search

uBlockOrigin / uMatrix-issues

This is the community-maintained issue tracker for uMatrix
https://github.com/gorhill/uMatrix
123 stars 17 forks source link

Add cookie-less Google Captcha ruleset into defaults? #285

Open Kein opened 4 years ago

Kein commented 4 years ago

Current Google Captcha ruleset in default recipes is as follows: https://github.com/uBlockOrigin/uAssets/blob/1becdb39620374698e131341fbb504a3630a2267/recipes/recipes_en.txt#L116

Google reCaptcha
    * www.google.com
        _ www.google.com *
        _ www.google.com script
        _ www.google.com frame
        _ www.gstatic.com *
        _ www.gstatic.com script

I've been extensively testing a version of the ruleset where cookies always blocked and it never resulted in any failure or inconvenience. Google has few thousands more way to track you and your session, which it demonstrated multiple ways by silently passing Captcha for me (in fact without even allowing it fully with web-workers) on a completely different resource just because I had high completion rate elsewhere. May be something like Google reCaptcha No Cookies in addition just like there are YT No Account and YT with Account

gwarser commented 4 years ago

Sadly no one is reviewing recipes, and updates stalled for long now.

Kein commented 4 years ago

Who is supposed to review them and if he is no longer capable of doing it then may be someone else can take on it?

madduck commented 4 years ago

@Kein go ahead and fork, and convince people to migrate. If you prove that you'll be better, I'll switch.

Kein commented 4 years ago

go ahead and fork, and convince people to migrate.

You know the irony is lost here because this almost (0.001%) never happens?

gorhill commented 4 years ago

Another option is to create and maintain a recipes file, and if it's good users will be motivated to import it. Just like filter lists in uBO, recipes in uMatrix can be from external contributions.

Kein commented 4 years ago

What the issue maintaining built-in by default solution and have nice things instead of spreading the requirements for extensions across multiple sources and projects. At this point Ubuntu installation process is more streamlined then a single browser extensions, jesus christ.

Why it always have to be such a mess.

Kein commented 4 years ago

And by the way, rulesets are bugged. Here is my custom ruleset as per recipe:

Google New ReCaptcha
    * www.google.com
        _ www.gstatic.com script
        _ www.gstatic.com css
        _ www.gstatic.com image
        _ www.google.com frame
        _ www.google.com script
        _ www.google.com xhr
        _ www.google.com image
        _ www.google.com css
        no-workers: _ false

Here is how it looks like when suggested (not applied) and in the uMatrix dashboard my manual rule setup for the domain: image

If I reset my rules for the domain and try to apply my ruleset which clearly does not allow cookies I get this: image

It allowed cookies.

What's being applied by ruleset:

no-workers: domaintools.com false
domaintools.com www.google.com * allow
domaintools.com www.google.com frame allow
domaintools.com www.google.com script allow
domaintools.com www.gstatic.com css allow
domaintools.com www.gstatic.com image allow
domaintools.com www.gstatic.com script allow

What should be applied:

no-workers: domaintools.com false
domaintools.com www.google.com css allow
domaintools.com www.google.com fetch allow
domaintools.com www.google.com frame allow
domaintools.com www.google.com image allow
domaintools.com www.google.com script allow
domaintools.com www.gstatic.com css allow
domaintools.com www.gstatic.com image allow
domaintools.com www.gstatic.com script allow