Closed RoxKilly closed 7 years ago
I wrote earlier:
In some cases, my uBO filter lists and settings let something through the cracks and TP actually catches it. This is usually a tracking image of some sort...I don't use the Disconnect list in uBO, though I have EasyList, Peter Lowe's, and EasyPrivacy ON. These occurrences are rare though; the next time I run across one, if I remember, I'll post it here
I got a hit. Turn on Tracking Protection then open this page with default uBO settings. uBO would not protect the user, but the built-in TP does.
@Gitoffthelawn wrote
From what I can tell, SB would have blocked the phishing scam
What makes you think that?
Google has blocked the account in the meantime, removed the fake pages, and pushed updates to Safe Browsing on top of all that.
I'm reading that as SB did NOT protect users. It would be interesting to know what updates they pushed, because I don't really understand atm what exactly the problem was.
@RoxKilly wrote
I got a hit.
Can't replicate. Fresh profile with default uBO and this user.js but with TP enabled: "No tracking elements detected on this page". What isn't blocked that should be blocked? And who said to use uBO with its default settings btw?
@earthlng wrote:
Can't replicate. Fresh profile with default uBO and this user.js but with TP enabled: "No tracking elements detected on this page". What isn't blocked that should be blocked?
uBO settings >> 3rd-party filters
, click "Update now" to downlod latest default listsghacks-user.js
live master and place it in Firefox profile folderuser_pref("privacy.trackingprotection.enabled", true);
//user_pref("browser.safebrowsing.provider.mozilla.gethashURL", "");
//user_pref("browser.safebrowsing.provider.mozilla.updateURL", "");
Without TP, I would not have avoided this particular tracking mechanism. I get such a hit once or twice a week I think. If you don't get the same result, I suspect it's either because you skipped step 6 above or the Amazon server doesn't send the tracking bug to your PC, or your uBO settings aren't the default.
@earthlng wrote:
"Google has blocked the account in the meantime, removed the fake pages, and pushed updates to Safe Browsing on top of all that." I'm reading that as SB did NOT protect users. It would be interesting to know what updates they pushed, because I don't really understand atm what exactly the problem was.
You guys were discussing the benefits of the frequent update check by the SafeBrowsing engine as an advantage over uBO malware lists. I think the point @Gitoffthelawn made is that because Google pushed a fix to SB infrastructure within an hour of the exploit being public, and since SB checks for updates every hour, people who use SB for protection would have had a much shorter vulnerable window (the quick update would protect most people who actually receive and eventually open the phishing email) than people who use just uBO with this user.js
(they would have been exposed until their next manual update I think).
@RoxKilly wrote
You guys were discussing the benefits of the frequent update check by the SafeBrowsing engine as an advantage over uBO malware lists. I think the point @Gitoffthelawn made is that because Google pushed a fix to SB infrastructure within an hour of the exploit being public, and since SB checks for updates every hour, people who use SB for protection would have had a much shorter vulnerable window (the quick update would protect most people who actually receive and eventually open the phishing email) than people who use just uBO with this user.js (they would have been exposed until their next manual update I think).
Exactly. Your paraphrase of what I wrote made it much more clear though. :)
I think uBo would benefit from the ability to customize the list check interval. Actually, do you know if it checks lists for updates or always just downloads the most recent versions?
The downside, of course, is the additional traffic if too many people start asking for lists to be updated too frequently.. it would amount to a DDOS. But the number of people that would actually adjust such a setting would likely be minimal compared to the installed base.
Are the SB and TP lists available anywhere in a format compatible with uBo?
@RoxKilly wrote
Comment out the two prefs under 0410d because tracking protection relies on the safebrowsing API (maybe you forgot this step?)
I did forget that, sorry. Ok so amazoncustomerservice.d2.sc.omtrdc.net
is the tracker in this case.
omtrdc.net
is listed in the Adobe section of the TP list, and also in Dan Pollock’s hosts file
in uBo/uM.
So if you use more than only the default settings in uBO, OR also use uMatrix with its default settings, nothing slips through the cracks (for that site at least).
@Gitoffthelawn wrote
I think uBo would benefit from the ability to customize the list check interval.
https://github.com/gorhill/uBlock/wiki/Advanced-settings
Actually, do you know if it checks lists for updates or always just downloads the most recent versions?
afaik it checks a checksum file from gorhill's github repo before updating lists.
Are the SB and TP lists available anywhere in a format compatible with uBo?
Not that I know. The TP list could however easily be parsed and converted into a compatible format. idk if the same is possible for SB. Would this be the format we want ... ?
## AddThis
||addthis.com^$third-party
||addthiscdn.com^$third-party
||addthisedge.com^$third-party
FYI These lists have been implemented into Ubo Lists: https://github.com/chrisaljoudi/uBlock/issues/1406#issuecomment-105517545
@Gitoffthelawn wrote:
Actually, do you know if it checks lists for updates or always just downloads the most recent versions?
@earthlng wrote:
afaik it checks a checksum file from gorhill's github repo before updating lists.
That may no longer be the case. I just came across this statement from gorhill from Jan 2017
uBO no longer uses checksums.txt resource hosted on GitHub to find out whether some specific assets have changed: the update logic is now completely time-based -- checksums.txt will be deprecated and will no longer be updated. Eventually in some future it will be removed from the repository
Interestingly this very page/tracker is explicitly allowed on the following lists: EasyPrivacy (under uBo privacy) English filter Spyware filter
Hmmm... Popular lists such as EasyList have a string at the top to indicate how often to perform updates. For example: ! Expires: 4 days (update frequency)
.
IIRC, popular blocking programs like AdBlock Plus and uBlock Origin (uBo) will not automatically update the list from its source until that time has expired.
IIRC, when a user of AdBlock Plus manually updates a list, it will force an update, overriding the value specified in the header. IIRC, uBlock Origin will not update the list in this situation, even if the user performs a manual update.
IIRC, in uBo, even if the user specifies a lower value by using the autoUpdatePeriod
advanced setting, it will still not override the expiration interval. Thus, it will not perform a manual update.
In uBo the user can purge all uBo caches and then perform a manual update of every list. AFAIK, this will manually update the lists. AFAIK, in uBo, there is no obvious way to manually purge and update a single list before it has expired, which can be days.
That's a lot of IIRC and AFAIK, so you may want to confirm.
@Thorin-Oakenpants
Consider writing out SB >> SafeBrowsing
and TP >> Tracking Protection
in your last post, because it's one of reference (almost like documentation). Also you've mistakenly used TB
where you meant TP
. You've done it a couple of times in this thread or in the VOTE thread, but on this last post I think it's important to get it right. It might be linked to a few times in the future and people who come directly to it may wonder what SB
, TP
and TB
are until they scroll up etc...
The implementation guide explains:
Could someone please elaborate? Is the block because the browser has to connect to a remote server to download blocklists? @Thorin-Oakenpants do you operate under the assumption that this
user.js
must be used in conjunction with uBlock Origin? If this is meant for both uBO users and non-users, why disable TP?Setting that aside, let me make the case for TP even for a uBO user like myself: For the vast majority of webpages, TP never plays a role because uBO blocks requests before they get to the TP code (see the last comment from link 3 below). So there is no additional burden on the browser and I don't see an additional privacy exposure (beyond the blocklist downloads).
In some cases, default uBO filter lists and settings let something through the cracks and TP actually catches it (eg: enable Tracking Protection and open this page as of May 4 2017). This is usually a tracking image of some sort. In those cases I'm glad to have TP on.
For Reference