global root CA since Android 7), app providers could just implement their own lookup system or something. Whether we like DoH or not it's here to stay.

> Well, it does break pihole.

Sure, but that's only because your computer can't distinguish your Pi-hole blocking DNS to block ads from an evil ISP blocking DNS to censor you. And if your device supports DoH, can't you just point it to one of the many publicly-available DoH servers, or set up a DoH server on your Pi-hole and then point at that?

> It breaks SNI (Server Name Indication), also heavily used on cloud services

They can just hardcode the IP in the hosts file, not in the client program. Then SNI will still work normally.

> There's better ways to do secure DNS than DoH, like DoT (DNS over TLS)

Then the people who want to do censorship and surveillance will all just block port 853. It's a feature that DoH is hard to distinguish from other HTTPS traffic.

> I like secure DNS but I still want my own server to be the middleman. With DoH this isn't easily possible, especially on mobile due to the root CA issue.

Can't you set up your own DoH server with its own domain name, get a Let's Encrypt certificate for it, then point your mobile device at that?

> DoH is normally implemented using a major player like CloudFlare. Sure, they promise not to look at it. But the phrase "Don't be evil" still is pretty fresh in my mind.

Isn't the alternative that your ISP is definitely looking at it?

> Can't you set up your own DoH server with its own domain name, get a Let's Encrypt certificate for it, then point your mobile device at that?

Yes. But what’s the angle here? You trust “ISP(s) hosting your DoH server” but not “ISP providing phone connection?”

Might be a legitimate reason for that, but ultimately as with all these discussions it’s just a matter of who you’d rather give the data to.

And your ISP will still be able to see from SNI for the most part so… it boils down to “my ISP can see anyway (via SNI), should I also let someone else see (DoH provider)?”

> Yes. But what’s the angle here? You trust “ISP(s) hosting your DoH server” but not “ISP providing phone connection?”

Your own DoH server could just do the filtering you want and then hand off the work to another real DoH server like Cloudflare's.

> Might be a legitimate reason for that, but ultimately as with all these discussions it’s just a matter of who you’d rather give the data to.

True, but in most of the USA, your ISP is the least trustworthy choice for who to give your data to.

> And your ISP will still be able to see from SNI for the most part so… it boils down to “my ISP can see anyway (via SNI), should I also let someone else see (DoH provider)?”

So let's hurry up and deploy eSNI/ECH everywhere.

> Then the people who want to do censorship and surveillance will all just block port 853. It's a feature that DoH is hard to distinguish from other HTTPS traffic.

Not an issue here in the EU. Alternative DNS is not blocked. Providers sometimes block the pirate bay but they're never obliged to block alternative DNS and they're not allowed to anyway as they're not allowed to do Deep Packet Inspection.

> Isn't the alternative that your ISP is definitely looking at it?

No, this is not allowed in the EU. They can see it if you use their DNS. Otherwise not.

I understand the feature that hiding the DNS traffic among other HTTPS traffic brings, but this is mainly a feature in countries without strong privacy laws. For me I would prefer to separate the traffic so I can control it myself.

And really if I'm in a country with such invasive censoring I would prefer to use a VPN and avoid their prying eyes altogether. DNS is only part of the equation. IP endpoints still tell them a lot. Especially on IPv6 as there's no more need for SNI.

I'm just not sure if it's a good idea to obfuscate core protocols of the internet, just to avoid an issue in certain countries that is not very well solved by this anyway. At the same time I have to give up a lot of valuable statistics, troubleshooting data and validation about whether apps do as they claim.

However like I said I can't stop an app doing this, precisely for the reason it's obfuscated. I won't use it on my own network however.

> Can't you set up your own DoH server with its own domain name, get a Let's Encrypt certificate for it, then point your mobile device at that?

I don't want to bother with getting public domain names and validate their IP with Let's Encrypt just because I want to use them internally. The renewal process is really complex for something that doesn't have a public IP and I don't want to have my internal DNS available on the internet (it also contains local domain names only available on my LAN and P2P VPN)

In fact encrypting that traffic on the local segment doesn't really add any value for me. I just encrypt the outbound part (from the pihole) with DoT.

> They can just hardcode the IP in the hosts file, not in the client program. Then SNI will still work normally.

How would that work? I control my host file. Apps can not mess with it. Not on my computer and not on my phone.

It's great that you live somewhere where you don't have to worry about any of these things, but a lot of us aren't so lucky.

> And really if I'm in a country with such invasive censoring I would prefer to use a VPN and avoid their prying eyes altogether.

Those countries block VPNs.

> Especially on IPv6 as there's no more need for SNI.

I can foresee CloudFlare offering a single-IPv6 shared endpoint for the sole purpose of making eSNI/ECH remain effective.

> At the same time I have to give up a lot of valuable statistics, troubleshooting data and validation about whether apps do as they claim.

Can't you get this information directly off of your endpoint device, whether or not the traffic is encrypted over the network?

> How would that work? I control my host file. Apps can not mess with it. Not on my computer and not on my phone.

I was thinking more about IoT appliances when I wrote that. For programs on your phone or computer, they can tell their TLS library to use whatever SNI you want, so even if they did hardcode the IP in the client program, SNI could still include the right hostname.

What's DoH?
DNS over HTTPS. It is a new(ish) way to do lookups that deals with the insecurity of most DNS setups (where packets are often neither signed nor encrypted) by hitting a resolver over https. Often the application will hard code the resolvers it intends on using, which leads people to believe it is adtech as it allows apps to bypass blocking by PiHole and the like. It, like most tech, can be used or abused.
I think that’s the fundamental change it brings.

Once the system, or network admin would set the DNS servers up and everything on the system would use those. There is no reason why that paradigm couldn’t continue and move to DoH.

The other change is that applications are now bypassing the system-configured DNS and sending requests (and thus data about what you are looking at,) where the application wants. The “centralisation” issue also comes into this. But again, the change from a system-level to per-app setting could happen with regular old plaintext DNS.

DoH is part of the discussion in both cases, which clouds the debate.

If you want dns-level ad blocking, there's also nextdns.io. You can also use it outside of your home network. I'm on their free tier and very happy with them.
Mullvad VPN also has an adblock DNS server. I am not sure, but I think everyone can use it.
That works if you're browsing from a fixed location.

By contrast, browser extensions work wherever you are -- at work, in a bus/train, in a hotel, etc.

It is not better, because Pi-hole is limited to Dns based blocking.

Ublock origin can block much more content than a pi-hole…

So, use both.

one think that I dont like about pi-hole is its impossible to add exception to website I deliberately support.
No it isn't? It's entirely list based, it doesn't do anything without a domain being listed to block.

Even if a third-party list you've added blocks something you don't want to block, you have an overriding whitelist.

They mean allowing ads on aites they want to support.
Yes, I know? So don't block (or whitelist to override a third-party list in use) the sites you want to support?

What am I missing?

Ads are hosted by ad networks that appear on many sites.
Well sure if they're loaded directly that won't work, but it's hardly Pi-Hole's fault, what could it do?
uBlock origin doesn't seem to work well for me in Chrome compared to how well it works in Firefox.
Chrome made API changes that broke it
Man, that's awful. Why would anyone use Chrome then? Ugh.
Probably for the same reasons you use it.
Firefox is superior on all platforms except Mac/iOS IMO
On chrome (and chromium based browsers afaik), the browser loads the web pages first and then loads extensions compared to firefox which loads extensions first and then the web pages.
uBlock Origin is amazing in that it has not succumbed to scammers. Every other blocker including AdBlock and the original uBlock have sold out to scummy companies. It's a problem with every successful browser extension, they all start getting offers from scammers to sell out.

We all owe a huge debt of gratitude that gorhill is a principled character and has stayed on to guide uBlock Origin all these years.

Absolutely. Ublock origin is probably one of the highest impact products on my life. I would have a measurably worse time if it didn't exist or didn't work as well as it does. And it is free!

The developer is a saint, and it just occurred to me that I should donate to their project.

Given uBlock's popularity and impact on advertising (money), I'm wondering what kind of scrutiny and attacks the devs and project gets continually.
Oh me too. Despite addons being less dangerous nowadays (no FS access), a supply-chain attack on UBO would be massively bad.

That's a reason why I strictly install very few addons.

This should be recognized more. I can think of a lot of applications that have like-wise succumbed to the darkness. uTorrent off the top of my head.

VLC should get a special award for not sucking after gaining popularity.

Sadly uTorrent did succumb to darkness a while ago by bundling a bitcoin miner and other dodgy software with the client as installer opt-out checkboxes.
That's not an accident. uBlock Origin used to be called just "uBlock". The author of uBlock Origin gave up control of uBlock because he was frustrated with requests to the project.[0] He immediately regretted this decision, forked the original project and this event cemented his view that uBlock Origin would never be out of his control.

[0] https://en.wikipedia.org/wiki/UBlock_Origin

> We all owe a huge debt of gratitude that gorhill is a principled character and has stayed on to guide uBlock Origin all these years.

Absolutely. Thank you gorhill!

uBlock Origin is cool, but the reason I stopped using it is that any web page stopped opening on my work PC. Never found out why, used Adblock Plus since. Considering going back now.
Ironically, ublock origin does not work on this blog page & allows scripts such as google analytics to run because it is hosted under the umbrella domain addons.mozilla.org

I wish the exception for add-ons not working on the addons site would only apply to the actual add-on download portion of the site, and they don't host random non-addon-download content on the same domain.

Or that Mozilla wouldn't serve that crap. They should know better, after all they even make their own blocker.
They do know better, which is why they don't.

https://bugzilla.mozilla.org/show_bug.cgi?id=697436#c14

If there is an "obvious" problem, chances are it has already been addressed and you are not the first person to see it.

> We now have two check boxes in our GA premium account that allows us to opt-out of additional usage of our data. Because Mozilla pushed Google so hard, those two check boxes are available to every other GA user in the world regardless if they have a premium account like we do. GA also doesn't track IPs or store PII within the tool.

I'm very confused. How the hell does Mozilla have enough lobbying power with Google to strong-arm them into providing an option for every user to undercut the very data collection Google provides GA for?

Possibly they brought out the GDPR-hammer to force their hand.
By taking credit for a wider initiative Google was already pursuing. It wasn’t just Mozilla pushing for it.
But this assumes you trust Google. Why would you trust an entity whose business model is against your interests and who has the ability to hide their misuse of data (given how many factors go into ad targeting, it's impossible to prove whether a particular ad was targeted based on data collected legally or not) and is big enough to successfully fob off privacy regulators (their consent flow is still not GDPR compliant)?
Wait, there's a way around this.

Open a new tab. Enter about:config

Search for this specific line: extensions.webextensions.restrictedDomains

Remove any entries you feel offend. I personally clear the whole list out, no website should bypass my addons.

Source: https://forums.informaction.com/viewtopic.php?p=97010&sid=7f...

I just did this on my Linux box where Firefox is my daily driver. The only domains listed were firefox or mozilla ones.
I love unlock, don’t get me wrong, but why the hell isn't adblocking built into my browser? And disabling auto play for that matter.

The state of web browsers is absolute and pure insanity.

> why the hell isn't adblocking built into my browser?

Because the maker of your Web browser is funded by advertising money.

Not mine! I use… ah damnit.

This a really interesting point I never considered, but Mozilla isn’t being paid by a ton of different advertisers to not implement blocking - are they? How would we know?

Side note, I would absolutely pay for a browser that rolled everything in without setting it up myself.

What if I'm using safari?
Still true. Apple makes money off adversting just like anyone else. they also get paid obsurd amounts of money to from Google to make them the default search engine in Safari.
Apple's interests are aligned with corporate interests in general including advertising networks.
Are there open source browser derivatives that bundle such an extension?

Any browser beside Chrome or Firefox seems to only be installed by power users, who also know how to install an adblocker.

bc Chrome is owned by Google - an advertising company, same goes for Edge?
In fairness, Microsoft includes Adblock Plus with Edge for iOS. It's not enabled by default, though.

(And ABP isn't what it once was, anyway, that's for sure)

Last I remember, AdBlock Plus works with select advertising networks to allow their ads.
Right so we’re willing to use user hostile products and let them run our lives?
I don't know why you are being downvoted for your curiosity.

To answer your question - it's because the major source of revenue for browser makers is search engines. Google, Yahoo, Bing etc. pay browser maker money to bundle their search engine in the browser, and also share a small percentage of revenue with them. Search engines make money from advertising. So obviously they discourage browser makers from including ad blocking tech in browsers. (Look at the money involved - Google Said to Pay Apple $15 Billion to Remain Default Search Engine on Safari in 2021 - https://gadgets.ndtv.com/apps/news/google-apple-default-sear... ... and you can understand why it is so difficult to say no to it).

Re the downvotes, I talk too much like Reddit. Dw though I don’t fall for the endorphin trap of seeking approval from my peers; it deters original thought.

Also this accounts a burner so I guess I do fall for the trap but downvote away if you like.

I too love ublock but your statement just smacks of stupidity. I don't want a mainstream browser to be so opinionated as to take it upon itself to block various domains. And the meme of calling everything you don't like "absolutely insane"... Take that shit back to Reddit imo
Sure, I get the censorship issue but there’d be nothing stopping you select a blocklist which you politically and socially align to. AFAIK unlock origin does this, so why baking that directly into the browser makes you so mad is beyond me.

And absolutely insane is a dig at this distopia where we’re allowing advertising companies to drive the technology which would arguably be more valuable than currency.

But sure, off to Reddit I go, just because you don’t like the way I talk.

sorry about that. yeah, my own reply was the stupid one.
I think your point about browser companies controlling blocklists is valid, particularly in the current landscape.

I’m all for data privacy and freedom of speech, but i also think we need to place revocable trust in other parties to curate our data in a way that improves signal to noise ratios while not impeding on actual freedoms (lest we revoke our trust).

But also browsers should just disable auto play videos they’re damn offensive.

I too often wonder about this. The answer is conflicts of interest. We can't trust Google to maintain an effective ad blocker. Firerox is also funded by Google.
i hate that website start serving ads on their content domain. this is where ublock origin shines because pihole or adguard do not cut it anymore.
Was worried about running all my web history through this extension for privacy reasons, has anyone gone through the source code to verify uBlock Origin’s privacy policy?
(comment deleted)
Yes. Google has. It's in the Chrome Store.

sloccount gives 34516 LOC for the src/js directory. As the sibling points out, you can also verify the code yourself.

I’ve really been enjoying Firefox lately, and this just makes it better. I was historically suspicious of the idea of doing things in the browser, but for many things it now seems the most portable and privacy-preserving way to do most things, and I’ve given up many apps (e.g. I listen to podcasts now from the browser).
uBlock has always been the first add on I install on any new computer.
I really hope you mean uBlock Origin and not just uBlock. The latter should be avoided at all costs.
God I just wish Safari supported uBlock Origin. I want to use Safari for the performance and battery saving.
Been using 1blocker and it’s ok generally but useless on YouTube.
Using Firefox + uBlock will also increase battery saving - with uBlock Firefox makes fewer network connections (to the ads / trackers servers), fewer ad images / videos are loaded by the browser saving both processing power, memory and bandwidth, and cpu processing is reduced due to blocking of unwanted (ad / tracker) javascript.
hey y'all. what else is out there like uBlock.
hey y'all. what else is similar to uBlock.
I sorta wish Brave worked with gorhill to port uBO to C++ instead of building their own Shields native module
That would be awesome. Brave's blockers just aren't as good as uBlock Origin.
You can use ublock origin with brave in conjunction with shields. It would've made sense to partner though
I use both but I wonder does it make sense?
I just wish that they'd add a text or symbol in the top of the global and local dynamic filtering boxes. Every single time that I use it I have to look up which one's which, because it isn't obvious and I can't remember.
(comment deleted)
yeah, whenever I add a rule that ends up messing things up I click the wrong thing first to undo it
I recently discovered that it also acts as a great anti-productivity page blocker. Simply add your top social and news addiction pages to the blacklist and you’re set.

I use Firefox only for work, which has helped me immensely to stay focused and not “just quickly check hacker news for the tenth time in an hour” (as much as I like to ;)).

For HN specifically, you can also tweak the noprocrast settings in your HN profile.
Indeed. And block all the other sites. They are inferior anyway!
(comment deleted)
> Simply add your top social and news addiction pages to the blacklist and you’re set.

It’ll make finding tips like this much harder.

To Hacker News, the cause of, and solution to, all of life's procrastination problems!
On my phone, I blocked the feeds for Hacker News, Reddit and a few other sites. I blocked notification badges on most sites. I can still get to individual pages from Google, but I can't mindlessly browse those websites.

It's really effective. I don't even know what to do with my phone any more.

> I don't even know what to do with my phone any more.

I hear there's some way you can use an app on your phone to have a voice conversation with someone else, but apparently you need to know a magic number?

That sounds terrifying
Seems like incredibly poor market fit.

I'm told there was even a time when the number only addressed a location, so you would have to figure out who was talking on the other end through a complex linguistic handshake.

And it didn't even have identity authentication, past a basic voiceprint!

I do something similar, I noticed that a link to a tweet in an article that I'm reading will always result in me clicking through and then wasting time catching up.

I used this filter, it makes twitter links look like normal text:

    ##a[href*="twitter.com"]:style(pointer-events: none!important; text-decoration: inherit!important; color: inherit!important)
Yes, the ability to block parts of pages is handy too.

I've not taken to blocking whole sites yet. But sites with "recommendations" attached to every page are a real distraction. I block them on stackoverflow, otherwise I end up reading about the etymology of some obscure word or advice for a dungeon master in a weird D&D scenario =)

On Android, Firefox allows extensions. Including uBlock Origin.
At present Firefox on android only allows a limited range of extensions from Addons Manager, but you're right, uBlock Origin is one of them. I really look forward to them being opened up so I can build my own without any hassle.

( https://blog.mozilla.org/addons/2021/01/20/extensions-in-fir... )

Oh, interesting! All the extensions I ever tried were just there. But those were just uBlock Origin and NoScript.

Shows what I know..

Firefox mobile wont load the xpi file, is there an alternative way to install?
XPI? Why would you need an XPI? Just click on three dots, add-ons, and then click on the + sign next to uBO.
Ah I see, on Firefox mobile, one cannot load extensions from their website, only from some extensions manager inside the app.
uBlock Origin is one of the 18 extensions that are pre-approved for use in Firefox for Android. To use any other add-ons from addons.mozilla.org, you'll need to use Firefox Nightly (https://play.google.com/store/apps/details?id=org.mozilla.fe...) and follow these instructions:

https://blog.mozilla.org/addons/2020/09/29/expanded-extensio...

Alternatively, you can use Fennec F-Droid, a fork of Firefox that supports a "Custom Add-on collection" by default: https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/

I'm not sure why Mozilla is refusing to allow these extensions on the Beta channel, since the WebExtensions support is definitely stable enough for Firefox Beta.

I'm not sure why companies think that restricting usage this way improves their product in any way. You need a different build, and an online account to do something that should require neither.

Heck, I can only partially understand the "click many times over crap" to enable experimental features, which should have been _enough_ to begin with (and certainly not a requirement in a beta build). How many hoops do I need?

After reading this, I was really /hoping/ Fennec would remove the requirement of having a Mozilla account, but no, you still need to create an account and an useless "collection".

TBH I use (and ever used) Firefox just due to the available extensions. The value proposition has decreased quite a bit with recent FF versions, and on Android uBlock is pretty much the only reason I stick to it.

I wish I had more alternatives, because clearly the browser duopoly isn't working.