Hacker News new | ask | show | jobs
by 1vuio0pswjnm7 304 days ago
Sounds didactic

What about uMatrix; some might argue it is even better than uBlock Origin, at least one can use both at the same time; if "security issues" are a concern, the so-called "modern" browser is a gigantic target that sources and runs Javascript from the internet automatically; there is also the choice of not using one (hence no need for uBlock or other extensions); Javascript isn't required for downloading or watching YouTube videos but YouTube of course wants everyone to use their "Javascript player" so they can monitor people's behaviour at the computer with telemetry and other unsolicited connections

"A company that depends on ads, lives by using you."

Ad services. The company acts as an intermediary (middleman), sitting between two parties, e.g., a video producer and a video consumer, conducting surveillance, collecting data, serving ads, relying on other people to produce and upload video, for free, then targeting the people consuming it with ads; parasitic

Mozilla is the company's business partner, sending data about www users to the company

As such, their software seems compromised; they continually promote an "internet advertising ecocsystem"

There are other ways to avoid ads that do not require a so-called "modern" browser that runs Javascript; usually the so-called "modern" browser are distributed by the company and its partners or competitors; optimised for serving ads

In fact, usually internet ads rely on Javascript, so the "ad blocker" solution is using Javascript to counter Javascript

Some users might prefer to just not choose the so-called "modern" browser as their client, and not run Javascript

Also, not sure whether it is still true but Pi-Hole used to suggest the company's DNS service as "upstream", provide it as a choice, maybe even set it as a default

Nothing hands the company more control than using its public DNS service; the company's DNS cache is filled with IP addresses of tracking and ad servers; users will actually pay third parties like NextDNS to filter these addresses out while the company's hardware products hardcode their public DNS service into the products to allow phoning home to the mothership and free flow of telemetry, tracking and advertising
3 comments
pabs3 304 days ago
BTW uMatrix isn't maintained and has had security issues before, so it might not be the best choice.
link
roscas 303 days ago
Correct, I used it and love it, but ok, uBlock Origin does almost everything uMatrix did, I understand why the creator had to choose a path.

uBlock Origin is still the best. It does not have "white lists".

link
1vuio0pswjnm7 303 days ago
uBlock Origin does not have anything like the uMatrix logger
link
1vuio0pswjnm7 303 days ago
9 years ago:

https://www.cnbc.com/2016/09/14/adblock-plus-defends-new-whi...

Estimated 198 million people using ad blockers

The sluggishness of the www without an ad blocker, not to mention the extent of the surveillance, has only gotten worse in the last 9 years

What is the number of ad blocker users today

But there are many ways to avoid ads; "ad blockers" are only way

Users have choices

Ad blockers are tied to the so-called "modern" browser coupled with "browser extensions"; some "modern" browser users might be running in guest mode where extensions are not allowed

These browsers and extensions come with inherent trust and "security" issues

The so-called "modern" browser is so large and complex that users generally do not edit or compile it themselves

If there is something about the software they do not like, then they do not remove it and recompile; instead they may complain via online comments, or in the case of a small few, write "browser extensions"

As it happens, the source code and compilation of these "modern" browsers is generally controlled by corporations, their business partners or competitors, that each have a financial interest in internet advertising services

Whomever controls the source code for the browser can disable browser extensions; this was recently illustrated when Google disabled uBlock Origin (cf. "uBlock Origin Lite") in Chrome

uBlock and other ad blockers rely on "blacklists" or "blocklists"

These lists try to predict every possible domainname or IP address that is an ad server, tracker, telemetry endpoint, etc.

The number of domainnames and IP addresses associated with ads, tracking and telemetry is not fixed, it is very large and constantly changing

Generally it is unlikely any single www/mobile user will encounter all of the servers listed during their lifetime

Nevertheless the ad blocker will "auto-update" and download these lists

The user is unlikely to review these lists; for those that do, some might find there are some shocking domains in these lists

Every user is different

Another method of avoiding ads is via "DNS blocklists"

It has the advantage of not requiring a so-called "modern" browser or extensions

It can also use wildcards

But it suffers from the same problems as the blocklists used by ad blockers mentioned above

In addition, it is susceptible to "CNAME cloaking", which required changes to ad blockers and other methods using blocklists

https://petsymposium.org/popets/2021/popets-2021-0053.pdf

There are other methods to avoid ads that are neither "ad blockers" nor "DNS blocklists"

For example, it is possible to avoid ads using DNS without using "blocklists"

The user simply determines what domainname and IP addresses they want to visit and places them in a root.zone file^1

The user serves this zone to all their computers

There is no recursion, no need for a forwarder like dnsmasq/pi-hole, no need for a cache like unbound, etc. and certainly no need for third party DNS service like NextDNS

There is no "CNAME cloaking" problem

This is a "root" authoritative nameserver run by the user

(I have been using a custom root.zone for over 16 years)

By analogy it is common for personal computer users to adopt configurations for network firewalls (e.g., ipf, ipfs, netfilter, pf, npf, etc.) with default "deny all" rules that block all traffic by default; the computer user then specifically adds further rules to create exceptions to allow only the traffic that the user wants

The list of exceptions is arguably comparable to a "whitelist" or "allowlist"

Perhaps the important difference from the "whitelist" mentioned in the CNBC article is that this one is controlled by the computer owner, not the software developer or the advertiser

Personal computer owners using a default deny rule in a firewall config are not attempting to predict all possible src or dst addresses to which they do not want to connect, like ad blocker blocklist do

1. Over the years, the method of determining what names and addresses are needed to enjoy a set of

link