[HN Gopher] uMatrix has been archived
___________________________________________________________________
uMatrix has been archived
Author : bscphil
Score : 528 points
Date : 2020-09-20 09:52 UTC (13 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| Drawde wrote:
| If you're using uBlock Origin already, then you don't really need
| uMatrix or NoScript. Just enable medium mode or hard mode:
|
| https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium...
|
| https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-m...
| dastx wrote:
| Medium and hard mode are nowhere near as flexible as as
| uMatrix. It's good, but it's not uMatrix.
| prvc wrote:
| Could you elaborate as to what the specific differences are?
| dastx wrote:
| For starters with uBO you can individually block types of
| requests (images, js, css, cookies, frames, "other") per
| domain and/or per subhuman.
| surround wrote:
| *uMatrix, not uBO
| takeda wrote:
| And subdomain not subhuman :)
| Lammy wrote:
| I'm willing to put up with if it it means gorhill will have
| the energy to maintain just uBO instead of burning out
| entirely :)
| dastx wrote:
| Definitely! I'm going to keep using uMatrix until it starts
| getting in my way, but otherwise uBO will do.
| soulofmischief wrote:
| The developer, Raymond Hill had this to say on reddit a month
| ago:
|
| _I will never hand over development to whoever, I had my lesson
| in the past -- I wouldn 't like that someone would turn the
| project into something I never intended it to become
| (monetization, feature bloat, etc.). At most I would archive the
| project and whoever is free to fork under a new name. For now I
| resisted doing this, so people will have to be patient for new
| stable release._
|
| _What would actually help is that people help to completely
| investigate existing issues instead of keep asking me to add yet
| more features. Turns out people willing to step in the code to
| investigate and pinpoint exactly where is an issue (or that there
| is no issue) is incredibly rare._
|
| https://www.reddit.com/r/uBlockOrigin/comments/i240ds/reques...
| afterburner wrote:
| > Turns out people willing to step in the code to investigate
| and pinpoint exactly where is an issue (or that there is no
| issue) is incredibly rare.
|
| Ayyyup
|
| One of the reasons people just decide to rewrite everything
| instead...
| mrich wrote:
| It's strange that this is so prevalent in the industry. Who
| ever got promoted for fixing all the hard bugs? Reinventing
| the wheel is the safe career move in many companies. And the
| result are huge R&D budgets, bugs and a bad user experience.
| surround wrote:
| More context from the parent comment of that thread:
|
| _I don 't have time to work on uMatrix -- it's a project large
| enough that I would be able to work on it only if I wasn't
| working on uBO._
| NelsonMinar wrote:
| Presumably referring to the mess that happened with uBlock when
| he tried to step away. That's why it's called "uBlock Origin"
| now; the original name was taken over by someone who then
| developed it in ways against Gorhill's intentions.
| soulofmischief wrote:
| That's what I assumed as well. That situation was quite a
| mess.
| propogandist wrote:
| >the original name was taken over by someone
|
| it was taken over by the same people behind "AdBlockPlus"
| which is a shakedown operation. They're allowing ads to be
| unblocked if advertisers pay them money.
|
| Some history; https://old.reddit.com/r/chrome/comments/32ory7
| /ublock_is_ba...
| sloshnmosh wrote:
| uMatrix IMHO is an absolute necessity when viewing the web these
| days.
|
| It is said that 20% of the ads on the web are malicious so
| browsing the web without a dependable script/adblocker is just
| asking for trouble.
|
| And until the adtech industry finds a way to stop malvertising I
| will continue blocking scripts and ads.
| cameronhowe wrote:
| Noooooooo, why?
|
| I hope this addon keeps working without patches for a long time,
| I absolutely love how it has improved my web experience. So easy
| to use.
| fxtentacle wrote:
| This is sad for me as a user, but I can fully understand his
| unwillingness to further engage with requests from entitled
| users. I myself had bad experiences with releasing open source,
| too.
|
| That said, this is clearly a useful tool and I wouldn't be
| surprised if the user base was 10,000+ which means that if you'd
| make it $3 monthly to use as a commercial product, the revenue
| (after attrition) should be enough to pay for at least one part
| time employee to do the maintenance.
|
| I would also expect that releasing this as a paid product, as
| opposed to open source, will actually reduce entitlement by
| users. Or at the very least, you can always just issue a refund
| and be done with it.
|
| I would still hope for source code insight to make it transparent
| how this tool works. But that is not necessary a hindrance
| towards productizing it. Unreal Engine 4 is a commercial success,
| despite shipping with full source code.
| jsjohnst wrote:
| > I would also expect that releasing this as a paid product, as
| opposed to open source, will actually reduce entitlement by
| users.
|
| That is the very opposite of what I'd expect and have observed
| personally over the years. The folks who've paid a small amount
| are virtually always the most demanding and refunding them and
| asking them politely to go away just fuels their indignation
| further.
| fxtentacle wrote:
| I've been selling a $9 Windows app for 5 years now and never
| had a case where someone continued to contact support after a
| refund. We did have people who had a system straight from
| hell where nothing worked as planned, but then again the
| users of those systems seemed to be aware that it's their
| computer and not my app.
| chippy wrote:
| Good project for someone to pick up on and carry forward I guess?
| srtjstjsj wrote:
| No. Gorhill is protecting it from seizure. But someone can fork
| it.
| 4cao wrote:
| There is a comment from @gorhill saying:
|
| > Anyway, as it is, I've archived uMatrix's repo, I can't and
| won't be spending any more time on this project, and neither on
| all such issues [linking to all issues closed as invalid].
|
| https://github.com/uBlockOrigin/uMatrix-issues/issues/291#is...
|
| So it's really confirmed then. Very sad news.
|
| Edit: there's also a glimmer of hope:
|
| > Whoever is free to fork under a new name -- I may re-open and
| resume development in some future if ever I feel for it.
| derefr wrote:
| This makes me realize that Github's domain model (where
| "issues" exist as objects associated with--but outside of--the
| repo) is kind of hostile to forking. The original author wants
| to close issues not because they've been fixed in the codebase,
| but because he wants to not solve them. To get those same
| issues "back", a fork developer would have to:
|
| 1. Copy-and-paste the repo, rather than using Github's forking
| mechanism, because Github "forks" don't have their own
| issues/PRs (being something more equivalent to multi-branch
| workdir collections for an upstream repo);
|
| 2. Copy all the issues over from the origin repo (manually, or
| by writing a script against Github's API/CLI);
|
| 3. Sadly, likely lose all the original conversation on those
| issues.
|
| These problems would be obviated if issues were just data files
| committed inside the repo -- with any branch that contains the
| open issue file meaning the issue pertains within that branch;
| and any branch that closes the issue meaning that the issue is
| solved as of that commit. A fork developer could just fork the
| repo in the traditional fashion, and end up with a fork of all
| the issues alongside.
|
| Does any git hosting service/software handle issues in this
| fashion, i.e. as a layer of web-chrome and backend indexing
| over files committed to branches of the repo (where you'd
| always have to be looking at the issues _as they exist within_
| a particular branch)?
|
| For that matter, does any git hosting service have a sane high-
| level set of workflows for "forking" in the sense of creating a
| competing (or replacement) maintained-upstream-repo for people
| to contribute to?
| imposterr wrote:
| You should check out fossil then. It offers a built in bug
| tracker that is part of the repo. Along with many other
| things such as a wiki.
|
| https://fossil-scm.org/home/doc/trunk/www/bugtheory.wiki
| josteink wrote:
| > To get those same issues "back", a fork developer would
| have to:
|
| 1. Agree with the original author that a fork/take-over is
| the right thing to do.
|
| 2. Create a GitHub organisation for the project, where rights
| and repos and everything can be re-allocated/delegated as
| needed.
|
| 3. Make original author transfer his repo to this
| organisation.
|
| 4. Done. No more steps.
|
| It also includes magic redirects for all requests to the old
| repo, including issues and also git-request, so down-stream
| projects won't even have to know.
|
| It's really very simple, and it works well.
| liability wrote:
| Not so simple if the original developer is dead, MIA, or
| uncooperative.
|
| I think this is a clear deficiency of git and many other
| VCSs, which fossil avoids. It's clear that bug reports and
| commits will frequently cross-reference each other, so they
| should be tracked in the same system. Git only implements
| one half of the puzzle, leaving the other half up to others
| which ultimately facilitates vendor lockin.
| Smithalicious wrote:
| You don't, and shouldn't, need permission to fork. A
| substantial amount of forks are about disagreements between
| developers as well.
| srtjstjsj wrote:
| Gorhill promised that #1 will never happen, so this doesn't
| help.
| matkoniecz wrote:
| > because Github "forks" don't have their own issues/PRs
|
| You can enable issues on forked repo, and any forked repo may
| receive PRs.
|
| Still, manual repository is preferable as deleting repo will
| delete also its forks created using Github interface (at
| least it was happening some time ago)
| mook wrote:
| My understanding was that when a repo is deleted one of its
| forks will be chosen to become the root instead; however if
| the parent repo is taken down (via DMCA etc.) then all its
| forks are also removed.
| Arnavion wrote:
| >You can enable issues on forked repo, and any forked repo
| may receive PRs.
|
| Their point was that issues in the new repo are completely
| separate from issues in the old repo. A new issue created
| in the new repo will be issue 1, and to browse the old
| repo's issues you have to navigate to the old repo. If the
| old repo is deleted all those issues will also be deleted
| and history will be lost.
|
| That's why they mentioned the workaround of using the
| Github API to export the old repo's issues and re-import
| them into the new one, which would not be needed if issues
| were git objects and thus trivially copied into all forks.
| j-james wrote:
| > as deleting repo will delete also its forks
|
| I haven't observed this to happen - in my experience, the
| first fork becomes the new "upstream" for all the rest.
| Arnavion wrote:
| Yes. I had a similar thing happen a few months ago when I
| made a repo private - the first public fork became the
| upstream for all the other public forks.
| srtjstjsj wrote:
| Wait, what? Upstream can destroy my repo by deleting
| theirs? That's horrific if true.
| jiofih wrote:
| That is actually a quite hostile move for OSS, which has become
| common lately.
|
| Unless you have trademarked the name, you don't get to reserve
| it for a rainy day, anyone should be able to pick up the torch
| and continue the project without having to start from scratch
| with a new unknown name.
| devit wrote:
| Trademarks and copyrights are automatic, you don't need to do
| anything to have them (although registering them makes it
| cheaper to prove you have them).
|
| Obviously "anyone should be able to pick up the torch" has
| the issue that the "anyone" may well be a malicious person
| who is seeking to defraud the users for monetary gain.
| dredmorbius wrote:
| Trademarks must be defended and may be lost.
|
| https://blogs.findlaw.com/free_enterprise/2017/05/4-defense
| s...
|
| https://www.forbes.com/sites/oliverherzfeld/2013/02/28/fail
| u...
| takeda wrote:
| Yes, that means if someone creates uMatrix and the
| original author won't do anything about it, then that
| other person can keep that name. We didn't get to that
| point yet.
| [deleted]
| chrismorgan wrote:
| Are you familiar with the story about uBlock and uBlock
| Origin? https://en.wikipedia.org/wiki/UBlock_Origin#History
|
| gorhill stopped doing uBlock and passed it to others, who
| subsequently took it in a direction he didn't like, so that
| he resumed maintenance under the name uBlock Origin (since
| the name "uBlock" had been transferred).
|
| So this time when he stops maintaining a project, he's
| avoiding the same thing happening.
| Aengeuad wrote:
| The wiki link somewhat explains the situation but to
| reiterate it for HN: gorhill no longer wanted to work on
| uBlock full time so he transferred the project to
| chrisaljoudi who immediately registered ublock.org in order
| to solicit donations under the valuable uBlock branding.
| Development on uBlock all but stopped and the project died,
| some 3 years later chrisaljoudi sold the project to AdBlock
| who are essentially an advertising company. Meanwhile
| gorhill continued development at a slower pace on his
| personal fork, uBlock Origin, which is still maintained to
| this day.
|
| Contribution graph for the original uBlock project during
| this time frame: https://github.com/uBlock-
| LLC/uBlock/graphs/contributors?fro...
|
| and now compare to the 'personal fork' that is uBlock
| Origin: https://github.com/gorhill/uBlock/graphs/contributo
| rs?from=2...
|
| So if 'squatting' the name of your own OSS project is
| considered 'user hostile' then let this be a lesson to
| people considering giving up their project: the person you
| give it to may abuse your trust and the trust of the
| community in order to further their own agenda, in this
| situation it was all just pretty harmless petty drama but
| it might not always work out so well.
|
| Random Github projects aren't organisations with funding
| and staff with rules and responsibilities to keep the
| project running, it's okay to archive the project and let
| the community decide what to do, giving the project to the
| first person who asks may end up achieving the same thing
| as archiving the project or it may come back to bite you in
| the arse damaging your reputation in the process.
| doc_gunthrop wrote:
| Maybe there ought to be a blacklist for unscrupulous devs
| who do things like what chrisaljoudi did with Ublock.
| 4cao wrote:
| @gorhill explains this in a Reddit post from a month ago:
|
| > I will never hand over development to whoever, I had my
| lesson in the past -- I wouldn't like that someone would
| turn the project into something I never intended it to
| become (monetization, feature bloat, etc.). At most I would
| archive the project and whoever is free to fork under a new
| name. For now I resisted doing this, so people will have to
| be patient for new stable release.
|
| 1. https://old.reddit.com/r/uBlockOrigin/comments/i240ds/re
| ques...
| bscphil wrote:
| I believe because the last commit was released under the GPL
| this is actually not legally binding, just a request (which
| IMO should be honored). The GPL only requires "The work must
| carry prominent notices stating that you modified it". The
| only _legal_ way to prevent this would be if "uMatrix" was
| trademarked, and I don't believe it was.
|
| Not a lawyer, could be wrong about this.
| starfallg wrote:
| Trade marks can be registered, but need not be. The use of
| the trade mark in normal commerce is sufficient to
| establish rights. However, the registration of the trade
| mark can confer additional benefits. This is the general
| rule in most common law jurisdictions.
|
| As uMatrix was distributed to users through the extensions
| platfrom, this is already sufficient to classify as
| commercial use.
| cedilla wrote:
| Marks used in trade are automatically protected, just by
| their commercial use. uMatrix has been commercially used as
| a name, so it is a trade mark (nb: commercially here does
| not necessarily mean money is involved).
|
| Trademarks don't need to be registered to be enforceable.
| Registration makes things easier for everyone by stating
| the registrant's intented scope of the trademark and makes
| a few things easier for the owner. However, the
| enforceability of a trademark rests on its awareness by
| customers, active use by the owner, and active defence of
| the trademark by its owners. uMatrix certainly is certainly
| a trade mark, however, the two latter criteria are probably
| not met.
|
| I'm also not a lawyer, just interested in this stuff. This
| is not legal advice. And of course the details will be
| wildly different in different parts of the world.
| bscphil wrote:
| > uMatrix has been commercially used as a name, so it is
| a trade mark (nb: commercially here does not necessarily
| mean money is involved).
|
| Again, I don't know anything, but I'm surprised that
| uMatrix would count as having been "commercially" used.
| And as you point out, these two criteria probably
| wouldn't be met if the project becomes inactive:
|
| > active use by the owner, and active defence of the
| trademark by its owners
| cedilla wrote:
| uMatrix is without a doubt used as a commercial trade
| mark. Again, commercial doesn't mean money is involved.
|
| It's also still used by the owner, as it's still listed
| in several extension stores.
|
| Trademark protection also doesn't end over night.
| Trademarks are generally protected for a few years after
| the owner ceased to use it. Also, one should keep in mind
| that trademarks aren't primarily an intellectual property
| concept like patents and copyrights. Their main purpose
| is to protect consumers from copycats and fake products.
| agustif wrote:
| the micro u from uTorrent + Matrix would make a nice fork.
|
| mMatrix
| ulucs wrote:
| I think the names were mBlock and mMatrix at the start (if
| I remember right from the logos) and got changed somewhere
| along the way
| agustif wrote:
| probably not great for SEO to have the micro on the name!
| rectang wrote:
| That would fail the test, "would the consumer find the name
| confusingly similar", and thus would be a trademark
| violation.
| ffpip wrote:
| It's better that way. Every ad company releases a new
| adblocker with the name being a derivative of uBlock. Let him
| keep the name uMatrix.
| Macha wrote:
| Depends what the rules on the new name is. If it is allowed
| to contain umatrix (like umatrix reborn/umatrix community
| etc), its not too unusual a move
| epanchin wrote:
| I disagree. Trust is earned by a name. Someone new picking up
| the project should earn that trust again. There should be
| fair competition between forks - not just the first to claim
| the name wins.
| toyg wrote:
| Security software (and this _is_ security software) lives and
| dies on reputation. It makes sense to avoid a situation where
| some rando could fork it, patch it with rubbish, and just say
| "this is the updated version!"
| peterwwillis wrote:
| There is quite old precedent in OSS for creating a brand new
| project rather than taking the name of the old one. Whether
| it's because the old one was abandoned, wouldn't incorporate
| changes, needed functionality had to break the ABI,
| legal/regulatory issues, copyright issues, etc, forking a
| project with a new name is commonplace in OSS. Probably most
| commonly as "-ng" (Next Generation) project names.
|
| You already have the right to copy all of someone's years of
| hard work, add a tiny patch, and pass it off as your own
| project with a new name. The very least you can do is give
| respect to the original author by allowing them to keep their
| original name.
|
| Then there's potential for libel. Let's say you fork a
| project, keep the original name, and then pepper the project
| with Nazi propaganda. The original author is trying to get a
| job, and his resume has the name of the original project. A
| prospective employer searches the name and finds the new
| project (with the old name) full of hate speech. If he gave
| away the old name, a libel suit to change the new project's
| name may fail, and his reputation might be forever tarnished.
| takeda wrote:
| I wouldn't say forever, while it is not great that somebody
| would do this, is not like it isn't possible to
| preemptively mention that you have nothing to do with the
| fork, and you are input responsible for the original in
| your resume.
| Aengeuad wrote:
| >wouldn't incorporate changes
|
| Case in point: keepass -> keepassx -> keepassxc, where both
| keepass and keepassxc are maintained and are essentially
| separate projects.
| fireattack wrote:
| Is it as sudden as it looks (like what happened to original
| uBlock) or was uMatrix already in maintenance mode?
| 4cao wrote:
| Last release was in the end of February (beta; non-beta was
| September last year). Last commit was in April.
|
| Perhaps the activity was slow, I guess you could call it
| "maintenance mode," but I've been using it all this time and
| uMatrix works fine in its current state, so all it means is
| that there were no new features being added.
|
| It looks like the immediate reason for the repository being
| archived was somebody opening one issue too much.
| noisy_boy wrote:
| uMatrix has been the first app where I can exactly see what
| domains are being used and over a period build a whitelist that
| basically works seamlessly while blocking the analytics stuff.
| I'm just hoping browser internal security changes in the future
| don't render it broken.
| bscphil wrote:
| IMO the genius of uMatrix was that Raymond realized that an in-
| browser requests firewall should have two dimensions, instead of
| one: (1) the (sub-)domains that the requests pointed at, and (2)
| the _type_ of request (i.e. cookie, image, XHR, etc).
|
| Now, obviously you could always write an ABP compatible filter
| that could block any combination of these two, but that's _hard_.
| What uMatrix did is present the underlying complexity in a way
| that 's easy to intuit for a power user, giving you point-and-
| click request filtering power over both domains simultaneously.
|
| For that reason, I'm skeptical that uMatrix can be replaced with
| a traditional blocker, not even one with an advanced mode like
| uBo, because it simply doesn't allow the specificity that a two-
| dimensional model like uMatrix did. That makes uMatrix's being
| archived incredibly tragic and a great loss for the web. I hope
| someone as trustworthy and competent as Raymond will pick it up
| in the future, and I thank him for all his work on it up to this
| point.
| cookiengineer wrote:
| This is so true, the two dimensions allow such a nice
| simplification of what should be rendered even in UX terms.
|
| What I personally didn't like about it though are the tech
| specific parts (e.g. xhr and other both require script anyways,
| as not a single website will work with xhr disabled).
|
| So for my browser project [1] I decided to split it up into
| "text", "image", "audio", "video" and "other" which I hope will
| make more sense for most people.
|
| Back in February when the debate about the manifest and
| requests api started, I started my own semantic browser project
| which aims to filter out all UX-interfering CSS and HTML and
| probably won't allow JS anyhow.
|
| It tries to focus on the automation and caching parts that are
| broken in current web browsers, so that everything is peer to
| peer, and that other trusted peers can be used to share
| bandwidth, content, or metadata with each other and that each
| one has a 100% persistent local cache that only gets refreshed
| once the user tells the browser to.
|
| If there'll be a need to support webapps later, they will
| probably be sandboxed in a new window that represents a
| temporary cache located in /tmp/... in order to prevent abuse
| of local storage and cookies. I've learned to not trust any
| site these days, even my bank's website uses foreign overseas-
| located trackers, which is technically a GDPR violation.
|
| [1] https://github.com/tholian-network/stealth
| liability wrote:
| > _not a single website will work with xhr disabled_
|
| That's total nonsense. I browse with uMatrix blocking
| everything by default and I _rarely_ need to enable xhr to
| make a site work. Most of the time it 's only used to bloat a
| site, not deliver the actual content. The same is mostly true
| of javascript as well.
|
| This is particularly true on newspaper websites. A great many
| news sites are reasonable with everything disabled but utter
| cancer by (typical) default.
| cookiengineer wrote:
| > That's total nonsense.
|
| Well, maybe we have a different pool of websites we visit.
| But usually, in my case, pretty much all websites built
| with vue.js, react, angular and others usually don't have
| server side rendering implemented correctly.
|
| Just as an example, what I visited just yesterday:
| https://portal.msrc.microsoft.com/en-US/security-
| guidance/ad...
|
| Doesn't contain content, it's just a blank page without the
| XHR request. And all webapps I've seen so far basically
| just scaffold all polyfills and stuff, without any kind of
| content being delivered (or serialized) inside the HTML.
|
| Additionally, all newspaper websites that I've seen in my
| country blank out everything with white-on-white if you
| don't allow JS with XHR. Either that or the article teaser
| is faded out with an overlayed blur image. Well, that is at
| least when you don't set the user-agent to Googlebot :)
| m463 wrote:
| > white-on-white if you don't allow JS with XHR
|
| umatrix -> reader mode -> read your article
| cookiengineer wrote:
| Nope, because then I can only read the teaser, not the
| whole article.
| liability wrote:
| Yeah man I'm talking about _really obscure_ websites like
| _The New York Times_ which works great without _any_
| javascript enabled.
|
| https://0x0.st/ilMO.png
| nullc wrote:
| One of the great things about umatrix is the above
| mentioned multidimensionality.
|
| Your example displays content for me just fine in my
| default config, because the XHR requests are to the
| origin. Yet it blocks useless requests for two dozen
| different resources on other domains.
| matheusmoreira wrote:
| > Well, that is at least when you don't set the user-
| agent to Googlebot :)
|
| Isn't serving different pages to users and search engines
| against Google's policies? They call it cloaking.
|
| https://support.google.com/webmasters/answer/66355
| GarethX wrote:
| Yes, but there are exceptions, like for rendering non-JS
| versions of pages for example. That's why Google
| themselves created Rendertron.
|
| https://developers.google.com/search/docs/guides/dynamic-
| ren...
| bscphil wrote:
| Hmm, this would suggest that any website that dynamically
| renders content should give me a server-side rendered
| version if I just switch my user agent to Googlebot. I
| may start doing that for select sites.
| inetknght wrote:
| > _Just as an example, what I visited just
| yesterday:https://portal.msrc.microsoft.com/en-
| US/security-guidance/ad..._
|
| Well there's your problem. Microsoft counts as one of the
| sites that uses web tech to invade your privacy. Many
| parts of microsoft-dot-com don't work without javascript.
| bonestamp2 wrote:
| > and probably won't allow JS anyhow.
|
| You're not going to allow JS? I don't know the answer, but
| I'm curious what percentage of sites are unusable without JS?
| It might be fine for basic browsing, but nearly any ecommerce
| or site with "interactive" content uses JS. Many video
| players require JS. It seems like a very niche solution that
| won't have mass appeal if you're not going to allow JS.
|
| To me, the perfect solution would be something similar to
| uMatrix where power users can choose the settings they think
| are best. Anyone else can use simplified controls to indicate
| if they're seeing ads or if site functionality is broken.
|
| Then there's some aggregation software that looks at all of
| those inputs and determines the best default settings for
| each site. If ads are seen then the blocking levels are
| increased toward the fringe of advanced user inputs, if
| functionality is broken then it walks back the blocking
| levels until broken functionality reports end.
|
| This would be a never ending eb and flow for each site so it
| would be important to automate it as much as possible.
| m463 wrote:
| I think it should be clear how to use umatrix.
|
| Turn everything OFF for all sites by default. I turn off
| third party stuff and all scripting.
|
| Then visit a new site. Then opt-in until you either -
| decide the site sucks and leave, or get something
| acceptable and read your article. Then press SAVE to save
| the settings for that site.
|
| It's worth mentioning that many sites do not render well
| without javascript, but reader mode renders a perfectly
| readable article.
|
| but also it's much MORE prevalent that you turn on
| javascript and the site will do much worse things.
| [deleted]
| aembleton wrote:
| > you could always write an ABP compatible filter that could
| block any combination of these two
|
| I don't think you can for cookies. You can block cookies in the
| browser, but I'd like a filter list so that it is possible to
| change across all my browsers by subscribing to the same filter
| list.
| [deleted]
| daveFNbuck wrote:
| It's actually 3 dimensions, as any selections you make in that
| UI only apply to the site you're currently visiting.
| bscphil wrote:
| Maybe its most useful to think of this as sort of an
| "isometric" 3D rendering, because this extra dimension is
| usually only exposed to the user modally: the third dimension
| is whatever site you happen to be visiting at the present
| time. By 2D I was mostly referring to the interface, which is
| a "matrix", and commenting on how that particular metaphor
| makes managing a complex request blocker a much better
| experience.
| cookiengineer wrote:
| > It's actually 3 dimensions, as any selections you make in
| that UI only apply to the site you're currently visiting.
|
| Well, technically that is only partially true as the third
| dimension is the (sub-) domain scope or "*" which can be
| reflected behind the scenes with the first-party settings for
| the origin's domain for each request type because it has the
| identical effect.
| Drdrdrq wrote:
| It's still a third dimension, it just doesn't have that
| many values.
| parsimo2010 wrote:
| It definitely can't be replaced by a traditional blacker. All
| the blockers for Safari are one step above worthless, and have
| been since they changed their plugin architecture.
| bscphil wrote:
| When I have to use Safari, I use AdGuard, which has been
| surprisingly decent though less reliable than uBlock on
| Firefox. I believe that, for reasons unknown to me, it's
| allowed to install and use a local component outside the web
| browser, which significantly increases its capabilities. I
| was under the impression that WebExtensions was supposed to
| vastly reduce your security exposure from using extensions,
| but if anything in AdGuard's case it seems _more_ intrusive.
| acdha wrote:
| It's interesting that you make this claim when the hostname &
| type scheme described above is what Safari uses. Can you
| explain what's different?
| parsimo2010 wrote:
| Disclaimer: I don't develop ad blockers or any other
| plugins, and the change I'm actually the maddest about is
| that uBlock Origin stopped working when Apple stopped
| supporting WebExtensions. I may be less mad about uMatrix
| simply because it wasn't on Safari in the first place.
|
| I'm not 100% sure on the reason why uMatrix wasn't
| available on Safari, but I think it's because content
| blockers aren't allowed to see any user data. Ad blocking
| plugins just send a list of content to block to the content
| blocking API, and Safari does all the blocking and doesn't
| send any data to the plugin. So uMatrix's intuitive UI that
| GP was talking about isn't possible.
|
| Apple claimed that they stopped supporting WebExtensions
| and made the content blocking API in the interest of user
| privacy, but all it really did was drive users to other
| browsers. In typical Apple fashion, they decided what was
| best for me when (AFAIK) I've never had a problem with an
| untrustworthy plugin stealing my information.
|
| It _might_ technically be possible to functionally
| implement uMatrix with multiple plugins (one to interact
| with the DOM to figure out what to block, then generate the
| blocking list, and one to deal with the content blocking
| API) but all the plugins I 've seen don't do it. Maybe it's
| not possible, maybe the extra development effort isn't
| worth it to support a single browser that has fairly low
| usage.
| acdha wrote:
| > Apple claimed that they stopped supporting
| WebExtensions and made the content blocking API in the
| interest of user privacy, but all it really did was drive
| users to other browsers.
|
| I'm not sure I've seen that - the number of Safari users
| had been pretty constant on my sites, and the main
| pressure seem to be the Chrome pushes on Google sites.
|
| I think the UI challenges of Safari's approach are a big
| problem but on the other hand there were years of people
| blaming browsers for ABP's bad performance and users
| privacy was definitely sold out by unethical developers.
| As a user it definitely is easier to trust one over the
| other.
| derefr wrote:
| How do you feel about a model like NoScript's, where origins
| are labelled with tags (trusted/untrusted/default, but in
| theory you could have arbitrary tags), and then request rules
| are applied to the tags, rather than to origins directly?
| bscphil wrote:
| I have to admit I haven't used NoScript until well before the
| version 10 UI changes. Prior to that it was definitely "one-
| dimensional" and didn't really offer the features of uMatrix.
| Now, I'd say (just judging by screenshots and the user guide)
| that it's about half way there, allowing you to look at a
| list of subdomains and set each one to a category. (The
| guides don't seem to clearly state that this only affects
| your current site, allowing you to have different
| source<->host combinations be allowed or disallowed, but I
| assume this is the case.)
|
| However, the tagging model seems so limited compared to what
| uMatrix can do. uMatrix has 8 different requests types, so
| you'd need 2^8=256 different tags to cover every combination
| of requests to a subdomain. And that's if NoScript can block
| cookie requests at all: 90% of even the domains I fully trust
| have cookies blocked in uMatrix, simply because the sites
| don't actually need cookies to function. Maybe I would need
| yet another extension for that.
|
| Also, however, part of what I wanted to get at in talking
| about the brilliance of uMatrix was the way the interface
| made very precise controls easy, just a point and click
| operation. Maybe it's possible to get a similar amount of
| power with a tool like NoScript, but as far as I can tell the
| usability of the interface just doesn't come close.
| unethical_ban wrote:
| What does uMatrix do that uBlock Origin can't? I use uBO and it
| seems powerful enough to block the vast majority of nonsense.
| Drdrdrq wrote:
| Blocks the rest of the nonsense? :) I see it as a very
| configurable privacy tool for powerusers. It also clearly shows
| the parts of the page and where they were (not) loaded from.
|
| Incredible tool, sad to see it go.
| einpoklum wrote:
| I have been a (lay) user of uBlock Origin for some years now. I
| haven't heard about uMatrix before.
|
| Can someone link to a tutorial or a detailed review for it?
| dredmorbius wrote:
| uMatrix extends the notion of uBlock (DNS-based content
| blocking) to a _matrix_ of domains, subdomains, and sites (the
| vertical column) against specific Web capabilities; content,
| images, CSS, JS, XSR, and other elements. It affords fine-
| grained control over what sites are permitted to do on your
| browser.
|
| There are numerous explainer videos on YouTube:
|
| https://youtube.com/watch?v=TVozpo3zUBk
|
| Search: https://youtube.com/results?search_query=umatrix
| Raed667 wrote:
| I tried using uMatrix a few times and always ended-up disabling
| it. It was too disruptive and breaking too many things compared
| to uBlock Origin.
|
| I hope whoever forks the project can work on the UI and
| onboarding experience.
| boomboomsubban wrote:
| I did the same thing twice, then actually spent ten minutes
| reading the wiki. It's very simple to use, and I doubt a new UI
| could perform the same functions any easier.
| Lammy wrote:
| I felt the same way before I realized the flexibility of the
| domain scoping UI and that I could allow certain things (e.g.
| reCAPTCHA and the million Google scripts it depends on) on a
| global basis instead of on a tedious per-domain basis.
| stjohnswarts wrote:
| Umatrix isn't for casual users. It was for hard-core I want
| complete control of what's being sent into my browser users.
| ublock origin is more than enough for casual users who won't
| put the time in to tame umatrix
| elorant wrote:
| Dear HN community. Pretty, pretty please with sugar on the top,
| keep maintaining this project. It's absolutely essential for a
| sane browsing of contemporary web.
| marcinzm wrote:
| You're free to fork it or organize a fork of it yourself or
| start an initiative for paying maintainers of a fork.
| elorant wrote:
| I'd gladly pay an annual subscription for anyone willing to
| maintain it.
| anaganisk wrote:
| Instead fork it and pay some freelancer to fix bugs if any.
| boomboomsubban wrote:
| I wonder why uMatrix was completely shelved while he created a
| new team to continue uBlock.
| srtjstjsj wrote:
| He shelved uMatrix so he can focus on uBlock Origin (not
| uBlock, which was swindled by a scammer).
| wyclif wrote:
| I think it's because uBlock Origin has a lot more users.
| uMatrix was always for power users.
| squarefoot wrote:
| He probably could have saved time and resources by
| incorporating uMatrix most granular blocking functions into
| uBlock Origin, say as an "expert mode" users had to enable
| explicitly. I mean, many of us probably have both installed;
| since they do essentially the same things, although at
| different levels, merging some functionalities of the latter
| into the former doesn't seem that absurd to me. Anyway, big
| thanks to gorhill for putting great effort in software that
| today is absolutely necessary to surf the web, and that makes
| it even more sad to see uMatrix go.
| makecheck wrote:
| Many notable or even vital software projects are literally
| maintained by one person, sometimes even in companies. I am
| certain that most users don't "get" this about software. And from
| experience, most users don't contribute anything _at all_ , not
| even the most basic bug reports. They do however complain.
|
| The best way to "mourn" a lost software project is to ask
| yourself what you will do to maintain the software ecosystem. How
| many things do you use for free? How many things have bugs you
| never bothered to tell anyone about? Has each of you contributed
| _something_ (even a short E-mail thank-you) to some software
| project?
| hardwaresofton wrote:
| For those who are wondering the difference between ublock origin
| and umatrix, a cursory quick search turned up this forum post[0]:
|
| > uMatrix is a blocker(cookie,css,image,plugin,script,XHR,frame,
| and other) you can control what you block and what you want to
| allow(like uBlock Origin dynamic filtering but way more flexible
| and can be way more strict) uMatrix just blocks ads through the
| use of host files, uBlock Origin blocks them more deeper per se
| then uMatrix because of cosmetic and patteren-based filtering
| like adblock plus. I use both of them together just uncheck the
| malware domains in uBlock and peter Lowe's and the host files.
| Also you have more privacy and security when running uMatrix
| because of the switches(user agent spoofing and referrer
| spoofing, clearing blocked cookies, blocking hyperlink auditing
| attempts etc.) and also if you run uBlock it gets whatever ads
| uMatrix does not get from its blocking) Look at my sig to see how
| I run them. If you need help just PM me.:thumb::):cool:
|
| I personally run ublock origin and have been super happy with it,
| never even think about it these days, if I was supposed to switch
| to uMatrix at some point (I know uBlock and uBlock origin are
| different now and origin is preferred) I must have missed it.
|
| [0]: https://www.wilderssecurity.com/threads/ublock-vs-
| umatrix.37...
| pimlottc wrote:
| Thanks, the project readme could definitely do a better job of
| introducing the project to those not familiar with it.
| Maha-pudma wrote:
| What's the alternative to this?
|
| This was on all my browsers, with ublock origin, the first
| extension I install. Now what?
|
| I'm not a good enough programmer to take this on but I suggest
| 'uMatrix Reloaded' as the new name.
| JeremyNT wrote:
| uBlock Origin in hard mode[0] (plus I set it to not run any js
| by default on top of that) is, while not exactly a replacement
| in terms of functionality, a really good alternative. It's all
| the granularity that most users could really need, I think.
|
| [0] https://github.com/gorhill/uBlock/wiki/Blocking-
| mode:-hard-m...
| ffpip wrote:
| Are there any issues with uMatrix that you are looking for
| alternatives?
|
| Only the repo has been archived. The extension is perfect. Just
| think you haven't seen this post and continue to use it.
| bscphil wrote:
| Mozilla has modified their extensions API pretty regularly
| (with major changes every few years at least, recently), and
| they're also still in the process of developing the API for
| the Android browser, which is likely to remain incomplete and
| different from the desktop API for the forseeable future.
| Granted, maybe not a lot of people use uMatrix on their
| phone, but both of these seem like valid reasons to worry.
| bsdubernerd wrote:
| Wait.. wasn't the a good chunk of the "webextension"
| transition to allow better interoperability?
|
| After some time, it looks to me as if no real change has
| happened. The webextension model is still too weak in
| several areas to allow for some old extensions to function
| properly (keyboard handling is a major, _major_ PITA), and
| at the same time a lot of work is still being spent to
| support cross-browser (and to a lesser extent, cross-
| version) functionality.
|
| Forward-compatibility on the same browser seems to be the
| only good point, until you realize it's also how chrome can
| pull the plug on request filters and kill extensions on a
| whim anyway.
|
| I didn't even know you needed mozilla's blessing for
| extensions on android. Not so different than Chrome here,
| Mozilla. Not at all. First, the useless signing
| requirement, then _this_? :(
| ffpip wrote:
| You can't use uMatrix on phone. Mozilla updated their
| browser right? Also very few can manage it on such a small
| screen.
|
| >they're also still in the process of developing the API
|
| The API is there. They are just whitelisting addons.
| bscphil wrote:
| > You can't use uMatrix on phone.
|
| You can't use it _currently_ if you have a release
| version of Firefox after 68, yes. The API is buggy and in
| fact quite a few extensions don 't work, even if you
| force-install them. It's still unclear if they will ever
| whitelist stuff that's outside of their "recommended
| extensions" program, and presumably the best chance it
| would have of getting whitelisted is if it were actively
| maintained and bugs encountered with the new FFA could be
| worked on in coordination with the developer.
| stjohnswarts wrote:
| People want to know about alternatives for the inevitable day
| when the extension API changes and there it no longer works
| so they won't get caught with their pants down.
| elorant wrote:
| There's noscript.
|
| https://noscript.net/
| cygx wrote:
| It's not a complete replacement, though. For example, a
| couple of months ago we had a discussion about websites
| scanning local ports, prompted by [1]. This can in fact be
| done without Javascript, in which case uMatrix would still
| protect you, whereas NoScript would not.
|
| [1] https://nullsweep.com/why-is-this-website-port-scanning-
| me/
| shawnz wrote:
| How can this be done without JavaScript in such a way that
| uMatrix could still block it?
| cygx wrote:
| If you wanted to check if port 42 is open, have a
| <link rel="stylesheet" href="http://127.0.0.1:42">
|
| followed by an <img
| src="http://example.org/?port=42">
|
| The <img> won't be requested until the stylesheet has
| failed to load, which takes a different amount of time
| depending on whether there was something listening on
| that port, or not.
|
| uMatrix won't allow the request to the local machine to
| go through.
| XzetaU8 wrote:
| NoScript or eMatrix which is a fork of uMatrix, if you're using
| pale moon.
|
| https://addons.palemoon.org/addon/ematrix/
|
| https://forum.palemoon.org/viewtopic.php?p=199714#p199714
| app4soft wrote:
| > _eMatrix which is a fork of uMatrix, if you 're using Pale
| Moon_
|
| Yeah! I switched to eMatrix year ago without any issues ;)
|
| Pale Moon + uBlock Origin + eMatrix = <3
|
| For more safe browsing just use Links2.[0]
|
| Links2 is my default browser for the first time visit unknown
| sites & Pale Moon is my second browser for browse the Web.
|
| Has Firefox too, but I'm using it only for few specific
| sites.
|
| [0] https://news.ycombinator.com/item?id=16191843
| propogandist wrote:
| uMatrix is one of the first add-ons I've installed on my browsers
| for many years. It exposes so much crap on the web that browsing
| the www without uMatrix feels unsafe.
|
| The fine grain controls on uMatrix are so powerful and quite
| intuitive, especially once you get oriented. You can see (and
| block) websites trying to load in crap asynchronously, see the
| problematic iFrame that's loading in a scripts, see all the
| trackers and even the cloudflare endpoints that may be
| responsible for bringing in malicious content.
|
| Gorhill's uBo project is nice, but geared towards simplicity and
| it's too simple, even with the advanced interface, imo.
|
| Although Gorhill never accepted donations, someone forking
| uMatrix will hopefully use something like github.com/sponsors to
| ensure it's sustainable.
|
| I'd love to see uMatrix around for the long haul.
| ffpip wrote:
| Thank you Gorhill. For such great resources. Your extensions are
| the only reason I use FF on mobile and desktop.
|
| uMatrix helped me realize how much of 3rd party resources are
| crap. Actual crap. Completely unnecessary. It also helped me get
| familiar with new 3rd party crap that pops up on the internet.
|
| I'll use uMatrix 1.4.0 as long as it works. Many thanks
| newyorker2 wrote:
| Haven't used any chromium in years, hence the question. Is
| uMatrix not available on their addon store?
| ffpip wrote:
| In my experience uMatrix and uBO work better in Firefox
| compared to Chromium. You don't have to completely reload the
| whole page to see what's blocked or hidden. They can also
| block the sneakiest trackers that hide behind other domains.
| Not possible in Chromium.
|
| Chromium mobile doesnt even have addons because they are shit
| scared of adblockers.
| pmoriarty wrote:
| _" Chromium mobile doesnt even have addons because they are
| shit scared of adblockers."_
|
| Paradoxically, I'm kind of half-happy to hear this.
|
| It means that finally a large number of users are using
| adblockers.
|
| For many years the standard theme of many threads on
| adblockers was that companies like Google didn't care about
| them because too small a percentage of their users used
| them for it to matter.
|
| Now finally there are enough adblocker users for it to hurt
| their bottom line, and that means that there are more
| people than ever who clearly just don't want to see ads.
|
| That gives me hope that there will some day be anti-
| advertising legislation, and that we might not even need
| adblockers... some day... some day...
| bad_user wrote:
| I think your hope is misguided.
|
| People dreamed of an Internet where sharing of
| information was free (as in freedom). Then DRM happened.
| And even if DRM cannot be 100% reliable, being broken by
| design, it's reliable enough, plus in the US at least
| it's a felony to break it. And as years go by, we see
| more DRM, not less. This happens, because the practice is
| normalized, and because small inconveniences are taken
| care of (usually by monopolies winning the market--e.g.
| you stop complaining that alternative e-book readers
| don't work, when everybody is using the Kindle or the
| Audible apps).
|
| Similarly, for the open web -- the action has been moving
| on mobile devices. A majority of people now consume
| content via mobile devices. So what do you see? More
| websites? Or more apps? And for all ad-blocking happening
| at the DNS level (e.g. Pi-hole), how long do you think it
| is before apps start doing DNS over HTTPS on their own,
| bypassing the OS's stack?
|
| This is a wack-a-mole game, and the big publishers have
| enough resources to push for both technical and legal
| changes for outlawing ad-blocking. I'm actually surprised
| that content blockers remained legal thus far. But the
| writing is on the wall IMO.
|
| ---
|
| There's also another side of this coin. I see more and
| more people on HN complaining that articles are submitted
| from publications that are setting up paywalls.
|
| People also hate paying for content. And even those that
| pay for content, they don't recognize what an incredible
| privilege it is to afford it.
|
| Either content is monetized somehow, or the only content
| that we get will be content created by hobbyists, in
| their spare time, for free, while working a regular job.
|
| Well I for one don't want a world in which the poor don't
| get access to online resources, or a world in which
| people can't make ends meet doing what they love.
| a1369209993 wrote:
| > Either content is monetized somehow, or the only
| content that we get will be content created by hobbyists,
| in their spare time, for free
|
| Yes, that's why we need to make it impossible to monetize
| content.
| specialist wrote:
| In the spirit of "Yes, and...":
|
| I've been chewing on an alternate narrative.
|
| Firstly, I don't think any of us anticipated preferential
| attachment. Even despite the popularity of "six degrees
| of separation" and other graph related notions. Clay
| Shirky's essay about Power Laws was my first exposure to
| the idea. Here's Kotte's meta entry:
| http://www.kottke.org/03/02/weblogs-and-power-laws
|
| Everyone complains about how "the web" we got is broken.
| It wasn't until very recently that I understood that Ted
| Nelson's Xanadu vision, an often imagined alternative
| timeline perfect web, requires centralization. Um, is
| this really what we want? Because that's what we're
| getting. Incrementally, fitfully, inevitably. Your
| warnings about DRM times infinity.
|
| Also the libertarians, anarchists, technophiles behind
| "the web" thought we'd have micropayments. Instead, we
| got advertisements and freemium. I don't know if
| micropayments, or prepaid wallets, or subscriptions,
| would be less toxic. But it couldn't be any worse.
| URfejk wrote:
| Here you have experimental extension-support version of
| ungoogled-chromium on Android:
| https://uc.droidware.info/extension.html
| bad_user wrote:
| uBO and uMatrix on Firefox are more capable. For example, uBO
| on Firefox can block trackers masquerading as first-party
| requests.
|
| Also Google is going ahead with deprecating the necessary
| APIs in Manifest v3, going with a Safari-like model for
| content blocking, which is far less capable. Soon uBO,
| uMatrix, Privacy Badger won't be possible at all on top of
| Chrome.
| sexpositivepriv wrote:
| Well obviously if Apple is doing it then by HN logic it's
| good and virtuous and the right thing to do so Google
| copying Apple here must be good as well.
|
| Ok, Apple apologists, please tell us why Apple doing this
| is to good and virtuous thing to do.
| timbit42 wrote:
| Including Opera, Brave, Edge, etc.?
| marcthe12 wrote:
| Yes except brave because as locking is done as a patch
| instead of extension
| CincinnatiMan wrote:
| Man, I absolutely love uMatrix. Now I feel bad for not
| contributing back to it, maybe that would have helped the author
| keep going with it.
| [deleted]
| t0astbread wrote:
| A huge loss but thank you gorhill for developing this awesome
| extension! Like many others I'll probably keep using it while it
| still works.
|
| On another note, how does uMatrix even work internally? I guess
| the bulk of its functionality is based on the webRequest API and
| I think it uses some kind of CSP hack for inline scripts and
| workers? (And is it only my perception or does uMatrix have to
| resort to a lot of hacky workarounds to implement some of its
| features?)
| jccalhoun wrote:
| I could never figure out how to use umatrix or the advanced mode
| of ublock origin. I've read the instructions and could never
| figure them out.
| Lammy wrote:
| There's a "save" button you have to click to persist your
| changes after you've toggled the green/red cells of the media-
| types-per-domain table to suit what you want to block and what
| you want to allow. i gave up on uMatrix once before figuring
| that out.
| TekMol wrote:
| Uhm, what??
|
| uMatrix is an essential part of my everyday life.
|
| Will it still work? If not, is there a trustworthy replacement?
|
| I don't want an "ad blocker" with blocking lists etc. I just want
| to see the page I navigated to. And then allow it to load
| additional resources as I see fit.
|
| If uMatrix goes out of existence, then that would be the biggest
| loss due to discontinued software in my lifetime.
| throwaway2048 wrote:
| uBlock origin advanced mode is very similar to uMatrix
| Arnavion wrote:
| AFAICT uBO even in advanced mode doesn't differentiate
| between the kinds of requests that can be filtered, so
| filtering is only per domain and filters every kind of
| request for the domain equally. uM on the other hand
| differentiates between scripts, CSS, images, XHR, media and
| frames, and allows you to filter them individually.
|
| But most importantly, uM also allows you to filter cookies
| with the same fidelity, which is the number one thing I would
| miss if I had to rely solely on uBO, because it means I can
| default to blocking even first-party cookies from sites I
| don't want leaving cookies on my machine. FF by itself gets
| close, by letting me set a policy that says "block all
| cookies except for cookies from these domains", but that
| doesn't let me filter which site is allowed to access those
| cookies.
|
| Frankly, I find uBO redundant if one has uM installed but for
| two things: uBO can use the usual content-blocker lists (I
| personally don't need them because my router's DNS server
| does filtering using those same lists already, but it's
| useful for people without such a setup), and uBO can block
| remote fonts whereas uM can't. It would be great if uM's
| kind-based filtering was merged into uBO and remote fonts
| were kept as just another kind of request that can be
| filtered, but I don't know what gorhill plans to do.
| eikenberry wrote:
| Check out "Cookie AutoDelete" for cookie management. It
| automatically deletes all cookies (not whitelisted) when
| you close a website. I've used it for a while and it is
| pretty nice.
|
| https://github.com/Cookie-AutoDelete/Cookie-AutoDelete
| rasz wrote:
| > uBO even in advanced mode doesn't differentiate
| ....scripts, CSS, images, XHR, media and frames
|
| $script $image $subdocument $stylesheet $first-party
| $third-party $xmlhttprequest $csp $inline-script $inline-
| font ...
|
| https://github.com/gorhill/uBlock/wiki/Static-filter-syntax
| Arnavion wrote:
| Good to know. So it's supported for static filters and
| not for dynamic filters, which is presumably why it isn't
| exposed through the UI like uM does.
|
| So it looks like the equivalent of this uM rule:
| github.com raw.githubusercontent.com xhr allow
|
| would be:
| @@raw.githubusercontent.com^$domain=github.com,xhr
|
| ... or something. (I have to spend some time RTFMing.)
|
| So then, like I said in my previous comment, it seems it
| would be the best of both worlds if gorhill took the UI
| from uM and put it in uBO.
| srtjstjsj wrote:
| What's the difference?
| ffpip wrote:
| It still works. Continue using it till Mozilla shuts down or
| the extension permission model changes.
| 4cao wrote:
| > Continue using it till Mozilla shuts down
|
| Firefox add-ons can be installed from third-party sources as
| well, and in the case of uMatrix it's worth doing it anyway,
| since the latest version (1.4.1b6) is on GitHub only:
|
| https://github.com/gorhill/uMatrix/releases
|
| It's a beta but seems to work just fine. Mozilla is still at
| the last stable version (1.4.0):
|
| https://addons.mozilla.org/en-US/firefox/addon/umatrix/
| fwn wrote:
| *on desktops they recently disabled that feature on
| Android.
| pa7x1 wrote:
| This is a tragic loss, I can't be grateful enough to the author,
| such a fantastic tool.
|
| I even started installing it in my parent's computers (not
| advanced users), reducing to 0 the amount of time I had to
| intervene to fix their computers. The trick is to configure it in
| blacklist mode, instead of whitelist. This way it only blocks
| requests from domains in the blacklist and frame elements. Just
| with this change you get non-power users out of trouble in their
| surfing habits and impacts negligibly their use.
|
| I have taught them that if a web is blocked or doesn't work
| properly is most likely not a web they want to use but that there
| is also the possibility to turn it off using the on/off button
| (that they should use very judiciously). In this mode it is not
| too different from setting up Hosts file but they can understand
| better what's going on and how to turn it off if needed.
|
| EDIT: fixed typos
| ffpip wrote:
| > The trick is to configure it in blacklist mode, instead of
| whitelist.
|
| Or you can use it in whitelist mode, but with all things like
| Cloudflare and ReCaptcha globally whitelisted. It's good that
| way too.
|
| But yes, for your parents, black list mode would be good. It
| would be like uBlock Origin.
| iudqnolq wrote:
| But for eg cloudflare to work it also needs first party js
| 02020202 wrote:
| > Or you can use it in whitelist mode, but with all things
| like Cloudflare and ReCaptcha globally whitelisted.
|
| those two specifically are always the first entries in my
| blacklist :D
| e1ghtSpace wrote:
| Why do you blacklist them?
| liability wrote:
| Because fuck them. Recaptcha in particular is abusive to
| non-chrome users with their "slow fade" tiles which are
| specifically engineered to frustrate to real humans (bots
| do not experience frustration, and if it were simply a
| matter of slowing down bots they would have simply added
| a timer, not spend five seconds animating a tile with
| fade transitions.)
|
| Fuck any site that requires this hostile bullshit. 9
| times out of 10 when I see recaptcha that site is dead to
| me. Very few sites are worth tolerating that sort of
| abuse from.
| asquabventured wrote:
| Agree this is hostile behaviour, but there are technical
| hacks[1] that a user could find that overrides google
| being a dick.
|
| [1] https://greasyfork.org/en/scripts/382039-speed-up-
| google-cap...
| meowface wrote:
| I get the same slow animations with Chrome. I don't know
| what the point of it is, since it's apparently trivially
| bypassable, but I don't think the goal is to annoy
| people.
|
| Also, the web would be much more annoying to use without
| captchas. (Not necessarily recaptcha, but just the
| concept in general.) If you've ever been an administrator
| of a site that's prone to spam, it's usually one of the
| only effective options. Other trade-offs would generally
| involve blocking huge ranges of potential users, with
| tons of false positives, or laborious manual approval
| which isn't feasible past a certain scale if it's just
| you or a few people.
| a1369209993 wrote:
| > Also, the web would be much more annoying to use
| without captchas. (Not necessarily recaptcha, but just
| the concept in general.)
|
| This is a non sequitur; we're talking about Google's
| abusive faux-captcha (which is not actually recaptcha;
| that's the two-word OCR challenge captcha they replaced
| with said faux-captcha), not about any actual captcha or
| captchas in general.
| meowface wrote:
| Sorry, you're right, I think my error was due to the
| start of the parent:
|
| >Because fuck them. Recaptcha in particular
|
| I think I read it at that moment as "because fuck
| [captchas]. Recaptcha in particular". But they meant
| Cloudflare and Recaptcha.
|
| I will say, as annoying as Recaptcha is, I find hCaptcha
| a lot more annoying, difficult, and time-consuming.
| (Cloudflare recently switched from Recaptcha to
| hCaptcha.)
|
| I failed 4 "select the motorcycles" yesterday after
| selecting like about 7 - 8 of 18 images per try. So
| that's minutes spent clicking 28 - 32 out of 72 squares,
| and I failed every time, because I don't know much about
| bikes/vehicles and they mixed in regular bicycles and
| other semi-motorized bikes (which were all wrong
| answers), and many of the images were extreme close-ups
| of possible axles or handlebars with no clear shapes, and
| others were just generally blurry, unclear photos. It
| makes Recaptcha's ultra-slow fade-ins seem like bliss. I
| got the fifth one when they switched from motorcycles to
| something else, but that one wasn't easy, either.
| a1369209993 wrote:
| > as "because fuck [captchas]. Recaptcha in particular"
|
| Ah, that makes more sense, and now _I 'm_ not sure that
| wasn't what they meant (although it seems unlikely
| because fuck Cloudflare).
|
| I'm not familiar with hCaptcha, but what I've heard
| (including from you just now) suggests that it, like
| Google 'captcha', is also a javascript-using non-captcha,
| in which case fuck them too.
| josephcsible wrote:
| Most people want to block annoyances like advertising or
| tracking without breaking the pages they want to visit.
| What you're suggesting does the opposite.
| daveFNbuck wrote:
| If that's your goal, why would you use uMatrix and not ad
| and tracking blockers?
| dm319 wrote:
| Any pointers on how to do this? I run into problems with
| online purchases, and find out easier to switch to chrome
| than try and authorise various sites on the fly.
| boomboomsubban wrote:
| It's fairly easy to determine what's breaking things. With
| something like online purchases, one of the domains will be
| for a payment processor that you've probably heard of,
| accept things from them and it will likely work.
|
| More generally, you can often find a domain that calls
| itself a cdl, and those are usually needed. And sadly, if
| the site doesn't seem to work at all it probably needs
| google.
|
| Oh, and it is basically never something in dark red.
| pa7x1 wrote:
| If you want to replicate that kind of configuration that is
| as painless as possible you just have to go into the
| extension options/configuration. Head to the "My rules" tab
| and you will find a rule, towards the top of the rule list,
| that says:
|
| "* * * block"
|
| This rule acts as a default blacklist. If you switch it to:
|
| "* * * allow" it will allow everything by default (except
| the blacklisted domains, which overrule this).
|
| Then in the "Assets" tab you can configure your blacklists,
| I can recommend Steven Black's lists. He curates and
| consolidates several of the most famous ones:
|
| https://github.com/StevenBlack/hosts
|
| He maintains several variants according to themes you may
| want to ban (adware, malware, fakenews...). Choose the
| combination that suits you.
| sippingjippers wrote:
| I seem to remember this movie. In the following scene, some
| spammer forks the code and claims to be the new maintainer, but
| threads some horrible spammy behaviour into the code. The spammy
| fork (under the original name) gains significant popularity.
| Final scene. In disgust, the valiant OP returns with a new fork,
| possibly called "uMatrix Origin". Curtains and lights
| srtjstjsj wrote:
| That's a miscomprehension of what happened with uBlock. The
| problem with uBlock was that gorhill legally gave away the
| trademark to a spammer.
| ffpip wrote:
| He got tired of kids complaining of issues without
| contributing code. Just filter list issues, which are not
| really his fault but the list maintainers.
| asymmetric wrote:
| Some more info here:
| https://www.reddit.com/r/uBlockOrigin/comments/i240ds/reques...
|
| TL;DR: gorhill didn't have time to maintain both extensions, and
| won't transfer the repo after having been burnt once already.
| LargoLasskhyfv wrote:
| /me sniffles in sadness.
| sebow wrote:
| A loss for freedom lovers on the internet
| jonchang wrote:
| Looks like the maintainer just didn't have time and there weren't
| enough people in the community willing to step up and do issue
| triage or contribute code.
|
| > What would actually help is that people help to completely
| investigate existing issues instead of keep asking me to add yet
| more features. Turns out people willing to step in the code to
| investigate and pinpoint exactly where is an issue (or that there
| is no issue) is incredibly rare.
| [deleted]
| doublesCs wrote:
| Can someone clarify for a layman what this means in practice? I
| still want to use uMatrix on Firefox. Does this mean that over
| time, uMatrix will eventually stop working?
|
| Separate question, is there somewhere can we can read from the
| author about this decision to archive uMatrix?
| stjohnswarts wrote:
| It will until they change their extension API or some
| detrimental bug is found and they block it.
| Bayart wrote:
| uMatrix has to have been the most useful, all-rounded,
| intelligent browser extension I've ever used. I see it as a gold
| standard. It truly _extends_ the browser, rather than use it as a
| platform to deploy << apps >>.
| Havoc wrote:
| Literally 12 hours after I switched from Noscript. :(
| pineyboi wrote:
| uMatrix is awesome. I wish there were more tools like this --
| just advanced enough to do some real heavy lifting yet still
| quick and intuitive after even a little investment. The browsers
| brought SSL awareness with the padlock, but most users are still
| woefully unaware of just how many websites they hit when they
| load any page. It's insanity.
|
| I hope this isn't due to browser vendors making things difficult,
| but it wouldn't surprise me. Since the concerns are similar, it
| would be great if there was a way to marry the two. uBlock -
| advanced interface mode or something. Just a thought, not a
| feature request.
|
| Thank you Gorhill for all your work. Sad to see it go, I actually
| can't fathom how I'll surf the web without it.
| ffpip wrote:
| > just advanced enough to do some real heavy lifting yet still
| quick and intuitive after even a little investment.
|
| This describes uMatrix perfectly. I didn't understand a single
| thing after installing it, but one day, I spent 20 mins reading
| the wiki on Github and then understood what to use each tool
| for.
| arendtio wrote:
| I like uBlock Origin better than uMatrix, so my primary concern
| is what I can do to support uBO so that it won't share the same
| fate?
| srtjstjsj wrote:
| Gorhill has clearly stated: if you want to help, fix bugs. He
| doesn't want to do this as a job, so if you want to pay someone
| to help instead of helping directly, then find someone who
| wants to be paid to fix bugs in uBO.
|
| https://github.com/gorhill/uBlock/wiki/Why-don't-you-accept-...
| Semaphor wrote:
| This is a shame, I find the interface for uMatrix much more
| intuitive than uBO's.
| squanch wrote:
| I am sad to hear this. I have been using uMatrix now for quite
| some time, it has always been one of the extensions I install
| directly after setting up a new browser (together with uBlock
| Origin).
|
| If the author, Raymond Hill, ends up reading this: thank you Sir,
| for all the (probably unpaid!) effort you have been putting into
| this extension for years. It's certainly an inspiration to
| actively contribute to the open source community.
___________________________________________________________________
(page generated 2020-09-20 23:00 UTC)