Request small Privacy selection

[SampeiNihira]

It could be of interest to many users of UBO Lite. I will insert an image with my ideas but you can decide more. putting a Ping checkbox doesn't seem interesting to me ,because it can be blocked in Chromium-based browsers with the command-line:

--no-pings

https://www.ghacks.net/2022/08/27/websites-may-write-to-the-clipboard-in-chrome-without-user-permission/

It has been proposed to put this rule in my filters in UBO:

*##+js(acis, navigator.clipboard)

It seems to work,but I have no idea if it can work in UBO Lite.

I hope I have not disturbed too much. Thank you for your attention.

[krystian3w]

Chrome/ium 107 no longer allow read clipboard without prompting asking to allow permission.

If you found new option to read clipboard in Chromium 107+ without permissions the best will be open new issue about lack of fixes if ping here https://bugs.chromium.org/p/chromium/issues/detail?id=1334203 was ignored.

---

Also acs no cover all tries read clipboard in Chromium 66 - 106 (e.g. randomized file loaded by src with rare chance block by network filtering). Almost all tries should cover closed AdGuard PR/draft: https://github.com/AdguardTeam/AdguardFilters/pull/128408

[SampeiNihira]

That is just one option,which I assumed interesting. If it is not interesting to the developer,he can eliminate it. I use Edge. And I often notice that not all the new features in Chromium/Chrome are carried over to Edge. Example:

https://www.chromium.org/updates/chips/

CHIPS cannot work in Edge due to the lack of a required flag.

[krystian3w]

Egde/MS insisted that clipboard API it be fixed directly in the Chromium code.

So as not to fix it with your own hotifix (Exclusive for Edge).

[SampeiNihira]

Better for everyone if it will be so. Do you have any alternatives to propose as a substitute for the third idea? If you do have it instead of just criticizing expose an alternative.

[krystian3w]

If gorhill don't reject install uBOL on Chromium older than 105 these option cover only two builds:

• outdated 105
• latest 106

So for these maybe enough if condition to don't touch corrected API in Chromium 107+.

To watch needed then is CCSTree engine (how old Chromium support latest release).

I suppose no possible write fastly scriptlet to cover only the vulnerability in API (like touch event instead all functionality).

[SampeiNihira]

In Edge 107 the setting:

"disable clipboard writing"

is no longer necessary.

Compared to the default setting I prefer:

[gorhill]

uBO Lite is meant to be as not technical as possible. "Blocking CSP reports" is quite technical, I don't see this fitting in uBOL; how would you even explain this to a computer illiterate person?

uBO is best for this, as it is for wider audience, from those who prefer install-and-forget to those who prefer to control every details as much as possible.

[SampeiNihira]

Unfortunately, it will not be possible to use UBO in Edge. And I set up my Edge to have very good security at the Sandbox/Appcontainer level:

This is critical in Windows OS. These settings cannot be obtained in other Chromium-based browsers.

My PC already has Firefox + UBO installed. But it is necessary to have a Chromium-based browser installed as well.

I would not wish to give up Edge,for example switch to Brave (with its internal adblocker) as will many users of Chromium-based browsers who consider privacy more important than security.

[gorhill]

You have different goal with your personal installation than I do have with uBOL, in such case its best for you to find a solution elsewhere than for me to detract from my goal with uBOL.

---

Given this, closing as declined for the time being.

[Yuki2718]

Off-topic: https://www.wilderssecurity.com/threads/ublock-a-lean-and-fast-blocker.365273/page-274#post-3113350

With UBO Lite this is not possible now and will not be possible in the future either because mr.Hill refused my request for a small privacy panel.

@SampeiNihira Beacon API is globally blocked by EP with $ping,third-party - it's not "in addtion", they are the same thing. The rule is limited to 3p due to problems but individual 1p cases has been added. Globally blocking CSP reports by filters is simply not possible, the only way is *$other if you don't care possible problems as it blocks more than just csp reports ¹. It's likely you confused somthing about $csp and csp report or someone told you misinformation.

---

_{AG generally disables such a too wide rule: https://github.com/Yuki2718/adblock/issues/4#issuecomment-986862988}

[SampeiNihira]

Off-Topic

@Yuki2718 How is it then possible to pass this test?

https://apps.armin.dev/ping-spotter/

[Yuki2718]

How is it then possible to pass this test?

It's 1p ping so add ||apps.armin.dev^$ping or *$ping. (Ofc not possible with uBOL for now.)

[gorhill]

How is it then possible to pass this test?

Use uBO?

[Yuki2718]

For CSP report ||apps.armin.dev^$other or *$other if you disabled block CSP-report option. I don't remember details, but IIRC at first *$ping was added to EP and then adjusted to 3p due to some reports.

[SampeiNihira]

@gorhill

No. AdGuard MV3 to which I added 2 simple rules. I would have tried UBO Lite if it was possible to do the same. Surely I get everything wrong,but I proved that it is possible.

[gorhill]

I didn't say it was impossible, I said uBOL is not what you want it to be. It's meant to be a simple, non-technical install-and-forget content blocker that is optimized for MV3 by being entirely declarative.

If you do not want to use uBO, it's your choice -- you set yourself constraints of wanting to use MV3 and wanting a blocker that does all that uBO can do, then uBOL is just not for you, and I won't change uBOL's goal because of these personal choices of yours. uBOL is another personal project with a clear goal in mind, which I won't throw out because someone somewhere has very specific unmatched needs. That's why I explicitly spelled out to not use uBOL for those who want all uBO featureset, just use uBO then:

Many users of uBO will dislike the limitations of uBOL when compared to uBO. There is no point complaining about it, it's just not for you, it's meant for another kind of users -- you do not have to use it.

Non-declarative MV3 versions are hugely inefficient resource-wise, and I have no interest if creating/maintaining a hugely inefficient MV3-based content blocker -- which will never be able to accommodate all of uBO featureset anyways:

It means that complex extensions will be much slower in ManifestV3 and will consume a lot more resources due to frequent restarts of the service worker as each restart consumes incomparably more CPU and power even if code caching will be eventually enabled for extensions

There is no point to keep arguing about this, please respect the choice I made by declining the request.

[krystian3w]

Custom Rules form ABP/EasyList syntax should be possible inject to file after install unpacked addon form SSD/NVMe or HDD (I not recommend USB 1.1 or 2.0).

Harder will be sync - may needed use WinMerge or Meld.

[Yuki2718]

@gorhill I think the only matter here is whether uBOL will eventually support custom lists and/or My filters. I guess it can't be emphasized enough that uBOL is at very early stage now. Why so many people now move to uBOL when uBO will work fine at least until Jun. 2023?

[gorhill]

whether uBOL will eventually support custom lists and/or My filters

Custom list probably not (MV3 limits number of dynamic rules to 5,000 and uBOL already uses a chunk of them). Custom filters I haven't decided yet. As things currently are, these features require that I add as part of the package the whole static network filtering engine just for the sake of converting filters to rules, and by extension a lot more of development and maintenance work, so not something I look forward too. As said elsewhere, I burned on uMatrix, I do not want that to happen with uBOL, so to keep it as simple as possible is a way to ensure this.

[debsidian]

If you do not want to use uBO, it's your choice -- you set yourself constraints of wanting to use MV3 and wanting a blocker that does all that uBO can do, then uBOL is just not for you, and I won't change uBOL's goal because of these personal choices of yours. uBOL is another personal project with a clear goal in mind, which I won't throw out because someone somewhere has very specific unmatched needs.

This is very well said and should probably be an autoreply that one of the uBO volunteers can copy/paste for future uBOL feature requests. It doesn't make sense for people to choose the "lite" version and then request features to make it less lite. Just use uBO.

(uBOL is) meant to be a simple, non-technical install-and-forget content blocker that is optimized for MV3 by being entirely declarative.

@gorhill It's really helpful that you've stated the project goals so succinctly bc it's easy for us to understand why you are making the decisions you do. Personally, I love uBO and wouldn't trade it for anything.

[SampeiNihira]

@devingoodman

Are you aware that an MV2 extension like UBO will only be available for Firefox (and maybe Brave)? In other Chromium-based browsers you will have to use UBO Lite by necessity.

[Yuki2718]

Guys, please move to https://github.com/uBlockOrigin/uBlock-issues/discussions/2261 for any more discussion.