[HN Gopher] uBlock Origin Lite now available on Firefox ___________________________________________________________________ uBlock Origin Lite now available on Firefox Author : tech234a Score : 185 points Date : 2023-08-21 21:23 UTC (1 hours ago) (HTM) web link (addons.mozilla.org) (TXT) w3m dump (addons.mozilla.org) | kwstas wrote: | Cool to have this available in FF too. Other than less | permissions I can also compare the behaviour directly with chrome | now. | thisisthenewme wrote: | FWIW, Firefox and uBlock on my Android phone will always keep me | on that ecosystem. My desire to go into the Apple ecosystem | (because of supposed privacy protections) faded as soon as I | learned I can't really have a good ad blocking solution there. | lnxg33k1 wrote: | Mh yeah I am on iOS and at home I have pihole and on the road I | have mullvad with ad/tracking/etc. blocking, and can't | complain, I never see ads, I think right now all use the same | adblock lists more or less so staying in a ecosystem for that | seems, I mean everyone do their choices, but there are harder | things to overcome | [deleted] | kmlx wrote: | there are many good ad blocking solutions on desktop and mobile | safari. | Nextgrid wrote: | They are equivalent to "Manifest V3" blockers (like this | one). It's nowhere as good as _original_ uBlock Origin. | dharmab wrote: | No, there are full ad blocker solutions on iOS: | https://browser.kagi.com/faq.html | hnarn wrote: | I'm not saying that it's as good technically, but I use AdGuard | for Safari together with NextDNS and it seems to do the trick. | Probably just using NextDNS would go a long way. | metadat wrote: | Is AdGuard a proprietary product? I recall looking into it | and being a bit turned off once I learned it's not FOSS. | Nextgrid wrote: | Most repos here show GPLv3 as the license: | https://github.com/AdguardTeam | metadat wrote: | I'd be delighted to be mistaken, because Safari on iPhone | sucks with all the ads. | SSLy wrote: | the iOS one is closed. Linux and browser exts are open. | Scoundreller wrote: | I use these: | | https://www.reddit.com/r/Adblock/comments/koowte/encrypted_d. | .. | | I like how I don't need a separate app (just install the | profile) but I do wonder if I need to implicitly trust the | website that has the profiles for download. | | So far so good though. | | I use the mullvad ones. Sometimes it breaks public wifi | signins, so I switch to a less restrictive one in those | situations (usually CIRA, which is the Canadian domain | registrar) | | The really nice thing about DNS profiles is that they're | system wide, so it works against in-app ads too. | isykt wrote: | What Adblock features are missing on iOS? | Zak wrote: | Browser extensions, which can block HTML elements based on | arbitrary selectors rather than just origin domain. | Nextgrid wrote: | Safari does actually support CSS selectors in its content | blocking API. However, see my other comment on this very | subthread, it's nowhere near enough and is trivial for ads | to bypass. | Nextgrid wrote: | iOS (and macOS Safari) only has the stupid "declarative | blocking" functionality which is trivial for ads to bypass. | In addition, it often breaks websites because it can't inject | runtime code (like uBlock filters can) to substitute | malicious JS payloads with neutered versions that still | expose the same API so the rest of the JS doesn't error out. | veave wrote: | In theory you are right, in practice it works just as well. | luuurker wrote: | That depends a lot on the site. It works well on some, | but on others it's just not enough. | | Safari/iOS blocking is closer to uBlock Origin than to | DNS blocking, but is not as powerful as uBO and some | sites "exploit" those limitations. | vorpalhex wrote: | No, it really does not. My iPad with safari and safari | filters next to my android with firefox + ublock is | nowhere near as comprehensive. Even news websites sneak | ads into safari. | CraigJPerry wrote: | Got any example urls handy? I'm using AdGuard and i just | don't recall getting ads anywhere i visit. I'm interested | to see if any slip through. | | The only exception i can recall right now was youtube but | SponsorBlock does great there in Safari. | bandergirl wrote: | That's false. iOS has had full-fledged extensions for years | now. Nothing stops uBO from existing on Safari other than | stubbornness. | | Most serious iOS content blockers ship both a native list | (or multiple) and an active counterpart, usually focusing | on YouTube ads. | | However I am aware that adblocking is still poor on Safari, | maybe nobody just can match uBO | blibble wrote: | brave supports the ublock filters | leokennis wrote: | So you're trading in (supposed) privacy protection for a couple | less ad impressions or broken site visits? | | I mean, to each their own principles but... | fsckboy wrote: | > _FWIW, Firefox and uBlock on my Android phone will always_ | | _uBlock_ was the original name for the add-on that | subsequently was ethically compromised /"sold out to" | advertisers | | _uBlock Origin_ is the 2nd version written by the original | author (gorhill) and is not compromised. | | Just wasn't sure which you are talking about | lolinder wrote: | I appreciate what you're trying to do here, but when I search | for "uBlock" on Firefox's Add-ons, only uBlock Origin comes | up in the first 6 pages. It looks like it's still available | (and even "Featured") in the Chrome ecosystem, but in the | context of Firefox it's no longer ambiguous which one they're | referring to. | | https://addons.mozilla.org/en- | US/firefox/search/?page=1&q=ub... | dharmab wrote: | I'm using Orion on iOS which has native ad blocking and | supports a good number of Chrome and Firefox extensions. Even | without uBO I have a virtually ad-free experience. | | https://browser.kagi.com/faq.html#safari | nixass wrote: | Every browser on iOS pretending not to be Safari is also huge | no. | dharmab wrote: | Orion on iOS is not a Safari reskin. It uses WebKit, but | the similarities end there. | wahnfrieden wrote: | More specifically it uses WKWebView. You can't compile | WebKit yourself to include in an app, which means less | flexibility than non-iOS WebKit apps and Chromium forks. | Their complaint is valid ("reskinned safari" is just a | casual way of saying this) | NotYourLawyer wrote: | If it uses webkit, then it 100% is a Safari reskin. | bandergirl wrote: | Again: every browser on iOS is a Safari reskin because it | cannot be otherwise. Safari and WebKit are essentially | the same thing (download WebKit on Mac to find out) | | Only "remote browsers" like Opera Mini can currently use | something other than the system's webview. | meruem wrote: | I'm super impressed with orion as well. I use an iPad and | Orion provides a decent support (still a WIP though) for | Firefox/chrome desktop extensions to run in iOS. After Reddit | axed third party support, I almost stopped browsing Reddit | until I found out I can run RES with old.reddit inside Orion. | This has been an absolute game changer for me. | rc_kas wrote: | How is this different that the uBlock Origin addon for Firefox | that I have been running for the last 5 years? | captn3m0 wrote: | It uses browser provided APIs for filtering, instead of running | script injection on every page. This improves security, and | performance at the cost of some capability. The reduction in | capability comes from the inability to do all kinds of cosmetic | filtering, but it lets you enable this on a per site basis. | | Check the details on the extension page for more information. | 38 wrote: | > improves security, and performance | | > reduction in performance | | huh? | captn3m0 wrote: | Typo, reduction in capability. Corrected above. | afterburner wrote: | > The reduction in capability comes from the inability to do | all kinds of cosmetic filtering | | Oh, that's too bad. The cosmetic filtering is incredible. I | wonder how much I would be impacted by switching to Lite. | Guess I'll try one day. | mtzaldo wrote: | I dont see it in firefox for android :( | greazy wrote: | I believe Firefox curates the installable extensions on | android/mobile. | eco wrote: | They are going to finally crack open the full add-on library | soon. Sometime after September if I remember correctly. | FiloSottile wrote: | This is the uBlock Origin edition based on the much-maligned | WebExtensions Manifest V3, which implements blocking | declaratively instead of allowing/requiring live request | interception. | | Firefox--my daily driver--still supports the "main" uBlock Origin | (and I'm a somewhat heavy user of features unavailable in Lite | like custom filters), but I had been waiting for Lite to be | available and immediately went ahead and replaced uBlock Origin | with uBlock Origin Lite. | | The security win can't be understated: with its permission-less | design (enabled by MV3) I am down to _zero_ third-party | developers that can get compromised and silently push an update | that compromises all my web sessions. Sure, attackers could still | get into Mozilla, Apple (as I run macOS), or cause a backdoored | update to be pushed via Homebrew (how I install unsandboxed | applications when no web app is available, which thanks to the | likes of WebUSB is getting less common), but unsandboxed browser | extensions were clearly the lowest hanging fruit, so this update | (and MV3) significantly raised my security posture (and | transitively that of projects I have access to, and that of their | users). | Timshel wrote: | The issue with v3 is when it's the only solution. Which is not | the case here : | | > However, uBOL allows you to _explicitly_ grant extended | permissions on specific sites of your choice so that it can | better filter on those sites using cosmetic filtering and | scriptlet injections. | | Which I would expect allow it to work as well as uBO. | stefan_ wrote: | > attackers could still get into Mozilla, Apple (as I run | macOS), or cause a backdoored update to be pushed via Homebrew | [..] but unsandboxed browser extensions were clearly the lowest | hanging fruit | | This is a total non-sequitur. The source of all malicious | browser extensions is Google, Apple and Mozilla, and none of | them have demonstrated any willingness whatsoever to fix the | problem, even when a mere grep across their distributed | extension base can trivially identify all the various openly | advertised trojan SDKs that cause millions of users to be | tracked or have their internet connection reused for various | shady proxy websites. | e2le wrote: | >I am down to zero third-party developers that can get | compromised and silently push an update that compromises all my | web sessions. | | It's my understanding that because uBlock Origin is a | "recommended extension", it must undergo a formal code review | each time a new update is published. A malicious update would | not face zero obstacles. | | https://support.mozilla.org/en-US/kb/recommended-extensions-... | Timshel wrote: | The switch from full acces to white-listing for full blocking | is just awesome imo. | | You can just decide for each case the tradeoff between | advanced blocking and security. | [deleted] | dealuromanet wrote: | What do you think about using Brave on Apple with its built-in | ad-blocking? | sneak wrote: | You could also just turn off extension autoupdate. | huydotnet wrote: | Turn off extension autoupdate sounds like a bad choice, not | all updates are mallware injected, many of them may contains | security updates anyway | captn3m0 wrote: | That only makes a difference if you're auditing each | extension update. Switching to extensions with per-site | permissions reduces the attack surface drastically and you | don't have to worry about auditing or disabling updates. | FiloSottile wrote: | I considered that a few times, but eventually complex things | like modern ad-blockers rot, so I would be forced to update | every once in a while, and let's be honest: I am neither | qualified nor prepared to audit the diff. | | I guess deferring updates would give me lead time to let | others get targeted / detect an issue before it's likely I | would get the update. Still, installing the permission-less | version is so much simpler and reassuring. | predictabl3 wrote: | So can you tell Firefox to only allow MV3 (or MV3+sandboxed, I | guess) extensions then? Or have you manually audited your list | of extensions? | | I was sort of aware but your post clearly reminds me that | Firefox extensions are probably my single biggest point of | general vulnerability on my phone and computer, given how much | is done in browser. | | Appreciate your original thoughts either way. | sebzim4500 wrote: | Hqng on, MV3 still lets extensions read web traffic, right? It | just can't block it. | minedwiz wrote: | declarativeNetRequest (https://developer.chrome.com/docs/exte | nsions/reference/decla...) involves loading a ruleset into | the browser, which then does the blocking itself inside the | network process. | FiloSottile wrote: | Firefox's implementation of MV3 allows both async permission- | less blocking (declarativeNetRequest API) and permissioned | synchronous blocking (webRequest API). uBO Lite uses the | former to provide an ad-blocker without read/write | permissions. | | You can still write a unsandboxed extension with MV3 (and in | Firefox it will still be able to intercept requests, while in | Chrome it will not be on the network hot path) but the point | is that you can _also_ write a permission-less ad-blocker | now, which is what I want. | npace12 wrote: | You need the webRequest API (that uBO Full is using) from | manifest v2 to be able to read the traffic. Without it, you | can just block/allow based on rules. | | Chrome is deprecating it with v3, Firefox supposedly no. | npace12 wrote: | One interesting thing I noticed while trying to port little-rat | to FF, using the same declarativeNetRequest API as uBOL last | week: | | In Chrom*, extensions can intercept calls from other extensions, | while in Firefox, they can't. If anyone happens to have any | insight, please let me know. | | EDIT: removed links as I'm being downvoted, not trying to | promote, just would love to make it work in FF. | [deleted] | dingdingdang wrote: | "uBOL is entirely declarative, meaning there is no need for a | permanent uBOL process for the filtering to occur, and CSS/JS | injection-based content filtering is performed reliably by the | browser itself rather than by the extension." | [deleted] | pottertheotter wrote: | I have a question about this. The page says that uBOL has | "limited capabilities out of the box" due to it "not | [requiring] broad 'read and modify data' permission". But you | can give it broad permission ("Complete mode"). Does that mean | that if someone uses uBOL in Complete mode (a) it will have the | same capabilities as uBO", and (b) it will use less resources | than uBOL (no permanent process)? | tyingq wrote: | _" hence its limited capabilities out of the box compared to | uBlock Origin"_ | nextaccountic wrote: | Does this mean that uBOL is less capable and can't block | certain ads? Is this expected to be eventually remedied? | dblohm7 wrote: | The fully-capable version is regular uBlock Origin. | Larrikin wrote: | The remedy is to switch to Firefox and continue using the | extensions that aren't being broken on purpose by a company | abusing their monopoly position. | | But there will be a bunch of posts in this thread about | people bemoaning Firefox because they have to have thousands | of tabs open all at once everyday and Firefox renders them a | second or two slower. There will also be people who will | complain that the dev tools aren't exactly like what they | learned in college/their boot camp so they can't spend dozens | of minutes learning the Firefox tools so they can make their | CRUD SPA can load megabytes of JSON outside of Chrome | AshamedCaptain wrote: | I don't particularly blame Mozilla/Firefox for this but it | is obvious to me the writing is on the wall for the "non- | lite" version of the extension, due to Chrome stealing all | the manpower towards the lite version. The fact that the | author is now publishing the "lite" extension also for | Firefox itself looks as confirmation to me. The author's | description even seems to praise Manifest v3 in the same | way Google PR did. | | Who wouldn't? It's one less version to maintain, and you're | not going to stop maintaining the one most people use. | faeriechangling wrote: | I'm not so pessimistic that no maintainer would be | interested in maintaining the full fat uBo. I've got to | imagine there's still quite a few people using the | project. | | To some extent I have to ask - who cares that Chrome is | more broadly used? That never stopped Firefox and its | extensions from becoming popular in the first place. All | it took for Firefox to rise was the competition being | crap, and well the competition is becoming crap. | Chromium's monopoly doesn't stop a few contrarian | developers from continuing to keep their websites Firefox | compatible. | Karunamon wrote: | All snark aside, Firefox is probably the last browser you | should use if you care about extensions (or other | functionality) not being broken on purpose or arbitrarily | removed with no notice, recourse, or opportunity for | feedback. | | Firefox has done this to me multiple times. As someone who | uses a web browser as a tool for both business and | pleasure, and as someone who does not appreciate flag days | forced on me for no good reason, I am perfectly happy and | have been encountered far fewer surprises with a chromium | fork. | Timshel wrote: | The remediation is the ability to whitelist/grant full access | to specific domain to allow for advanced blocking. | Macha wrote: | I don't believe the full version is planned to be replaced by | this one. I think this is basically since they did the work | to get this version that would work in Chrome after they | reduce the permissions available to adblockers, they just | launched it for firefox too in case anyone is really bothered | by ublock's permissions. | Macha wrote: | So this is basically the manifest v3 version for Chrome, ported | to Firefox? | Timshel wrote: | With the ability to whitelist domain to have full blocking. | input_sh wrote: | > MV3-based content blocker | | Yes. | devit wrote: | I assume Firefox doesn't have Chrome's arbitrary limit on | the number of filtering rules, right? | input_sh wrote: | I do know that Firefox has no plans to deprecate | webRequests API (that the non-lite version depends on), | while also supporting declarativeNetRequest (that the | lite version depends on) for compatibility. | | What I don't know is: | | 1) whether their implementation of declarativeNetRequest | has that arbitrary limitation | | 2) whether uBO Lite ships the same (limited) filters in | the Firefox release. | | I'm _guessing_ 2) is true for simplicity, but that 's | purely a guess. | eco wrote: | While I was trying to find out what Firefox's limits are | I came across this interesting issue on the W3C's | webextensions repo: | https://github.com/w3c/webextensions/issues/319 | | 4 days ago the Chromium developers proposed upping the | limit for certain types of declarativeNetRequest rules | based on data AdGuard provided on real world rule lists. | https://docs.google.com/document/d/1srkkCJkl4X2KOOUwnpDd- | kvm... | jxy wrote: | Would this be ported to Safari? | yankput wrote: | The safari rules are even less capable that that, last time I | checked. | syntaxing wrote: | Three questions, is this less resource intensive and does it | still block YouTube ads? | | Also, since it uses manifest v3, how slim are the chances it'll | be ported to safari? | hendersoon wrote: | Kind of a brilliant compromise, actually. By default it's a | declarative content-blocker, but if you run into a specific site | that shows ads you can enable the full-fat uBlock Origin | featureset there. ___________________________________________________________________ (page generated 2023-08-21 23:00 UTC)