When first installing uMatrix, the setting "Auto-update hosts files" is disabled by default

[darkred]

Using uMatrix 1.3.2 in Firefox 58 and Chrome 63 (win10x64).

When first installing uMatrix (I use it in Firefox and Firefox) the setting in uMatrix's dashboad: "Host Files | Auto-update hosts files" is disabled by default.

In contrast, when first installing uBlock Origin, the relevant setting in uBO's dashboard: "3rd-party filters | "Auto-update filter lists" is enabled by default.

My suggestion is the "Auto-update hosts files" setting to be enabled by default in uMatrix as well, in order to make sure that the hosts files will be kept up-to-date by default.

Also, in the Privacy policy wiki page it says that:

uMatrix does not collect any data of any kind.

• uMatrix has no home server.
• uMatrix doesn't embed any kind of analytic hooks in its code.

The only time uMatrix connects to a remote server is to update the hosts files and other related assets. If you disable auto-update in the "Hosts files" pane in the dashboard, uMatrix will not connect to any remote server, unless you click "Update now" and only if there are assets deemed "out of date".

The last sentence suggests that disabling the autoupdate of hosts files should be a user opt-out action, not the default behavior of the extension.

Thank you

[h1z1]

Read that as the opposite - It doesn't call home by default, that is a good thing. Drove me nuts that uBO does this and without asking. Default third party rules are dangerous.

[gorhill]

It doesn't call home by default

It never calls "home", I don't own GitHub servers.

Default third party rules are dangerous.

They are all block rules.

[h1z1]

It doesn't call home by default

It never calls "home", I don't own GitHub servers.

Extended home? :) Never said your home though. Will uM not download them on first run?

Default third party rules are dangerous.

They are all block rules

Indeed, they are run by third parties though.

[gorhill]

Indeed, they are run by third parties though.

The point is, how are 3rd-party blocking rules "dangerous"? I can't make sense of this. On top of default-deny, 3rd-party block lists can only further restrict, never relax where the browser is allowed to connect.

[h1z1]

Same could be said the other way - If the default is deny then why are these needed? Blocking 3rd party anything is the point of umatrix. There's nothing to stop them from including rules I'd rather not waste even memory on or risk typos breaking (easylist for example). Considering 99% of them are never hit..

Unlike running a dns server, hosts files are not databases. There is an overhead in reading pointless, large files over and over.

I don't personally need nor care for yet another server somewhere on the Internet keeping a record of me. I much rather software ASK on install whether users want to download external lists first.

[Remu-rin]

Same could be said the other way - If the default is deny then why are these needed?

1. To block css and images from those known bad domains, even when they are allowed globally. And in some cases content from those domains is 1st-party scripts /XHR/etc (subdomain). Privacy.
2. To clean up matrix via moving them to the end of popup, plus making it possible to hide all of them to one string. Usability.

[h1z1]

To block css and images from those known bad domains, even when they are allowed globally.

That is exactly why those lists are to be vetted personally.

And in some cases content from those domains is 1st-party scripts /XHR/etc (subdomain). Privacy.

Don't think you understand what default deny means as it includes 1st and 3rd party requests. It is a bit more laborious but worth it considering realistically you only visit a small subset of sites.

To clean up matrix via moving them to the end of popup, plus making it possible to hide all of them to one string. Usability.

I don't understand that.

[Remu-rin]

Don't think you understand what default deny means as it includes 1st and 3rd party requests.

Defaults of uM are not clean default deny (it would be very hard to use). It allows everything from 1st-party, plus css and images from 3rd-party. And hosts-filters are useful there. Most users don't go full default deny, even me (in 1st-party I block only scripts).

I don't understand that.

Compare this. Which variant is more clean and easy to use? Or imagine a case, when instead of beemray there would be something starting from W letter. It will be at the end of matrix (because it's sorted alphabetically), after all of those bad domains. Hosts-filters will put up neutral/unknown domains and put down bad domains.

[gorhill]

It's ok if people do not want hosts files, it's their choice, uMatrix does not force anybody to keep the checkboxes checked. The dubious claim here is "third party rules are dangerous". None of these imported rules will relax uMatrix's current ruleset -- it's the opposite they contribute to make the current ruleset stricter, so "dangerous" here amount to nothing more than FUD.

[uBlock-user]

If the default is deny then why are these needed?

NOT everyone runs in default-deny mode, if you ever ran uMatrix in allow-all/block exceptions mode then everything will be whitelisted EXCEPT for entries in any HOSTS files the user has subscribed to. Incase he hasn't, the ad-servers/malware will also be whitelisted and will create havoc for the user who wants to run in allow-all/block exceptions mode, that why HOSTS files are supremely important to have on.

Secondly, HOSTS files are all purpose lists which can be used for blocking ads/trackers/malware and what not on OS level too, they're not restricted to uMatrix only. Any entry in HOSTS files on uMatrix put under blacklisted domains category which informs users to know that these are NOT meant to be whitelisted incase if the user is wondering.

In @gorhill's own words and I quote "uMatrix can be set to work in allow-all/block-exceptionally mode with a single click on the all cell in the global scope *, if you prefer to work this way. This will of course break less sites, but you would then lose all the benefits which comes with block-all/allow-exceptionally mode -- though you will still benefit from the 62,000+ blacklisted hostnames by default."

[h1z1]

FUD? My point was the lists are now going to be enabled by default. Whether users choose to use them or not is entirely their own. Regarding the interface itself, I prefer the second image.

Don't know where you guys get this but I expect you'll restrict and lock this thread like you usually do. Screenshots taken.

[gorhill]

FUD? My point was the lists are now going to be enabled by default.

I responded to your:

Default third party rules are dangerous.

Just make a convincing argument as to why adding more block rules on top of whatever ruleset is in effect is "dangerous".

[uBlock-user]

but I expect you'll restrict and lock this thread like you usually do.

Because of you going offtopic with the whole "Default third party rules are dangerous." thing which is not the issue created by the OP and I think you rather have incorrect or misguided understanding when it comes to 3rd party filter rules.

[h1z1]

Just make a convincing argument as to why adding more block rules on top of whatever ruleset is in effect is "dangerous".

Why on earth would I do that? It wan't my argument at all.

Keep making threads like this though and you answer your own question.

[temporaryaccount]

I agree with @h1z1 here. Any automatic connection made by a privacy-related extension without the user explicitly allowing it is... bad manners, at least. I don't want those lists downloaded to my computer when I'm installing uMatrix. I don't want it to periodically contact Github (or any other) servers to check for updates. Besides, even when unchecking the checkboxes those files remain in the profile.

Would it be too hard to implement a simple yes/no dialog box after installation with something like this:

Would you like to subscribe to a blocklist xxx maintained by zzz? It will help you block unwanted hosts in case you don't intend to use the whitelist model.