Recent changes to this guide are listed at the end of the document.
Introduction
First and foremost, use only uBlock Origin (uBO) by Raymond 'gorhill' Hill (here's the uBlock Origin page on the Firefox Add-ons website). While there may be some legitimate forks, there are also many ripoffs out there, including one named 'uBlock', and i would highly recommend avoiding them.
uBlock Origin is not simply an ad blocker, rather it is a powerful content filter, similar to a firewall, that is capable of both dynamic and static filtering. In addition to blocking annoying content such as ads, it can also dynamically block JavaScript, frames, images, 3rd party fonts and more, all of which help to prevent tracking and malware.
Working with uBO requires an understanding of static and dynamic filtering. Static filters are filter rules which are provided by the authors of the various filter lists. Essentially you have no control over static filters; you either enable a filter list, or you don't. Static filters attempt to block content like ads, malware, tracking technologies, annoyances and more. The static filter lists are enabled from the 'Filter lists' tab of the uBO dashboard. Dynamic filters are controlled from the pop-up interface when you click the uBO toolbar icon. Here you can create temporary or permanent filter rules to dynamically control the loading of images, JavaScript and frames on a global or per-domain basis. Dynamic filtering only becomes available after enabling the 'I am and advanced user' option in the uBO settings and it is crucial to read the uBO wiki before doing so.
Following are my personal preferences for setting up uBlock Origin. There are no "best" settings since every use case is different, however i like to think they are generally sensible settings to start with. The configurations in the 2nd and 3rd columns of the table are intended to be used with the The Firefox Privacy Guide For Dummies! and the Firefox Configuration Guide for Privacy Freaks and Performance Buffs, respectively. In the former case the advanced mode option is disabled because i thought it might be too overwhelming for followers of the 'dummy' guide.
Regardless of which guide you are following, it is essential that you read the uBlock wiki with the exception of the Advanced-user-features section if uBO's advanced mode will not be enabled. If you are not following either guide i would suggest enabling the advanced mode option in order to leverage its dynamic filtering capability, as well as reading the Advanced-user-features section of the wiki.
Once uBO is installed, click its toolbar icon to reveal its popup user interface, then click the little sliders icon to reveal the "secret" Dashboard (i say "secret" because apparently some users don't know it exists). Following are the settings i recommend:
'Settings' tab
Settings not shown here are optional.
| Setting name |
'Dummy' guide settings |
Advanced guide settings |
| Hide placeholders of blocked elements 1 | disabled | optional |
| Show the number of blocked requests on the icon | enabled | enabled |
| Disable tooltips | disabled | optional |
| I am an advanced user 2 | disabled | enabled |
| Privacy: | ||
| Disable pre-fetching | enabled | enabled |
| Disable hyperlink auditing | enabled | enabled |
| Block CSP reports | enabled | enabled |
| Uncloak canonical names | enabled | enabled |
| Default behavior: | ||
| Disable cosmetic filtering | enabled | enabled |
| Block media elements larger than [50] KB | disabled | optional |
| Block remote fonts 3 | disabled | disabled |
| Disable JavaScript 4 | enabled | optional |
Footnotes
1 - If you are new to uBO and content filtering, you should probably not enable this option. Leaving this option disabled will sometimes provide a visual indication when something is blocked in the form of a placeholder where the object was, thus letting you know that something was blocked.
2 - This option may be enabled only after reading the Advanced user features section of the uBO wiki.
3 - Instead of blocking remote fonts globally and then allowing them per-site, you can automatically allow all 1st party fonts while blocking only 3rd party fonts. See the 'My filters tab' section below for more information. Novice users, or those that simply don't want to fool with filters for unblocking a 3rd party font needed for a given domain, may find it easier to set this to 'enabled' and then allow all remote fonts (1st and 3rd party) as needed from the uBO Dashboard.
4 - Enabling this option disables JavaScript globally by default and causes uBO to honor <noscript> HTML tags. A potential problem with this is that some page elements that might have been displayed had the <noscript> tags been ignored, may not display when this option is enabled. On the flip side, some websites may display a JavaScript disabled warning message which can be beneficial for novices. Also see Display website content hidden by JavaScript. For anyone concerned with their on-line privacy, JavaScript must be disabled globally, then allowed only for the websites where the functionality it provides is necessary. If you are following the advanced guide then you can either enable the 'Disable JavaScript' master switch in uBlock's settings, or block inline, 1st party and 3rd party scripts from the uBlock toolbar popup.
'Filter Lists' tab
A bit more thought went into the following recommendations than you may realize. For example, some filter lists are wholly or partially included in other lists, therefore one needs to consider how they interact with each other. You can discover this yourself by referring to the documentation for each list or simply reading its description which is often included within the list and accessible by clicking the 'eye' (view content) icon.
| Filter lists: | |
| Auto-update filter lists | enabled |
| Suspend network activity until all filter lists are loaded | enabled |
| Parse and enforce cosmetic filters | optional |
| Ignore generic cosmetic filters | enabled |
| Network filters: | |
| My filters | enabled |
| Built-in: | |
| uBlock filters - Ads | enabled |
| uBlock filters – Badware risks | enabled 1 |
| uBlock filters – Privacy | enabled |
| uBlock filters - Quick fixes | enabled |
| uBlock filters – Resource abuse | enabled |
| uBlock filters – Unbreak | enabled |
| Ads: | |
| AdGuard Ads | disabled |
| AdGuard Mobile Ads | disabled |
| EasyList | enabled |
| Privacy: | |
| AdGuard Tracking Protection | disabled |
| AdGuard URL Tracking Protection | disabled |
| Block Outsider Intrusion into LAN | enabled |
| EasyPrivacy | enabled |
| Malware domains: | |
| Online Malicious URL Blocklist | enabled |
| Phishing URL Blocklist | enabled |
| PUP Domains Blocklist | enabled |
| Annoyances: | |
| AdGuard - Cookie Notices | optional 2 |
| AdGuard - Mobile App Banners | optional |
| AdGuard - Other Annoyances |
optional |
| AdGuard - Popup Overlays |
optional |
| AdGuard - Social Media | optional |
| AdGuard - Widgets | optional |
| EasyList - Chat Widgets |
optional |
| EasyList - Cookie Notices | optional 2 |
| EasyList - Newsletter Notices | optional |
| EasyList - Notifications |
optional |
| EasyList - Other Annoyances |
optional |
| EasyList - Social Widgets | optional |
| Fanboy - Anti-Facebook | optional |
| uBlock filters – Annoyances | enabled |
| Multipurpose: | |
| Dan Pollock’s hosts file | optional |
| Peter Lowe’s Ad and tracking server list | optional |
| Custom: | |
| Actually Legitimate URL Shortener Tool 3 | https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt |
| Bypass Paywalls Clean filter (optional) | https://gitlab.com/magnolia1234/bypass-paywalls-clean-filters/-/raw/main/bpc-paywall-filter.txt |
Footnotes
1 - Optional for Linux users, highly suggested for non-savvy Windows users
2 - Enabling one of these lists will hide a lot of those idiotic cookie notices however Firefox v115 will apparently offer an option to block a lot of these notices, possibly eliminating the need for a filter list.
3 - Removes tracking parameters from URLs. This list replaces the basic functionality of the Clear URLs add-on, ClearURLs for uBo filter list and the AdGuard URL Tracking Protection filter list.
Don't worry about the 'Regions, languages' section unless you browse sites in languages other than English in which case you'll want to enable those languages.
There are millions of additional filter lists available for uBO, however i strongly advise you to be very careful about what ones you add, if any. In my experience the default filter lists offered by uBO are quite sufficient for general web browsing and adding more will use more memory, slow things down and potentially cause more conflicts and breakages.
'My filters' tab
You might wish to disable the 'Block remote fonts' option on the 'Settings' tab add the following to the 'My filters' settings instead. Depending on which line you uncomment (remove the ! ) you can allow all 1st party fonts while blocking all 3rd party fonts, or block all 3rd party fonts except for a single domain, or block all 3rd party fonts except for multiple domains. As written, the code below will allow all 1st party fonts while blocking all 3rd party fonts. All lines beginning with ! are comments and are not read by uBO. Only uncomment one line.
! >>> UNCOMMENT ONLY ONE LINE AND EDIT IT AS NECESSARY <<< ! uncomment the line below to allow 1st party fonts + block 3rd party fonts (default): *$font,third-party ! uncomment the line below to allow 1st party fonts + allow 3rd party fonts for a single domain (example.com): !*$font,third-party,domain=~example.com ! uncomment the line below to allow 1st party fonts + allow 3rd party fonts for multiple domains: !*$font,third-party,domain=~example.com|~example2.net
'My rules' tab settings
If you are following the Firefox Configuration Guide for Privacy Freaks and Performance Buffs or otherwise using uBO on its own, and you have enabled the 'I am an advanced user' setting, you can optionally replace the default behind-the-scene rules on the 'My rules' tab with the the following, however understand that these filters can break some websites for which you may need to add exceptions by using uBlock's logger feature:
no-large-media: behind-the-scene true behind-the-scene * 1p-script block behind-the-scene * 3p block behind-the-scene * 3p-frame block behind-the-scene * 3p-script block behind-the-scene * image block behind-the-scene * inline-script block
If you are using the LocalCDN add-on you will need to add some rules to the 'My Rules' tab in the uBO Dashboard. The rules can be found in the preferences section of the LocalCDN add-on from where you will copy the rules specific to uBlock and paste them on a new, blank line in the 'Temporary rules' section of the 'My Rules' tab. Make sure to save and commit the change. When adding the rules, be sure to remove any conflicting rules for the same domains if there are any (there won't be if you're starting fresh).
Dynamic filtering
If you are running uBO with its 'I am an advanced user' option enabled in order to activate dynamic filtering, i recommend setting the following rules in the 'Global rules' column of the popup interface:
If you decide to block '3rd-party' (all 3rd party content) globally, uBO will not be able to update its filter lists until you create a 'noop' rule for the Filter Lists settings page which you can do from the dashboard pop-up interface while viewing the Filter Lists page.
Recent changes
8-Jun-2023
- lots of changes and corrections in the 'Filter Lists tab' section
- more updates to the 'Filter Lists tab' section after i purged the caches and pulled in the new lists
Comments
Note that both reader and my comments, while they may have been accurate at the time, might not be inaccurate today. This is a highly dynamic environment so please verify the accuracy of a comment should you wish to utilize it. Failing that, ask me and i'll give it a crack.
Should I add those dynamic filtering rules if I’m using uBlock in conjuction with uMatrix?
well, you only need one to do dynamic filtering and if you’re using both uBO and uM, then i’d suggest using uM for the dynamic rules since it’s more granular and, IMO, easier to use
Fanboy’s Enhanced Tracking List and Malvertising filter list by Disconnect had problem to updated and there were 0. I went on the Fanboys site and add to Ubo and it works now under “Custom” and the same with Disconnect which I have a link in “Custom” to raw.githubuser….
unless you have/had the domain blocked for some reason, you should not have to do anything to uBO to d/l those lists – i suspect it may have been a temp network issue???
to find out, remove whatever rule(s) you added, then in the filter lists tab click the icon at the end of those specific list items to force an update – let us know the result
note also that these list servers may well have a firewall in place to prevent abuse (downloading too many times by same IP), so just test once
Thank you but it doesn’t works. I did remove uBO and add it again. I did settings from your site and again the same problem. I try to install uBO prerelease but Firefox doesn’t allow me.
I did remove Firefox and compile the new one, install and setup all addons what I have before and uBO too and everything works now.
The Decentraleyes wiki says that after adding the rules to uBO you have to enable the option “Block requests from missing resources” but I noticed that this breaks a lot of sites and I have to manually whitelist them. Is enabling this option necessary for the rules to work? Or is it safe to leave it unchecked? Also, those rules are from 2018, aren’t they outdated? Sorry to ask this on your page but you’re my only hope.
i do not believe that strict blocking is necessary, but i just emailed him to ask – i’ll leave another reply when i hear back
Hi!
I did enabled javascript on browserleaks.com site and it detected uBlock Origin filters. I did read about this and I try by myself.
What is your opinion, please?
Thank you.
is this settings still recomended in mobile?
i don’t use the mobile version of FF so i really can’t say
May I ask what browser you use on mobile?
I currently use Firefox on Android, is there any specific reason that you do not use Firefox?
i rarely browse the web on mobile, but i use Privacy Browser when i do – it’s a lot lighter than Firefox and it serves my needs well, plus with privacy built-in by default i don’t have to worry about complex configurations
we dont need easylist cookie cuz Fanboy’s Annoyance alredy inclouds that list
thanks for letting me know – that’s another correction added to my list :)
*$font,third-party could be *$font,3p not important but looks nicer
agreed – i updated the example
uBlock Origin v1.25.2 does not ship “Adblock Warning Removal List”; you should consider updating the recommended settings list.
done – thank you!
I’ve noticed, that when I disable javascript and check Decentraleyes’ testing utility, I’m told that Decentraleyes does not work.
Do you know about any solution?
I never chose to block js overall ( it breaks too many sites, and I dont use umatrix for granularity. I’, not that smart) untill the option recently occured as a toggle on/off in UblockOrigin).
hi Jane – the test page for Decentraleyes requires JS to function
also you might want to consider replacing Decentraleyes with LocalCDN – i’ll point you to my extensions page where you’ll find a link and which may be of interest to you
and yes, blocking JS will break a lot of websites as you’ve discovered, however understand that enabling it has a huge effect on privacy – i assume you’re using uBlock O though and toggling JS per domain?
Thank you for your advice.
I will definitely try out LocalCDN.
just to make things clear: Decentraleyes do work with js blocked by uBlock Origin?
it’s just the testsite that doesn’t?
I do know about the huge impact on privacy ; but dealing with js in detail is way out of my league.
toggling js via uBlock per domain is the easiest way for me.
I do block 3rd-party, 3rd-party scripts and 3rd-party frames globally however but naturally often need to adjust per site.
I have also checkmarked adguard social media-, anti facebook- & fanboys social list.
> Decentraleyes do work with js blocked by uBlock Origin?
that depends…
Decentraleyes provides local copies of common scripts hosted on CDNs, so if you disable JS globally, for example, without adding he filters that Decentraleyes/LocalCDN makes available for uBO (or uMatrix if you use it) then no scripts will run regardless of whether they’re provided by Decentraleyes/LocalCDN or a CDN
so i think the answer you’re looking for is ‘yes’, Decentraleyes/LocalCDN works with JS disabled globally via uBO, uM, FF prefs, etc., AS LONG AS you’ve added the necessary filters to uBO/uM
let me know if that makes sense to you
it certainly makes sense. I did not really get it untill your explanation. I downloaded Decentraleyes way back, but never changed any of the settings.
I recently read about the need for a copied list but when I took a look at the “my rule” section: no edit button to be seen.
I’ve therefore chosen to 1:reset the settings of uBlock Origin
2:remove my extensions (5 all together)
3: restart FF and do a re-installation starting with uBlock.
I downloaded Local CDN instead of Decentraleyes.
the situation right now : I managed to copy and paste and save those list BUT I’m not sure I succeeded ( I worry about the missing edit button and the fact, that in spite of not checkmarking “I’m an advanced user” I was still allowed to save those list.
I took a screeshot, but I dont know how to copy it to this comment section?
Besides : should I enable “Block requests for missing resources”?
ok, i’m not sure what’s going on (missing edit button???) so i’ll lay out the whole process…
1. open the add-on manager (or enter about:addons in the address bar)
2. click the ‘preferences’ button for LocalCDN
3. in the page that opens, at the very bottom, there are checkboxes for uBlock and uMatrix – i understand you’re using only uBlock, so click the uBlock checkbox and copy the filter rules
4. click the uBlock icon on your toolbar, then the settings (open dashboard) icon
5. click the ‘my rules’ tab
6. on the right side, in the temporary rules section, click at the beginning of any of the lines and press enter to create a new blank line
7. click to move the caret (the blinking cursor) to the new line, then paste the filter rules you copied from LocalCDN
8. click the ‘save’ button, then the ‘commit’ button
done
> should I enable “Block requests for missing resources”?
that’s up to you – if you enable that and then come across a website that uses an external library which is not included with LocalCDN (and you likely will), the site may not function properly
enabled: better privacy, more web breakage
disabled: slightly compromised privacy, no web breakage
you seem new to all this so i would suggest leaving it disabled
Thank you so much for your tutorial. I really appreciate.
fortunately it turns out, that I actually did make the exact same steps on my own.
what still puzzles me is that the *icon in front of each domain listed is transferred as well?
did I make a mistake or is everything fine?
I’m really sorry to bother you this much
and yes:
I will definitely not checkmark “Block requests for missing resource”
that’s an asterik (
*), not an icon – it is used as a wildcard that matches all domains, and yes, that must be copied to the uBO ‘my rules’ tab – here’s the full code from LocalCDN v2.1.13:* ajax.googleapis.com * noop* ajax.aspnetcdn.com * noop
* ajax.microsoft.com * noop
* cdnjs.cloudflare.com * noop
* code.jquery.com * noop
* cdn.jsdelivr.net * noop
* yastatic.net * noop
* yandex.st * noop
* apps.bdimg.com * noop
* libs.baidu.com * noop
* cdn.staticfile.org * noop
* cdn.bootcss.com * noop
* mat1.gtimg.com * noop
* lib.baomitu.com * noop
* lib.sinaapp.com * noop
* upcdn.b0.upaiyun.com * noop
* stackpath.bootstrapcdn.com * noop
* maxcdn.bootstrapcdn.com * noop
* netdna.bootstrapcdn.com * noop
* use.fontawesome.com * noop
* ajax.cloudflare.com * noop
* akamai-webcdn.kgstatic.net * noop
* sdn.geekzu.org * noop
* ajax.proxy.ustclug.org * noop
* unpkg.com * noop
I sent you a big “thank you” right after your latest reply.
It apparently vanished, so once again:
thank you so much.
I hope not to bother you again in a looong time ;-)
thank you for your thank you :)
and please don’t think you’re being a bother – not at all
Hi 12Bytes ! Please I need your help. I did what you said, but it still have this message : The test resource could not be fetched locally or remotely. LocalCDN is not working as intended.
Can you help me ?
Thanks !
i assume the error you mention is from the LocalCDN test page???
if so, did you enable JS for the page?
JS is on.
Is there any other add-on or mozilla configuration which may interact with LocalCDN ?
I use uBlock, Nano Defender, ClearURLs, PrivacyBadger, Cookies auto-delete, Idon’tcareaboutcookies and HTTPS Everywhere.
Thank you by advance !
disable the other add-ons and check again – if that fails, see sections 6.3 and 6.5 here
I found the problem -> Privacy Badger -> I reinitialized it and it was ok !
Thanks for your support !
PS : wonderful website to know more about privacy, thank you for your works !
Hallo! The “Malvertising filter list by Disconnect” in the “Malware domains” section has been discontinued (see https://github.com/uBlockOrigin/uBlock-issues/issues/973), as has the “hpHosts’ Ad and tracking servers” in the “Multipurpose” section (see https://github.com/uBlockOrigin/uBlock-issues/issues/971).
thanks for catching that! – i updated the guide accordingly
Hi
I have a couple of questions:
1:would blocking font.googleapis.com
raise entropy?
I do not block remote fonts due to the issue with CSP
2: what about blocking s3.amazonaws.com?
re: #1 – far as i know google uses data in their fonts to be able to track and/or fingerprint the browser – as far as raising entropy, i would guess that blocking font.googleapis.com may raise entropy, but that may depend on whether JS is enabled – i really don’t know
if you want to block 3rd party fonts whilst allowing 1st party and avoid the CSP issue (and some of the CSP issue will be addressed in FF 77 btw), you can add this to the ‘my filters’ section of uBO:
! fonts: the following line will allow 1st party fonts globally while blocking all 3rd party fonts:*$font,3p
! to allow 3rd party fonts per domain:
! *$font,3p,domain=~example.com
! to allow 3rd party fonts for additional domains:
! *$font,3p,domain=~example.com|~example2.com
i’m pretty sure that avoids the CSP issue which could otherwise be a problem if you enabled ‘Block remote fonts’ in uBO settings, though i’m not entirely positive
re: #2 – if you’re asking whether blocking s3.amazonaws.com would raise entropy, i don’t know, but i look at it a little differently: who would you rather have fingerprint the browser, amazon or the website you’re visiting? personally i block 3rd parties like amazon when and where i can … same goes for fonts
thank you for your advice
and nice to know about FF 77 addressing the CSP issue.
Just curious, in your recommended ‘My Rules tab settings’, doesn’t the 3rd line:
‘behind-the-scene * * block’
automatically includes all of the following lines (because of the asterisk), or am I missing something?
I’m also looking for some advice. You suggested using uMatrix with uBlockOrigin, but as far as I know, you can do something like this in uBlockOrigin:
*
https://www.gstatic.com/recaptcha/ script noopjust as an example of allowing captchas globally, but you can’t do the same thing in uMatrix without allowing all scripts from gstatic.com (potentially have to allow google.com as well globally). Or is there a way around this?
Thanks a lot.
you’re correct –
behind-the-scene * * blockblocks all behind the scenes requests by default so there’s no need to add the additional rulesfurthermore, there’s no need to do anything to the ‘My rules’ settings unless one has enabled advanced mode which should only be done if one is not using uMatrix to control dynamic filtering
i updated the ‘My Rules tab settings’ section accordingly – thanks for pointing this out
regarding your reCAPTCHA example, if you try adding that rule to the uBO rules you’ll find it will be colored in red instead of black because the rule is invalid – you cannot include the protocol, http://, nor a path, /recaptcha/ – see: Dynamic filtering: rule syntax
so your example would have to be rewritten to something like
* www.gstatic.com script noopwhich would allow scripts from http://www.gstatic.com to run everywhere that resource is used, whether the resource is a CAPTCHA or notas for using uBO and uM together, while you can manually add advanced rules in uBO, there are 2 issues to be aware of: 1) uBO is not capable of performing all of the filtering that uM is, such as filtering ‘other’ requests (requests not fitting into any other category) and 2) adding rules manually is probably more difficult/slower than using the pop-up UI – if you’re going to use both uBO and uM, i suggest using uBO for static filtering only (ads and such – the filter lists – advanced mode disabled) and uM for dynamic filtering with all static filter lists disabled
Thank you for your reply. I’m not the familiar with uBO, but this is the feature I’m talking about: https://github.com/gorhill/uBlock/wiki/Dynamic-URL-filtering. I have these two rules in uBO:
*
https://recaptcha.net/recaptcha/api.js script noop*
https://www.gstatic.com/recaptcha/ script noopwhich I’ve simply added via the logger.
I was trying to add uM along with my existing uBO setup (I followed your guide above), but the dynamic url filtering in uBO seems too good (in terms of being specific and globally applicable) to not use it. Any ideas?
this is interesting – i didn’t know uBO had this capability – frankly, you know more about this than i do so i can’t really help you – i’ve been looking for an excuse to dump uM and this may be it but i have some reading to do
Thank you anyways for the time and the guide, it’s been a great help!
I just want to let you know that the malware domain filters have been made obsolete and replaced with the filter “Malicious URL Blocklist”. Also, “Blocking Web Fonts for Speed and Privacy” link suggests using fanboys font filter in place of blocking all 3rd party fonts, though I’m not sure how useful this would be if you have “use_document_fonts” set to 0 with the enable fonts extension. Ghacks wiki also suggested the following custom filters:
! 1x1pixel clear images on startpage.com
||startpage.com/do/*$image,important
||startpage.com/english/*$image,important
||startpage.com/tst2/*$image,important
*$csp=worker-src ‘none’
! @@||example.org^$csp=worker-src ‘none’
The upper set blocks what appear to be invisible tracking images on startpage and the lower allows uBlock users to turn off web works without uMatrix; the second line adds exceptions.
thanks for telling me about the filter list change :)
i had a chat with Startpage about these 1px GIFs and here’s what they said – so i think i’ll leave this alone for now
i’m hesitant to add the workers filter stuff because uBO doesn’t have a UI option/icon to override or a method to inform that workers are blocked, whereas uM does – i figure that many people using uBO are not too tech savvy and blindly adding the filter can break pages and they won’t know why – i do thank you for mentioning it however
Thank you for writing this wonderful and useful article, 12Bytes & co. I’ve saved the URL in a wordpad document and expect to return to this time and time again, especially after every bi-annual W10 update. That said, I do have some questions I’m hoping you would clarify.
1) Why do you recommend disabling Javascript for “Dummies” (uBlock Origin ‘easy moder’ users likes myself)? As I understand it, disabling Javascript breaks most websites/portals or renders them entirely unusable (such as YouTube). I haven’t experienced this myself, as I’m far too afraid to disable Javascript (which is also a built-in feature with Google’s Chrome browser). If a user does not wish to disable Javascript, out of concerns about breakage and not knowing what is causing sites to break, is there an alternative (even “dumber”) route you would recommend?
2) Why do you recommend disabling cosmetic filters/filtering?
3) Why do you instruct enabling “Disable cosmetic filtering” from the ‘Settings’ tab and then going into the next tab (‘Filters List’) to disable “Parse and enforce cosmetic filters” and enable “Ignore generic cosmetic filters”? That doesn’t make sense to me. I would think that “Disable cosmetic filtering” would suffice and render both “Parse and enforce cosmetic filters” + “Ignore generic cosmetic filters” options moot. Since “Disable cosmetic filtering” would override both of those options, whether or not they are enabled/disabled. It seems like an unnecessary step to recommend that creates an internal conflict within uBlock Origin.
thanks much for the kind words :)
> Why do you recommend disabling Javascript …
my Firefox config guides are centered around privacy first and foremost, so if privacy is something you’re concerned with, then JavaScript (JS) pretty much needs to be disabled globally because it is the number one technology that websites use to fingerprint your browser and track your browsing activities, and thus profile you as a human being
> … I’m far too afraid to disable Javascript (which is also a built-in feature with Google’s Chrome browser)
JS has been around a very long time and every single mainstream web browser supports it
i’m curious as to why you would be ‘afraid’ to disable JS – you’re not breaking your browser or OS by doing so, rather you’re ‘breaking’ the web page which you shouldn’t care about in the least – it’s YOUR choice as to how YOU want to consume content, not theirs
if you’re concerned at all about privacy, you should absolutely not be afraid to disable JS – yes, disabling JS will certainly break a lot of websites, but not all, and for those that do break you can always re-enable it if you decide the risk to your privacy is worth the benefit – using an extension like uBlock Origin or uMatrix (both by the same developer) makes it very easy to disable JS globally and then enable it ONLY WHERE YOU YOU NEED IT
i’d highly suggest reading my guide, The Firefox Privacy Guide for Dummies!, particularly the section, Training the Foxineer
> If a user does not wish to disable Javascript, out of concerns about breakage and not knowing what is causing sites to break, is there an alternative (even “dumber”) route you would recommend?
personally i can’t imagine, for myself, not disabling JS globally, but if you didn’t want to do that than i would recommend a VPN at the very least, though i would recommend a VPN regardless – a VPN by itself is not enough however if your concern is privacy – there are also some browser preferences that need to be changed
> Why do you recommend disabling cosmetic filters/filtering?
efficiency and nothing more – cosmetic filtering adds overhead (CPU usage) that isn’t worth the benefit IMO – most obnoxious bullshit (most ads, tracking, fingerprinting etc.) are mitigated without enabling cosmetic filtering, plus there is no privacy benefit to cosmetic filtering since it is exactly that; cosmetic (it doesn’t prevent the browser from fetching the content, it only hides it from your view) – that said, if you’re sufficiently annoyed by stuff that gets through the filter lists, by all means, use cosmetic filtering (note also that cosmetic filtering can be applied to your personal filters AND/OR cosmetic filters included in the filter lists)
also cosmetic filtering can sometimes hide stuff that shouldn’t be hidden
if you want to enable cosmetic filtering, feel free – if you want to use the element hiding capability of uBO, it depends on cosmetic filters being enabled
> Why do you instruct enabling “Disable cosmetic filtering” from the ‘Settings’ tab and then going into the next tab (‘Filters List’) to disable “Parse and enforce cosmetic filters” and enable “Ignore generic cosmetic filters”?
good question – i never tested if disabling this on the ‘settings’ page is enough and the uBO wiki doesn’t seem to explain itsee Josh’s reply below and my reply to his
Thanks for the response, 12bytes & team. Since posting this, I’ve been doing some testing. There is absolutely no reason or need to activate “Ignore generic cosmetic filters” if “Disable cosmetic filtering” is selected. Going into the “Filters” to disable “Parse and enforce cosmetic filters” and enable “Ignore generic cosmetic filters” is an unnecessary extra step. It is enough to simply select “Disable cosmetic filtering” from the Settings menu and disable “Parse and enforce” from the Filters menu. No need to bother with or touch the “Ignore generic” option, which is disabled by default. In either case, going the extra step or not, the Filters tab will say “+ 0 cosmetic filters from”.
Selecting “Disable cosmetic filtering” in the Settings tab and deselecting “Parse and enforce cosmetic filters” is enough. The “Ignore generic cosmetic filters” option seems to be there for advanced users who know how to enforce cosmetic filters on specific domains/sites, but (for whatever reason) doesn’t want the same cosmetic filtering applied everywhere. Like, if someone doesn’t want to see a Facebook or Twitter social media button at one specific website, but wants to see those social media buttons everywhere else.
Anyway, since you’ve said that cosmetic filtering offers no privacy benefits and only hides elements from view (while not preventing those elements from loading onto the network in the first place), I’ve disabled cosmetic filtering completely. From my standpoint, it is useless for the very reasons you’ve stated. Hiding garbage from my view doesn’t address the root problem.
i’m not sure either of us is understanding these settings entirely – let me know what you think…
‘Disable cosmetic filtering’ (settings tab) is a master switch that controls cosmetic filters created by the user AND those in the filter lists, so, if i only wanted MY filters to work, then ‘Parse and enforce cosmetic filters’ (filters list tab) has to be disabled
and so i’m inclined to keep the suggested settings as they are
If that’s the case, I don’t understand what the meaning or purpose of “Ignore generic cosmetic filters” is. I found this site because I was searching for a user friendly, easy to navigate (honestly, this isn’t quantum mechanics or Hegelian dialectics or space rocketry or multivariable calculus, this should not be so esoteric) guide to using uBlock Origin. Before you responded with an explanation of “cosmetic filtering”, I’d never found any sort of explanation of what it is and why it should or shouldn’t be used. Previously, all I found were a couple mentions of the cosmetic filterings options on Reddit, usually posed as a query, without any explanation of them.
But it seems you’ve changed the guide again. You removed the section on how to block 3rd party fonts as well as the footnote in section 2 (‘Settings’ tab setting) indicating that this would be covered as an alternative to the nuclear option (blocking all remote fonts). May I ask why you removed this?
12bytes says: the following is not necessary – see my reply to this comment.
For anyone who wants instructions on this, please see: https://collinmbarrett.com/block-web-fonts/ and follow the instructions under ‘Strict Scheme: Allow Only First-Party (Recommended)’ to disable third party fonts globally.
> I don’t understand what the meaning or purpose of “Ignore generic cosmetic filters” is.
did you mouse over the little question mark at the end of that option?
> But it seems you’ve changed the guide again.
the method that i was recommending to block 3rd party fonts was based on a Firefox bug that involved HTTP headers – that bug was fixed somewhere around v80 but i never updated this guide – as a result of the bug being fixed, you can now use the ‘Block remote fonts’ option
you can also do it as outlined in the link you provided (which is the same as i did it here), but why wold you?
How do you find settings??? There’s no cog or anything that seems like it would be settings. Why is everything in pictures
i think you’d better start here and read carefully
Hi!
I did scan my ~/home dirrectory with clamscan and it find:
extensions/uBlock0@raymondhill.net.xpi: Urlhaus.Malware.191095-8836388-0 FOUND
I did remove uBO, clean everything and was okay. After add uBO back there is the same find.
Thank you.
as long as you downloaded uBO from AMO or github, i’m sure you can ignore that – it’s almost certainly a false-positive
also i’m not sure that clam is worth using on a Linux system – at least i was told it wasn’t from people more knowledgeable than myself
i would also highly recommend NOT using any of the big name A/V’s on Linux either since they essentially are malware, and potentially very dangerous