uBlock Origin criticized for blocking CSP
The popular content blocking extension uBlock Origin blocks CSP reporting on websites that make use of it if it injects neutered scripts.
CSP, Content Security Policy, can be used by web developers to whitelist code that is allowed to run on web properties. The idea behind the feature is to prevent attackers from injecting JavaScript on websites protected by CSP.
CSP reports any attempt of interfering with the site's policies in regards to scripts to the webmaster. This happens when users connect to the site, and is used by webmasters to analyze and resolve the detected issues.
Tips:
- uBlock Origin: official repository and downloads
- uBlock Origin: how to remove any element from a page permanently
Scott Helme opened a support ticket on the official uBlock Origin GitHub page a couple of days ago in which he stated that the content blocker was blocking the "sending of legitimate CSP reports".
It is true that reports are blocked. You can visit his website, https://scotthelme.co.uk/, and check the network log in your browser of choice to see the failed reporting attempts if you have uBlock Origin installed in the browser.
Raymond Hill, the developer of uBlock Origin, replied stating that this was not a bug but by design. The extension blocks the sending of CSP reports if it injects a neutered Google Analytics script.
The browser extension uBlock Origin blocks Google Analytics to prevent user tracking. Since some sites stop working correctly if Google Analytics is not loaded properly, a neutered script is injected instead to reduce the likelihood of sites breaking.
CSP reports may be fired because of the injecting of the neutered scripts, and uBlock Origin blocks those as well to prevent information leakage.
uBO won't be the cause of user information being leaked. The consequence of uBO doing its job (injecting neutered scripts) may cause CSP reports to be fired, hence uBO blocks CSP reports.
Every network request which leaves a user agent must be for the benefit of the user, including CSP reports. The user agent is not owned by the remote server such that it gets to decide what should never be blocked or not.
Hence if a network request to a remote server is potentially detrimental to the user, it gets blocked, especially if that network request is fired solely as a result of uBO doing its job. This is such case here.
Basically, what it comes down to is the following: uBlock Origin acts first and foremost on behalf of its users. This means that it will block the sending of CSP reports that could be a result of the extension injecting neutered scripts to block information such as the user's IP address, user agent and time and date the requests were made.
Third-parties could abuse the system for user tracking, and that is another reason why these reports are blocked in uBlock Origin.
The extension does not block all CSP reports. It only does so only if a neutered script is injected by the extension on a page. This happens only obviously if a resource on the page was blocked, say Google Analytics was blocked, and if a neutered version of the script exists. No CSP report is blocked if that is not the case.
Raymond Hill will release an update to the WebExtensions versions of uBlock Origin in the near future that distinguishes between CSP reports caused by the injecting of neutered scripts and regular CSP reports. CSP reports are assumed spurious if, for whatever reason, uBlock Origin cannot parse the report however.
Closing Words
Users come first when it comes to uBlock Origin, and that is one of the reasons why the extension and its developer are as popular as they are.
CSP can also be used and it is used to track users.
If uBO will lower the protection will fail his purpose and lose the game.
Seems this is your #1 addon you report all the time even if it’s not worth the mention, this is an expected behavior and is/was documented already since longer.
It is only of matter of time until you need a deep-package inspection anylyze extension/addon to filter all the crap out, the pradox is that the user which are using such addons are the ones overall to blame because no one wants ads or mining. So you get what you deserve, more spying, stronger rules and and and.
I think at some point you should’t forgot that ads are in the first place no to spy on someone it was original to get a small/big income to help you/your buis. And to block everything is in my opnion not the best ideas because mentioned reason. The question is however what you can trust and that’s the bigger problem, even if you fav. page could be ‘infected’ so that’s why people letting the adblockers enabled. Just in case.
I totally have no answer to all this but as said earlier I prefer mining instead of ads as long it’s not totally abused. But it’s currently semi-optimal implemented. The best thing would be that a page provides and explaines some toggles to enable/disable ads/mining or tweak their seetings e.g. by only allowing xyz ressources or percentage of your cpu power.
IMHO, there’s no such thing as “not totally abused”, ads are opt-out and I don’t expect coin miners to be any different.
It’s only a matter of time before web sites starts to abuse this, displaying not only ads but also raping your system resources with coin miners in the process.
The only way to have an “opt-in experience” on the internet in regards to ads, tracking, miners and all other nasties is to use uBO. The “opt-in” part is where you whitelist a site or not.
> The “opt-in” part is where you whitelist a site or not.
Sadly not because you can’t decide what you opt in an what not, whitelistening is on the entire site then with everything no matter if it’s possible infected or not. That’s the real thing, you can’t trust it but if you distrust everything without reasons or just because 1% of entire web abuses something you make think worst, especially pages like ghacks suffering from this distrust.
The thing with mining is that you’re private data not getting abused the way like ads which also tracking you accross several pages. So I rather prefer to (in worst case scenario) give my CPU than my private data.
Sorry Martin, but this article comes across partly as an ad for uBlock Origin, and partly as glorification by a fanboy. Users come first? Why isn’t there a simple on/off button for the extension like many of those users “who come first” have requested over and over again? The reason has been stated by the main developer: he doesn’t want one because he thinks it’s sufficient to go into the browser’s addons interface and manually disable the extension each time that way.
Given the amount of time and work he has put into the extension (without financial compensation), I respect the developer’s decision to refuse functionality he doesn’t want. But to claim “users come first” is simply not true.
Countdown to more fanboys… 3….2…1..
It’s not true only if you hold a grudge against gorhill because he didn’t make uBlock Origin with the features YOU want.
Otherwise the claim “users come first” it’s 100% true when it comes to blocking CSP.
oh and Martin!? More “ads” for uBlock Origin please lol
There’s a huge on/off button and it’s always been there. If Martin’s a fanboy then you’re the total opposite, moaning for the sake of moaning.
Exactly! Press the red uBlock button, and there’s the big power switch.
> Why isn’t there a simple on/off button for the extension like many of those users “who come first” have requested over and over again?
There is a big one to disable it for the site you are on.
Why would any normal user (or even “power” user – I’d consider myself as one and I never needed to disable uBlock or ABP for all sites completely) need to disable the addon for good? If that should be needed you can open the about:addons panel easily. I personally don’t see any reason to have a button for that in the main dropdown ui as it would only confuse users.
Please state some use-cases.
Good for Raymond. Privacy out trumps security reporting code any day. All the more reason to love ublock origin.
Thanks for another informative article about uBlock Origin. It also reminded me to update uBlock O’s filters. ;)
A typical response in this day and age is to ridicule and use over-exaggerated accusations. No truth but our own truth prevails. Hey, I’m guilty too. ;)
Just the other day I saw a comment on an article about Chrome where the commenter is basically accusing those that do not want google scanning their computers as being “Anti-Google†tin-foil hat wearing alarmists. That’s rich and conveniently ignoring the fact that google is an “advertising” company whose primary goal is to collect enough data to justify charging as much as they can for “targeted” ads. How many hobbies/services does the Goolag provide that are being used to collect data? History from searches, location, browsing, purchases, deliveries, contacts, the words you use and more are all being collected.
And then, to top it off, they are guilty as hell of algorithmic bias to push the results they want to be seen, not just shopping results. When you consider their size and reach the implications are huge. Of course, Facebook, Twitter, Yahoo, Bing, Amazon, Apple are all innocent of any bias. Right?
I freely and openly admit to having zero guilt about using uBlock Origin even though it “interferes” with Google Analytics. Boo Hoo. I never participated in any discussion about sharing my data, I’ve never even been asked, openly, not buried deep in some TOS BS. If a web publisher doesn’t want me to see their content fine, block me, setup a paywall, whatever. If I like the content enough I will find a way to contribute, financially. ALL of the ad networks only have themselves to blame for their ridiculously flawed ad ecosystem. And I refuse to participate in their failed experiment.
Over the years, I have literally, honest to God, cleaned more than 12 computers, and they all had 300-1000 malware objects with the occasional virus or two thrown in. Every single one was not using any type of content blocker. After cleaning the mess and configuring their browser of choice with a content blocker, I am yet to receive any call-backs, not one. Last computer I cleaned was maybe a couple years ago and I’m still in contact with all of them. I personally haven’t seen a malware object or virus on my computers in almost 10 years.
Heck, if Windows wouldn’t nag me I would feel perfectly safe using my hosts file and 2-3 browser extensions and not worry about having to use MSE or any other real-time protection. The most important security software on my computer was created by Mr. Raymond Hill. Thank You Sir!
Countdown to the intellectually lazy and perpetually aggrieved… 3….2…1.. LoL That was a joke people!
I entirely agree.
Concerning Google as well as many, many more even without uBO they’d be blocked (and are) at the system level,
HOSTS :
0.0.0.0 google-analytics.com
DNSCrypt-Proxy domain blacklist :
*.google-analytics.*
Among thousands, in the HOSTS file, in DNSCrypt-Proxy domain and addresses blocklists, in Peerblock lists …
The Web has become a hostile area, not only with the so-called bad guys but with leading companies as well. Users are stuck in-between both. I’d dare say that if the bad guys are terrorists, major Web entities are for most of them in the slot of State terrorism. The common point to both is that ethics is not necessary to their concepts in the same way God was not necessary to Gagarine when he first discovered the immensity of the cosmos. Bypassing ethics in such an elaborated and deliberate way signs a civilization on its decline. But I believe in people hence hope remains. But is stuns me more particularly when it concerns a country devoted to God whenever He is mentioned, and so little followed by a system which considers morality as a no-man’s land when business is concerned : OK for God but not with business, no time no place Him, sorry you all, that’s how it goes.
“Google” is not just an “advertising” company.
“Oh, you were finished! Well, allow me to retort.” – Pulp Fiction :-D
Of course not, I never said they were “just an advertising company” but we have to accept the fact that a huge part of what Google does is about advertising income. They provide a bunch of different services, some of which I use. Many of those services also try to nudge you towards using the income producers. Just the way it is, it’s smart business. How many people that use the Chrome browser use Google Search? It is by default front and center for a reason. If you have an android device (I’ve owned 6 Nexus devices) how likely are you to use Google Search, Google Assistant, mobile Chrome with no ad blocking ability and the front and center search engine?
I saw a quote back when that always sticks in my mind because it seems so true in my personal experience, I can’t remember where I first saw it, sorry. “Google is an advertising company with a bunch of hobbies.” If you use a service they provide do not expect any loyalty on their part. I have personal experience using more than one service that Google killed off. I’ve come to the conclusion that it’s not about what’s best for the user of their products, it’s about what’s best for the shareholder, the Nexus line is one example of that. But hey, it’s all good, I know where I stand. Way, way, way down at the bottom of the list of importance, but then… really… am I even on the list? ;)
{http://www.investopedia.com/articles/investing/020515/business-google.asp}
@Richard Allen, it’s funny but I interpreted “”Google” is not just an “advertising” company.” differently. What I understood was that it was more than an advertiser in that it collected data for the sake of the government. Maybe relevant of my paranoia. I need holidays :)
@Tom Hawack
Good point. How about the Five Eyes intelligence alliance? SIGINT Seniors Europe? And there are others. Which is why the country that your VPN is in is very important. That’s the problem with having any online activity, it’s all being shared.
I would love to be able to whilelist the occasional website but I know as soon as I do Every byte of data that can be harvested will be shared with who knows how many different entities. Seriously, while completely ignoring the security ramifications of interacting with ad networks, why can’t I support a website without having to share my data with the world? The system is flawed.
@Tom Hawack, “Google” hate governments, “Google” hate states, “Google” has for project to install its datacenters in international waters, to f..k laws about data collection, to f..k taxes, etc, to f..k democracies at the end. “Google” is also generating hatred and violence with its Google Glasses’ project, etc. “Google” is not just an “advertising” company. “Google” is evil.
@Anonymous, Evil is not of this world, Evil (the Original, one and only, authentic, trade-marked) is of another dimension. Humans only get tempted :)
One thing is sure, Google and others stopped pointing their finger toward those they’d consider as “evil”. There must have been thorough brainstorming which led stupid assertions to be considered as such and possibly took into consideration the boomerang effect.
Google is not evil of course, no company, no human being is. There are mistakes, temptations, weakness, convictions, a chain of cause to effect, the whole processes follow a logical path and trying to understand that path is the only way to take clear decisions based on an attempt of objectivity. To understand doesn’t mean to forgive, not even to agree, but is imperative to progress. Hating hatred is essentially a paradox.
That was my Saturday speech. A nice week-end to all!
@Tom Hawack, all what is forcing people starting wars for real in the street, at work etc can be called evil sorry.
@Anonymous, I don’t think so. It may be a surrender to evil but surrendering to evil after having been tempted to it is not *being* evil. Evil is not able of anything but evil whilst behaviors, actions happen to change and the worst coexists with the best. We have seen u-turns in more than one life. I read once, a long time ago, in an esoteric literature, that at the end of the end Evil itself, call it Lucifer, call it Mephistopheles would repent itself : I have no idea if Evil is eternal. But I believe it is not a “principle” in the philosophical meaning of the word, that is : a first cause, an alpha. I’d consider Evil as meaningless would it not oppose itself to call it God, call it virtue : Evil is because Virtue is, not the opposite. That’s the way I see it. I wish to never let the worst blind me to what virtue, beauty, truth there is in our world. There are a lot of beautiful things in this world alongside horror, friendship to start with, emotion in front of a painting, of nature, arts, to the point sometimes of forgetting ourselves as we are filled with a sentiment of plenitude. It does exist, and in my belief it is enough to believe that nothing on Earth is evil but only a mistake, led by ego, fear, domination (often linked). We can, individually, choose, we are free should our consciousness be the last area of our freedom.
“We can, individually, choose, we are free should our consciousness be the last area of our freedom.”
The problem with “Google” is you have no choice. If the last area for you is to deprive others of their freedom against their wish, well you are evil too.
@Anonymous,
We can choose, and I was referring to what our consciousness would consider as the bad and the good.
I’d have to consider that a given alternative is evil and I’d have to consider that choosing this alternative means I am evil myself.
I assumed evil was not incarnated but external, hence neither is an alternative nor the fact of choosing it evil as such : if we’d consider as you do that Google is evil, would I dare assume anyone using it is evil? Certainly not! Would you?
Now if the debate is to consider that given situations, considering they leave no choice, given that we inevitably are forced to comply to what we’d consider as evil (assuming this *is* evil), in the same way a starving man would have no other choice than to steal bread, I agree the answer is not obvious : consciousness is individual and may not include the same values from one to another, which is why morality was crafted, as an attempt to leverage the diversity of personal ethics on a standardized code, religious, civil.
But then, what happens when our consciousness disagrees with the moral values we refer to (which themselves vary from one civilization to another)?
A famous French lawyer, Jacques Verges, wrote that when one considers as legitimate appears to be in contradiction with the terms og legality, the choice should always be to refer to legitimate. If so, this would mean : refer to your consciousness rathe than to standards, be they moral or legal.
This seems the essence of a consciousness’ liberty but it includes many dangers, dangers of causes (is my consciousness guiding me correctly), dangers of consequences (“Soldier : you’ll be executed if you refuse to fight”). What the heck the consequences if I believe my consciousness is guiding me correctly?
Is my consciousness guiding me correctly? That’s the whole point. This is why I’ve always believed that if efforts have to be deployed in order to lead towards objectivity in terms of rationalism, in the same way introspection must be deployed to access our consciousness free of social, political, moral, demagogic parasites. If lying to others is a moral problematic, lying to myself is a pathological issue. But if we conduct these two efforts then we will have the conditions of true brotherhood given, as I believe it, that men of good will always get to live together whatever the differences of their opinions. I believe that there is not one value, be it ethical, social, political that stands for ourselves if we do not embrace it in the context of a prude consciousness : introspection must be deployed continuously and if faith is ours praying helps, but meditation also because i’ll always remain convinced that we have, deeply anchored, the sens, the feeling and maybe even the knowledge of what is good and what is bad : but me must try to access it as openly as possible. On that ground debates and contradicts deploy their full potential and allow each one of us to progress by sharing our beliefs with those of others, sometimes even to change our beliefs accordingly, but on the basis of an open-minded consciousness. In other words a free mind requires discontinued efforts, it is not a sequence which would fit our immediate inclinations and desires.
Sorry for setting too many cents, but once this interesting off-topic triggered I felt that I should complete my answer to you, Anonymous.
@Tom Hawack, Je trouve vraiment drôle ( je ne dis pas révélateur.. ) que vous preniez Jacques Vergès comme la lumière de votre conscience. Cet avocat fût celui des pires monstres que la terre ait porté, entre autre celui d’un nazi qui faisait violer des grand-mères par son chien. Avec un tel pedigree, quel homme faut-il être pour se sentir en droit de donner des conseils sur ce que devrait être la conscience humaine. Je ne comprendrai jamais pourquoi les monstres ont toujours les plus grands avocats et les pauvres gens honnêtes avec une morale et une éthique sans reproche, la conscience de ne pas porter préjudice à autrui ceux commis d’office. Il en va de même pour “Google”, car derrière cette entité se cachent des êtres de chair et d’os qui décident d’envahir notre espace sans moyen d’y échapper. Inventer des “instruments du diable” qui révèlent tout sur vous, votre famille, votre environnement et les déballer à la face du monde sans même que vous soyez au courant, par l’intermédiaire d’un utilisateur sans conscience du mal qu’il peut faire, n’absout pas “Google” de sa responsabilité de faire le “mal”, dans certains cas les plus extrêmes pousser la victime innocente au suicide ou à des actions répréhensibles par la morale. Contrairement à vous qui prenez vos références auprès de personnages très peu recommandables, je préfère les miennes comme Rabelais: “Science sans conscience n’est que ruine de l’âme”.
Consciencieusement vôtre,
Anonymous
@Anonymous,
[Sorry to all for replying to a comment in its language]
Mais enfin! citer ce n’est n’est pas prendre l’auteur pour la lumière de notre conscience ! Au plus adhérer (ou au contraire dénoncer) telle ou telle phrase, paragraphe voire réflexion. Loin de moi l’idée d’encenser qui que ce soit et ce n’est que votre interprétation de mon commentaire qui vous l’aura fait penser. Est-on maoïste en citant le Timonnier lorsqu’il professait que “le pouvoir est au bout du fusil” ? Lisez, n’interprêtez pas, de grâce.
Le débat ne concerne pas Jacques Vergès, déjà que nous sommes largement hors-propos. Peut-être simplement rappeler que la problématique consistant à défendre un être indefendable a toujours existé et notamment chez ceux qui n’ont rien compris à la dialectique juridique en place dans tout pays attaché à la démocratie et aux droits de l’homme, indéfendable compris. Je vous rappelle aussi que Vergès a toujours été d’obédience gauche toute, qu’il fut résistant pendant la II Guerre Mondiale. Bref. Un avocat sait ou devrait savoir défendre même ceux qui outragent sa conscience. Défendre n’est pas pardonner. Que préférez-vous, un tribunal stalinien ?
Vous ne comprenez pas ce que je me suis efforcé d’expliquer, à savoir que je ne concevais pas le “Mal” comme à même de s’incarner dans le vivant (à l’exception peut-être des êtres possédés nécéssitant un exorcisme) mais comme une tentation laquelle, acceptée, pouvait faire tout le mal que l’on sait. Relisez-moi, de grâce !
Quant à cette science sans conscience, ruine de l’âme, si je ne tenais qu’à une maxime ce serait bien celle-là .
Ne m’accusez pas sans m’avoir lu. La citation, la référence au travail, aux écrits, à la pensée d’un tiers n’engage pas celui qui les rapporte, vous devez comprendre cela, sinon il s’agirait d’accuser de parti-pris un universitaire, un journaliste. Le monde n’est pas binaire mais complexe.
“Vous ne comprenez pas ce que je me suis efforcé d’expliquer”
Quand je vois où est installé encore pour le moment le centre névralgique de “Google”, dont les milliers d’employés se s’ont emparé de la quasi-totalité des services publics à leur propre et unique bénéfice, qui plus est en faisant grimper leurs prix à des sommets, tout comme ceux des prix de l’immobilier ou des loyers, repoussant la classe moyenne à la frontière de leur ignominie, les obligeants ne serait-ce que pour manger à faire les poubelles, un tribunal stalinien qui consisterait à leur rendre la pareille en les envoyant au goulag ne suffirait pas à leur faire comprendre comment un démocrate comme moi épris de justice sociale peut les haïr. Avec “Google” et consors la pire bourgeoisie est de retour, celle qui a toujours craché sur le peuple, celle qui ne comprend que la guerre pour s’arrêter un temps et reprendre encore et encore jusqu’au dégoût. Les gens comme vous qui voudraient nous faire croire qu’on est des gens binaires, qui ont toujours le consensus à la bouche en nous disant que c’est plus compliqué que ça en a l’air, ne font que conforter le “nouvel ordre mondial” instillé partout par un cowboy d’hollywwood à la solde de l’impérialisme américain faiseur de guerres, faiseur de dictateurs, faiseur de fous de Dieu et d’Allah réunis, faiseurs de destructeurs de planètes, et maintenant ayant vassalisé mon pays dans une proportion qui nécessite(ra) effectivement une révolte. Non “Google” n’est pas juste une société vivant de la publicité, “Google” est un vampire qui se nourrit du sang qu’il appelle “données” des gens, de l’ignorance des peuples devant son projet, à l’image du projet de son pays qui nous rend Staline, Mao ou Gengis Khan presque aimables en comparaison. Quoique vous vous forciez d’expliquer, vous n’empècherez pas la résistance de faire ce pourquoi elle née, résister pacifiquement à toutes ces violences réelles comme philosophiques.
“(à l’exception peut-être des êtres possédés nécéssitant un exorcisme)”
Quand je revois le massacre de mes amis à Charlie, je ne peux m’empêcher de penser à leur arrogance, à leurs mensonges à l’ONU, à leurs intérêts inavouables, à leur guerre de folie, au French Bashing qui s’en est suivi et qui continue, à leurs cris de haine en déversant notre vin dans les caniveaux, à leurs banderolles haineuses de débiles mentaux. Quand je vois le terrorisme s’inviter partout chez nous, l’immigration galopante résultat de leur inconséquence avec tous les problèmes qu’elle engendre, nos enfants de la patrie qui souffrent et qui meurent juste pour leur connerie, je ne peux m’empêcher de penser à leur responsabilité, à leur indifférence assourdissante. Quand je vois chez nous leurs entreprises profiter des subventions publiques pour ensuite débaucher des milliers de gens, leurs entreprises comme Monsanto tuer nos abeilles, nos enfants, nos paysans avec leurs produits chimiques, leurs entreprises de mêche avec la NSA et j’en passe qui nous pillent jusqu’à l’os dans le but de nous asservir, oui j’ai la haine, la vraie. J’ai beau chercher, je ne connais pas un pays au monde qui nous veut autant de mal, exceptés peut-être maintenant ceux qui pensent à tort que la majorité des Français sont “du côté de la Force”. Compatissant avec les victimes innocentes mais pas avec les ordures. Déjà qu’ils envoient Bush Junior devant la cour pénale internationale faire son “exorcisme” et qu’on l’enferme avec ses vraicons, ensuite de quoi il faudra qu’ils demandent à leur nouveau clown de nous faire des excuses publiques et qu’il nous rendent le moyen de rire de tout qui faisait notre charme remplacé à cause de leur traîtrise devant l’humanité par l’auto-censure. Si ça c’est pas le “Mal”, je me demande ce que c’est!
“déjà que nous sommes largement hors-propos”
Why “hors-propos”? not “hors-propos” at all, when ublock at the origin, ublock at the end too.
I am with Raymond Hill on this. uBlockO – user first. Noscript is up there too.
Webmasters are getting their CSP reports re Google Analytics from millions of users who do not use adblockers or Noscript so it is not as if they are being kept in the dark about security issues on websites. According to a 2016 IAB report, 26 percent of desktop users and 15 percent of mobile consumers use blockers.
Seems like uBlock is still the best adblocker out there, others also have issues, I’ve had issues with AdGuard were you click Next on a website to go to page 2 and it does nothing, you have to right click and select “Open in new tab”
They all have individual issues and I don’t care anymore, because I’ve had issues with computers and browsers for as long as I gained some above average knowledge and developed an opinion and I’m at the point where I’ve come to terms that it will never be perfect and I don’t care.
CSP = a site’s “because we say so” policy.
Block it!
“Do you mind if I don’t smoke?” is the analogy which comes in mind when an administrator complains about healthy code (uBO) preventing him from associating his own code (CSP reports) to dirty code such as Google Analytics. Hey! do you mind if I struggle to avoid scum code? Google here, there, everywhere, Facebook, Twitter, Amazon, Apple, Microsoft … what did you expect, la vie en rose? Forget it, busters.
I am in agreement with Gorhill, and the majority of UbO community, Users first and this should be blocked, I saw he made some changed to the code my question I would like to continue to block these globally what filter should I use to ensure that its blocked for all sites.
Quoting gorhill at [https://github.com/gorhill/uBlock/issues/3140]
“Fix works only for Chromium and Firefox WebExtensions. Fix does not work on the legacy version of uBO/Firefox — the CSP reports will be assumed spurious — i.e. will behave just as before the fix.
If for some reasons uBO can’t parse the CSP report data needed to make a decision about whether the CSP report is spurious or not, the CSP report will be assumed spurious — i.e. will behave just as before the fix.”
This concerns uBO 1.14.17b0 available at [https://github.com/gorhill/uBlock/releases]
I’ll stick on uBO legacy here.
The news for me is that even CSP reports can be used for tracking. As always, and the beat goes on : what has been thought and carried out for easiness and even security may be configured yo serve tracking. This has become a Web standard. I’d rather take the chance of fighting tracking by missing some of its positive side-effects (or is it the other way around?).
To quote again gorhill in the page mentioned above,
“[…]consider that if anything has been learned at this point is that internet should be assumed hostile to users.[..]
This article is good Martin.
Unfortunately, it seems to have exposed some three-toed trolls.
The title is very misleading: uBlock Origin does not block CSP, it blocks a feature of CSP that can be used to track users, which is what I would expect and am happy uBlock Origin does.
After the “acceptable ads” with ABP, now they claim to “acceptable CSP”. But gorhill is not Wlad mouhaha.
Rejoice! A battle won in favor of the People – Freedom of the People, Hopefully it re-emerges as a cultural identity
Cheers Gorhill!!! (unsung Hero)
We the People DO come first.
Maybe one day the People too will realize this. Then, next stop Government.
Thank you, thank you, THANK YOU!!
Decentraleyes is now a WebExtension ðŸ‘ðŸ»
Fuck this. They’re using everything at their disposal to track users, it’s ridiculous. I’m really sick of all this shit. /rant
…and the ad companies wonder why users are using adblockers, it’s obvious. They brought it on themselves a long time ago.
Just a FYI: gorhill said on GitHub that he will implement an option to let users switch off CSP globally on the “Privacy” section. Another one of the first things to disable when one installs uBO.
Go with Adblock Plus 2.8.2
Never trusted uBo because the turds it left in certain files.
OK, just as 1+1=11
Your smiling comment is ridiculous (I’m assuming you’re having fun).
Everyone knows and agrees on the fact there is no possible comparison between traditional ad blockers and uBO for the simple reason that uBO is far more than an ad blocker. If you’re not trolling then obviously you know little or nothing of uBO and maybe of ad blockers.
Generally I don’t answer to such pathetic comments but I happen to have a few minutes available. Don’t thank me :)
That’s worth 10 stars Tom :-)
@Tony, #Triggered
Mining is fine, as long as we can set a (global) limit; something like 10% because it actually means money, cost of (increased) electricity.
Same (as) with ads, the user can whitelist their sites… Web statistics are local, scripted server-side. Leave my client out of it..:)
However admins choose to manage that data afterwards is none of my business, just like it’s none of their business what I’d bought for lunch yesterday.
This must be absolutely clear.