[HN Gopher] uMatrix has been archived ___________________________________________________________________ uMatrix has been archived Author : bscphil Score : 528 points Date : 2020-09-20 09:52 UTC (13 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | Drawde wrote: | If you're using uBlock Origin already, then you don't really need | uMatrix or NoScript. Just enable medium mode or hard mode: | | https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium... | | https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-m... | dastx wrote: | Medium and hard mode are nowhere near as flexible as as | uMatrix. It's good, but it's not uMatrix. | prvc wrote: | Could you elaborate as to what the specific differences are? | dastx wrote: | For starters with uBO you can individually block types of | requests (images, js, css, cookies, frames, "other") per | domain and/or per subhuman. | surround wrote: | *uMatrix, not uBO | takeda wrote: | And subdomain not subhuman :) | Lammy wrote: | I'm willing to put up with if it it means gorhill will have | the energy to maintain just uBO instead of burning out | entirely :) | dastx wrote: | Definitely! I'm going to keep using uMatrix until it starts | getting in my way, but otherwise uBO will do. | soulofmischief wrote: | The developer, Raymond Hill had this to say on reddit a month | ago: | | _I will never hand over development to whoever, I had my lesson | in the past -- I wouldn 't like that someone would turn the | project into something I never intended it to become | (monetization, feature bloat, etc.). At most I would archive the | project and whoever is free to fork under a new name. For now I | resisted doing this, so people will have to be patient for new | stable release._ | | _What would actually help is that people help to completely | investigate existing issues instead of keep asking me to add yet | more features. Turns out people willing to step in the code to | investigate and pinpoint exactly where is an issue (or that there | is no issue) is incredibly rare._ | | https://www.reddit.com/r/uBlockOrigin/comments/i240ds/reques... | afterburner wrote: | > Turns out people willing to step in the code to investigate | and pinpoint exactly where is an issue (or that there is no | issue) is incredibly rare. | | Ayyyup | | One of the reasons people just decide to rewrite everything | instead... | mrich wrote: | It's strange that this is so prevalent in the industry. Who | ever got promoted for fixing all the hard bugs? Reinventing | the wheel is the safe career move in many companies. And the | result are huge R&D budgets, bugs and a bad user experience. | surround wrote: | More context from the parent comment of that thread: | | _I don 't have time to work on uMatrix -- it's a project large | enough that I would be able to work on it only if I wasn't | working on uBO._ | NelsonMinar wrote: | Presumably referring to the mess that happened with uBlock when | he tried to step away. That's why it's called "uBlock Origin" | now; the original name was taken over by someone who then | developed it in ways against Gorhill's intentions. | soulofmischief wrote: | That's what I assumed as well. That situation was quite a | mess. | propogandist wrote: | >the original name was taken over by someone | | it was taken over by the same people behind "AdBlockPlus" | which is a shakedown operation. They're allowing ads to be | unblocked if advertisers pay them money. | | Some history; https://old.reddit.com/r/chrome/comments/32ory7 | /ublock_is_ba... | sloshnmosh wrote: | uMatrix IMHO is an absolute necessity when viewing the web these | days. | | It is said that 20% of the ads on the web are malicious so | browsing the web without a dependable script/adblocker is just | asking for trouble. | | And until the adtech industry finds a way to stop malvertising I | will continue blocking scripts and ads. | cameronhowe wrote: | Noooooooo, why? | | I hope this addon keeps working without patches for a long time, | I absolutely love how it has improved my web experience. So easy | to use. | fxtentacle wrote: | This is sad for me as a user, but I can fully understand his | unwillingness to further engage with requests from entitled | users. I myself had bad experiences with releasing open source, | too. | | That said, this is clearly a useful tool and I wouldn't be | surprised if the user base was 10,000+ which means that if you'd | make it $3 monthly to use as a commercial product, the revenue | (after attrition) should be enough to pay for at least one part | time employee to do the maintenance. | | I would also expect that releasing this as a paid product, as | opposed to open source, will actually reduce entitlement by | users. Or at the very least, you can always just issue a refund | and be done with it. | | I would still hope for source code insight to make it transparent | how this tool works. But that is not necessary a hindrance | towards productizing it. Unreal Engine 4 is a commercial success, | despite shipping with full source code. | jsjohnst wrote: | > I would also expect that releasing this as a paid product, as | opposed to open source, will actually reduce entitlement by | users. | | That is the very opposite of what I'd expect and have observed | personally over the years. The folks who've paid a small amount | are virtually always the most demanding and refunding them and | asking them politely to go away just fuels their indignation | further. | fxtentacle wrote: | I've been selling a $9 Windows app for 5 years now and never | had a case where someone continued to contact support after a | refund. We did have people who had a system straight from | hell where nothing worked as planned, but then again the | users of those systems seemed to be aware that it's their | computer and not my app. | chippy wrote: | Good project for someone to pick up on and carry forward I guess? | srtjstjsj wrote: | No. Gorhill is protecting it from seizure. But someone can fork | it. | 4cao wrote: | There is a comment from @gorhill saying: | | > Anyway, as it is, I've archived uMatrix's repo, I can't and | won't be spending any more time on this project, and neither on | all such issues [linking to all issues closed as invalid]. | | https://github.com/uBlockOrigin/uMatrix-issues/issues/291#is... | | So it's really confirmed then. Very sad news. | | Edit: there's also a glimmer of hope: | | > Whoever is free to fork under a new name -- I may re-open and | resume development in some future if ever I feel for it. | derefr wrote: | This makes me realize that Github's domain model (where | "issues" exist as objects associated with--but outside of--the | repo) is kind of hostile to forking. The original author wants | to close issues not because they've been fixed in the codebase, | but because he wants to not solve them. To get those same | issues "back", a fork developer would have to: | | 1. Copy-and-paste the repo, rather than using Github's forking | mechanism, because Github "forks" don't have their own | issues/PRs (being something more equivalent to multi-branch | workdir collections for an upstream repo); | | 2. Copy all the issues over from the origin repo (manually, or | by writing a script against Github's API/CLI); | | 3. Sadly, likely lose all the original conversation on those | issues. | | These problems would be obviated if issues were just data files | committed inside the repo -- with any branch that contains the | open issue file meaning the issue pertains within that branch; | and any branch that closes the issue meaning that the issue is | solved as of that commit. A fork developer could just fork the | repo in the traditional fashion, and end up with a fork of all | the issues alongside. | | Does any git hosting service/software handle issues in this | fashion, i.e. as a layer of web-chrome and backend indexing | over files committed to branches of the repo (where you'd | always have to be looking at the issues _as they exist within_ | a particular branch)? | | For that matter, does any git hosting service have a sane high- | level set of workflows for "forking" in the sense of creating a | competing (or replacement) maintained-upstream-repo for people | to contribute to? | imposterr wrote: | You should check out fossil then. It offers a built in bug | tracker that is part of the repo. Along with many other | things such as a wiki. | | https://fossil-scm.org/home/doc/trunk/www/bugtheory.wiki | josteink wrote: | > To get those same issues "back", a fork developer would | have to: | | 1. Agree with the original author that a fork/take-over is | the right thing to do. | | 2. Create a GitHub organisation for the project, where rights | and repos and everything can be re-allocated/delegated as | needed. | | 3. Make original author transfer his repo to this | organisation. | | 4. Done. No more steps. | | It also includes magic redirects for all requests to the old | repo, including issues and also git-request, so down-stream | projects won't even have to know. | | It's really very simple, and it works well. | liability wrote: | Not so simple if the original developer is dead, MIA, or | uncooperative. | | I think this is a clear deficiency of git and many other | VCSs, which fossil avoids. It's clear that bug reports and | commits will frequently cross-reference each other, so they | should be tracked in the same system. Git only implements | one half of the puzzle, leaving the other half up to others | which ultimately facilitates vendor lockin. | Smithalicious wrote: | You don't, and shouldn't, need permission to fork. A | substantial amount of forks are about disagreements between | developers as well. | srtjstjsj wrote: | Gorhill promised that #1 will never happen, so this doesn't | help. | matkoniecz wrote: | > because Github "forks" don't have their own issues/PRs | | You can enable issues on forked repo, and any forked repo may | receive PRs. | | Still, manual repository is preferable as deleting repo will | delete also its forks created using Github interface (at | least it was happening some time ago) | mook wrote: | My understanding was that when a repo is deleted one of its | forks will be chosen to become the root instead; however if | the parent repo is taken down (via DMCA etc.) then all its | forks are also removed. | Arnavion wrote: | >You can enable issues on forked repo, and any forked repo | may receive PRs. | | Their point was that issues in the new repo are completely | separate from issues in the old repo. A new issue created | in the new repo will be issue 1, and to browse the old | repo's issues you have to navigate to the old repo. If the | old repo is deleted all those issues will also be deleted | and history will be lost. | | That's why they mentioned the workaround of using the | Github API to export the old repo's issues and re-import | them into the new one, which would not be needed if issues | were git objects and thus trivially copied into all forks. | j-james wrote: | > as deleting repo will delete also its forks | | I haven't observed this to happen - in my experience, the | first fork becomes the new "upstream" for all the rest. | Arnavion wrote: | Yes. I had a similar thing happen a few months ago when I | made a repo private - the first public fork became the | upstream for all the other public forks. | srtjstjsj wrote: | Wait, what? Upstream can destroy my repo by deleting | theirs? That's horrific if true. | jiofih wrote: | That is actually a quite hostile move for OSS, which has become | common lately. | | Unless you have trademarked the name, you don't get to reserve | it for a rainy day, anyone should be able to pick up the torch | and continue the project without having to start from scratch | with a new unknown name. | devit wrote: | Trademarks and copyrights are automatic, you don't need to do | anything to have them (although registering them makes it | cheaper to prove you have them). | | Obviously "anyone should be able to pick up the torch" has | the issue that the "anyone" may well be a malicious person | who is seeking to defraud the users for monetary gain. | dredmorbius wrote: | Trademarks must be defended and may be lost. | | https://blogs.findlaw.com/free_enterprise/2017/05/4-defense | s... | | https://www.forbes.com/sites/oliverherzfeld/2013/02/28/fail | u... | takeda wrote: | Yes, that means if someone creates uMatrix and the | original author won't do anything about it, then that | other person can keep that name. We didn't get to that | point yet. | [deleted] | chrismorgan wrote: | Are you familiar with the story about uBlock and uBlock | Origin? https://en.wikipedia.org/wiki/UBlock_Origin#History | | gorhill stopped doing uBlock and passed it to others, who | subsequently took it in a direction he didn't like, so that | he resumed maintenance under the name uBlock Origin (since | the name "uBlock" had been transferred). | | So this time when he stops maintaining a project, he's | avoiding the same thing happening. | Aengeuad wrote: | The wiki link somewhat explains the situation but to | reiterate it for HN: gorhill no longer wanted to work on | uBlock full time so he transferred the project to | chrisaljoudi who immediately registered ublock.org in order | to solicit donations under the valuable uBlock branding. | Development on uBlock all but stopped and the project died, | some 3 years later chrisaljoudi sold the project to AdBlock | who are essentially an advertising company. Meanwhile | gorhill continued development at a slower pace on his | personal fork, uBlock Origin, which is still maintained to | this day. | | Contribution graph for the original uBlock project during | this time frame: https://github.com/uBlock- | LLC/uBlock/graphs/contributors?fro... | | and now compare to the 'personal fork' that is uBlock | Origin: https://github.com/gorhill/uBlock/graphs/contributo | rs?from=2... | | So if 'squatting' the name of your own OSS project is | considered 'user hostile' then let this be a lesson to | people considering giving up their project: the person you | give it to may abuse your trust and the trust of the | community in order to further their own agenda, in this | situation it was all just pretty harmless petty drama but | it might not always work out so well. | | Random Github projects aren't organisations with funding | and staff with rules and responsibilities to keep the | project running, it's okay to archive the project and let | the community decide what to do, giving the project to the | first person who asks may end up achieving the same thing | as archiving the project or it may come back to bite you in | the arse damaging your reputation in the process. | doc_gunthrop wrote: | Maybe there ought to be a blacklist for unscrupulous devs | who do things like what chrisaljoudi did with Ublock. | 4cao wrote: | @gorhill explains this in a Reddit post from a month ago: | | > I will never hand over development to whoever, I had my | lesson in the past -- I wouldn't like that someone would | turn the project into something I never intended it to | become (monetization, feature bloat, etc.). At most I would | archive the project and whoever is free to fork under a new | name. For now I resisted doing this, so people will have to | be patient for new stable release. | | 1. https://old.reddit.com/r/uBlockOrigin/comments/i240ds/re | ques... | bscphil wrote: | I believe because the last commit was released under the GPL | this is actually not legally binding, just a request (which | IMO should be honored). The GPL only requires "The work must | carry prominent notices stating that you modified it". The | only _legal_ way to prevent this would be if "uMatrix" was | trademarked, and I don't believe it was. | | Not a lawyer, could be wrong about this. | starfallg wrote: | Trade marks can be registered, but need not be. The use of | the trade mark in normal commerce is sufficient to | establish rights. However, the registration of the trade | mark can confer additional benefits. This is the general | rule in most common law jurisdictions. | | As uMatrix was distributed to users through the extensions | platfrom, this is already sufficient to classify as | commercial use. | cedilla wrote: | Marks used in trade are automatically protected, just by | their commercial use. uMatrix has been commercially used as | a name, so it is a trade mark (nb: commercially here does | not necessarily mean money is involved). | | Trademarks don't need to be registered to be enforceable. | Registration makes things easier for everyone by stating | the registrant's intented scope of the trademark and makes | a few things easier for the owner. However, the | enforceability of a trademark rests on its awareness by | customers, active use by the owner, and active defence of | the trademark by its owners. uMatrix certainly is certainly | a trade mark, however, the two latter criteria are probably | not met. | | I'm also not a lawyer, just interested in this stuff. This | is not legal advice. And of course the details will be | wildly different in different parts of the world. | bscphil wrote: | > uMatrix has been commercially used as a name, so it is | a trade mark (nb: commercially here does not necessarily | mean money is involved). | | Again, I don't know anything, but I'm surprised that | uMatrix would count as having been "commercially" used. | And as you point out, these two criteria probably | wouldn't be met if the project becomes inactive: | | > active use by the owner, and active defence of the | trademark by its owners | cedilla wrote: | uMatrix is without a doubt used as a commercial trade | mark. Again, commercial doesn't mean money is involved. | | It's also still used by the owner, as it's still listed | in several extension stores. | | Trademark protection also doesn't end over night. | Trademarks are generally protected for a few years after | the owner ceased to use it. Also, one should keep in mind | that trademarks aren't primarily an intellectual property | concept like patents and copyrights. Their main purpose | is to protect consumers from copycats and fake products. | agustif wrote: | the micro u from uTorrent + Matrix would make a nice fork. | | mMatrix | ulucs wrote: | I think the names were mBlock and mMatrix at the start (if | I remember right from the logos) and got changed somewhere | along the way | agustif wrote: | probably not great for SEO to have the micro on the name! | rectang wrote: | That would fail the test, "would the consumer find the name | confusingly similar", and thus would be a trademark | violation. | ffpip wrote: | It's better that way. Every ad company releases a new | adblocker with the name being a derivative of uBlock. Let him | keep the name uMatrix. | Macha wrote: | Depends what the rules on the new name is. If it is allowed | to contain umatrix (like umatrix reborn/umatrix community | etc), its not too unusual a move | epanchin wrote: | I disagree. Trust is earned by a name. Someone new picking up | the project should earn that trust again. There should be | fair competition between forks - not just the first to claim | the name wins. | toyg wrote: | Security software (and this _is_ security software) lives and | dies on reputation. It makes sense to avoid a situation where | some rando could fork it, patch it with rubbish, and just say | "this is the updated version!" | peterwwillis wrote: | There is quite old precedent in OSS for creating a brand new | project rather than taking the name of the old one. Whether | it's because the old one was abandoned, wouldn't incorporate | changes, needed functionality had to break the ABI, | legal/regulatory issues, copyright issues, etc, forking a | project with a new name is commonplace in OSS. Probably most | commonly as "-ng" (Next Generation) project names. | | You already have the right to copy all of someone's years of | hard work, add a tiny patch, and pass it off as your own | project with a new name. The very least you can do is give | respect to the original author by allowing them to keep their | original name. | | Then there's potential for libel. Let's say you fork a | project, keep the original name, and then pepper the project | with Nazi propaganda. The original author is trying to get a | job, and his resume has the name of the original project. A | prospective employer searches the name and finds the new | project (with the old name) full of hate speech. If he gave | away the old name, a libel suit to change the new project's | name may fail, and his reputation might be forever tarnished. | takeda wrote: | I wouldn't say forever, while it is not great that somebody | would do this, is not like it isn't possible to | preemptively mention that you have nothing to do with the | fork, and you are input responsible for the original in | your resume. | Aengeuad wrote: | >wouldn't incorporate changes | | Case in point: keepass -> keepassx -> keepassxc, where both | keepass and keepassxc are maintained and are essentially | separate projects. | fireattack wrote: | Is it as sudden as it looks (like what happened to original | uBlock) or was uMatrix already in maintenance mode? | 4cao wrote: | Last release was in the end of February (beta; non-beta was | September last year). Last commit was in April. | | Perhaps the activity was slow, I guess you could call it | "maintenance mode," but I've been using it all this time and | uMatrix works fine in its current state, so all it means is | that there were no new features being added. | | It looks like the immediate reason for the repository being | archived was somebody opening one issue too much. | noisy_boy wrote: | uMatrix has been the first app where I can exactly see what | domains are being used and over a period build a whitelist that | basically works seamlessly while blocking the analytics stuff. | I'm just hoping browser internal security changes in the future | don't render it broken. | bscphil wrote: | IMO the genius of uMatrix was that Raymond realized that an in- | browser requests firewall should have two dimensions, instead of | one: (1) the (sub-)domains that the requests pointed at, and (2) | the _type_ of request (i.e. cookie, image, XHR, etc). | | Now, obviously you could always write an ABP compatible filter | that could block any combination of these two, but that's _hard_. | What uMatrix did is present the underlying complexity in a way | that 's easy to intuit for a power user, giving you point-and- | click request filtering power over both domains simultaneously. | | For that reason, I'm skeptical that uMatrix can be replaced with | a traditional blocker, not even one with an advanced mode like | uBo, because it simply doesn't allow the specificity that a two- | dimensional model like uMatrix did. That makes uMatrix's being | archived incredibly tragic and a great loss for the web. I hope | someone as trustworthy and competent as Raymond will pick it up | in the future, and I thank him for all his work on it up to this | point. | cookiengineer wrote: | This is so true, the two dimensions allow such a nice | simplification of what should be rendered even in UX terms. | | What I personally didn't like about it though are the tech | specific parts (e.g. xhr and other both require script anyways, | as not a single website will work with xhr disabled). | | So for my browser project [1] I decided to split it up into | "text", "image", "audio", "video" and "other" which I hope will | make more sense for most people. | | Back in February when the debate about the manifest and | requests api started, I started my own semantic browser project | which aims to filter out all UX-interfering CSS and HTML and | probably won't allow JS anyhow. | | It tries to focus on the automation and caching parts that are | broken in current web browsers, so that everything is peer to | peer, and that other trusted peers can be used to share | bandwidth, content, or metadata with each other and that each | one has a 100% persistent local cache that only gets refreshed | once the user tells the browser to. | | If there'll be a need to support webapps later, they will | probably be sandboxed in a new window that represents a | temporary cache located in /tmp/... in order to prevent abuse | of local storage and cookies. I've learned to not trust any | site these days, even my bank's website uses foreign overseas- | located trackers, which is technically a GDPR violation. | | [1] https://github.com/tholian-network/stealth | liability wrote: | > _not a single website will work with xhr disabled_ | | That's total nonsense. I browse with uMatrix blocking | everything by default and I _rarely_ need to enable xhr to | make a site work. Most of the time it 's only used to bloat a | site, not deliver the actual content. The same is mostly true | of javascript as well. | | This is particularly true on newspaper websites. A great many | news sites are reasonable with everything disabled but utter | cancer by (typical) default. | cookiengineer wrote: | > That's total nonsense. | | Well, maybe we have a different pool of websites we visit. | But usually, in my case, pretty much all websites built | with vue.js, react, angular and others usually don't have | server side rendering implemented correctly. | | Just as an example, what I visited just yesterday: | https://portal.msrc.microsoft.com/en-US/security- | guidance/ad... | | Doesn't contain content, it's just a blank page without the | XHR request. And all webapps I've seen so far basically | just scaffold all polyfills and stuff, without any kind of | content being delivered (or serialized) inside the HTML. | | Additionally, all newspaper websites that I've seen in my | country blank out everything with white-on-white if you | don't allow JS with XHR. Either that or the article teaser | is faded out with an overlayed blur image. Well, that is at | least when you don't set the user-agent to Googlebot :) | m463 wrote: | > white-on-white if you don't allow JS with XHR | | umatrix -> reader mode -> read your article | cookiengineer wrote: | Nope, because then I can only read the teaser, not the | whole article. | liability wrote: | Yeah man I'm talking about _really obscure_ websites like | _The New York Times_ which works great without _any_ | javascript enabled. | | https://0x0.st/ilMO.png | nullc wrote: | One of the great things about umatrix is the above | mentioned multidimensionality. | | Your example displays content for me just fine in my | default config, because the XHR requests are to the | origin. Yet it blocks useless requests for two dozen | different resources on other domains. | matheusmoreira wrote: | > Well, that is at least when you don't set the user- | agent to Googlebot :) | | Isn't serving different pages to users and search engines | against Google's policies? They call it cloaking. | | https://support.google.com/webmasters/answer/66355 | GarethX wrote: | Yes, but there are exceptions, like for rendering non-JS | versions of pages for example. That's why Google | themselves created Rendertron. | | https://developers.google.com/search/docs/guides/dynamic- | ren... | bscphil wrote: | Hmm, this would suggest that any website that dynamically | renders content should give me a server-side rendered | version if I just switch my user agent to Googlebot. I | may start doing that for select sites. | inetknght wrote: | > _Just as an example, what I visited just | yesterday:https://portal.msrc.microsoft.com/en- | US/security-guidance/ad..._ | | Well there's your problem. Microsoft counts as one of the | sites that uses web tech to invade your privacy. Many | parts of microsoft-dot-com don't work without javascript. | bonestamp2 wrote: | > and probably won't allow JS anyhow. | | You're not going to allow JS? I don't know the answer, but | I'm curious what percentage of sites are unusable without JS? | It might be fine for basic browsing, but nearly any ecommerce | or site with "interactive" content uses JS. Many video | players require JS. It seems like a very niche solution that | won't have mass appeal if you're not going to allow JS. | | To me, the perfect solution would be something similar to | uMatrix where power users can choose the settings they think | are best. Anyone else can use simplified controls to indicate | if they're seeing ads or if site functionality is broken. | | Then there's some aggregation software that looks at all of | those inputs and determines the best default settings for | each site. If ads are seen then the blocking levels are | increased toward the fringe of advanced user inputs, if | functionality is broken then it walks back the blocking | levels until broken functionality reports end. | | This would be a never ending eb and flow for each site so it | would be important to automate it as much as possible. | m463 wrote: | I think it should be clear how to use umatrix. | | Turn everything OFF for all sites by default. I turn off | third party stuff and all scripting. | | Then visit a new site. Then opt-in until you either - | decide the site sucks and leave, or get something | acceptable and read your article. Then press SAVE to save | the settings for that site. | | It's worth mentioning that many sites do not render well | without javascript, but reader mode renders a perfectly | readable article. | | but also it's much MORE prevalent that you turn on | javascript and the site will do much worse things. | [deleted] | aembleton wrote: | > you could always write an ABP compatible filter that could | block any combination of these two | | I don't think you can for cookies. You can block cookies in the | browser, but I'd like a filter list so that it is possible to | change across all my browsers by subscribing to the same filter | list. | [deleted] | daveFNbuck wrote: | It's actually 3 dimensions, as any selections you make in that | UI only apply to the site you're currently visiting. | bscphil wrote: | Maybe its most useful to think of this as sort of an | "isometric" 3D rendering, because this extra dimension is | usually only exposed to the user modally: the third dimension | is whatever site you happen to be visiting at the present | time. By 2D I was mostly referring to the interface, which is | a "matrix", and commenting on how that particular metaphor | makes managing a complex request blocker a much better | experience. | cookiengineer wrote: | > It's actually 3 dimensions, as any selections you make in | that UI only apply to the site you're currently visiting. | | Well, technically that is only partially true as the third | dimension is the (sub-) domain scope or "*" which can be | reflected behind the scenes with the first-party settings for | the origin's domain for each request type because it has the | identical effect. | Drdrdrq wrote: | It's still a third dimension, it just doesn't have that | many values. | parsimo2010 wrote: | It definitely can't be replaced by a traditional blacker. All | the blockers for Safari are one step above worthless, and have | been since they changed their plugin architecture. | bscphil wrote: | When I have to use Safari, I use AdGuard, which has been | surprisingly decent though less reliable than uBlock on | Firefox. I believe that, for reasons unknown to me, it's | allowed to install and use a local component outside the web | browser, which significantly increases its capabilities. I | was under the impression that WebExtensions was supposed to | vastly reduce your security exposure from using extensions, | but if anything in AdGuard's case it seems _more_ intrusive. | acdha wrote: | It's interesting that you make this claim when the hostname & | type scheme described above is what Safari uses. Can you | explain what's different? | parsimo2010 wrote: | Disclaimer: I don't develop ad blockers or any other | plugins, and the change I'm actually the maddest about is | that uBlock Origin stopped working when Apple stopped | supporting WebExtensions. I may be less mad about uMatrix | simply because it wasn't on Safari in the first place. | | I'm not 100% sure on the reason why uMatrix wasn't | available on Safari, but I think it's because content | blockers aren't allowed to see any user data. Ad blocking | plugins just send a list of content to block to the content | blocking API, and Safari does all the blocking and doesn't | send any data to the plugin. So uMatrix's intuitive UI that | GP was talking about isn't possible. | | Apple claimed that they stopped supporting WebExtensions | and made the content blocking API in the interest of user | privacy, but all it really did was drive users to other | browsers. In typical Apple fashion, they decided what was | best for me when (AFAIK) I've never had a problem with an | untrustworthy plugin stealing my information. | | It _might_ technically be possible to functionally | implement uMatrix with multiple plugins (one to interact | with the DOM to figure out what to block, then generate the | blocking list, and one to deal with the content blocking | API) but all the plugins I 've seen don't do it. Maybe it's | not possible, maybe the extra development effort isn't | worth it to support a single browser that has fairly low | usage. | acdha wrote: | > Apple claimed that they stopped supporting | WebExtensions and made the content blocking API in the | interest of user privacy, but all it really did was drive | users to other browsers. | | I'm not sure I've seen that - the number of Safari users | had been pretty constant on my sites, and the main | pressure seem to be the Chrome pushes on Google sites. | | I think the UI challenges of Safari's approach are a big | problem but on the other hand there were years of people | blaming browsers for ABP's bad performance and users | privacy was definitely sold out by unethical developers. | As a user it definitely is easier to trust one over the | other. | derefr wrote: | How do you feel about a model like NoScript's, where origins | are labelled with tags (trusted/untrusted/default, but in | theory you could have arbitrary tags), and then request rules | are applied to the tags, rather than to origins directly? | bscphil wrote: | I have to admit I haven't used NoScript until well before the | version 10 UI changes. Prior to that it was definitely "one- | dimensional" and didn't really offer the features of uMatrix. | Now, I'd say (just judging by screenshots and the user guide) | that it's about half way there, allowing you to look at a | list of subdomains and set each one to a category. (The | guides don't seem to clearly state that this only affects | your current site, allowing you to have different | source<->host combinations be allowed or disallowed, but I | assume this is the case.) | | However, the tagging model seems so limited compared to what | uMatrix can do. uMatrix has 8 different requests types, so | you'd need 2^8=256 different tags to cover every combination | of requests to a subdomain. And that's if NoScript can block | cookie requests at all: 90% of even the domains I fully trust | have cookies blocked in uMatrix, simply because the sites | don't actually need cookies to function. Maybe I would need | yet another extension for that. | | Also, however, part of what I wanted to get at in talking | about the brilliance of uMatrix was the way the interface | made very precise controls easy, just a point and click | operation. Maybe it's possible to get a similar amount of | power with a tool like NoScript, but as far as I can tell the | usability of the interface just doesn't come close. | unethical_ban wrote: | What does uMatrix do that uBlock Origin can't? I use uBO and it | seems powerful enough to block the vast majority of nonsense. | Drdrdrq wrote: | Blocks the rest of the nonsense? :) I see it as a very | configurable privacy tool for powerusers. It also clearly shows | the parts of the page and where they were (not) loaded from. | | Incredible tool, sad to see it go. | einpoklum wrote: | I have been a (lay) user of uBlock Origin for some years now. I | haven't heard about uMatrix before. | | Can someone link to a tutorial or a detailed review for it? | dredmorbius wrote: | uMatrix extends the notion of uBlock (DNS-based content | blocking) to a _matrix_ of domains, subdomains, and sites (the | vertical column) against specific Web capabilities; content, | images, CSS, JS, XSR, and other elements. It affords fine- | grained control over what sites are permitted to do on your | browser. | | There are numerous explainer videos on YouTube: | | https://youtube.com/watch?v=TVozpo3zUBk | | Search: https://youtube.com/results?search_query=umatrix | Raed667 wrote: | I tried using uMatrix a few times and always ended-up disabling | it. It was too disruptive and breaking too many things compared | to uBlock Origin. | | I hope whoever forks the project can work on the UI and | onboarding experience. | boomboomsubban wrote: | I did the same thing twice, then actually spent ten minutes | reading the wiki. It's very simple to use, and I doubt a new UI | could perform the same functions any easier. | Lammy wrote: | I felt the same way before I realized the flexibility of the | domain scoping UI and that I could allow certain things (e.g. | reCAPTCHA and the million Google scripts it depends on) on a | global basis instead of on a tedious per-domain basis. | stjohnswarts wrote: | Umatrix isn't for casual users. It was for hard-core I want | complete control of what's being sent into my browser users. | ublock origin is more than enough for casual users who won't | put the time in to tame umatrix | elorant wrote: | Dear HN community. Pretty, pretty please with sugar on the top, | keep maintaining this project. It's absolutely essential for a | sane browsing of contemporary web. | marcinzm wrote: | You're free to fork it or organize a fork of it yourself or | start an initiative for paying maintainers of a fork. | elorant wrote: | I'd gladly pay an annual subscription for anyone willing to | maintain it. | anaganisk wrote: | Instead fork it and pay some freelancer to fix bugs if any. | boomboomsubban wrote: | I wonder why uMatrix was completely shelved while he created a | new team to continue uBlock. | srtjstjsj wrote: | He shelved uMatrix so he can focus on uBlock Origin (not | uBlock, which was swindled by a scammer). | wyclif wrote: | I think it's because uBlock Origin has a lot more users. | uMatrix was always for power users. | squarefoot wrote: | He probably could have saved time and resources by | incorporating uMatrix most granular blocking functions into | uBlock Origin, say as an "expert mode" users had to enable | explicitly. I mean, many of us probably have both installed; | since they do essentially the same things, although at | different levels, merging some functionalities of the latter | into the former doesn't seem that absurd to me. Anyway, big | thanks to gorhill for putting great effort in software that | today is absolutely necessary to surf the web, and that makes | it even more sad to see uMatrix go. | makecheck wrote: | Many notable or even vital software projects are literally | maintained by one person, sometimes even in companies. I am | certain that most users don't "get" this about software. And from | experience, most users don't contribute anything _at all_ , not | even the most basic bug reports. They do however complain. | | The best way to "mourn" a lost software project is to ask | yourself what you will do to maintain the software ecosystem. How | many things do you use for free? How many things have bugs you | never bothered to tell anyone about? Has each of you contributed | _something_ (even a short E-mail thank-you) to some software | project? | hardwaresofton wrote: | For those who are wondering the difference between ublock origin | and umatrix, a cursory quick search turned up this forum post[0]: | | > uMatrix is a blocker(cookie,css,image,plugin,script,XHR,frame, | and other) you can control what you block and what you want to | allow(like uBlock Origin dynamic filtering but way more flexible | and can be way more strict) uMatrix just blocks ads through the | use of host files, uBlock Origin blocks them more deeper per se | then uMatrix because of cosmetic and patteren-based filtering | like adblock plus. I use both of them together just uncheck the | malware domains in uBlock and peter Lowe's and the host files. | Also you have more privacy and security when running uMatrix | because of the switches(user agent spoofing and referrer | spoofing, clearing blocked cookies, blocking hyperlink auditing | attempts etc.) and also if you run uBlock it gets whatever ads | uMatrix does not get from its blocking) Look at my sig to see how | I run them. If you need help just PM me.:thumb::):cool: | | I personally run ublock origin and have been super happy with it, | never even think about it these days, if I was supposed to switch | to uMatrix at some point (I know uBlock and uBlock origin are | different now and origin is preferred) I must have missed it. | | [0]: https://www.wilderssecurity.com/threads/ublock-vs- | umatrix.37... | pimlottc wrote: | Thanks, the project readme could definitely do a better job of | introducing the project to those not familiar with it. | Maha-pudma wrote: | What's the alternative to this? | | This was on all my browsers, with ublock origin, the first | extension I install. Now what? | | I'm not a good enough programmer to take this on but I suggest | 'uMatrix Reloaded' as the new name. | JeremyNT wrote: | uBlock Origin in hard mode[0] (plus I set it to not run any js | by default on top of that) is, while not exactly a replacement | in terms of functionality, a really good alternative. It's all | the granularity that most users could really need, I think. | | [0] https://github.com/gorhill/uBlock/wiki/Blocking- | mode:-hard-m... | ffpip wrote: | Are there any issues with uMatrix that you are looking for | alternatives? | | Only the repo has been archived. The extension is perfect. Just | think you haven't seen this post and continue to use it. | bscphil wrote: | Mozilla has modified their extensions API pretty regularly | (with major changes every few years at least, recently), and | they're also still in the process of developing the API for | the Android browser, which is likely to remain incomplete and | different from the desktop API for the forseeable future. | Granted, maybe not a lot of people use uMatrix on their | phone, but both of these seem like valid reasons to worry. | bsdubernerd wrote: | Wait.. wasn't the a good chunk of the "webextension" | transition to allow better interoperability? | | After some time, it looks to me as if no real change has | happened. The webextension model is still too weak in | several areas to allow for some old extensions to function | properly (keyboard handling is a major, _major_ PITA), and | at the same time a lot of work is still being spent to | support cross-browser (and to a lesser extent, cross- | version) functionality. | | Forward-compatibility on the same browser seems to be the | only good point, until you realize it's also how chrome can | pull the plug on request filters and kill extensions on a | whim anyway. | | I didn't even know you needed mozilla's blessing for | extensions on android. Not so different than Chrome here, | Mozilla. Not at all. First, the useless signing | requirement, then _this_? :( | ffpip wrote: | You can't use uMatrix on phone. Mozilla updated their | browser right? Also very few can manage it on such a small | screen. | | >they're also still in the process of developing the API | | The API is there. They are just whitelisting addons. | bscphil wrote: | > You can't use uMatrix on phone. | | You can't use it _currently_ if you have a release | version of Firefox after 68, yes. The API is buggy and in | fact quite a few extensions don 't work, even if you | force-install them. It's still unclear if they will ever | whitelist stuff that's outside of their "recommended | extensions" program, and presumably the best chance it | would have of getting whitelisted is if it were actively | maintained and bugs encountered with the new FFA could be | worked on in coordination with the developer. | stjohnswarts wrote: | People want to know about alternatives for the inevitable day | when the extension API changes and there it no longer works | so they won't get caught with their pants down. | elorant wrote: | There's noscript. | | https://noscript.net/ | cygx wrote: | It's not a complete replacement, though. For example, a | couple of months ago we had a discussion about websites | scanning local ports, prompted by [1]. This can in fact be | done without Javascript, in which case uMatrix would still | protect you, whereas NoScript would not. | | [1] https://nullsweep.com/why-is-this-website-port-scanning- | me/ | shawnz wrote: | How can this be done without JavaScript in such a way that | uMatrix could still block it? | cygx wrote: | If you wanted to check if port 42 is open, have a | <link rel="stylesheet" href="http://127.0.0.1:42"> | | followed by an <img | src="http://example.org/?port=42"> | | The <img> won't be requested until the stylesheet has | failed to load, which takes a different amount of time | depending on whether there was something listening on | that port, or not. | | uMatrix won't allow the request to the local machine to | go through. | XzetaU8 wrote: | NoScript or eMatrix which is a fork of uMatrix, if you're using | pale moon. | | https://addons.palemoon.org/addon/ematrix/ | | https://forum.palemoon.org/viewtopic.php?p=199714#p199714 | app4soft wrote: | > _eMatrix which is a fork of uMatrix, if you 're using Pale | Moon_ | | Yeah! I switched to eMatrix year ago without any issues ;) | | Pale Moon + uBlock Origin + eMatrix = <3 | | For more safe browsing just use Links2.[0] | | Links2 is my default browser for the first time visit unknown | sites & Pale Moon is my second browser for browse the Web. | | Has Firefox too, but I'm using it only for few specific | sites. | | [0] https://news.ycombinator.com/item?id=16191843 | propogandist wrote: | uMatrix is one of the first add-ons I've installed on my browsers | for many years. It exposes so much crap on the web that browsing | the www without uMatrix feels unsafe. | | The fine grain controls on uMatrix are so powerful and quite | intuitive, especially once you get oriented. You can see (and | block) websites trying to load in crap asynchronously, see the | problematic iFrame that's loading in a scripts, see all the | trackers and even the cloudflare endpoints that may be | responsible for bringing in malicious content. | | Gorhill's uBo project is nice, but geared towards simplicity and | it's too simple, even with the advanced interface, imo. | | Although Gorhill never accepted donations, someone forking | uMatrix will hopefully use something like github.com/sponsors to | ensure it's sustainable. | | I'd love to see uMatrix around for the long haul. | ffpip wrote: | Thank you Gorhill. For such great resources. Your extensions are | the only reason I use FF on mobile and desktop. | | uMatrix helped me realize how much of 3rd party resources are | crap. Actual crap. Completely unnecessary. It also helped me get | familiar with new 3rd party crap that pops up on the internet. | | I'll use uMatrix 1.4.0 as long as it works. Many thanks | newyorker2 wrote: | Haven't used any chromium in years, hence the question. Is | uMatrix not available on their addon store? | ffpip wrote: | In my experience uMatrix and uBO work better in Firefox | compared to Chromium. You don't have to completely reload the | whole page to see what's blocked or hidden. They can also | block the sneakiest trackers that hide behind other domains. | Not possible in Chromium. | | Chromium mobile doesnt even have addons because they are shit | scared of adblockers. | pmoriarty wrote: | _" Chromium mobile doesnt even have addons because they are | shit scared of adblockers."_ | | Paradoxically, I'm kind of half-happy to hear this. | | It means that finally a large number of users are using | adblockers. | | For many years the standard theme of many threads on | adblockers was that companies like Google didn't care about | them because too small a percentage of their users used | them for it to matter. | | Now finally there are enough adblocker users for it to hurt | their bottom line, and that means that there are more | people than ever who clearly just don't want to see ads. | | That gives me hope that there will some day be anti- | advertising legislation, and that we might not even need | adblockers... some day... some day... | bad_user wrote: | I think your hope is misguided. | | People dreamed of an Internet where sharing of | information was free (as in freedom). Then DRM happened. | And even if DRM cannot be 100% reliable, being broken by | design, it's reliable enough, plus in the US at least | it's a felony to break it. And as years go by, we see | more DRM, not less. This happens, because the practice is | normalized, and because small inconveniences are taken | care of (usually by monopolies winning the market--e.g. | you stop complaining that alternative e-book readers | don't work, when everybody is using the Kindle or the | Audible apps). | | Similarly, for the open web -- the action has been moving | on mobile devices. A majority of people now consume | content via mobile devices. So what do you see? More | websites? Or more apps? And for all ad-blocking happening | at the DNS level (e.g. Pi-hole), how long do you think it | is before apps start doing DNS over HTTPS on their own, | bypassing the OS's stack? | | This is a wack-a-mole game, and the big publishers have | enough resources to push for both technical and legal | changes for outlawing ad-blocking. I'm actually surprised | that content blockers remained legal thus far. But the | writing is on the wall IMO. | | --- | | There's also another side of this coin. I see more and | more people on HN complaining that articles are submitted | from publications that are setting up paywalls. | | People also hate paying for content. And even those that | pay for content, they don't recognize what an incredible | privilege it is to afford it. | | Either content is monetized somehow, or the only content | that we get will be content created by hobbyists, in | their spare time, for free, while working a regular job. | | Well I for one don't want a world in which the poor don't | get access to online resources, or a world in which | people can't make ends meet doing what they love. | a1369209993 wrote: | > Either content is monetized somehow, or the only | content that we get will be content created by hobbyists, | in their spare time, for free | | Yes, that's why we need to make it impossible to monetize | content. | specialist wrote: | In the spirit of "Yes, and...": | | I've been chewing on an alternate narrative. | | Firstly, I don't think any of us anticipated preferential | attachment. Even despite the popularity of "six degrees | of separation" and other graph related notions. Clay | Shirky's essay about Power Laws was my first exposure to | the idea. Here's Kotte's meta entry: | http://www.kottke.org/03/02/weblogs-and-power-laws | | Everyone complains about how "the web" we got is broken. | It wasn't until very recently that I understood that Ted | Nelson's Xanadu vision, an often imagined alternative | timeline perfect web, requires centralization. Um, is | this really what we want? Because that's what we're | getting. Incrementally, fitfully, inevitably. Your | warnings about DRM times infinity. | | Also the libertarians, anarchists, technophiles behind | "the web" thought we'd have micropayments. Instead, we | got advertisements and freemium. I don't know if | micropayments, or prepaid wallets, or subscriptions, | would be less toxic. But it couldn't be any worse. | URfejk wrote: | Here you have experimental extension-support version of | ungoogled-chromium on Android: | https://uc.droidware.info/extension.html | bad_user wrote: | uBO and uMatrix on Firefox are more capable. For example, uBO | on Firefox can block trackers masquerading as first-party | requests. | | Also Google is going ahead with deprecating the necessary | APIs in Manifest v3, going with a Safari-like model for | content blocking, which is far less capable. Soon uBO, | uMatrix, Privacy Badger won't be possible at all on top of | Chrome. | sexpositivepriv wrote: | Well obviously if Apple is doing it then by HN logic it's | good and virtuous and the right thing to do so Google | copying Apple here must be good as well. | | Ok, Apple apologists, please tell us why Apple doing this | is to good and virtuous thing to do. | timbit42 wrote: | Including Opera, Brave, Edge, etc.? | marcthe12 wrote: | Yes except brave because as locking is done as a patch | instead of extension | CincinnatiMan wrote: | Man, I absolutely love uMatrix. Now I feel bad for not | contributing back to it, maybe that would have helped the author | keep going with it. | [deleted] | t0astbread wrote: | A huge loss but thank you gorhill for developing this awesome | extension! Like many others I'll probably keep using it while it | still works. | | On another note, how does uMatrix even work internally? I guess | the bulk of its functionality is based on the webRequest API and | I think it uses some kind of CSP hack for inline scripts and | workers? (And is it only my perception or does uMatrix have to | resort to a lot of hacky workarounds to implement some of its | features?) | jccalhoun wrote: | I could never figure out how to use umatrix or the advanced mode | of ublock origin. I've read the instructions and could never | figure them out. | Lammy wrote: | There's a "save" button you have to click to persist your | changes after you've toggled the green/red cells of the media- | types-per-domain table to suit what you want to block and what | you want to allow. i gave up on uMatrix once before figuring | that out. | TekMol wrote: | Uhm, what?? | | uMatrix is an essential part of my everyday life. | | Will it still work? If not, is there a trustworthy replacement? | | I don't want an "ad blocker" with blocking lists etc. I just want | to see the page I navigated to. And then allow it to load | additional resources as I see fit. | | If uMatrix goes out of existence, then that would be the biggest | loss due to discontinued software in my lifetime. | throwaway2048 wrote: | uBlock origin advanced mode is very similar to uMatrix | Arnavion wrote: | AFAICT uBO even in advanced mode doesn't differentiate | between the kinds of requests that can be filtered, so | filtering is only per domain and filters every kind of | request for the domain equally. uM on the other hand | differentiates between scripts, CSS, images, XHR, media and | frames, and allows you to filter them individually. | | But most importantly, uM also allows you to filter cookies | with the same fidelity, which is the number one thing I would | miss if I had to rely solely on uBO, because it means I can | default to blocking even first-party cookies from sites I | don't want leaving cookies on my machine. FF by itself gets | close, by letting me set a policy that says "block all | cookies except for cookies from these domains", but that | doesn't let me filter which site is allowed to access those | cookies. | | Frankly, I find uBO redundant if one has uM installed but for | two things: uBO can use the usual content-blocker lists (I | personally don't need them because my router's DNS server | does filtering using those same lists already, but it's | useful for people without such a setup), and uBO can block | remote fonts whereas uM can't. It would be great if uM's | kind-based filtering was merged into uBO and remote fonts | were kept as just another kind of request that can be | filtered, but I don't know what gorhill plans to do. | eikenberry wrote: | Check out "Cookie AutoDelete" for cookie management. It | automatically deletes all cookies (not whitelisted) when | you close a website. I've used it for a while and it is | pretty nice. | | https://github.com/Cookie-AutoDelete/Cookie-AutoDelete | rasz wrote: | > uBO even in advanced mode doesn't differentiate | ....scripts, CSS, images, XHR, media and frames | | $script $image $subdocument $stylesheet $first-party | $third-party $xmlhttprequest $csp $inline-script $inline- | font ... | | https://github.com/gorhill/uBlock/wiki/Static-filter-syntax | Arnavion wrote: | Good to know. So it's supported for static filters and | not for dynamic filters, which is presumably why it isn't | exposed through the UI like uM does. | | So it looks like the equivalent of this uM rule: | github.com raw.githubusercontent.com xhr allow | | would be: | @@raw.githubusercontent.com^$domain=github.com,xhr | | ... or something. (I have to spend some time RTFMing.) | | So then, like I said in my previous comment, it seems it | would be the best of both worlds if gorhill took the UI | from uM and put it in uBO. | srtjstjsj wrote: | What's the difference? | ffpip wrote: | It still works. Continue using it till Mozilla shuts down or | the extension permission model changes. | 4cao wrote: | > Continue using it till Mozilla shuts down | | Firefox add-ons can be installed from third-party sources as | well, and in the case of uMatrix it's worth doing it anyway, | since the latest version (1.4.1b6) is on GitHub only: | | https://github.com/gorhill/uMatrix/releases | | It's a beta but seems to work just fine. Mozilla is still at | the last stable version (1.4.0): | | https://addons.mozilla.org/en-US/firefox/addon/umatrix/ | fwn wrote: | *on desktops they recently disabled that feature on | Android. | pa7x1 wrote: | This is a tragic loss, I can't be grateful enough to the author, | such a fantastic tool. | | I even started installing it in my parent's computers (not | advanced users), reducing to 0 the amount of time I had to | intervene to fix their computers. The trick is to configure it in | blacklist mode, instead of whitelist. This way it only blocks | requests from domains in the blacklist and frame elements. Just | with this change you get non-power users out of trouble in their | surfing habits and impacts negligibly their use. | | I have taught them that if a web is blocked or doesn't work | properly is most likely not a web they want to use but that there | is also the possibility to turn it off using the on/off button | (that they should use very judiciously). In this mode it is not | too different from setting up Hosts file but they can understand | better what's going on and how to turn it off if needed. | | EDIT: fixed typos | ffpip wrote: | > The trick is to configure it in blacklist mode, instead of | whitelist. | | Or you can use it in whitelist mode, but with all things like | Cloudflare and ReCaptcha globally whitelisted. It's good that | way too. | | But yes, for your parents, black list mode would be good. It | would be like uBlock Origin. | iudqnolq wrote: | But for eg cloudflare to work it also needs first party js | 02020202 wrote: | > Or you can use it in whitelist mode, but with all things | like Cloudflare and ReCaptcha globally whitelisted. | | those two specifically are always the first entries in my | blacklist :D | e1ghtSpace wrote: | Why do you blacklist them? | liability wrote: | Because fuck them. Recaptcha in particular is abusive to | non-chrome users with their "slow fade" tiles which are | specifically engineered to frustrate to real humans (bots | do not experience frustration, and if it were simply a | matter of slowing down bots they would have simply added | a timer, not spend five seconds animating a tile with | fade transitions.) | | Fuck any site that requires this hostile bullshit. 9 | times out of 10 when I see recaptcha that site is dead to | me. Very few sites are worth tolerating that sort of | abuse from. | asquabventured wrote: | Agree this is hostile behaviour, but there are technical | hacks[1] that a user could find that overrides google | being a dick. | | [1] https://greasyfork.org/en/scripts/382039-speed-up- | google-cap... | meowface wrote: | I get the same slow animations with Chrome. I don't know | what the point of it is, since it's apparently trivially | bypassable, but I don't think the goal is to annoy | people. | | Also, the web would be much more annoying to use without | captchas. (Not necessarily recaptcha, but just the | concept in general.) If you've ever been an administrator | of a site that's prone to spam, it's usually one of the | only effective options. Other trade-offs would generally | involve blocking huge ranges of potential users, with | tons of false positives, or laborious manual approval | which isn't feasible past a certain scale if it's just | you or a few people. | a1369209993 wrote: | > Also, the web would be much more annoying to use | without captchas. (Not necessarily recaptcha, but just | the concept in general.) | | This is a non sequitur; we're talking about Google's | abusive faux-captcha (which is not actually recaptcha; | that's the two-word OCR challenge captcha they replaced | with said faux-captcha), not about any actual captcha or | captchas in general. | meowface wrote: | Sorry, you're right, I think my error was due to the | start of the parent: | | >Because fuck them. Recaptcha in particular | | I think I read it at that moment as "because fuck | [captchas]. Recaptcha in particular". But they meant | Cloudflare and Recaptcha. | | I will say, as annoying as Recaptcha is, I find hCaptcha | a lot more annoying, difficult, and time-consuming. | (Cloudflare recently switched from Recaptcha to | hCaptcha.) | | I failed 4 "select the motorcycles" yesterday after | selecting like about 7 - 8 of 18 images per try. So | that's minutes spent clicking 28 - 32 out of 72 squares, | and I failed every time, because I don't know much about | bikes/vehicles and they mixed in regular bicycles and | other semi-motorized bikes (which were all wrong | answers), and many of the images were extreme close-ups | of possible axles or handlebars with no clear shapes, and | others were just generally blurry, unclear photos. It | makes Recaptcha's ultra-slow fade-ins seem like bliss. I | got the fifth one when they switched from motorcycles to | something else, but that one wasn't easy, either. | a1369209993 wrote: | > as "because fuck [captchas]. Recaptcha in particular" | | Ah, that makes more sense, and now _I 'm_ not sure that | wasn't what they meant (although it seems unlikely | because fuck Cloudflare). | | I'm not familiar with hCaptcha, but what I've heard | (including from you just now) suggests that it, like | Google 'captcha', is also a javascript-using non-captcha, | in which case fuck them too. | josephcsible wrote: | Most people want to block annoyances like advertising or | tracking without breaking the pages they want to visit. | What you're suggesting does the opposite. | daveFNbuck wrote: | If that's your goal, why would you use uMatrix and not ad | and tracking blockers? | dm319 wrote: | Any pointers on how to do this? I run into problems with | online purchases, and find out easier to switch to chrome | than try and authorise various sites on the fly. | boomboomsubban wrote: | It's fairly easy to determine what's breaking things. With | something like online purchases, one of the domains will be | for a payment processor that you've probably heard of, | accept things from them and it will likely work. | | More generally, you can often find a domain that calls | itself a cdl, and those are usually needed. And sadly, if | the site doesn't seem to work at all it probably needs | google. | | Oh, and it is basically never something in dark red. | pa7x1 wrote: | If you want to replicate that kind of configuration that is | as painless as possible you just have to go into the | extension options/configuration. Head to the "My rules" tab | and you will find a rule, towards the top of the rule list, | that says: | | "* * * block" | | This rule acts as a default blacklist. If you switch it to: | | "* * * allow" it will allow everything by default (except | the blacklisted domains, which overrule this). | | Then in the "Assets" tab you can configure your blacklists, | I can recommend Steven Black's lists. He curates and | consolidates several of the most famous ones: | | https://github.com/StevenBlack/hosts | | He maintains several variants according to themes you may | want to ban (adware, malware, fakenews...). Choose the | combination that suits you. | sippingjippers wrote: | I seem to remember this movie. In the following scene, some | spammer forks the code and claims to be the new maintainer, but | threads some horrible spammy behaviour into the code. The spammy | fork (under the original name) gains significant popularity. | Final scene. In disgust, the valiant OP returns with a new fork, | possibly called "uMatrix Origin". Curtains and lights | srtjstjsj wrote: | That's a miscomprehension of what happened with uBlock. The | problem with uBlock was that gorhill legally gave away the | trademark to a spammer. | ffpip wrote: | He got tired of kids complaining of issues without | contributing code. Just filter list issues, which are not | really his fault but the list maintainers. | asymmetric wrote: | Some more info here: | https://www.reddit.com/r/uBlockOrigin/comments/i240ds/reques... | | TL;DR: gorhill didn't have time to maintain both extensions, and | won't transfer the repo after having been burnt once already. | LargoLasskhyfv wrote: | /me sniffles in sadness. | sebow wrote: | A loss for freedom lovers on the internet | jonchang wrote: | Looks like the maintainer just didn't have time and there weren't | enough people in the community willing to step up and do issue | triage or contribute code. | | > What would actually help is that people help to completely | investigate existing issues instead of keep asking me to add yet | more features. Turns out people willing to step in the code to | investigate and pinpoint exactly where is an issue (or that there | is no issue) is incredibly rare. | [deleted] | doublesCs wrote: | Can someone clarify for a layman what this means in practice? I | still want to use uMatrix on Firefox. Does this mean that over | time, uMatrix will eventually stop working? | | Separate question, is there somewhere can we can read from the | author about this decision to archive uMatrix? | stjohnswarts wrote: | It will until they change their extension API or some | detrimental bug is found and they block it. | Bayart wrote: | uMatrix has to have been the most useful, all-rounded, | intelligent browser extension I've ever used. I see it as a gold | standard. It truly _extends_ the browser, rather than use it as a | platform to deploy << apps >>. | Havoc wrote: | Literally 12 hours after I switched from Noscript. :( | pineyboi wrote: | uMatrix is awesome. I wish there were more tools like this -- | just advanced enough to do some real heavy lifting yet still | quick and intuitive after even a little investment. The browsers | brought SSL awareness with the padlock, but most users are still | woefully unaware of just how many websites they hit when they | load any page. It's insanity. | | I hope this isn't due to browser vendors making things difficult, | but it wouldn't surprise me. Since the concerns are similar, it | would be great if there was a way to marry the two. uBlock - | advanced interface mode or something. Just a thought, not a | feature request. | | Thank you Gorhill for all your work. Sad to see it go, I actually | can't fathom how I'll surf the web without it. | ffpip wrote: | > just advanced enough to do some real heavy lifting yet still | quick and intuitive after even a little investment. | | This describes uMatrix perfectly. I didn't understand a single | thing after installing it, but one day, I spent 20 mins reading | the wiki on Github and then understood what to use each tool | for. | arendtio wrote: | I like uBlock Origin better than uMatrix, so my primary concern | is what I can do to support uBO so that it won't share the same | fate? | srtjstjsj wrote: | Gorhill has clearly stated: if you want to help, fix bugs. He | doesn't want to do this as a job, so if you want to pay someone | to help instead of helping directly, then find someone who | wants to be paid to fix bugs in uBO. | | https://github.com/gorhill/uBlock/wiki/Why-don't-you-accept-... | Semaphor wrote: | This is a shame, I find the interface for uMatrix much more | intuitive than uBO's. | squanch wrote: | I am sad to hear this. I have been using uMatrix now for quite | some time, it has always been one of the extensions I install | directly after setting up a new browser (together with uBlock | Origin). | | If the author, Raymond Hill, ends up reading this: thank you Sir, | for all the (probably unpaid!) effort you have been putting into | this extension for years. It's certainly an inspiration to | actively contribute to the open source community. ___________________________________________________________________ (page generated 2020-09-20 23:00 UTC)