Email or username:

Password:

Forgot your password?
39 comments
David E. Smith

@SwiftOnSecurity @AAKL Any thoughts on whether it still will be good enough after the Chrome ad blocking apocalypse? Many users won't want to switch to Firefox, for all kinds of reasons.

AAKL

@uncledave @SwiftOnSecurity One of the links I saw while looking into this said that as of last year, Ghostery stopped blocking ads on YouTube. But UBlock Origin should be good.

RejZoR

@uncledave @SwiftOnSecurity @AAKL Most of which are stupid reasons, but what do I know... Top argument is "so I can be signed into all Google services" like that's not possible in Firefox or something...

RejZoR

@sab38 @uncledave @SwiftOnSecurity @AAKL I mean, you're logged into all Google services in Firefox too after doing just one Google login...

Joe Ortiz

@SwiftOnSecurity @AAKL Or maybe it's (past) time for people and devs to invest in blocking ads on the DNS level because browser-based is inevitably on the way out thanks to Google. mastodon.sdf.org/@joeo10/11296

uzayran

@joeo10 @SwiftOnSecurity @AAKL DNS based blocking will never be enough, when the owners of the internet (Google, Facebook, Amazon, Microsoft) are the same companies tracking you and serving you ads. You need to control the browser to have a chance to differentiate between good and bad traffic.

Joe Ortiz

@uzayran @SwiftOnSecurity @AAKL Sadly, DNS ad blocking is going to be the best we got unless governments start waking up and smell the coffee plus do something to reign in on these tech giants.

hackyspice

@joeo10 @uzayran @SwiftOnSecurity @AAKL For casual readers that don't manage DNS filtering daily, uzayran is saying you can probably get away with blocking ads.youtube.com now because probably that's just ads and not videos.

But eventually, ads could be served from videos.youtube.com and feed.facebook.com, the same domains that serve content, which you will probably not block. Then we are back to our crippled in-browser filtering.

uzayran

@hackyspice @joeo10 @SwiftOnSecurity @AAKL that is a good explanation, with the caveat that it already is not possible to block Youtube ads (or Twitch, or Prime Video etc) on the DNS level. It currently works well enough in a combined approach with in-browser blocking (or in-application more broadly). But as soon as we have to rely on DNS-filtering alone, it will be a losing battle.

Justin Scholz

@SwiftOnSecurity @AAKL and stop using chrome now with manifest v3? Or what to do there?

kepstin

@jmovs @SwiftOnSecurity @AAKL uBlock Origin Lite has to ship block lists bundled in the extension (so updates are slower) and can't include dynamic javascript fixes (so youtube adblocking and other sites using anti-ad-blocker scripts will probably break more often), but if you have to use a v3-compatible extension on a chromium based browser, i'd say it's your best bet.

If you are able to use Firefox tho, there's no better time to give it a try.

Oblomov

@SwiftOnSecurity I have uBlock Origin, but also have Privacy Badger, I assume that's still an acceptable combo?

AJCxZ0

@SwiftOnSecurity You can't tell me what to do. You're not even my read dad.

If the only platform was the browser on an inhospitable network and you could only afford one plugin, then uBlock Origin (@ublockorigin) has been the top choice for an age. As manifest version two is replaced by three, uBlock Origin Lite may be able to hold that place.
Now is the second best time to test switching from uBlock Origin to uBlock Origin Lite, noting that its settings are quite different, with several levels of operation and some add-on choices.

On my network, layers currently include:
• Quad9 (@quad9dns) .11 (Secured with ECS: Malware blocking, DNSSEC Validation) upstream of
• Pi-hole with Firebog Ticked, Perflyst for streaming media, and a few other lists, and
• Privacy Badger (@privacybadger) from EFF (@eff) and uBlock Origin Lite (Optimal) on full-feature web browsers.

Going mobile in foreign lands:
• Proton (@protonprivacy) VPN with NetShield (i.e. filtered DNS) and
• Mozilla (@mozilla) Firefox Focus default browser with all Enhanced Tracking Protections on.

The tricky part is maintaining the configuration of each of the full-feature web browsers on each platform to balance privacy, security and function - not least given how setting sometimes magically change after an update. Choice of search provider alone is a major factor. Currently, I prefer @StartpageSearch

Managing trust of privileged software managed by and distributed automatically from proprietary stores is whole other matter.

#uBlockOrigin #Quad9 #PiHole #Firebog #Perflyst #PrivacyBadger #Firefox #FirefoxFocus #Startpage

@SwiftOnSecurity You can't tell me what to do. You're not even my read dad.

If the only platform was the browser on an inhospitable network and you could only afford one plugin, then uBlock Origin (@ublockorigin) has been the top choice for an age. As manifest version two is replaced by three, uBlock Origin Lite may be able to hold that place.
Now is the second best time to test switching from uBlock Origin to uBlock Origin Lite, noting that its settings are quite different, with several levels of...

Orin

@SwiftOnSecurity I wish it was still made for my browser (safari). I liked having that option.

iam-py-test :unverified:

@SpaceLifeForm Privacy Badger does conflict (though I can't remember any specific instances off the top of my head).
Also, in my opinion PB is fairly redundant when used with uBo; most browsers have cookie controls and global privacy control, and the blocking is just rules (the learning has been disabled due to security concerns).
Thanks

Jerry Mouse

@iampytest1@infosec.exchange @SpaceLifeForm@infosec.exchange I go with iampytest1 here, as the two of them do tent to generate conflict, and beside of that, they are using the same rule base, so you are only burning your money in Power bills by using more and other than gorhills ublock origin

SpaceLifeForm

@iampytest1 @ghostwords

The screenshot is exactly what I would I would expect to see from PrivacyBadger.

That is when I close the tab.

You want to use uBlockOrigin to prevent JavaScript injection as much as possible.

And use PrivacyBadger to block cookie tracking as much as possible.

If you do not use the combo, then malicious JavaScript will leak your tracking cookies.

I may be incorrect on my conclusion here, but I have been doing this combo for many years. Defense in depth. No reason to make it easy for attackers.

#uBlockOrigin #PrivacyBadger #Infosec

@iampytest1 @ghostwords

The screenshot is exactly what I would I would expect to see from PrivacyBadger.

That is when I close the tab.

You want to use uBlockOrigin to prevent JavaScript injection as much as possible.

And use PrivacyBadger to block cookie tracking as much as possible.

If you do not use the combo, then malicious JavaScript will leak your tracking cookies.

Chris

@SwiftOnSecurity

I use Firefox exclusively (except for testing code), with the uBlock Origin and Privacy Badger extensions.

Joshua Small

@SwiftOnSecurity every few months I push ublock origin, and every few months someone paid more than me explains that I don't understand security and rejects it.

Go Up