For Firefox, Request Policy is more or less equivalent. HTTP Switchboard has a better interface, though. Request policy works on a global per domain basis (allow/forbid), this one has better granularity (you can specify the type of content for each (sub)domain).
I like and use RequestPolicy on a daily baiss, but unfortunately the version on AMO hasn't been updated for some time now. There are a number of long-standing issues (like clicking links in the view source view,) including one that allows bypassing the whitelist entirely [0].
>this one has better granularity (you can specify the type of content [...]
Mmm, RequestPolicy's meant to allow or deny cross-domain communications full stop. It doesn't care too much about what happens once it's allowed.
The granularity offered in HTTP switchboard is better suited to dealing with cross-domain "annoyances" than RequestPolicy.
>[...]for each (sub)domain).
Not quite the same, but RequestPolicy allows you to use the effective TLD, full domain, or scheme + full domain + port for your rules (it's under preferences.) By default it uses the effective TLD.
> Not quite the same, but RequestPolicy allows you to use the effective TLD, full domain, or scheme + full domain + port for your rules (it's under preferences.) By default it uses the effective TLD.
The trouble is that the setting is global. If you chose "full domain", the UI doesn't allow you to whilelist a TLD anymore, which is annoying for some CDNs (some sites change the subdomain of their CDN for each page load).
Yeah, that's a design issue in RequestPolicy that I'd like to see fixed. I never use the full domain option because it's such a pain to use on sites with many subdomains.
What the title nor the github account are up front about is that this is an ad/privacy blocker that comes with a rather large blacklist[1]. I tried disabling it (because, like the title, I only wanted to block a single thing) but it wouldn't let me work around the blacklist.
Perhaps be more up front that this is an adblocker.
I suppose I could if I wanted to go to that very large amount of effort just to get that small amount of functionality. Methinks a userscript would be a lot easier.
I'd agree with your comment if I'd said "They should take the blacklist out." Instead I wrote that the title and github project are not up front about a core piece of functionality of the plugin.
I don't think I agree with your characterisation of the extension. It's a switchboard that happens to have predefined blacklists focused on ad/privacy, not an adblocker. AdBlockPlus doesn't let me do what this tool does, nor does Ghostery.
I do think one should be able to ditch/modify the blacklists though, without forking the repo.
Ah. That is pretty obscure though! I can't even see how to get to the tour from the main page... Oh I see now, the Wiki link on the side.
It's a good project and I love your UI. I'm not trying to criticise negatively, just point out that I was surprised by one of the major features, and perhaps others would be too.
Fair enough. Yesterday night I also added the following in the first paragraph of the README file (and detailed description in Chrome store): "As of December 2013, the extension comes with preset blacklists totalling over 45,000 distinct hostnames."
Do you think that there will ever be widespread/mainstream client-side control of the web like this? Where it was the norm that, say, 90% of web users blocked ads and analytics? Would it be good or bad?
I think we'd see sites implement some sort of check to see if their ad scripts loaded properly, and ad/analytic providers enabling this through hooks. There would probably be "good" providers that would get whitelisted.
As a web user, I welcome this extension. It's my browser, and I should be able to control its IO.
As a web developer... well, I've never been a fan of advertising-based revenue, but I'd like accurate analytics.
I block most tracking services. I wish I didn't have to do that. I'd love if sites could get accurate analytics, as long as the data stays with the website owners (so, nothing from external companies and no pinging Google etc.), isn't shared with third parties (no, not even "trusted" third parties), retention times are not longer than 2 years, it's reasonably anonymized, etc.
Until a trustworthy self-hosted analytics script that's fast and doesn't consume too many resources appears, my browser/OS and other info will remain underrepresented in websites' analytics dashboards.
NoScript takes care of most tracking systems (those loaded from third-party domains), and has surrogate scripts to prevent it from breaking websites that attempt to depend on the most common tracking scripts, and for this it is the first line of defense. AdBlock I use mostly for most common forms of single-pixel tracking images (and ads, of course), and Cookie Monster to manage cookie permissions, and BetterPrivacy to get rid of flash cookies. RequestPolicy is the nuclear option for when I'm feeling most paranoid. (EDIT: RequestPolicy's 1.0 betas have a default-allow mode, which makes it much easier to leave enabled during everyday use.)
For me, the toughest thing is to figure out which cloudfront subdomains to allow.
> I think we'd see sites implement some sort of check to see if their ad scripts loaded properly, and ad/analytic providers enabling this through hooks.
NoScript's surrogate scripts are the user's side of this arms race. I think it should be clear that the advertisers can only have as much success as any other DRM provider that relies solely on obfuscation while still trusting the client. Surrogate scripts can be updated more quickly than the multitude of web sites that need to verify that an ad was shown.
Now for the hypothetical question as to whether it would be "bad or good", I don't understand: how could it be bad if 90% of people make the choice of blocking unwanted content/connection?
"Google derives most of its value from advertising where it competes primarily with Microsoft, Yahoo and Facebook. . According to our estimates, standard PC search ads account for over 30% of Google’s overall value and 60% of its revenues. However, the recent trend in earnings indicates that the growth in online PC ads revenues is slowing down. Additionally, the company’s market share of the U.S. search marketplace has been stagnant at 67%, according to latest data by comScore."
Primarily ad-funded free websites would make losses, or go paid. Us, the customers, pay for not wanting to see ads.
Of course, this is just my opinion on what might happen.
To me it's more a matter of ad and content providers adjusting to reality than playing pretend. My view on this is that by blocking ads, I am actually helping these providers by telling them a piece of reality: I don't care about your ads, so I block them, because it won't translate into a sale on my end anyways.
If ever blockers are used by a majority of people, content and ad providers will have to deal (rather than whine) with this reality, it's called "market forces".
Now that's just regarding ads, but of course there is another consideration for blockers: privacy. It's creepy to stumble onto a marketing firm bragging to their prospective clients that they will be able to "see absolutely everything your visitors do on your webpage ... See their every mouse move, click and keystroke".
Just to add to my previous reply, one of the venue I would like to see more from content providers is micro-tipping. Provide a way for the readers to micro-tip for an article they liked, etc. There are a lot of new ideas out there with a lot of potential. Let people connect as directly as possible with authors.
A "major" Norwegian language tech-network (tek.no/hw.no/gamer.no etc) recently started demanding that you either show ads, or use their paid service. That means that with adblock/noscript, they do some tricks to hide content, forcing you to either make some kind of effort to get to the content, or whitelist them.
I have no idea how successful that has been for them with regards to increasing revenue -- I do know that I've pretty much stopped reading them (but a large part of that is that their content is hastily written crap, not offering much of any value over other, better, international sites). Had at least some of their reviews and articles been worth reading, I might have considered paying for a subscription.
I'm not sure what the takeaway is from that, though. Don't try to sell crap?
Me, I'd be fine with sites that blocked users that don't display ads, like me. Then I could make the choice whether it's important enough to me that I would put up with them. It's unlikely I would but at least at that point we're on a level playing field.
I'd actually support some sort of request header that (unlike the utterly useless DoNotTrack) says something like WillNotDisplayAdvertising.
Thanks for posting this. The code is easy to follow which is always a notable accomplishment. It's also a really good example of github usage including opening of issues, commenting on them, and closing them. And a pretty nice wiki as well.
It's in the extension's pop-up menu: click the top-right icon, and there is the option "HTTPSB on/off" (recording continues though even if off, so one can still see what is going on in the page).
41 comments
[ 3.3 ms ] story [ 97.7 ms ] threadhttps://www.requestpolicy.com/
https://addons.mozilla.org/en-US/firefox/addon/requestpolicy...
I like and use RequestPolicy on a daily baiss, but unfortunately the version on AMO hasn't been updated for some time now. There are a number of long-standing issues (like clicking links in the view source view,) including one that allows bypassing the whitelist entirely [0].
>this one has better granularity (you can specify the type of content [...]
Mmm, RequestPolicy's meant to allow or deny cross-domain communications full stop. It doesn't care too much about what happens once it's allowed.
The granularity offered in HTTP switchboard is better suited to dealing with cross-domain "annoyances" than RequestPolicy.
>[...]for each (sub)domain).
Not quite the same, but RequestPolicy allows you to use the effective TLD, full domain, or scheme + full domain + port for your rules (it's under preferences.) By default it uses the effective TLD.
[0] http://blog.saynotolinux.com/2013/11/bypassing-requestpolicy...
The trouble is that the setting is global. If you chose "full domain", the UI doesn't allow you to whilelist a TLD anymore, which is annoying for some CDNs (some sites change the subdomain of their CDN for each page load).
Perhaps be more up front that this is an adblocker.
[1]: This is just one of the blacklists: https://github.com/gorhill/httpswitchboard/blob/a325083df02b...
It is licensed under the GPL, which was created for this very use case.
I'd agree with your comment if I'd said "They should take the blacklist out." Instead I wrote that the title and github project are not up front about a core piece of functionality of the plugin.
I do think one should be able to ditch/modify the blacklists though, without forking the repo.
This was on my todo list, but there, I formalized it.
This has been there for two months:
https://github.com/gorhill/httpswitchboard/wiki/Quick-tour-%...
"Thanks to these preset blacklists maintained by good spirited people, nothing from these locations could make it to the browser"
The slide is a bit dated though, as you can graylist or whitelist a preset blacklist entry, which was not possible back then.
It's a good project and I love your UI. I'm not trying to criticise negatively, just point out that I was surprised by one of the major features, and perhaps others would be too.
As a web user, I welcome this extension. It's my browser, and I should be able to control its IO.
As a web developer... well, I've never been a fan of advertising-based revenue, but I'd like accurate analytics.
Until a trustworthy self-hosted analytics script that's fast and doesn't consume too many resources appears, my browser/OS and other info will remain underrepresented in websites' analytics dashboards.
For me, the toughest thing is to figure out which cloudfront subdomains to allow.
NoScript's surrogate scripts are the user's side of this arms race. I think it should be clear that the advertisers can only have as much success as any other DRM provider that relies solely on obfuscation while still trusting the client. Surrogate scripts can be updated more quickly than the multitude of web sites that need to verify that an ad was shown.
* AdBlock Plus * NoScript * WOT * Ghostery * Better Privacy * DoNotTrackMe
https://addons.mozilla.org/en-US/firefox/extensions/privacy-...
Now for the hypothetical question as to whether it would be "bad or good", I don't understand: how could it be bad if 90% of people make the choice of blocking unwanted content/connection?
"Google derives most of its value from advertising where it competes primarily with Microsoft, Yahoo and Facebook. . According to our estimates, standard PC search ads account for over 30% of Google’s overall value and 60% of its revenues. However, the recent trend in earnings indicates that the growth in online PC ads revenues is slowing down. Additionally, the company’s market share of the U.S. search marketplace has been stagnant at 67%, according to latest data by comScore."
Primarily ad-funded free websites would make losses, or go paid. Us, the customers, pay for not wanting to see ads. Of course, this is just my opinion on what might happen.
If ever blockers are used by a majority of people, content and ad providers will have to deal (rather than whine) with this reality, it's called "market forces".
Now that's just regarding ads, but of course there is another consideration for blockers: privacy. It's creepy to stumble onto a marketing firm bragging to their prospective clients that they will be able to "see absolutely everything your visitors do on your webpage ... See their every mouse move, click and keystroke".
I have no idea how successful that has been for them with regards to increasing revenue -- I do know that I've pretty much stopped reading them (but a large part of that is that their content is hastily written crap, not offering much of any value over other, better, international sites). Had at least some of their reviews and articles been worth reading, I might have considered paying for a subscription.
I'm not sure what the takeaway is from that, though. Don't try to sell crap?
Me, I'd be fine with sites that blocked users that don't display ads, like me. Then I could make the choice whether it's important enough to me that I would put up with them. It's unlikely I would but at least at that point we're on a level playing field.
I'd actually support some sort of request header that (unlike the utterly useless DoNotTrack) says something like WillNotDisplayAdvertising.
I think it is pretty solid right now, if you keep working on it, it could soon become the new Adblocker.
Installed it, none of my sites work because of your addon blocking everything by default.
It needs to allow everything first by default and I can selectively turn off the crap.