Closed ghost closed 7 years ago
First of all, I guess when you're talking about "second domains" you actually mean cross-site requests; no?
Yes, there are several content-blocking add-ons. And there is no one best solution yet; you need to evaluate which one works best for you, and if you miss some features, you're welcome to suggest them :)
There has been a discussion about some add-ons at https://github.com/RequestPolicyContinued/requestpolicy/issues/692.
many friends/family ask me for sites not working properly any more
Working in default-deny mode requires some experience, and it's quite some work, depending on how many new sites you visit. Sometimes finding the cause why a site does not work is even harder, if you've installed some other add-ons, or if you've changed some preferences, which change the browsing behavior.
Signature driven vs. behaviour observation.
What exactly do you mean by that?
When I myself try using RPC, I enable general blocking second domains, have whitelisted some specific second domains for the use by origin domains (which are really specific combinations)... but have generally whitelisted quite a lot second domains (without origin domains, so no specific combinations), just like CDNs, e.g. I myself don't want to identify any combinations of good origin domains and needed second domains (so I just generally whitelist those second domains). But I think this is not really intended.
In fact I didn't think of that use case yet – adding mainly "allow this orgin" and "allow this destination" rules. This means that any whitelisted destination will be allowed on any other site, even sites you didn't ever visit yet. To improve security, maybe a different "mode" how requests are allowed or denied would be nice for you:
Suppose you're in default-deny mode, and you've got rules to allow *.a.com -> *
as well as * -> *.b.com
. Now you visit c.com
, which requires content from b.com
; in that "different" mode, the request c.com -> b.com
would be blocked until you create an allow rule for *.c.com -> *
. Would that be an interesting feature for you @gunnersson?
No reply for 1 year, closing this issue. Fee free to reopen it if needed.
Dear @RequestPolicyContinued @nodiscc @myrdd @gorhill @chrisaljoudi all,
currently I'm trying RequestPolicyContinued in opposition to uBlock Origin @gorhill. I'm experiencing PROs and CONs at each of them...
To note at first: RPC and uBO are indented for different(!) reasons/purposes. But one can use either for similar reason.
uBO usually works by blacklisting many(!) specific entries and whitelisting just some.
RPC usually works by blacklisting at all (for second domains) (actually should be used in this way, not the possible alternative one) and whitelisting up to quite many(!) domains to let sites work properly.
On my own IT I could handle both ways. But I'm experiencing some major difficulties and work with friends/family, especially with RPC.
I am still figuring out which is the best combination of filter rules subscriptions for uBO, so I can leave those installations alone (i.e. just a few false positives when most garbage is blocked). Currently it works quite well.
When using RPC in they way of generally blocking second domains (the indented way, I think), there are many(!) specific whitelistings needed to let sites work properly. At my own IT, I could do this (though it's annoying). But many friends/family ask me for sites not working properly any more. I cannot foresee whatever site they will ever browse. I myself have my own list own bookmarks and most of the time I browse sites from it. So I can do black/white-listing for me. But for others...? What if they cannot?
They other way for RPC would be just specific blacklisting (not general) second domains and not touch all others. But that might be a huge lack of security because you could/would miss much garbage.
When I myself try using RPC, I enable general blocking second domains, have whitelisted some specific second domains for the use by origin domains (which are really specific combinations)... but have generally whitelisted quite a lot second domains (without origin domains, so no specific combinations), just like CDNs, e.g. I myself don't want to identify any combinations of good origin domains and needed second domains (so I just generally whitelist those second domains). But I think this is not really intended.
It's just a bit like the hunt for real malware like virus and trojans. Blacklisting vs. whitelisting. Signature driven vs. behaviour observation. AFAIK, there's not the solution yet.
Comments, ideas?
PS 1: I like both RPC and uBO and appreciate them a lot. I have to say thank you to all developers.
PS 2: But I would like to run just one of these tools (not both parallel).
PS 3: I can adjust rules. But what about friends/family/any people...?