41 comments

[ 3.3 ms ] story [ 97.7 ms ] thread
For Firefox, Request Policy is more or less equivalent. HTTP Switchboard has a better interface, though. Request policy works on a global per domain basis (allow/forbid), this one has better granularity (you can specify the type of content for each (sub)domain).

https://www.requestpolicy.com/

https://addons.mozilla.org/en-US/firefox/addon/requestpolicy...

(comment deleted)
Neat. Analogous to using a personal firewall (eg Little Snitch), except for the browser.
> https://addons.mozilla.org/en-US/firefox/addon/requestpolicy...

I like and use RequestPolicy on a daily baiss, but unfortunately the version on AMO hasn't been updated for some time now. There are a number of long-standing issues (like clicking links in the view source view,) including one that allows bypassing the whitelist entirely [0].

>this one has better granularity (you can specify the type of content [...]

Mmm, RequestPolicy's meant to allow or deny cross-domain communications full stop. It doesn't care too much about what happens once it's allowed.

The granularity offered in HTTP switchboard is better suited to dealing with cross-domain "annoyances" than RequestPolicy.

>[...]for each (sub)domain).

Not quite the same, but RequestPolicy allows you to use the effective TLD, full domain, or scheme + full domain + port for your rules (it's under preferences.) By default it uses the effective TLD.

[0] http://blog.saynotolinux.com/2013/11/bypassing-requestpolicy...

> Not quite the same, but RequestPolicy allows you to use the effective TLD, full domain, or scheme + full domain + port for your rules (it's under preferences.) By default it uses the effective TLD.

The trouble is that the setting is global. If you chose "full domain", the UI doesn't allow you to whilelist a TLD anymore, which is annoying for some CDNs (some sites change the subdomain of their CDN for each page load).

Yeah, that's a design issue in RequestPolicy that I'd like to see fixed. I never use the full domain option because it's such a pain to use on sites with many subdomains.
Very nice. I like the effort you've put into making it look great as well.
What the title nor the github account are up front about is that this is an ad/privacy blocker that comes with a rather large blacklist[1]. I tried disabling it (because, like the title, I only wanted to block a single thing) but it wouldn't let me work around the blacklist.

Perhaps be more up front that this is an adblocker.

[1]: This is just one of the blacklists: https://github.com/gorhill/httpswitchboard/blob/a325083df02b...

You could fork it, get rid of the black lists and publish it on the Chrome web store.

It is licensed under the GPL, which was created for this very use case.

I suppose I could if I wanted to go to that very large amount of effort just to get that small amount of functionality. Methinks a userscript would be a lot easier.

I'd agree with your comment if I'd said "They should take the blacklist out." Instead I wrote that the title and github project are not up front about a core piece of functionality of the plugin.

Userscripts wait for the DOM to finish loading, though, no? Thus defeating the purpose of saving bandwidth?
They run at either "document-start", "document-end" or "document-idle". "document-start" is as soon as possible.
All it takes is a one-time developer registration fee of US$5.00 to verify your account and publish.
Didn't cost me anything to publish to the Chrome store.
I don't think I agree with your characterisation of the extension. It's a switchboard that happens to have predefined blacklists focused on ad/privacy, not an adblocker. AdBlockPlus doesn't let me do what this tool does, nor does Ghostery.

I do think one should be able to ditch/modify the blacklists though, without forking the repo.

> "the title nor the github account are up front about is that this is an ad/privacy blocker that comes with a rather large blacklist"

This has been there for two months:

https://github.com/gorhill/httpswitchboard/wiki/Quick-tour-%...

"Thanks to these preset blacklists maintained by good spirited people, nothing from these locations could make it to the browser"

The slide is a bit dated though, as you can graylist or whitelist a preset blacklist entry, which was not possible back then.

Ah. That is pretty obscure though! I can't even see how to get to the tour from the main page... Oh I see now, the Wiki link on the side.

It's a good project and I love your UI. I'm not trying to criticise negatively, just point out that I was surprised by one of the major features, and perhaps others would be too.

Fair enough. Yesterday night I also added the following in the first paragraph of the README file (and detailed description in Chrome store): "As of December 2013, the extension comes with preset blacklists totalling over 45,000 distinct hostnames."
(comment deleted)
Do you think that there will ever be widespread/mainstream client-side control of the web like this? Where it was the norm that, say, 90% of web users blocked ads and analytics? Would it be good or bad?
I think we'd see sites implement some sort of check to see if their ad scripts loaded properly, and ad/analytic providers enabling this through hooks. There would probably be "good" providers that would get whitelisted.

As a web user, I welcome this extension. It's my browser, and I should be able to control its IO.

As a web developer... well, I've never been a fan of advertising-based revenue, but I'd like accurate analytics.

I block most tracking services. I wish I didn't have to do that. I'd love if sites could get accurate analytics, as long as the data stays with the website owners (so, nothing from external companies and no pinging Google etc.), isn't shared with third parties (no, not even "trusted" third parties), retention times are not longer than 2 years, it's reasonably anonymized, etc.

Until a trustworthy self-hosted analytics script that's fast and doesn't consume too many resources appears, my browser/OS and other info will remain underrepresented in websites' analytics dashboards.

What is your method to block things?
NoScript takes care of most tracking systems (those loaded from third-party domains), and has surrogate scripts to prevent it from breaking websites that attempt to depend on the most common tracking scripts, and for this it is the first line of defense. AdBlock I use mostly for most common forms of single-pixel tracking images (and ads, of course), and Cookie Monster to manage cookie permissions, and BetterPrivacy to get rid of flash cookies. RequestPolicy is the nuclear option for when I'm feeling most paranoid. (EDIT: RequestPolicy's 1.0 betas have a default-allow mode, which makes it much easier to leave enabled during everyday use.)

For me, the toughest thing is to figure out which cloudfront subdomains to allow.

> I think we'd see sites implement some sort of check to see if their ad scripts loaded properly, and ad/analytic providers enabling this through hooks.

NoScript's surrogate scripts are the user's side of this arms race. I think it should be clear that the advertisers can only have as much success as any other DRM provider that relies solely on obfuscation while still trusting the client. Surrogate scripts can be updated more quickly than the multitude of web sites that need to verify that an ad was shown.

I think you can find some sort of answer by looking at the most popular extensions on Firefox:

* AdBlock Plus * NoScript * WOT * Ghostery * Better Privacy * DoNotTrackMe

https://addons.mozilla.org/en-US/firefox/extensions/privacy-...

Now for the hypothetical question as to whether it would be "bad or good", I don't understand: how could it be bad if 90% of people make the choice of blocking unwanted content/connection?

If 90% of people stop ads from reaching them, then online advertising becomes almost useless. Its probably a bad thing because the companies spending billions (http://en.wikipedia.org/wiki/Online_advertising) to advertise, will stop doing so. The websites getting billions in ad revenue will stop getting money. Case in point: http://www.forbes.com/sites/greatspeculations/2013/10/17/goo...

"Google derives most of its value from advertising where it competes primarily with Microsoft, Yahoo and Facebook. . According to our estimates, standard PC search ads account for over 30% of Google’s overall value and 60% of its revenues. However, the recent trend in earnings indicates that the growth in online PC ads revenues is slowing down. Additionally, the company’s market share of the U.S. search marketplace has been stagnant at 67%, according to latest data by comScore."

Primarily ad-funded free websites would make losses, or go paid. Us, the customers, pay for not wanting to see ads. Of course, this is just my opinion on what might happen.

To me it's more a matter of ad and content providers adjusting to reality than playing pretend. My view on this is that by blocking ads, I am actually helping these providers by telling them a piece of reality: I don't care about your ads, so I block them, because it won't translate into a sale on my end anyways.

If ever blockers are used by a majority of people, content and ad providers will have to deal (rather than whine) with this reality, it's called "market forces".

Now that's just regarding ads, but of course there is another consideration for blockers: privacy. It's creepy to stumble onto a marketing firm bragging to their prospective clients that they will be able to "see absolutely everything your visitors do on your webpage ... See their every mouse move, click and keystroke".

Just to add to my previous reply, one of the venue I would like to see more from content providers is micro-tipping. Provide a way for the readers to micro-tip for an article they liked, etc. There are a lot of new ideas out there with a lot of potential. Let people connect as directly as possible with authors.
A "major" Norwegian language tech-network (tek.no/hw.no/gamer.no etc) recently started demanding that you either show ads, or use their paid service. That means that with adblock/noscript, they do some tricks to hide content, forcing you to either make some kind of effort to get to the content, or whitelist them.

I have no idea how successful that has been for them with regards to increasing revenue -- I do know that I've pretty much stopped reading them (but a large part of that is that their content is hastily written crap, not offering much of any value over other, better, international sites). Had at least some of their reviews and articles been worth reading, I might have considered paying for a subscription.

I'm not sure what the takeaway is from that, though. Don't try to sell crap?

We're a way off 90% but it's already started.

Me, I'd be fine with sites that blocked users that don't display ads, like me. Then I could make the choice whether it's important enough to me that I would put up with them. It's unlikely I would but at least at that point we're on a level playing field.

I'd actually support some sort of request header that (unlike the utterly useless DoNotTrack) says something like WillNotDisplayAdvertising.

Not something I would use as I haven't got too annoyed with the web yet, but that is one excellent, common-sense interface,
Thanks for posting this. The code is easy to follow which is always a notable accomplishment. It's also a really good example of github usage including opening of issues, commenting on them, and closing them. And a pretty nice wiki as well.
add a pause button please
It's in the extension's pop-up menu: click the top-right icon, and there is the option "HTTPSB on/off" (recording continues though even if off, so one can still see what is going on in the page).
well, this kills feedly..
It's working for me if I whitelist `feedly.com`.
I really like this tool. The panel is just great for seeing what exactly is being blocked and what not (which is not the case in some other addons).

I think it is pretty solid right now, if you keep working on it, it could soon become the new Adblocker.

Good idea but not great default.

Installed it, none of my sites work because of your addon blocking everything by default.

It needs to allow everything first by default and I can selectively turn off the crap.