Any longtime Wrongthink visitor is probably familiar with my criticisms of uBlock Origin. It originates from a place of frustration: Why did Raymond Hill insist on breaking up the power emeralds™ and hiding them across the land? Was it too dangerous to have it all in one place? But with time and experience, I’ve come to ponder whether I am just demanding unattainable standards. What if the remaining 10% functionality I seek can be scrounged up from elsewhere?
With the right compliment of extensions, uBlock Origin might just be good enough. First a recap: its weak points are in the non-existant handling of cookies and in the incomplete filtering of CSS. One tool I’d been using along side uBlock Origin for years has been Temporary Container Tabs. Temporary Container Tabs has the effect of limiting cookie life to the life of a browser tab. Close the tab, and the cookies are tossed out with that cache bucket. Sadly, it too is unmaintained for years, but still functions as of Firefox 140.
The necessity of blocking CSS is something else I’ve been reexamining. Does the cost outweigh the functionality provided by stylesheets? By running on-access prevention in the Mozilla cache with clamonacc, stylesheets are already subject to some filtering (with additional malware databases ofc). This effectively pulls the security model back a layer from exception-allow to exception-deny while affording most sites basic formatting.
uBlock Origin’s CNAME uncloaking can perhaps replace extensions like Block Cloudflare MITM. Block Cloudflare MITM relies on knowledge of existing CDNs, while CNAME uncloaking does this naturally for any domain fronting simply as a happy byproduct. You can see which third party resources are calling Akamai or Fastly or whatever other MITM might be serving assets under the first party domain.
Completely granular per-asset filtering is actually a thing in uBO! In the logger window, it is possible to select specific scripts or other assets to automatically compose rules for. The only other tool that I’ve seen with this level of fine grained control has been Policy Control/Request Policy. It’s not well advertised, and I admittedly only discovered this feature recently as of version 1.64.X.
And if that level of control sounds too exhausting, what of handling javascript when the few scripts that are allowed to load must also contend with obfuscation by JShelter? With all of the mitigations outlined above, when the “Disable Javascript” option is unchecked for a certain page in uBlock Origin, it loads scripts only for those domains that you have exceptionally allowed, the scripts must then pass checks from clamav-daemon filtering, only to then run in a limited environment whose parameters are adjusted to defeat common fingerprinting.
Minor point: Dark mode!
Considering all of that, and I can hardly believe I’m saying this, but I’m thinking of dropping uMatrix. The tier list will remain unchanged for the time being, as I need to carefully evaluate whether this adequately fixes uBlock Origin.