search

gorhill / uBlock

uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.
GNU General Public License v3.0
46.97k stars 3.13k forks source link

Make use of dynamic filters easier by adding website safety checker #3596

Closed mikhaelkh closed 6 years ago

mikhaelkh commented 6 years ago

Describe the issue

One way to quickly determine the broken filter is to add dynamic allow rules until site is rendered properly. Unfortunately, uBO (and uMatrix) provide no means to check if an unknown domain is safe. It can be done for example by adding a link to a website safety checker in the overview panel next to each domain.

Steps for anyone to reproduce the issue

  1. Enable Advanced mode
  2. Go to website where exists broken filter
  3. Try to fix it with dynamic filters

Your settings

gorhill commented 6 years ago

uBO won't vouch for any "website safety checker".

Best left to a dedicated extension.

mikhaelkh commented 6 years ago

You don't have to vouch for any particular tool if you give user a choice. @jspenguin2017 ?

jspenguin2017 commented 6 years ago

if you give user a choice

Like direct them to WebStore to pick their own? What's on your mind?

gorhill commented 6 years ago

Duplicate of #65 by the way (and https://github.com/gorhill/uMatrix/issues/185) (this was all before Web of Trust being found selling user data).

mikhaelkh commented 6 years ago

What's on your mind?

@jspenguin2017 more like use API to quickly see if the domain is safe, like red-yellow-green colors in the overview panel to see what requests from domain are currently blocked.

Maybe it makes sense to use separate color (say black) to indicate that there's an active filter which blocks whole domain? Currently green and red can turn yellow, but black will stay black.

jspenguin2017 commented 6 years ago

if you give user a choice

use API to quickly see if the domain is safe

You just contradicted yourself.

mikhaelkh commented 6 years ago

You just contradicted yourself.

Actually no, because there can be several APIs from several sources. Nevermind, it's like gorhill said, best leave it to a dedicated extension.

jspenguin2017 commented 6 years ago

from several sources

For example... ?

mikhaelkh commented 6 years ago

WOT, Google, Yandex, PhishTank

jspenguin2017 commented 6 years ago

WOT:

You need an API key to use the public API. In order to request a key, you need a WOT account.

Well, you can't really ship an API key with the extension, but the alternative is to host your own server, which isn't ideal. You can ask the user to supply his own key but... can't you just send the user to WebStore to get the WOT extension?

When Safe Browsing flags a site, it looks like this: image

Yandex:

Get a unique key.

Might have the same problem as WOT, I'm not sure if the API key can be public though, for WOT their TOS clearly implies the key is private.

I think Yandex's Safe Browsing is similar to Google's: when it flags, it means the site is really dangerous; and chances are Google already flagged it.

PhishTank

please register for an application key Without this key, you will be limited to a few downloads per day.

I haven't looked into it, but the key is probably private, and users who actually use the trust rating feature probably need more than "a few per day".

Also after a quick test, most of the sites they flag are already flagged by Google.

WOT has their own extension and the other three only flag really dangerous sites, and Chrome's big red block screen is probably enough of a warning already. Got better examples?

mikhaelkh commented 6 years ago

@jspenguin2017 I guess my issue is that one can't distinguish dangerous websites from others in the overview panel. Red color just indicate that there's no allowed requests from domain yet, which doesn't necessarily means the domain is unsafe. Another layer of protection like Google or Yandex Safe Browsing, or uMatrix is a smart choice in case you accidentally allow dangerous domain. Sometimes GSB blocks website because of crappy 3rd party ad provider, and use of uBO would eliminate the consequences.

Maybe it makes sense to use separate color (say black) to indicate that there's an active block filter for domain from filterlist that contains unsafe websites, e.g. "Malware domains"?

jspenguin2017 commented 6 years ago

@mikhaelkh That makes no sense to me. If a big full screen warning is not enough, how will a color code in a small grid help?

mikhaelkh commented 6 years ago

It's not "not enough", it's "too much". It would help in the following way: it would clearly indicate that the domain is unsafe with high probability and save time to find which domain to allow: first consider yellow domains, then red, and only then, with extreme care, black. Preferably, black domains should be placed at the bottom, like in uMatrix.

jspenguin2017 commented 6 years ago

@mikhaelkh I don't think it's too much, there is no reason for you to visit phishing sites to begin with.

mikhaelkh commented 6 years ago

Sometimes websites become victims of 3rd-party crap which gets blocked by GSB anyway.

jspenguin2017 commented 6 years ago

@mikhaelkh Well, that's why you don't put untrusted third party stuff on your website.