Future of Nano Project Firefox Port?

[LiCybora]

As someone misunderstand my future plan, let me put words at begin.

Nano Adblocker is abandoned at the time new upstream devs push their privacy policy. There is no plan to continue Nano Adblocker and urge user migrate to uBO. v1.0.0.154 is released, meaning the end of Nano Adblocker.

Nano Defender is planned to rename as a new project which is independent form any entities or people. I have never claimed abandon Nano Defender, unless I make a typo I do not notice and please let me know in this case.

If you don't trust, check my edit history of this thread.

---

As upstream project has been acquired by new developers, and until the time this issue post, no words are received from new upstream developers. It is time to reconsider the future of the port. Again, I am neutral to upstream decision. Everyone may have their hard time and it is their rights to decide what to do in their life. Do not blame anyone for that.

Initially, I am not hostile to the new developers, but the recent updates seems untrustworthy to me. Although their removal of privacy policy on Chrome Store is suspicious enough, the bigger issue is that every links found on Chrome store still link to the old developers repository, while the former developer claims he already lost control of his extension. Given that I cannot find their repository anywhere, nor neither they exist on the issue tracker to introduce themselves as new developers, I really doubt whether the "two developers" exist, as I don't see any reasons to hide themselves to their users. It is unlikely I will maintain this port for them under current situation, unless they at least show up on somewhere that can be interacted with. I hope these are just because they still not yet post or update anything in this early stage...

So, the remaining options will be abandon or maintain as a new project in worst case. But the later case is a tough job. Not only just two extensions, but also Nano Filters, NanoMeow and Nano resources. Without them, Nano Adblocker is just a uBO clone and Nano Defender is just some user scripts. Given that I am not as active and experienced as the upstream developers, I really afraid I will do more harm than benefit to user if I make mistake on that.

For now, I will release one more version of NA that update included the last former developer changes, but I am not sure what's next if still no words from upstream. ND may still be updated when needed as it is designed working on uBO as well even decided to detach from upstream. Related links of announcement will be included in release notes and README as well when released, which is supposed to be within two days.

I am still open to any decisions, including the new developers given that they are good but just I misunderstood them[1]. Decision is now firmed, see below.

---

TL;DR

• NA will most likely no longer receive future update unless upstream maintain themselves or at least, they contact me for that.
• ND may still be updated, but whether maintain independently from upstream depends on their stance. might be renamed and released as a new product deal to bad reputation of the name "Nano Defender" since Chrome 15.0.0.206 can be consider as malware.

NA and ND with LiCybora as author on AMO or on my GitHub repository are still under my control and independent from any entities or people.

[1] They update their privacy policy but still keep themselves stealth from GitHub, which means they are active and purposefully hide themselves. There is no point to maintain for an unidentifiable developer.

[hawkeye116477]

@GrPK https://github.com/LiCybora/NanoDefenderFirefox/issues/187#issuecomment-711437779

[DjDiabolik]

@LiCybora

Nano Defender for Firefox is still safe to be enabled for now, but it is up to user decide keep, disable or remove.

Perhaps you may mention which language you understand so other volunteers may assist you?

oh yeah... i'm italian :) Anyway i can read english.... not perfectly but I can more or less understand what happened :) where I can not even I always help them with google translator......

[GrPK]

@GrPK #187 (comment)

Still doesnt have a clear answer, but I understand that they are safe, for the moment? I've already deleted them, but I understand that it wasn't a problem having them, right?

[DjDiabolik]

Still doesnt have a clear answer, but I understand that they are safe, for the moment? I've already deleted them, but I understand that it wasn't a problem having them, right?

@GrPK Now... then we all agree that firefox ports there's clear and and have not been touched....

If you step back to use "Ublock Origin" someone suggest to use it alone and report an issue on in his tracker when you found a website identify the ads blocker installed on your browser so that the developer or who manages the filter can apply a possible fix....

likewise i think a usage of config "Ublock Originin" + "Nano Defender for Firefox" it's also safe... the extra steps need to apply on ublock to "make a perfect association" whit Nano Defender they don't seem to refer to any of the new Turkish repo.

on my side.. for now and on firefox i have untoch.. i din't touch anythings.... maybe I'll wait to see how it's reprogrammed/renamed the currectly "Nano Defender for Firefox" and at that point I'll see what to do.

I hope you can understand my bad english......

[krystian3w]

If someone liked to have a loaded Firewall panel as the last one (form click load more) [and always see version of addon in pop-up], so they seem to be responsible for this behaviour:

"popupPanelSections": 47,

"popupPanelLockedSections": 32,

---

I can't really check if the popupPanelSections is ingored / overwritten by "63". Maybe 47 was added scroll fixer button...

[DjDiabolik]

If someone liked to have a loaded Firewall panel as the last one (form click load more) [and always see version of addon in pop-up], so they seem to be responsible for this behaviour:

"popupPanelSections": 47,

"popupPanelLockedSections": 32,

I can't really check if the popupPanelSections is ingored / overwritten by "63". Maybe 47 was added scroll fixer button...

but this where? on which addons and on which port?

[krystian3w]

In avanced uBO settings:

Gear ⚙️

chrome-extension://cjpalhdlnbpafiamejdnhcphjbkeiagm/advanced-settings.html extension://odfafepnkmbhccpbejgmiehpchacaeak/advanced-settings.html

Firefox no have stable UUID or something like "WebStore ID".

---

I liked the firewall to be hidden and the version of the addon was visible in the pop-up.

[Peacock365]

@LiCybora

May I suggest putting out a text on the AMO page of Nano Defender, stating that the Firefox version is maintained by you (and not @jspenguin2017) and is thus unaffected? This is not about shaming @jspenguin2017, this is about protecting you from low-rated reviews and undeserved malware reports reaching Mozilla. I can already see many 1 star reviews saying that the extension is malware despite this not being the case on Firefox, I think we should do our best to prevent such misunderstandings...

[LiCybora]

May I suggest putting out a text on the AMO page of Nano Defender

Thanks for suggestion, it is done now.

Sorry for my late response to everyone. I thought I can rebrand new product and publish shortly, but found many links are link to old repository and I need to clone and rebrand all of them. I also need to analysis the usefulness of each filter list and maintain the old rule in ND. So this will take some time before I can publish.

It is no harm to keep using Nano Filter/Resources for now as former developer keep his control and archived as read-only, but it is up to users decide keep or not. Actually some rules will still work even Nano Defender run independently without any adblocker, but that is not a supposed behavior and very hard for us to handle such issue reports. Anyway, I will update them in future on another repository and announce the how to do it.

@ameyvaidya I am sorry that I can't tell much as those aftermath thread are too long and fragmentary for me to read them all, but from MDN docs and gorhill's analysis seems do not contain web page payload, only header. The attack is via using cookieStoreId to login with Cookie and control your account without even retrieve your password. But it will be better for you ask in related thread as there maybe other volunteers analysis for this.

[NLZ]

By the way, what does NanoDefender(forFirefox) provides currently that cannot be solved simply by userscripts and filterlists?

Asking because as far as I see from the commits, LiCybora only provided the maintenance for the Firefox package, jspenguin2017 provided all the code from upstream. So with jspenguin2017 retiring, what will happen with the addon? Is there even a need for the addon? Because gorhill just retired uBO-Extra citing the lack of need for it[1], which is listed as one of the source for NanoDefender. Are there other mitigations in the addon that cannot be solved inside uBO or with userscripts? Is there a list of anti-adblock technologies or example websites that was marked by uAssets as cannot fix?

[1] https://github.com/gorhill/uBO-Extra#readme

[LiCybora]

By the way, what does NanoDefender(forFirefox) provides currently that cannot be solved simply by userscripts and filterlists?

Is there a list of anti-adblock technologies or example websites that was marked by uAssets as cannot fix?

Firefox obey too much on CSP that do not even allow extension to inject script (although most likely is browser bug). Some site may use this to ban script injection from uBO. I think this is the niche that Nano Defender may fill up, since standalone extension is allowed to modify web response. I will see if I can somehow handle "can't fix" issue on uAssets.

uBO Extra is however, the story of Chrome and not about Firefox.

Is there even a need for the addon?

Of course for now, you may not see above happen because ND is not updated for quite a while. I am just starting to maintain in this direction. You might also think it may not worth to install extra extension for just small list of website, but if you frequently use affected site, you will find this extension is somehow useful. So whether you need is situational dependent.

[NLZ]

I don't want to discredit ND, just trying to understand the added value. Does this mean that there are already sites where NDforFirefox works around maliciosuly restrictive CSPs?

Reading further since writing my original questions, I see gorhill stating that the AAK userscript, which ND was based off, is actually harmful for uBO.[1] So there might be a need to overview what ND is blocking via js versus what covered by uBO/uAssets already, but I understand that it would require a lot of effort and probably help from volunteers.

I mentioned uBO Extra because NDforFirefox contains it[2], at least on file level. If it never worked for Firefox, it could probably be removed.

Edit: Adding to the issues with AAK, since uBO 1.30.0 there is a filterlist blocking functionality that contains AAK's filters[3], which is the base for ND's filters[4], this also makes me question if ND is actually benefitial. Not sure how much you are in contact with gorhill or other uAssets contributors (I think jspenguin2017 had some disagreement with them), but they might be able to provide further context on the issues that I found or if they are actually a problem.

[1] https://www.reddit.com/r/uBlockOrigin/comments/jd1cy3/nano_adblock_ublocko_fork_getting_shut_down_will/g94vwi5/?context=3 [2] https://github.com/LiCybora/NanoDefenderFirefox/blob/master/src/content/ubo-extra.js [3] https://github.com/uBlockOrigin/uAssets/blob/master/filters/badlists.txt#L4 [4] https://github.com/LiCybora/NanoDefenderFirefox/blob/master/uBlockProtectorList.txt

[krystian3w]

https://github.com/JustOff/scriptlet-doctor - few repair, but normal works on only few Russian sites.

[JustOff]

Scriptlet Doctor comes with a predefined list of known domains with restrictive CSPs, most of which are currently related to Russian sites, but this list is user configurable and allows uBO scriptlets to run on any site where 'unsafe-inline' is not allowed by CSP.

[DjDiabolik]

I have 5 minutes free .... I prepare to return to the use of ublock origin. Thanks again to those who until now had dedicated themselves to carrying out this branch for firefox....

[Yuki2718]

I'm here not to discredit ND, quite opposite and personally very appreciated for Quick reporter and @LiCybora 's intention to take over it. Just wanna add something to @NLZ 's question. Scriptlet is not the only solution for anti-adb, if it can't be used usually the combination of $ghide and redirect-resource solves the issue. I'm not aware of any single anti-adb labeled as Can't fix. It's possible there're some old anti-adb not reported to uAssets which ND's generic solution helps. These third-party anti-adb plugins are now so easy to disarm that one can write a template about how to disarm each types of them, and thus no more major.

[Proaxel]

@LiCybora Question, do any new reports with anti-adblockers not getting blocked get moved here? Or do we bother reporting at all?

[mapx-]

@LiCybora Question, do any new reports with anti-adblockers not getting blocked get moved here? Or do we bother reporting at all?

I think it's better reporting directly here: https://github.com/uBlockOrigin/uAssets/issues

[MonfGeiger]

I was updating some stuff, and saw this and the defender drama............wow, shit happened

What TL;DR I can simplify/put together, is Nano Defender (Firefox Port) is still good for now this current version (15.0.0.206), but things might get hinky in the future, so .........wait and see, is that it?

[DjDiabolik]

I was updating some stuff, and saw this and the defender drama............wow, shit happened

What TL;DR I can simplify/put together, is Nano Defender (Firefox Port) is still good for now this current version (15.0.0.206), but things might get hinky in the future, so .........wait and see, is that it?

it's time to pass to ublock origin directly..... apparently using it it's not need nano defender.

[awebeer256]

So it's been several months. Are there still no instructions for ND + uBO users?

I've noticed that gitcdn.xyz, which hosts the ND resources that we're supposed to add to uBO, now has an SSL certificate that doesn't match its domain name, so that's fun.

I'd also like a more detailed explanation of what ND does that uBO doesn't (and this information should probably be added to the project's readme too). The few sentences that the topic has been given in this thread so far haven't really helped my understanding much.

[d0gkiller87]

I've noticed that gitcdn.xyz, which hosts the ND resources that we're supposed to add to uBO, now has an SSL certificate that doesn't match its domain name, so that's fun.

@awebeer256 FYI: it's an open issue on the gitcdn.xyz project https://github.com/schme16/gitcdn.xyz/issues/75