[LINK] Chrome and Ad Blocking
Craig Sanders
cas at taz.net.au
Sun Jan 27 15:39:18 AEDT 2019
On Thu, Jan 24, 2019 at 09:08:38AM -0800, Rick Welykochy wrote:
> At the risk of repeating meself, there is an alternative solution with very
> low overhead, superfast at the application level, but perhaps not for the
> faint of heart:
>
> http://winhelp2002.mvps.org/hosts.htm
>
> The idea is so simple I should have thought of it myself. I've been using it
> on laptops and desktops for years.
Unfortunately, hostname-based blocking is inadequate. It's only a very small
part of the solution.
It's fine for blocking specific malware-only[1] domains like doubleclick,
when you want to block the entire domain. It's completely useless for any
finer-grained blocking - which is essential on the modern web (and has been
for 20 years or more).
It's also useless for blocking "cloud" based malware unless you want to block
AWS, cloudfront, and several other CDNs and hosting services - resulting in a
LOT of false-positives, breaking lots of other sites.
And useless for blocking URLs without hostnames - i.e. ipv4 or ipv6 addresses
instead of names, which is very common with spam and malware.
Even squid (or other proxy) based blocking is pretty much useless these days
- unfortunate collateral damage in the move to "https everywhere". The
proxy only sees a single CONNECT request, doesn't see any of the URLs being
requested, so is unable to block access to any of them. A shame, i've been
using squid to block ads and other crap since the mid 1990s.
What this means is that (ignoring things like running your own
Man-In-The-Middle https proxy, which is hugely problematic for all sorts of
reasons anyway) malware blocking has to be done at the end-point - i.e. IN THE
BROWSER. This is less than ideal, but it is what it is - to block malware we
have to deal with the world as it is, not as we wish it to be.
The single most effective thing anyone can do to block advertising and other
malware is to disable javascript by default. e.g. by installing the uMatrix[2]
plugin. And use an ad-blocker too, like uBlock Origin[3] Both of these are
available for both chromium & firefox and work identically on both.
The Stylus[4] plugin is also useful, not only for fixing brain-damaged
web-designer CSS (like tiny font sizes and specifying all sizes in pixels
so they're unreadable on high DPI monitors), but also for blocking
unwanted/annoying stuff with CSS over-rides (like "display: none !important;"
or "animation: none !important;"). Stylus is also available for both Chromium
and Firefox.
e.g. I've been using Stylus for years on newspaper websites like The Age to
block sports and celebrity bullshit and other garbage I have no interest in,
as well as advertising. Lots of other uses too - I recently used it so I
could read an article on vice.com that someone sent me a link to, WITHOUT
enabling javascript: 3 lines of CSS was all that was required for the hidden
article to be displayed without having to run their javascript and click their
"View More" button.
There are also javascript-based page modding with plugins like
GreaseMonkey[5]. Stylus is good for page-modding with CSS (which is all you
need in most cases), while GreaseMonkey is for page-modding with javascript -
I only use this when there's no other choice, e.g. one the very rare occasion
that js is required on a page that I actually want to view and I want to
de-fang the site's js as much as possible. GM can also be useful for stuff
like enforcing my choice to disable smooth-scrolling (some areshole web devs
use javascript to over-ride the browser setting and do smooth-scrolling
whether you want it or not).
NOTE: Stylus requires a pretty good understanding of HTML and CSS.
GreaseMonkey requires at least a rudimentary ability to code in javascript.
Both require a willingness to read and examine source code and to tinker.
Anyway, to get back to the point:
If Chrome (or its open-source version chromium) does end up breaking plugins
like these, then THE ONLY SOLUTION IS TO STOP USING IT.
THERE IS NO OTHER SOLUTION: DON'T USE SOFTWARE WITH ANTI-FEATURES.
Use only browsers that respect the end-user's absolute right to control what
gets downloaded, displayed, and/or executed on their own computers. Firefox
is OK for now, although I wouldn't trust them in the long run (they've done
too many shady things in recent years that are for the benefit of them and
their sponsors rather than their users), and the open source chromium will
probably be forked to avoid anti-features[6] like this.
Finally, malware like this is primarily a social and legal problem rather
than a technical problem. Under ideal circumstances, it would be solvable by
social and legal means. Unfortunately, that's unlikely to happen - there's
too much money riding on this shit, and too many powerful vested interests
who benefit from malware (for everything from marketing campaigns to rounding
up and imprisoning or even executing dissidents), and the malware giants like
google and facebook just know too much about any politician who does more than
make vague, ineffectual noises to oppose them. So technology is the only tool
we have to resist....and most people aren't capable of that, or even willing
to put in the effort to learn how.
[1] including the sub-set of malware called "advertising" and associated
spyware.
[2] https://github.com/gorhill/uMatrix/wiki
[3] https://en.wikipedia.org/wiki/UBlock_Origin and https://github.com/gorhill/uBlock
use only "uBlock ORIGIN". Don't use any other version claiming to be "uBlock",
there's at least one malicious fork of it. uBlock Origin is by Raymond Hill
aka "gorhill", who is also the author of uMatrix.
[4] Stylus is the open source fork of the original Stylish plugin, which got
taken over by a scumbag with connections to the advertising/spyware industry.
Don't use Stylish, it's trojaned with spyware that tracks every URL visited or
embedded in a page.
[5] https://en.wikipedia.org/wiki/Greasemonkey
[6] https://www.fsf.org/blogs/community/antifeatures
https://www.digitalethics.org/essays/it-feature-it-bug-no-its-antifeature
craig
--
craig sanders <cas at taz.net.au>
More information about the Link
mailing list