XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
It is currently Thu Nov 23, 2017 9:35 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 22 posts ] 
Author Message
PostPosted: Tue Jun 06, 2017 6:34 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5978
Location: NYC
See what Google has up its sleeve for Chrome.

https://theintercept.com/2017/06/05/be- ... -going-on/


Top
 Profile  
 
PostPosted: Tue Jun 06, 2017 8:09 am 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 14666
The current DOJ or FTC will do nothing that prevents Billionaires getting their rightful god given income. :upset:


Top
 Profile  
 
PostPosted: Tue Jun 06, 2017 11:16 pm 
Offline

Joined: Thu Jul 05, 2012 4:02 pm
Posts: 1022
Location: Melbourne
The phrase 'a Google ad blocker' is a humorous contradiction in traditional English, but regrettably is a correct example of phrasing in the more popular Newspeak.


Top
 Profile  
 
PostPosted: Wed Jun 14, 2017 1:34 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9695
Location: North of the State of Jefferson
I'm not concerned about a poor quality ad blocker, but am concerned about Google becoming a gatekeeper to monetization when ad blocking is present. I don't know enough about their efforts on this front to offer much commentary.

As for treating there own ads preferentially, well, that's their problem since they must be aware of the potential antitrust issues involved. I have a hard time feeling sorry for ad networks that offer products that ruin web pages. At the same time it's hard to penalize Google for not offering disruptive and overtly intrusive ads, and if no one else did it would make the web slightly more tolerable for whatever poor fools don't currently do any kind of ad blocking.

I also don't think Google is interested primarily in giving its own ads an explicit advantage. Instead I see its actions as a move against ad blocking in general, from which it will benefit the most because it offers the most ads. The fact that its ads aren't the ads that will be blocked is only a minor ancillary consideration. The alternative to this strategy might be something akin to advertising armageddon as ad blocking deployment rises towards 100%, from which Google has the most to lose.

Personally, I don't really conceptually mind ads. I also very much mind invasive content that disrupts the usability of a site. To that end blocking ads by themselves is solving the wrong problem. Instead, I block external content and scripts that make sites unusable. This has the secondary beneficial effect of increasing security, since on the web it's usually third-party Javascript that transmits digital pestilence.

I do mind being relentlessly inundated with marketing, but I have a mental ad blocker that subconsciously filters almost everything I perceive as marketing unless I'm specifically looking for something on offer. Fortunately blocking external JS neatly reduces this content to a tolerable level so I don't really see it as a problem either.

- Anonymous


Top
 Profile  
 
PostPosted: Wed Jun 14, 2017 3:18 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 9568
Location: Caught between the moon and NYC
Antitrust? That's commie talk.

:roll:


Top
 Profile  
 
PostPosted: Thu Jun 15, 2017 12:26 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5978
Location: NYC
Anonymous wrote:
Instead, I block external content and scripts that make sites unusable. This has the secondary beneficial effect of increasing security, since on the web it's usually third-party Javascript that transmits digital pestilence.

Besides NoScript, anything else in your tool bag to accomplish this?


Top
 Profile  
 
PostPosted: Thu Jun 15, 2017 1:06 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9695
Location: North of the State of Jefferson
In Firefox I also use uMatrix.

- Anonymous


Top
 Profile  
 
PostPosted: Thu Jun 15, 2017 8:31 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5978
Location: NYC
Remember now that you had mentioned uMatrix some time ago, and I had taken a quick look back then. But the UI seemed a bit daunting and I was wary of having to jump through yet another set of hoops to get some sites functioning properly. (NoScript, which now includes Blocked Objects--and only allow temporarily-- has itself become quite unwieldy.)

Will have to take another look. Do you find that they complement each other, and that together they don't make ordinary browsing too complicated?


Top
 Profile  
 
PostPosted: Thu Jun 15, 2017 10:53 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9695
Location: North of the State of Jefferson
uMatrix is much easier for most people because you can reasonably configure it to block most problematic sites and not subsequently need to manage it very much. That's just not possible in NoScript: to get much value out of it without it ruining the entire web takes understanding how it works.

In uMatrix you can download several blocklists that automatically block known advertising domains. It's not clever about this. It just blocks content from those sources, including frames, JS, images, etc. The interesting thing is, those are almost always the problematic domains. What's left behind isn't too bad.

After domain blocking is (or isn't) established, you can build more individualized rules as needed. This is actually also a lot easier than with NoScript, once you see how it's done. The interface is simpler and there's a lot less overall to understand than in NoScript: to save your settings, click the lock button; to reload the page click the reload button; to disable filtering on a particular page, click the power button; etc... But at the same time the interface also gives you more control than NoScript in some ways because you can individually block certain kinds of content in a particular context (more about context in a minute...), which just isn't possible in NoScript. As an added bonus it's also pretty easy: click the top part of the box to allow it, or the bottom part to block it. After you click the top part, that part of the matrix turns green. The bottom turns it red to indicate blocked.

The matrix is laid out with the domain on the left and types of content for that domain on the right. To allow/block content from one domain (for the current context) click the top or bottom of it. Alternatively, do so for some particular type of content.

It takes a couple minutes to see how this works then it's easy.

The tricky part is setting a blanket default blacklist or default whitelist policy. This part is where it can get a little more complicated. Filtering takes place in a particular context, so to allow everything by default (except for things specifically listed in one of your automatic blacklists -- these require manual intervention) you need to change the context to everything. It's not readily apparent that to do this you need to click the upper-left box that has the name of the current site. This displays a list of the current domain hierarchy, like "www.google.com", "google.com", and "*". The trick is to 1) choose the star, which is the "everywhere" context, 2) then click the top part of the "all" box to turn everything green (or bottom to turn it red), 3) then click the lock to save your changes.

Anyway, to answer your question, I use it with NoScript but don't recommend that for most people who aren't patient and well informed in the operation of NoScript. Instead, I just install uMatrix, update to the latest copies of the domain blacklists that are already included in uMatrix, and finally set uMatrix to whitelist everything else. Done. 99% of ads and external JS are gone and the web becomes usable once again.

For myself, I use the domain blacklist feature of uMatrix, and keep Javascript off by default using NoScript. The two products do slightly different things, but arguing about the differences and need for both of them might seem like splitting hairs to some people who aren't already interested in such things. Most people don't need nor want both of them.

There's also a product called uBlock Origin which I wasn't very pleased with. Supposedly uBlock Origin is "simpler" but I didn't make any progress trying to bend it to my will. The quick, convenient, and tidy yet very flexible approach of uMatrix was much more satisfying and elegant to me.

I can post some screenshots to illustrate how to use it if you'd like...

- Anonymous


Top
 Profile  
 
PostPosted: Thu Jun 15, 2017 11:03 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9695
Location: North of the State of Jefferson
I also use AdblockPlus because it does something neither uMatrix nor NoScript can do, which is to allow me to easily write element hiding rules using CSS selectors. I don't use it for anything else. If you don't understand CSS selectors, and don't frequently get aggravated with the existence of certain HTML elements on specific sites, it probably doesn't have much additional value.

- Anonymous


Top
 Profile  
 
PostPosted: Fri Jun 16, 2017 5:16 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5978
Location: NYC
Thanks for all that. Will have to install it and then go through what you've said, which makes it sounds much more reasonable than on first look. NoScript, now with Blocked Objects of varying kinds has become a thoroughgoing pain in the ass--especially since there's no option to permanently allow any of these "Objects" per site. I usually just give up and allow the wild card one, and hope that takes care of it, while also hoping I'm not defeating any kind of security protections. Very difficult to know which "Objects" (fonts, widgets, IFrame, you name it) may involve security vulnerabilities, those that are probably harmless and which are absolutely necessary to the functioning of a page, even though allowing them may involve some risk. That said, I can do almost all my browsing with JS disabled, or with only the site itself, but no third party scripts allowed.

And then there's having to Shift-Click on any number of scripts in order to see what VirusTotal reports. And then once I allow one, there may be many more to research which load until I can get a particular page working properly (if it's important enough.) Some scripts are obviously advertising or data mining related, so those are easy. But that may still leave quite a few that aren't obviously identifiable. If uMatrix can do away with all that (perhaps leaving NS for its basic, default protections) that would be marvelous. Sometimes, when it's something really important, and I can't see spending the next half hour or more to decide what to allow or not, I just give up completely, think "fuck it", bypass all of that and go directly to Safari (the latest version.)


Top
 Profile  
 
PostPosted: Fri Jun 16, 2017 6:06 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:07 pm
Posts: 2416
Location: Inside Flatus Maximus
Anonymous wrote:
uMatrix is much easier for most people because you can reasonably configure it to block most problematic sites and not subsequently need to manage it very much. That's just not possible in NoScript: to get much value out of it without it ruining the entire web takes understanding how it works.

In uMatrix you can download several blocklists that automatically block known advertising domains. It's not clever about this. It just blocks content from those sources, including frames, JS, images, etc. The interesting thing is, those are almost always the problematic domains. What's left behind isn't too bad.

After domain blocking is (or isn't) established, you can build more individualized rules as needed. This is actually also a lot easier than with NoScript, once you see how it's done. The interface is simpler and there's a lot less overall to understand than in NoScript: to save your settings, click the lock button; to reload the page click the reload button; to disable filtering on a particular page, click the power button; etc... But at the same time the interface also gives you more control than NoScript in some ways because you can individually block certain kinds of content in a particular context (more about context in a minute...), which just isn't possible in NoScript. As an added bonus it's also pretty easy: click the top part of the box to allow it, or the bottom part to block it. After you click the top part, that part of the matrix turns green. The bottom turns it red to indicate blocked.

The matrix is laid out with the domain on the left and types of content for that domain on the right. To allow/block content from one domain (for the current context) click the top or bottom of it. Alternatively, do so for some particular type of content.

It takes a couple minutes to see how this works then it's easy.

The tricky part is setting a blanket default blacklist or default whitelist policy. This part is where it can get a little more complicated. Filtering takes place in a particular context, so to allow everything by default (except for things specifically listed in one of your automatic blacklists -- these require manual intervention) you need to change the context to everything. It's not readily apparent that to do this you need to click the upper-left box that has the name of the current site. This displays a list of the current domain hierarchy, like "www.google.com", "google.com", and "*". The trick is to 1) choose the star, which is the "everywhere" context, 2) then click the top part of the "all" box to turn everything green (or bottom to turn it red), 3) then click the lock to save your changes.

Anyway, to answer your question, I use it with NoScript but don't recommend that for most people who aren't patient and well informed in the operation of NoScript. Instead, I just install uMatrix, update to the latest copies of the domain blacklists that are already included in uMatrix, and finally set uMatrix to whitelist everything else. Done. 99% of ads and external JS are gone and the web becomes usable once again.

For myself, I use the domain blacklist feature of uMatrix, and keep Javascript off by default using NoScript. The two products do slightly different things, but arguing about the differences and need for both of them might seem like splitting hairs to some people who aren't already interested in such things. Most people don't need nor want both of them.

There's also a product called uBlock Origin which I wasn't very pleased with. Supposedly uBlock Origin is "simpler" but I didn't make any progress trying to bend it to my will. The quick, convenient, and tidy yet very flexible approach of uMatrix was much more satisfying and elegant to me.

I can post some screenshots to illustrate how to use it if you'd like...

- Anonymous


Did you activate µBlock Origin's Advanced mode? It does a fairly good job, though you're probably right about the comparison to it vs. µMatrix's better UI.

The reason most of us block ads these days is twofold:

1) Autoplay of intrusive audio/video ads. These eat bandwidth like crazy, as well as data caps for those on metered connections, and they take control away from the user. And worse, if it's HTML5 based, half the browsers out there don't even stop them from loading, let alone running (Safari's the worst and I'm not holding my breath that Safari 12 for High Sierra will be any true improvement on that if Apple's half-assed implementations are any indication of what's to come).

2) Malware injection. Modern malware-laden ads don't even need your authorization to download anything. They run and do it silently, infecting your computer without your knowledge. One of the best examples of this is with wowhead.com, which I'll get into more in a moment. Suffice it to say, this reason is the most important one as it takes only one bad ad to fuck you over royally, especially if it delivers ransomware.

Now, about that wowhead thing. You see, what they've been doing is purposely bombarding you with ads in an effort to get you to pay for their "ad free" account to their site. And what happens when you block the ads with something like µBlock Origin/µMatrix? The site increases the number of ads it attempts to deliver to the point your browser becomes unusable if the site's page(s) are left open for more than a pitifully small amount of time. Have you heard of µBlock Origins Extra? That was created specifically to combat the type of intrusive and aggressive behaviour wowhead.com uses to increase ads when adblockers are used.

There was a user that left a single page for wowhead open for 24 hours. He had over one hundred twenty three thousand connection attempts. In 24 hours. That's eighty six connections per minute. And wowhead refuses to clean up its ads, so there are malware laden ads that run within that horribly obnoxious cycle, requiring adblockers be used just to protect your computer, in both OS X and Windows. What's their response when you complain about the increasing and intrusive ads? "Buy our service and you won't be subject to our ads". They're extorting their users.

Now, why is this worse than even what I've listed here? Google's ad blocking scheme in Chrome is tantamount to giving sites like wowhead even more leverage against the end users. You're beyond stupid if you think Google's interested in security here. They want profit, especially after all of the losses they took from all of the side projects they took on at once (like Google Fiber, which is all but dead now for the purposes of expansion). If all browsers went the way Google intends to go, the web would become nigh unusable pretty fucking quickly. These corporations don't seem to realize most of us don't have disposable incomes we can throw at constant nickel and dime schemes. That's why people are cutting the cord and going a la carte with online streaming services vs. traditioinal cable/satellite TV.

All Google's going to do is shoot themselves in both feet when this goes live. Users will quickly find out just how insidious this pay to play scheme is when they find that Google's browser causes fewer sites to be usable in the long run. The Alphabet seriously needs to be broken up Ma Bell style, and soon.

I'm not turning off my ad blockers for any fucking reason until sites clean up their shit and step up their game when it comes to keeping their ad networks clean. Until then, they can go fuck a goat for all I care - my security and files >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> anything they have or that they want from me.

_________________
Official Mac Tech Support Forum Cookie™ (Mint Chocolate Chip)
Guaranteed tasty; Potentially volatile when dipped in WWIII Forum Syrup®
Caution: This cookie bites back.


Top
 Profile  
 
PostPosted: Fri Jun 16, 2017 11:55 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5978
Location: NYC
Anon, problem first up, not seeing any icon for uMatrix anywhere. Nothing for it in Preferences, except two buttons: Dashboard (nothing there to show icon) and Logger. Nothing in Customize. Have installed it twice now. And not seeing anything in Classic Theme Restorer which would account for this--even made some extra room for it, in case it was being crowded out, but nothing. Assume it should be in the FF toolbar or somewhere.

EDIT: as you may not know why this is happening, I will try contacting the dev at the support site.


Top
 Profile  
 
PostPosted: Fri Jun 16, 2017 3:00 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9695
Location: North of the State of Jefferson
Perhaps Firefox stashed in some weird toolbar location? Try customize toolbars from the View menu. Also glance for it in the upper-right corner or any hidden toolbars. I'm using something that puts a toolbar at the bottom of the window, which I find convenient, and have placed the icon for uMatrix down there.

- Anonymous


Top
 Profile  
 
PostPosted: Fri Jun 16, 2017 4:53 pm 
Offline

Joined: Thu Jul 05, 2012 4:02 pm
Posts: 1022
Location: Melbourne
Or it may well be your classic restorer somehow preventing it. I have the same version of FF as you now WZZZ but without classic restorer, and uMatrix loaded OK. I hope you get it working. I'm really impressed with it. On a webpage it will count all scripts and if you just require one script for functionality, allow that and keep all the others turned off.

Thanks Anon for info on this great litttle helper.


Top
 Profile  
 
PostPosted: Fri Jun 16, 2017 8:14 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5978
Location: NYC
Temporarily disabled CTR, and there it was next to the search bar, upper right corner! Next, on reenabling CTR, expected it to disappear again, but there it was, it stayed put! No idea why it behaved this way--and just to be certain it wasn't there all along, it didn't show up on a fresh install on a backup profile. Next up for tomorrow, have to start using it. Thanks.


Top
 Profile  
 
PostPosted: Tue Jun 20, 2017 4:00 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5978
Location: NYC
Anonymous wrote:
For myself, I use the domain blacklist feature of uMatrix, and keep Javascript off by default using NoScript.

So does this mean that you only employ uMatrix for its Hosts files for domain blocking? I've been experimenting with the granular approach to site specific rules, one of the main benefits of which so far is that I can block the very obnoxious AOL web mail ads that appear either by JavaScript redirects, images or frames. But much more to understand. Will be back when I know enough to be able to formulate some questions. Using uM granularly can get extremely complicated. Maybe getting so complicated that I may eventually have to give up and use it the way you do, only for the Hosts blacklist.


Top
 Profile  
 
PostPosted: Wed Jun 21, 2017 12:23 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9695
Location: North of the State of Jefferson
Yeah, mostly just for the domain blocking, but when I'm using it that way its (optional*) granularity is bonus because I can whitelist/blacklist specific kinds of content and save that preference for when I'm on just that page. I don't think NoScript has any way to do anything comparable. It's pretty mindless really. I only interact with it when I need to tweak something. I would actually even be mostly happy this way without NoScript since uMatrix is so thorough.

- Anonymous

* Just click the domains if you don't want to fiddle with specific kinds of content, and if you click higher level domains like example.com instead of audio.ads.example.com, the subdomains get the same treatment if they're not already dark red or dark green.


Top
 Profile  
 
PostPosted: Wed Jun 21, 2017 2:35 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5978
Location: NYC
Anonymous wrote:
Yeah, mostly just for the domain blocking, but when I'm using it that way its (optional*) granularity is bonus because I can whitelist/blacklist specific kinds of content and save that preference for when I'm on just that page. I don't think NoScript has any way to do anything comparable. It's pretty mindless really. I only interact with it when I need to tweak something. I would actually even be mostly happy this way without NoScript since uMatrix is so thorough.

- Anonymous

* Just click the domains if you don't want to fiddle with specific kinds of content, and if you click higher level domains like example.com instead of audio.ads.example.com, the subdomains get the same treatment if they're not already dark red or dark green.

One question I have (among many) is first party content of various kinds is usually fairly clear, but how do you know what third party content: images, frames, "media," XHR requests, to allow?

And if you want to rely entirely on uM, how do you know what third party (or even first party) scripts need to be allowed? This is very often a tedious process of trial and error with NS, but at least in NS they are identified and one can do a shift-click to see what VirusTotal or something else has to say, or even do a general google search to see what comes up for a particular third party domain.


Top
 Profile  
 
PostPosted: Wed Jun 21, 2017 5:23 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9695
Location: North of the State of Jefferson
If I find a site is conspicuously and frustratingly broken, which is rare when NoScript isn't involved (since I allow all content that isn't explicitly blacklisted), then I simply guess which content to allow.

OK, that's not entirely helpful. Since uMatrix show how much of each type of content was blocked, and I see that third party site A has three scripts, and third party site B had none, I can guess that the breakage is being caused by missing scripts from site A. I also get familiar with the names of common content distribution networks and know that if a site is broken and something like apis.google.com is blacklisted, that's likely a problem. I also know that it's almost always scripts that cause breakage, and almost never frames, css, images, etc.

If I allow something and it doesn't help, it probably wasn't part of the problem to begin with.

As for first party scripts, if the site isn't blacklisted I'd allow them unless the site's JavaScript is pissing me off, then I'd disable them.

Regardless of whether the scripts are first party or third party I basically never bother with any external research. It's too much work for no real gain. I can often tell what kind of site something is by the name: anything with "bright" in it's name is an ad network for example. If I allow it and the site fills up with ads, then it was also probably an ad network. After that I just delete all cookies and saved state when I quit the browser and hope that the handful of sites I did allow aren't doing browser fingerprinting.

In short, I decide which sites to allow by allowing promising looking domains that have scripts, then disallow them if it didn't help, and over time I remember the common ones.

- Anonymous


Top
 Profile  
 
PostPosted: Thu Jun 22, 2017 2:33 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 5978
Location: NYC
Anonymous wrote:
As for first party scripts, if the site isn't blacklisted I'd allow them unless the site's JavaScript is pissing me off, then I'd disable them.

My rule of thumb has been to do all my browsing with JS disabled, from NoScript, to avoid any kind of malware delivered via JS, and then and only then to allow a site if I can't get the minimal information I need from it any other way. You seem to be implying that that's generally not necessary?


Top
 Profile  
 
PostPosted: Thu Jun 22, 2017 3:15 pm 
Offline
Master

Joined: Sun Apr 20, 2008 5:24 am
Posts: 9695
Location: North of the State of Jefferson
It might depend on how you define "necessary." It's certainly safer, but imposes an extra burden on the user. I'm willing to accept that burden, which is why I use NoScript with default blocking, but not everyone is so patient.

My other reasoning is that most first-party scripts are unlikely to be malicious because legit sites don't want to drive you away. The more common threat is from ad networks serving external scripts through those sites.

- Anonymous


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 22 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group