A uMatrix guide for Firefox

Martin Brinkmann
Nov 28, 2017
Updated • Sep 30, 2019
Firefox, Firefox add-ons
|
69

The Firefox extension uMatrix (it is also available for Chrome and other browsers), gives users control over a website's connections and data that is loaded when the site is loaded in the browser.

The extension is developed and maintained by Raymond Hill (Gorhill), the developer of uBlock Origin, a popular content blocker that is also available for various browsers including Firefox.

Why two extensions and not just one? While both extensions can be used for the same purpose -- blocking content -- they are different when it comes to scope. Without going into too much detail: uMatrix is like the advanced brother of uBlock Origin. It gives you more control, and comes with privacy enhancements on top of that.

uMatrix for Firefox

umatrix firefox guide

You can install uMatrix in any recent version of the Firefox web browser from Mozilla AMO. Simply visit the website, and click on the "add to Firefox" button to do so. I suggest you disable or remove any content blocker that is installed in the browser before you do so (e.g. NoScript, uBlock Origin, Adblock Plus) to avoid issues.

The extension adds an icon to Firefox's main toolbar that you use to control what sites may load. Before you do, you may want to visit the options of the extension to make changes to the initial configuration. The easiest way to get there is to click on the extension icon after installation and there on the title bar that displays "go to dashboard" on hover.

Preferences

The preferences are divided into tabs; the very first, Settings, list several interesting options.

umatrix settings firefox

Here is a list of preferences that you may find useful. I suggest you go through them all though as you may find some useful that are not mentioned here.

  • Settings > Convenience -- Show the number of distinct requests on the icon.
  • Settings > Convenience -- Collapse placeholder of blocked elements. (If an element is blocked, placeholder is collapsed. May result in a cleaner site, may cause display issues on some sites.
  • Settings > Privacy  -- Delete blocked cookies. uMatrix does not prevent sites from setting (blacklisted) cookies, but it blocks cookies from leaving your local system.
  • Settings > Privacy  -- Delete local storage content set by blocked hostnames. (removes data stored by blocked hostnames on the local system).
  • Settings > Privacy -- Spoof HTTP referrer string of third-party requests. The extension will spoof the HTTP referrer information if the domain name of the HTTP referrer is third-party to the domain name of net request.
  • Settings > Privacy -- Strict HTTPS: forbid mixed content -- Prevents the loading of non-secure content on HTTPS sites.
  • Settings > Privacy -- Block all hyperlink auditing attempts. Prevents that sites may add pings to links to inform "any party".

You may also check the list of hosts lists the extension uses by default, and may add new lists to it. It loads six lists by default to block malware, ads and tracking servers automatically.

Switch to the Assets tab to take a look. You may use the import option to add hosts files or disable some of the available resources.

Once you are done with that, you need to decide how to run uMatrix. You have two main options to do so: block all or allow all.

The interface

umatrix interface

The interface may look intimidating on first glance. It lists all first party and third-party connections a web page makes, and data types such as cookies, CSS or script, that are loaded or blocked.

Colors are used to indicate loaded and blocked content, with green highlighting content that is loaded and red content that is blocked.

You may click on a header, e.g. cookie, to set up uMatrix to allow or disallow this type of data globally (with exceptions that you define). Green indicates that a content type is allowed, red that it is disallowed.

Tip: you set something to allowed (green) if you click in the upper half of a box, and to disallowed (red) if you click in the lower half. The difference between dark and light green, and dark and light red is the following one: Darker colors mean that there is a whitelist or blacklist entry assigned to the cell, lighter colors that the status is inherited.

Another option that you have is to allow or disallow for specific hostnames. You may block or allow all for a hostname, or use the granular controls to allow or disallow certain types of data, for instance frames.

Block all

block all

If you set uMatrix to block all, all is blocked from being loaded except for the elements that you whitelist. To enable the block all mode, blacklist (set to red) the "all" and "frame" cells of the table.

You may want to allow the "css" and "img" cells so that styles and images do get loaded when you connect to sites.

Click on the padlock icon to save the modified configuration.

This mode blocks all but CSS and images. It improves privacy and security, and is beneficial to the bandwidth on top of that. A downside to this is that you will run into sites that don't render properly or at all so that you may need to allow certain things on particular sites to access them.

Allow All

allow all

Allow all allows any connection and type to be loaded with the exception of hostnames that are blacklisted. This is better for compatibility purposes, but problematic from a privacy and security point of view.

To configure it, set the "all" cell to green, and make sure any other cell is set to green as well. Don't forget to click on the padlock icon to save the new configuration.

The core advantage of allow all is that you won't run into nearly as many rendering issues as with block all, but the effect on privacy and security is diminished.

Closing Words

How you configure uMatrix depends entirely on you. If you want maximum privacy and security, you should go with the block all approach and whitelist only hostnames that you trust. You can still allow certain things temporarily using uMatrix, or load a site in private browsing mode instead.

uMatrix resources and further reading

Summary
A uMatrix guide for Firefox
Article Name
A uMatrix guide for Firefox
Description
The uMatrix guide for Firefox helps you get started with the Firefox extension uMatrix, a sophisticated connection and ontent blocker for the browser.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Amir said on October 3, 2019 at 7:09 am
    Reply

    Thanks, Martin, will you make a guide for uBlock Origin’s Medium Mode?
    I thought to suggest that. Thank you.

    1. Martin Brinkmann said on October 3, 2019 at 7:33 am
      Reply

      I’ll take a look!

  2. Martin Brinkmann said on September 30, 2019 at 6:49 pm
    Reply

    Hi Amir, thank you for letting me know. I have updated the guide to reflect that.

  3. Amir said on September 30, 2019 at 6:15 pm
    Reply

    @Martin, The preferences that are divided into tabs, in the new uMatirx don’t have the Privacy tab. You may update the settings part in this article. Thank you.

  4. Amir said on September 30, 2019 at 12:24 pm
    Reply

    Hi, dear Martin, I thought to ask you if possible, and if you liked, and needed, please update this article, with any new tips, etc. you might want to add. Thank you.

  5. CHEF-KOCH said on December 3, 2017 at 9:43 pm
    Reply

    My own solution to workaround is to give people a database (they can contribute to it) to add their own findings, which lowers the time re-creating the rules each time manually or in case you’re too lazy. The project currently offers, configurations and pre-configured rules for uBlock, uMatrix, NoScript and ScriptSafe. Sadly all of the mentioned tools don’t native support a crowd which can submit/commit their findings, so that’s why I created the project.

    https://github.com/CHEF-KOCH/NoScript-Whitelist

  6. Homeboy said on November 29, 2017 at 1:32 pm
    Reply

    Problem with uMatrix is that all of your configuration data gets stored locally, and your network connection fingerprint will look different and more unique, and, and, …. better stay up with Tor Browser homeboy!

    1. G00f said on May 14, 2020 at 3:29 am
      Reply

      LOL WTF ARE YOU EVEN TALKING ABOUT?

    2. Clairvaux said on November 29, 2017 at 5:34 pm
      Reply

      Tor is a thoroughly different step in the privacy arms race. Tor changes your IP. Whereas blockers speed up your browsing, Tor slows it down, considerably in some cases. It’s also also completely non-configurable, and you need to accept a smallish window, at least if yo don’t want to break the inbuilt privacy.

      There are some (important) sites that are difficult, or impossible to use with Tor. Some sites will start to throw captchas at you all the time. Some might flag you as a potential fraudster if your IP changes at each visit.

    3. Sam said on November 29, 2017 at 3:51 pm
      Reply

      If you use the Tor network then yes, this matters. For privacy and security nothing is better than Tor Browser, which Firefox private browsing mode should end up becoming in the future, once Mozilla and the Tor team are done with Tor Uplift, once the Tor network is ready for the load and as a last step once Tor is shipped with Firefox.

      If or when you don’t use the Tor network, reducing exposure by limiting network connections is best :)

  7. Anonymous said on November 29, 2017 at 5:24 am
    Reply

    The developer took the decision not to support xul based browsers anymore (safe browsers like Pale Moon). Which means for updates you are now forced to install spyware browsers (e.g Google Chrome, Mozilla Firefox). Sounds like a nonsense to me.

    1. gorhill said on November 29, 2017 at 4:51 pm
      Reply

      > Sounds like a nonsense to me.

      Feel free to contribute and volunteer to maintain the legacy version.

      1. Anonymous said on November 29, 2017 at 9:13 pm
        Reply

        “The legacy version” for a “legacy browser” I presume..
        https://forum.palemoon.org/viewtopic.php?f=61&t=17530&sid=e4e71bc519b1f6a914d3a38070793aef

    2. Alien said on November 29, 2017 at 12:19 pm
      Reply

      “install spyware browsers (e.g Google Chrome, Mozilla Firefox). Sounds like a nonsense to me.”
      Yeah, this does sound like nonsense.

      1. Tom Hawack said on November 29, 2017 at 12:35 pm
        Reply

        The comment, I presume.

  8. vitamin c said on November 28, 2017 at 9:06 pm
    Reply

    Yes, this is completely normal, it’s a new layout design that was added very recently to uMatrix.
    It means you can use the grid of rules you can see for multiple level domains.

    For example, in the top image on this page, “reddit.com” is highlighted in blue, and to the left of it is in grey. This means that all the rules within the grid (red for block and green for allow), are being applied to any website that ends in ‘reddit.com’.
    This is useful because you might want rules to only apply to ‘magic.madeupwebsite.com’ and not ‘tasty.madeupwebsite.com’ or in this case to both of them with ‘madeupwebsite.com’.
    The little asterisk to the right is then for ‘general’ which means ‘apply these rules to every single website’.

    This is fantastic for fine-tuning. So I can block scripts from blah.com on any website (using the general asterisk and making ‘scripts’ for ‘blah.com’ red), but then only allow it specifically on ‘tasty.madeupwebsite.com’. This means it won’t load the scripts on any site (even madeupwebsite.com, only specifically on tasty.madeupwebsite.com) – a good usecase for this is facebook. You might want to use facebook on facebook.com but block ‘connect.facebook.com’ following you on news sites or asking you to connect your account to it.

    A bit advanced, but a fantastic tool when you get the hang of it.

    1. Clairvaux said on November 29, 2017 at 5:46 am
      Reply

      Thank you, Richard Allen and vitamin c.

      It seems to me that Gorhill tremendously extended the uMatrix Wiki since I remarked here how shorter it was compared to uBlock’s. He also linked to a new how-to that wasn’t there when I last had a look :
      http://adamantine.me/index.php/2015/11/18/umatrix-desperately-needed-guide/

      He says about the documentation, “feel free to improve as you wish, I am not a writer”, but I think he’s being modest.

      Just noticed the solution to a nagging problem I had (like many other people, presumably) :
      https://github.com/gorhill/uMatrix/wiki/How-to-get-past-%22uMatrix-has-prevented-the-following-page-from-loading%22

      This is fantastic work. We’re getting traction here ! If other talented and devoted people such as him get up to speed on Web Extensions, we would be on to something…

      1. Sam said on November 29, 2017 at 4:42 pm
        Reply

        CORRECTION:

        *script surrogates, which uBO has but can’t use with uMATRIX. So NoScript having them restores the functionality.

        (It’s called neutered scripts in uBO)

      2. Sam said on November 29, 2017 at 4:31 pm
        Reply

        Personally I don’t need or actually, WANT, any other privacy or security extension. The more you have, the higher the risk that they mess each other up in unnoticeable yet really counterproductive ways. It was especially true with legacy add-ons but I don’t think WebExtensions are completely immune to that either.

        So it’s a matter of picking the right ones. I think uBO+NoScript and uBO+uMatrix are pretty nice combinations. With the former, cookies remain to be covered so a third privacy add-on is needed but you get targeted protections against many attacks, some of those enabled even with scripts allowed. It also has script surrogates, which uBO has but can’t use with NoScript. With the latter, cookies are covered and you get an amazing user interface that makes you fully aware of what’s going on, and allows you to unbreak things easily and quickly even when you don’t want to allowing anything more than the bare minimum.

        Yet, even with just two well known add-ons, in both cases there is some amount of messing one another up going on. Fortunately the collisions do not affect security or privacy or anything important, it’s just illustrating that this risk is real.

        Some people would add Decentral Eyes to the list, which will limit network requests to common CDN resources needed by many sites, by replacing resources such as (I imagine – I don’t use that add-on) ajax.googleapis.com or cdnjs.cloudflare.com. I don’t know if it collides in any way with NoScript, uBO or uMatrix.

         

        Finally, a fully featured NoScript should make uBO+NoScript more secure than uBO+uMatrix. The current WebExtension NoScript is not yet fully featured though (but it’s planned to get there), so at the moment I recommend uBO+uMatrix on Firefox 57+.

  9. Keith said on November 28, 2017 at 8:40 pm
    Reply

    For uBlock Origin users, here’s a post on improved UB settings by a pretty sharp guy named RejZor. I use these and UB works fine with rarely any site breakage. You can always click it off to disable it on any website.

    Post #13
    https://www.techpowerup.com/forums/threads/ublock-origin-how-the-heck-do-you-use-it.232035/

    1. Sam said on November 29, 2017 at 4:09 pm
      Reply

      If that was sharp, then anyone here is scalpel grade!

  10. Clairvaux said on November 28, 2017 at 8:13 pm
    Reply

    Great and timely article, Martin. I have a question. On some of your screenshots, the blue background on the top left cell, where the URL of the main Web page is to be found, is cut in half, and the other half is grey. (Like in [www.reddit.com])

    This started to happen to me with Firefox 57, and I presumed I did something wrong. Is it a bug of the add-on ? Does it have some specific meaning ?

    1. Richard Allen said on November 28, 2017 at 9:27 pm
      Reply

      Look at scope selector at the link. Specifically the text that is covered in blue.
      “https://github.com/gorhill/uMatrix/wiki/The-popup-panel”

  11. Gabriel said on November 28, 2017 at 8:07 pm
    Reply

    Great article, Martin.
    The only thing I wish uMatrix had was selective blocking. As in, for example, being able to block specific scripts on a webpage and not all of them.
    I messaged the developer about this and said he wasn’t going to implement it.

    Sometimes a webpage has 3 scripts.. 2 needed for it to function and 1 nasty one.
    What to do in these cases?

    1. Sam said on November 29, 2017 at 5:04 pm
      Reply

      > The only thing I wish uMatrix had was selective blocking. As in, for example, being able to block specific scripts on a webpage and not all of them. Sometimes a webpage has 3 scripts.. 2 needed for it to function and 1 nasty one. What to do in these cases?

       

      Use uBO together with uMatrix for that: uMatrix is not made to use adblocking syntax, it’s not the same role :)

      You don’t need to enable uBO’s advanced mode when you have uMatrix. You can use it in set and forget mode with a bunch of filter lists.

    2. Tom Hawack said on November 28, 2017 at 8:31 pm
      Reply

      Many, most if not all lists include scripts’ filtering, not only ads. This is true with uBO and it is true with uMatrix. This is why lists are so important given that they remain as body guards in case the user opts for the less protective policy (allow all and block selectively). The ultimate is always block all and allow selectively but requires more work, even if with time we get used to it and spot quickly what can/should be allowed.

      1. Bjoern said on November 30, 2017 at 8:37 am
        Reply

        @Gabriel: Did you try Tom’s suggestion, but instead with the uMatrix logger, to see if you could effectively achieve selective script blocking within a domain perchance?

      2. Tom Hawack said on November 28, 2017 at 8:53 pm
        Reply

        @Gabriel, I don’t know how it works in uMatrix but with uBO you can enable/disable scripts selectively with the ‘Logger’ feature : just search for ‘Scripts’ from within the Logger and you can then manipulate whatever script (as whatever data type) selectively. Unfortunately I know nothing of uMatrix.

      3. Gabriel said on November 28, 2017 at 8:34 pm
        Reply

        Hi Tom.
        Yes, that’s what I do.
        I block all and then allow what is needed.
        But you can’t allow 1 script and block 2 other scripts from the same domain. You block all or allow all.

  12. Bronckman said on November 28, 2017 at 6:00 pm
    Reply

    Thank you, Martin for bringing some light into this matter. Personally I do consider Umatrix’s UI a desaster. It is confusing and not self explanatory. I tried to work with it and ended up being highly frustrated and toxicated after solacing myself with some powerful drops of spirits from my bar.

    I am not saying this program is bad. I believe it’s a fine piece of work but ruined by its UI. So, dear developer: please have mercy with us ignorant and illiterate computer users and try to change it for the better. I am also greatly convinced it won’t happen.

    I am ready and willing to take the usual insults and name callings which are happening here much too often. Honestly, I don’t care about it and the person behind it, it’s meaningless. But if someone has something meaningful to say, your are very, very welcome.

    1. Clairvaux said on November 29, 2017 at 6:20 am
      Reply

      Have a look at the Wiki. It’s extremely helpful. uMatrix has a learning curve, but this was the help formerly missing to clear the first hurdle, which is quite low actually. Once you’ve got the first knack of it, you’re allowed mistakes and you don’t need to understand everything to use it. Provided you learn the basics, it’s like getting to ride a bicycle or to drive a car. It’s only intimidating when you’ve never left base.

      https://github.com/gorhill/uMatrix/wiki

  13. Daguil said on November 28, 2017 at 4:46 pm
    Reply

    I use UBo for static filtering (non-advanced-mode) and uMatrix for Dynamic filtering.

    I am not a developer. But I did spend a full week reading the Wilders Security forum on UBo. While Gorhill removed the page from his wiki on how to use both UBo and Umatrix together :(, here’s what I’ve been able to piece together from Wilder’s security forums.

    NOTE: this assumes you’re going to use UBo and Umatrix together.

    In UBo:
    – Settings:
    o Uncheck “I am an advanced user”
    o Check all the Privacy settings
    – 3rd Party Filters:
    o Check the boxes for “Auto-update” and “Parse Cosmetic”
    o Myfilters
    o All the uBlock filters (per Gorhill, these are not optional)
    o Easylist
    o Easyprivacy
    o All the Fanboy’s stuff
    o Personal:
    * Chef Koch’s BarBlock @ https://raw.githubusercontent.com/CHEF-KOCH/BarbBlock-filter-list/master/uBlock.txt
    * NoCoin Filter List
    o UNCHECK all of the Malware domains.
    o UNCHECK all of the multipurpose domains.
    o Only check the “Regions” that apply to where you live & browse.
    – My rules:
    o no-csp-reports: * true
    o behind-the-scene * 3p noop
    o behind-the-scene * 3p-frame noop

    In uMatrix:
    – Settings: Self explanatory.
    – Privacy: Check everything. (Except for me, I unchecked “Spoof User Agent”…this broke a few sites I need to work.)
    – My rules:
    o You’ll tailor these as needed to make your own sites work. Everyone draws a different line between privacy and convenience. I’ve seen others share their lists, but I personally didn’t find it very helpful since we all browse different sites.
    o Generally, I block all and allow as exceptions only on the websites I need to get working. But I universally allow youtube vids, since they are pretty much everywhere and I didn’t want to bother too much with enabling them on every site. Most would find my approach too difficult/time-consuming, others would say I’m crazy to allow Youtube everywhere.
    o If you find yourself allowing “ajax.googleapis.com” on every site and you don’t want to bother with a rule to allow it on each site, then allow it universally like I did. Ditto for “Code.jquery.com”.
    o After about a week of using this config, you’ll find the pattern of what needs to be enabled for sites to work. Seems like many sites use a 3rd party site for their own CDN & images. i.e. consumerreports.org requires: consumerreportscdn.org and static5.consumerreportscdn.org. You must allow those two scripts/XHR on their site in order to see the tables of product comparisons.
    o Using the consumerreports.org example: All of the really bad staff that got blacklisted by the filters was NOT required for the site to function. And I recognized the CDN & Static script/XHR right away a allowed them on that site only. So I had this site running almost immediately, and it worked fine while blocking the most intrusive stuff. That’s how it is with many sites (for now.)
    o If you use the “Decentraleyes” (recommended by Gorhill), there’s a few domains you must allow. See: https://github.com/Synzvato/decentraleyes/wiki/Frequently-Asked-Questions
    – Hosts Files:
    o Check the box to auto-update.
    o Turn on all hosts files. You’ll notice that these are all the filters you unchecked over in UBo. I forget the technical reason for this, but the developer-types on the Wilders Security forums seemed fairly certain this was the way to go.

    Backup your configurations. I invested several weeks mastering this configuration, I can’t even imagine starting from scratch.

    I also use Pants/Earthlng’s User.js file, to include blocking all cookies/enabling them on a per-site/per-session basis. Between the two Gorhill extensions and the User.js file, I’m confident that I’m safe from non-targeted attacks/privacy intrusions. The biggest risk now is…me.

    There are sites that just refuse to work with this much stuff blocked. So, I use a tiered approach, with my old Chrome setup as the secondary, Edge as the third option (with UBo in advanced blocking mode), and Internet Explorer as an absolute last resort that requires a full disk-cleanup and a quick shower after using.

    Big thanks to Gorhill, Pants, Earthlng, Chef Koch, Synzvato, 12bytes, and everyone else (especially the filter/blocklist maintainers) who make the Internet safe to browse. I think of you guys all the time! Seems like a handfull of heroes maintain free privacy tools for us laypeople against billions, billions, and billions of dollars’ worth of corporate revenues generated by invading our privacy & risking our security from malware. You guys are singular contributors in the history of capitalism. Thank you.

  14. MdN said on November 28, 2017 at 3:09 pm
    Reply

    I’ve been using uMatrix ever since I found out about it. Once I learned my way around it, it has become a routine, and compared to uBlock sometimes I save a few seconds of loading time on some websites simply because it’s easier to see what there is to filter. For my use it’s perfect as I, 90 percent of the time, tend to visit the same bunch of websites. When I started I installed it on my less-used browser and I would slowly, when I had free time, edit the settings for all my favorite websites. Once I was done, I just exported the settings and applied them to uMatrix in my other browsers.

  15. Peter said on November 28, 2017 at 3:03 pm
    Reply

    Love it! Too bad support for Pale Moon was dropped but as long as 1.0.0 works I’m a happy camper.
    It does miss the element blocker UBO harbours.

  16. 12bytes said on November 28, 2017 at 1:41 pm
    Reply

    Firefox Configuration Guide for Privacy Freaks and Performance Buffs | 12Bytes.org
    http://12bytes.org/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs

  17. dw4rf_toss said on November 28, 2017 at 12:57 pm
    Reply

    Cool, with a side of “I’ll shoot my eye out”. There’s an older release that runs with “old” Firefox without webextensions (1.1.4), so I’m running the old version. I’ve disabled uMatrix hosts files, as I either opted out of them in uBlock or they are already covered by it. So if I end up hating this, I can just uninstall uMatrix.

    Again: got uBlock and uMatrix running in tandem, all seems well enough. Side note: I’m letting uBlock origin handle the “list” blocking and disabled such in uMatrix; I was getting unnecessary page reloads when both have same lists enabled.

    So far, uMatrix has proven useful, though. It shows exactly what it is blocking, and unblocking things to test is thankfully pretty simple. I was able to allow Disqus chat and some other functions very quickly. Then ya click the lock icon to save permanently once ya get it all just so.

    Just disable the lists in uMatrix if you want to play with it and not break anything you depend on in uBlock. I guess my bottom line is that uBlock is just too useful to let go (element zapper, anyone?).

  18. Var said on November 28, 2017 at 12:50 pm
    Reply

    I have used uMatrix to bypass paywalls on certain sites. Doesn’t work on all but on a few its quite effective. But it seems to have a steep learning curve, its not easy to get right away.

  19. Tom Hawack said on November 28, 2017 at 10:47 am
    Reply

    uMatrix’s page on AMO is explicit : “*For advanced users.*”.
    What defines an “advanced user”? What does it mean to be, to consider myself or someone as advanced in terms of computing knowledge? I don’t have the answer. A rather relative definition perhaps. Some users stick on ‘Adblock (Plus)’ because they consider that ‘uBlock Origin’ (uBO) required advanced skills. That’s my position regarding uMatrix and some uMatrix users on the other hand will consider the extension as perfectly accessible… hard to tell.

    What is sure is that uBO is not presented as “For advanced users” and is obviously less complex to use than uMatrix. Complex, not complicated. Some may also as myself lack confidence in their true abilities and/or express a sort of “intellectual laziness” (yawn and “wow, too tiring”).

    As far as I’m concerned I’ll point out this :
    1- Yes, I believe I could make it to uMatrix should I make the effort. Yes, I’d make the effort if uBO didn’t exist because traditional ad blockers are far too far from what I consider as essential to give a chance to privacy and security nowadays when running a browser.
    2- I use uBO intensively, I have a wide array of filters and rules, mine included. I’d have to move those to uMatrix, in what conditions, what is movable and what is not…. Maybe I should have started with uMatrix rather than uBO, maybe did I lack self-confidence or maybe was I tempted by a good “less effort”/”efficiency” ratio.

    Magnana maybe. (is that how you spell ‘tomorrow in Spanish?!). I often doubt that laziness is considered as a capital sin and sometimes I vaguely perceive why is could definitely be one :)

    1. Richard Allen said on November 28, 2017 at 5:12 pm
      Reply

      Mañana ;)

      Totally agree. I would probably have to say that performance, ease of use, security and privacy are my ‘goals’ when online, and probably in the order that they are listed. I like uMatrix but once I moved from FF ESR, I started to pare down my add-ons in preparation for 57+ and uMatrix ended up in my disabled list. In it’s place I’ve been using “No-Script Suite Lite (revived)”, it’s lite on resources, takes like two seconds to enable js, most often permanently, and I’m basically just using it as a javascript whitelist, mostly so that when visiting a new site (intentionally or not) js will be disabled, there are also a handful (surprisingly large handful) of sites I regularly visit that I’ve left js disabled because they work and look fine for my purposes.

      Even blocking js on new, unknown websites might be a little on the overkill side of things for some people since I use uBlock Origin to globally block 3rd party iframes and I use dozens of my own personal rules and filters. For example, some websites I have javascript enabled in No-Script Suite Lite but then have 3rd party js blocked with uBO or maybe just a specific individual script is blocked preventing auto playing video. On websites that I know are guilty of having inadvertently (maybe) distributed malware in the past, the odds of my enabling All javascript on those sites is Very slim. With the capability available in uBO it’s hard for me to feel like I’m missing out by not using uMatrix. or even NoScript Security Suite, which should not be confused with No-Script Suite Lite (revived), the latter is what I’m using.

      All that said, I feel very fortunate to have Mr. Hill developing both uBO and uMatrix!! I’m hoping somehow someway that the ad ecosystem gets cleaned up or at the very least doesn’t get worse than it is now so that I don’t feel like I need to resort to using something like uMatrix. I am much too lazy to have to do that!!

      1. Richard Allen said on November 28, 2017 at 6:21 pm
        Reply

        I forgot to mention my concern about at what point does the number of personal rules and filters that I’m using start to impact the performance and memory use of uBO. I’m already using dozens of MY Rules and MY Filters. I don’t know what the impact would be or if there is even any impact at all if I were to add another hundred or two rules. So… I’m just playing it safe a little bit.

      2. Richard Allen said on November 28, 2017 at 6:03 pm
        Reply

        I’m going to repeat myself because I edited my post in the last minute and it will probably be stuck in the Twilight Zone for a while. I know better and I still do it too often, a last minute edit. ;)

        Basically, I do Not want to Globally block w/uBO: inline, 1st party or 3rd party javascript and maybe most importantly I do Not want to visit a new website, no matter how I got there, with Any javascript enabled. Ease of use is extremely important, for me.

        You’re right, the exact same thing can be done with uBO. It just feels easier to me to let No-Script Suite Lite take care of globally blocking js instead of in the long run adding a hundred or two more rules in uBO.

      3. Richard Allen said on November 28, 2017 at 5:43 pm
        Reply

        Basically, I do Not want to Globally block w/uBO: inline,1st party or 3rd party javascript and maybe most importantly I do Not want to visit a new website, no matter how I got there, with Any javascript enabled. Ease of use is extremely important, for me.

      4. Tom Hawack said on November 28, 2017 at 5:26 pm
        Reply

        Hello Richard!
        I read you attentively as always. You mention the “No-Script Suite Lite (revived)” Firefox extension which “allows JavaScript (inline & external) to be executed only by trusted websites of your choice.” (as mentioned on AMO). But this feature is included in uBO with the ‘1st-party scripts’ setting. What is the advantage of adding an extension which performs the same thing as uBO?

    2. BM said on November 28, 2017 at 4:14 pm
      Reply

      Making a mountain out of a mole hill.

      uMatrix is easy for anyone with technical skills. For most use cases, uMatrix need only be set the first time a site is encountered, and the settings saved. Unless the website changes, this should suffice for all future encounters.

      One can either do this, or choose to invest their time with a wide array of filters and rules in uB O. I don’t bother with that, as I like the deny first approach of uM and the easy selectivity right at the browser.

      Agree that even with uB Origin, users needs some level of technical understanding to deal with any configuration settings outside of the default.

      Indeed, it is relative, as is the “efficiency ratio”.

      1. Tom Hawack said on November 28, 2017 at 4:33 pm
        Reply

        “uMatrix is easy for anyone with technical skills.” : that’s the montain!
        “Agree that even with uB Origin, users needs some level of technical understanding to deal with any configuration settings outside of the default.” : that’s the moll hill!

        You can choose (not you, BM, I’m talkin’ to ’em fellas lazier than I) flat grounds but where’s the pleasure with no effort?! Forget the pleasure, it’s privacy and security which are concerned! Bonus? Besides privacy and security, no ads and faster page rendering : now what would we say about that? I say : grrr, I should at least give uMatrix a try. Don’t whip me, that don’t help; rather share your experience with uMatrix, as BM does, with a smile and an Everest of encouragements : we need them :)

    3. Sophie said on November 28, 2017 at 11:44 am
      Reply

      @Tom – agreed too…..I have made use of a lot of filtering on uBO, my own as well as what’s on offer, and also export these to a NAS drive which my whole network picks up and Syncs with.

      To migrate those over to uMatrix, be uncertain how they will fit – what will work, what won’t , what might break….and then at the end of it, not even be sure if I have achieved much, these are the reasons I stick with uBO.

      If I had gone with iMatrix to begin with, I would be at that place of “maturity” with it, but as I see it, it just seems like life is too short, and the ability for it to break things perhaps just a little too great. Not its’ fault of course….only mine for not trying hard enough.

  20. Thorky said on November 28, 2017 at 10:42 am
    Reply

    The first thing you should do after installing uMatrix is:

    – click the small grey cogwheel in the upper left of uMatrix window
    – open My Rules
    – click Edit-Button below Temporary Rules on the right side of the page
    – add the term> * * script block <to the list
    – click Save
    – click Commit

    From now on, Scripts are blocked by standard like in NoScript! :)

    1. Kubrick said on January 22, 2018 at 9:34 pm
      Reply

      @thorky.
      thats pointless.
      you may as well just turn off javascript in the browser itself.

    2. Tom Hawack said on November 28, 2017 at 11:00 am
      Reply

      > “From now on, Scripts are blocked by standard like in NoScript! :)”
      And the per-site script authorizations’ madness as well! The number of sites which rely on scripts is a majority. Here with uBO I do block all scripts … from 3rd-party sites (as well as calling those very sites) but indeed that doesn’t protect from a given site’s own scripts : for those I rely on uBO’s filters. Sure, this policy is applicable with uMatrix I guess. But a too high granular protection can be terribly time consuming.

      1. Django said on November 29, 2017 at 3:26 pm
        Reply

        You can allow all first party scripts with uMatrix (NoScript too) by default if you want. With per-site permissions you can save your non-global rules without worry, which means you only have to setup rules once, not twice. (Like you do with a Windows per-application firewall)

        Many sites don’t need JavaScript, so if you allow CSS, images and frames to first party sites by default, you won’t need to tweak all sites even on first time visit. Maybe 50% ?

        If on top of that you also allow CSS and images globally for all sites except those blocked by filter lists, first time visits where you need to add permissions become rather infrequent.

         

        And with uMatrix (and NoScript), you don’t end up allowing more than you thought, unlike uBO. (I love uBO but I just have to defend uMatrix and NoScript because I don’t think it’s remotely true that uBO can replace either of them, its role is to run alongside one of them if security and privacy are the user’s priorities.)

  21. Hans said on November 28, 2017 at 10:39 am
    Reply

    What ist the effect of the the rule „* * frame block“? The frame column is coloured light red just like the (unblocked) script column for instance. I can’t see the difference.

    1. gorhill said on November 28, 2017 at 1:18 pm
      Reply

      * * frame block = “block all frames from everywhere” (starting from the scope where the rule exists).

      This will cause the header “frame” cell to be blacklisted (dark red). The higher precedence “frame” cells will inherit this block rule (pale red) by virtue of uMatrix rule-propagation logic.

      1. Hans said on November 28, 2017 at 3:19 pm
        Reply

        Now I got it, thank you!

  22. dd said on November 28, 2017 at 10:31 am
    Reply

    use a browser with lots of blocker stuff for regular use.. use another browser with less when it breaks. use edge for no filter when you can’t be bothered to figure out what gets what blocked

  23. Donkeyfumbler said on November 28, 2017 at 9:33 am
    Reply

    I’m really not entirely sure why there are two add-ins by the same developer that seem to do fairly much exactly the same thing.

    From what I can see UBlock, once you turn on advanced mode, does exactly the same kind of element filtering in exactly the same way, down to the light and dark colours. However it also has fairly extensive ad-blocking filter black lists that Umatrix doesn’t.

    From what I can tell then, the question is the other way round – why would I use umatrix when ublock does the same and more? Also, why does the dev not just combine the two into one add-in?

    1. Silver said on November 28, 2017 at 11:28 am
      Reply

      “From what I can tell then, the question is the other way round – why would I use umatrix when ublock does the same and more?”
      It’s the opposite. Why would I use ublock when umatrix does the same and more.

      That being said, like Sophie, umatrix is overkill. It’s very powerful but as a result, it’s very tedious for very little more protection. Therefore for most users, it’s better to just stick with ublock in advanced mode. However, for the power users who like minute control over everything as well as knowing exactly how many images, scripts, and more are loaded from which domain, umatrix is perfect for that. But for me? Not my cup of tea.

      1. Silver said on November 29, 2017 at 12:08 am
        Reply

        @ Donkeyfumbler
        One thing is uMatrix shows exactly what type of resource and how many of these resources are being loaded from which domain. Basically if a 3rd party frame is loaded, uMatrix shows the domain of that 3rd party frame. uBlock does not do that or makes it very hard to find out. In other words, uBlock simply tells you nothing about what resources are being loaded unless you decided to block them which uBlock will show something like “18 or 81%” resources blocked from loading. uMatrix tells you exactly how many resources were blocked, where it’s coming from (the domain), and what type is the resource. All these information is given whether you blocked the resources or not. That gives you a lot more info in helping you modify your lists and filter for certain sites.

        uMatrix then allows you fine control over those resources from different domains. For example, what if I don’t want to block all 3rd party scripts? Only certain ones? Basically like I said, uMatrix gives you granular control. And that’s very likely the very reason why the author did not combine the two. If you give uBlock that much granular control, it’s too much for most users. Instead, the author separate this fine granular control into uMatrix and the “coarse” control in uBlock. For most users, uBlock is good enough. For the users that are anal about over every resource type and where it’s coming from, they have uMatrix.

        People saying uMatrix is more powerful does not take anything away from uBlock so I honestly don’t know why you are so worried over it. Who cares if a Ferrari is more powerful than a minivan if all I want to do is have enough space to carry my groceries. Something being more powerful does not mean it’s the best at everything.

      2. Donkeyfumbler said on November 28, 2017 at 11:48 am
        Reply

        As I said Ublock has the filtering lists that Umatrix lacks, but the script and content blocking is fairly much the same on either product. Unless you really need those extra privacy options (and really don’t like cookies), why then choose umatrix over ublock? Lots of people saying it’s ‘more powerful’ but failing to show how that’s actually the case.

    2. Sophie said on November 28, 2017 at 10:15 am
      Reply

      I found when I tried Umatrix, (being already a UBO user, with extensive use of UBO), that Umatrix seemed almost overkill. I would be happy with the learning curve, as I like to understand as much as possible, but I found that it needed too much management and broke too many things. To be honest, everything went fairly haywire.

      Granted that all this would settle down once you managed it properly, so this is in no way the fault of Umatrix, I simply reached the conclusion that UBO was more than sufficient. Big thanks to the developer though, pretty much nothing to touch his extensions.

      1. BM said on December 10, 2017 at 12:11 am
        Reply

        Just noticed that the extension called uBlock Origin Protection is now called Nano Defender. FYI

      2. BM said on November 28, 2017 at 3:59 pm
        Reply

        Depends on your use case. If you do a lot of research online (i.e. need to visit multiple sites over time vs visit a limited number of sites), you get to have a very good feel for which hostnames to allow, and which to remain blocked.

        Where things go “haywire” are websites that require some element (usually a script) that is only available after authorizing a hard blocked (dark red) hostname’s script (i.e. a script that is flagged within one of the lists). That required one will not be present until the prerequisite is authorized.

        Figuring this out is problematic, to say the least. If the site is important enough, sometimes I turn off uMatrix, and sometimes even uB Origin too. Sometimes that is not even enough. If site is “crucial” and reached this point, then it is on to (rarely used) Edge. Otherwise, I abandon that site.

        We use two additional Chrome extensions to help: uB Origin Extra and uB Origin Protection. The latter helps greatly with websites that block adblockers, usually with another page or an overlay that obscures content.

        Overall, having more difficulties with sites that block VPN access than with using Gorhill’s tools.

  24. Mike said on November 28, 2017 at 9:21 am
    Reply

    I’ve always wondered this but if you install uMatrix, is uBlock Origin not necessary anymore? Can uMatrix do everything that uBlock does but better?

    1. Django said on November 29, 2017 at 3:10 pm
      Reply

      uBO is a second line of defence. uMatrix replaces advantageously the dynamic filtering part of uBO, but the static filtering part remains. If you allow YouTube embedded videos on Ghacks through dynamic filtering, static filtering will ensure that YouTube tracking scripts and ads will remain blocked.

      uBO has dynamic filtering but it’s limited and I can find no satisfying way to use it, so ultimately I always have to install uMatrix and defer ALL dynamic filtering to it.

      The downside is that uBO can’t inject neutered scripts any more, those help in keeping site functionality intact when they are coded poorly enough to break without, say, Google Analytics.

      I wish uBO and uMatrix were more readily compatible and made to work with each other. I don’t see a point in using uMatrix without an adblocker, and uBO’s dynamic filtering doesn’t cut it for me. IMO uMatrix UI is also infinitely more appropriate when what the user wants is a clear view of what’s going on.

    2. Cloudman said on November 28, 2017 at 1:51 pm
      Reply

      uMatrix doesn’t have esthetic filters.

      1. BM said on November 28, 2017 at 3:30 pm
        Reply

        Agree. The eyedropper tool (element picker) is a big reason we have both installed. There are other reasons, I have since forgotten, but I think one reason had to do with lists unique to uB Origin not available in uMatrix. (Edit: I see Donkeyfumbler below mentions this).

        uMatrix is a PITA if one uses a virtual/sandbox environment, as the settings cannot be easily saved. However, the extra level of protection is still worth it, IMHO.

  25. yikes said on November 28, 2017 at 8:49 am
    Reply

    Can anyone explain the little triangles in the top left corner of some of the squares?

    1. Martin Brinkmann said on November 28, 2017 at 9:05 am
      Reply

      Green triangle on light red cell: permanently whitelisted cell that is temporarily graylisted (anything from hostname will be blocked, but the main frame).

      Green triangle on dark red cell: permanently whitelisted cell that is blacklisted temporarily.

  26. uMatrix fan said on November 28, 2017 at 7:51 am
    Reply

    A good configuration for uMatrix for both privacy and convenience is to allow all except (or not) frames, block all scripts.
    For convenience, when pages break, just allow all parties temporarily.
    uMatrix cannot block scripts independently from host names, you can use uBlock Origin for that.

    1. Millenicide said on December 4, 2017 at 5:47 pm
      Reply

      “uMatrix cannot block scripts independently from host names, you can use uBlock Origin for that.”
      Can you please explain this in more detail. :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.