Alternative Information Directory
Coronavirus information & resources
Vaccines - What You Need To Know

uBlock Origin Suggested Settings

uBlock Origin

Recent changes to this guide are listed at the end of the document.

Introduction

First and foremost, use only uBlock Origin (uBO) by Raymond 'gorhill' Hill (here's the uBlock Origin page on the Firefox Add-ons website). While there may be some legitimate forks, there are also many ripoffs out there, including one named 'uBlock', and i would highly recommend avoiding them.

uBlock Origin is not simply an ad blocker, rather it is a powerful content filter, similar to a firewall, that is capable of both dynamic and static filtering. In addition to blocking annoying content such as ads, it can also dynamically block JavaScript, frames, images, 3rd party fonts and more, all of which help to prevent tracking and malware.

Working with uBO requires an understanding of static and dynamic filtering. Static filters are filter rules which are provided by the authors of the various filter lists. Essentially you have no control over static filters; you either enable a filter list, or you don't. Static filters attempt to block content like ads, malware, tracking technologies, annoyances and more. The static filter lists are enabled from the 'Filter lists' tab of the uBO dashboard. Dynamic filters are controlled from the pop-up interface when you click the uBO toolbar icon. Here you can create temporary or permanent filter rules to dynamically control the loading of images, JavaScript and frames on a global or per-domain basis. Dynamic filtering only becomes available after enabling the 'I am and advanced user' option in the uBO settings and it is crucial to read the uBO wiki before doing so.

Following are my personal preferences for setting up uBlock Origin. There are no "best" settings since every use case is different, however i like to think they are generally sensible settings to start with. The configurations in the 2nd and 3rd columns of the table are intended to be used with the The Firefox Privacy Guide For Dummies! and the Firefox Configuration Guide for Privacy Freaks and Performance Buffs, respectively. In the former case the advanced mode option is disabled because i thought it might be too overwhelming for followers of the 'dummy' guide.

Regardless of which guide you are following, it is essential that you read the uBlock wiki with the exception of the Advanced-user-features section if uBO's advanced mode will not be enabled. If you are not following either guide i would suggest enabling the advanced mode option in order to leverage its dynamic filtering capability, as well as reading the Advanced-user-features section of the wiki.

Once uBO is installed, click its toolbar icon to reveal its popup user interface, then click the little sliders icon to reveal the "secret" Dashboard (i say "secret" because apparently some users don't know it exists). Following are the settings i recommend:

'Settings' tab

Settings not shown here are optional.

Setting name
'Dummy' guide settings
Advanced guide settings
Hide placeholders of blocked elements 1 disabled optional
Show the number of blocked requests on the icon enabled optional
Disable tooltips disabled optional
I am an advanced user 2 disabled enabled
Privacy:
Disable pre-fetching enabled enabled
Disable hyperlink auditing 3 disabled disabled
Block CSP reports enabled enabled
Uncloak canonical names enabled enabled
Default behavior:
Disable cosmetic filtering enabled enabled
Block media elements larger than [50] KB disabled optional
Block remote fonts 4 disabled disabled
Disable JavaScript 5 enabled optional
Footnotes

1 - If you are new to uBO and content filtering, you should probably not enable this option. Leaving this option disabled will sometimes provide a visual indication when something is blocked in the form of a placeholder where the object was, thus letting you know that something was blocked.

2 - This option may be enabled only after reading the Advanced user features section of the uBO wiki.

3 - This option can be left disabled as long as dom.security.https_only_mode is enabled in prefs.js, or in user.js or user-overrides.js if you're using the 'arkenfox' user.js, otherwise it should be enabled.

4 - Instead of blocking remote fonts globally and then allowing them per-site, you can automatically allow all 1st party fonts while blocking only 3rd party fonts. See the 'My filters tab' section below for more information. Novice users, or those that simply don't want to fool with filters for unblocking a 3rd party font needed for a given domain, may find it easier to set this to 'enabled' and then allow all remote fonts (1st and 3rd party) as needed from the uBO Dashboard.

5 - Enabling this option disables JavaScript globally by default and causes uBO to honor <noscript> HTML tags. A potential problem with this is that some page elements that might have been displayed had the <noscript> tags been ignored, may not display when this option is enabled. On the flip side, some websites may display a JavaScript disabled warning message which can be beneficial for novices. Also see Display website content hidden by JavaScript. For anyone concerned with their on-line privacy, JavaScript must be disabled globally, then allowed only for the websites where the functionality it provides is necessary. If you are following the advanced guide then you can either enable the 'Disable JavaScript' master switch in uBlock's settings, or block inline, 1st party and 3rd party scripts from the uBlock toolbar popup.

'Filter Lists' tab

Filter lists:
Auto-update filter lists enabled
Suspend network activity until all filter lists are loaded enabled
Parse and enforce cosmetic filters disabled
Ignore generic cosmetic filters enabled
Network filters:  
My filters​​​​​ enabled
Built-in:
uBlock filters​ enabled
uBlock filters – Badware risks​ enabled 1
uBlock filters – Privacy​​​​​ enabled
uBlock filters – Resource abuse​​​​​ enabled
uBlock filters – Unbreak​​​​​ enabled
Ads:
AdGuard Base disabled
AdGuard Mobile Ads​ disabled 2
EasyList​ enabled
Privacy:
AdGuard Tracking Protection​ disabled
AdGuard URL Tracking Protection enabled
Block Outsider Intrusion into LAN enabled
EasyPrivacy enabled
Malware domains:
Online Malicious URL Blocklist enabled
Phishing URL Blocklist enabled
PUP Domains Blocklist enabled
Annoyances:
AdGuard Annoyances​ enabled
AdGuard Social Media​ disabled
Anti-Facebook List​ disabled
EasyList Cookie disabled 3
Fanboy’s Annoyance disabled
Fanboy’s Social disabled
uBlock filters – Annoyances​​​​​ enabled
Multipurpose:
Dan Pollock’s hosts file​ disabled
MVPS HOSTS​ disabled
Peter Lowe’s Ad and tracking server list​ enabled
Custom:  
Import... 4 https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt
Import... 5 https://raw.githubusercontent.com/DandelionSprout/adfilt/master/ClearURLs%20for%20uBo/clear_urls_uboified.txt
Footnotes

1 - Optional for Linux users, highly suggested for non-technical Windows users

2 - Enable if using Firefox on a mobile device

3 - Enabling this list will hide a lot of those idiotic cookie notices however this list is already included in the Fanboy’s Annoyance.

4 - This list will shorten links - see here for further information

5 - This list eliminates the need for the Clear URLs add-on - for a description see this

Don't worry about the 'Regions, languages' section unless you browse sites in languages other than English in which case you'll want to enable those languages.

There are millions of additional filter lists available for uBO, however i strongly advise you to be very careful about what ones you add, if any. In my experience the default filter lists offered by uBO are quite sufficient for general web browsing and adding more will use more memory, slow things down and potentially cause more conflicts and breakages.

'My filters' tab

You might wish to disable the 'Block remote fonts' option on the 'Settings' tab add the following to the 'My filters' settings instead. Depending on which line you uncomment (remove the ! ) you can allow all 1st party fonts while blocking all 3rd party fonts, or block all 3rd party fonts except for a single domain, or block all 3rd party fonts except for multiple domains. As written, the code below will allow all 1st party fonts while blocking all 3rd party fonts. All lines beginning with ! are comments and are not read by uBO. Only uncomment one line.

! >>> UNCOMMENT ONLY ONE LINE AND EDIT IT AS NECESSARY <<<

! uncomment the line below to allow 1st party fonts + block 3rd party fonts (default):
*$font,third-party

! uncomment the line below to allow 1st party fonts + allow 3rd party fonts for a single domain (example.com):
!*$font,third-party,domain=~example.com

! uncomment the line below to allow 1st party fonts + allow 3rd party fonts for multiple domains:
!*$font,third-party,domain=~example.com|~example2.net

'My rules' tab settings

If you are following the Firefox Configuration Guide for Privacy Freaks and Performance Buffs or otherwise using uBO on its own, and you have enabled the 'I am an advanced user' setting, you can optionally replace the default behind-the-scene rules on the 'My rules' tab with the the following, however understand that these filters can break some websites for which you may need to add exceptions by using uBlock's logger feature:

no-large-media: behind-the-scene true
behind-the-scene * 1p-script block
behind-the-scene * 3p block
behind-the-scene * 3p-frame block
behind-the-scene * 3p-script block
behind-the-scene * image block
behind-the-scene * inline-script block

If you are using the LocalCDN add-on you will need to add some rules to the 'My Rules' tab in the uBO Dashboard. The rules can be found in the preferences section of the LocalCDN add-on from where you will copy the rules specific to uBlock and paste them on a new, blank line in the 'Temporary rules' section of the 'My Rules' tab. Make sure to save and commit the changes. When adding the rules, be sure to remove any conflicting rules for the same domains if there are any (there won't be if you're starting fresh).

Dynamic filtering

If you are running uBO with its 'I am an advanced user' option enabled in order to activate dynamic filtering, i recommend setting the following rules in the 'Global rules' column of the popup interface:

uBO Global Settings

If you decide to block '3rd-party' (all 3rd party content) globally, uBO will not be able to update its filter lists until you create a 'noop' rule for the Filter Lists settings page which you can do from the dashboard pop-up interface while viewing the Filter Lists page.

uBO Global Settings

Recent changes

20-Nov-2022

  • minor edits

Comments

Note that both reader and my comments, while they may have been accurate at the time, might not be inaccurate today. This is a highly dynamic environment so please verify the accuracy of comments should you wish to utilize it. Failing that, ask me and i'll give it a crack.

150 thoughts on “uBlock Origin Suggested Settings”

    1. well, you only need one to do dynamic filtering and if you’re using both uBO and uM, then i’d suggest using uM for the dynamic rules since it’s more granular and, IMO, easier to use

  1. Fanboy’s Enhanced Tracking List​ and Malvertising filter list by Disconnect​​​​ had problem to updated and there were 0. I went on the Fanboys site and add to Ubo and it works now under “Custom” and the same with Disconnect which I have a link in “Custom” to raw.githubuser….

    1. unless you have/had the domain blocked for some reason, you should not have to do anything to uBO to d/l those lists – i suspect it may have been a temp network issue???

      to find out, remove whatever rule(s) you added, then in the filter lists tab click the icon at the end of those specific list items to force an update – let us know the result

      note also that these list servers may well have a firewall in place to prevent abuse (downloading too many times by same IP), so just test once

      1. Thank you but it doesn’t works. I did remove uBO and add it again. I did settings from your site and again the same problem. I try to install uBO prerelease but Firefox doesn’t allow me.

  2. The Decentraleyes wiki says that after adding the rules to uBO you have to enable the option “Block requests from missing resources” but I noticed that this breaks a lot of sites and I have to manually whitelist them. Is enabling this option necessary for the rules to work? Or is it safe to leave it unchecked? Also, those rules are from 2018, aren’t they outdated? Sorry to ask this on your page but you’re my only hope.

  3. I’ve noticed, that when I disable javascript and check Decentraleyes’ testing utility, I’m told that Decentraleyes does not work.
    Do you know about any solution?
    I never chose to block js overall ( it breaks too many sites, and I dont use umatrix for granularity. I’, not that smart) untill the option recently occured as a toggle on/off in UblockOrigin).

    1. hi Jane – the test page for Decentraleyes requires JS to function

      also you might want to consider replacing Decentraleyes with LocalCDN – i’ll point you to my extensions page where you’ll find a link and which may be of interest to you

      and yes, blocking JS will break a lot of websites as you’ve discovered, however understand that enabling it has a huge effect on privacy – i assume you’re using uBlock O though and toggling JS per domain?

      1. Thank you for your advice.
        I will definitely try out LocalCDN.
        just to make things clear: Decentraleyes do work with js blocked by uBlock Origin?
        it’s just the testsite that doesn’t?
        I do know about the huge impact on privacy ; but dealing with js in detail is way out of my league.
        toggling js via uBlock per domain is the easiest way for me.
        I do block 3rd-party, 3rd-party scripts and 3rd-party frames globally however but naturally often need to adjust per site.
        I have also checkmarked adguard social media-, anti facebook- & fanboys social list.

        1. > Decentraleyes do work with js blocked by uBlock Origin?

          that depends…

          Decentraleyes provides local copies of common scripts hosted on CDNs, so if you disable JS globally, for example, without adding he filters that Decentraleyes/LocalCDN makes available for uBO (or uMatrix if you use it) then no scripts will run regardless of whether they’re provided by Decentraleyes/LocalCDN or a CDN

          so i think the answer you’re looking for is ‘yes’, Decentraleyes/LocalCDN works with JS disabled globally via uBO, uM, FF prefs, etc., AS LONG AS you’ve added the necessary filters to uBO/uM

          let me know if that makes sense to you

          1. it certainly makes sense. I did not really get it untill your explanation. I downloaded Decentraleyes way back, but never changed any of the settings.
            I recently read about the need for a copied list but when I took a look at the “my rule” section: no edit button to be seen.
            I’ve therefore chosen to 1:reset the settings of uBlock Origin
            2:remove my extensions (5 all together)
            3: restart FF and do a re-installation starting with uBlock.
            I downloaded Local CDN instead of Decentraleyes.
            the situation right now : I managed to copy and paste and save those list BUT I’m not sure I succeeded ( I worry about the missing edit button and the fact, that in spite of not checkmarking “I’m an advanced user” I was still allowed to save those list.
            I took a screeshot, but I dont know how to copy it to this comment section?
            Besides : should I enable “Block requests for missing resources”?

            1. ok, i’m not sure what’s going on (missing edit button???) so i’ll lay out the whole process…

              1. open the add-on manager (or enter about:addons in the address bar)
              2. click the ‘preferences’ button for LocalCDN
              3. in the page that opens, at the very bottom, there are checkboxes for uBlock and uMatrix – i understand you’re using only uBlock, so click the uBlock checkbox and copy the filter rules
              4. click the uBlock icon on your toolbar, then the settings (open dashboard) icon
              5. click the ‘my rules’ tab
              6. on the right side, in the temporary rules section, click at the beginning of any of the lines and press enter to create a new blank line
              7. click to move the caret (the blinking cursor) to the new line, then paste the filter rules you copied from LocalCDN
              8. click the ‘save’ button, then the ‘commit’ button

              done

              > should I enable “Block requests for missing resources”?

              that’s up to you – if you enable that and then come across a website that uses an external library which is not included with LocalCDN (and you likely will), the site may not function properly

              enabled: better privacy, more web breakage
              disabled: slightly compromised privacy, no web breakage

              you seem new to all this so i would suggest leaving it disabled

              1. Thank you so much for your tutorial. I really appreciate.
                fortunately it turns out, that I actually did make the exact same steps on my own.
                what still puzzles me is that the *icon in front of each domain listed is transferred as well?
                did I make a mistake or is everything fine?
                I’m really sorry to bother you this much
                and yes:
                I will definitely not checkmark “Block requests for missing resource”

                1. that’s an asterik ( * ), not an icon – it is used as a wildcard that matches all domains, and yes, that must be copied to the uBO ‘my rules’ tab – here’s the full code from LocalCDN v2.1.13:

                  * ajax.googleapis.com * noop
                  * ajax.aspnetcdn.com * noop
                  * ajax.microsoft.com * noop
                  * cdnjs.cloudflare.com * noop
                  * code.jquery.com * noop
                  * cdn.jsdelivr.net * noop
                  * yastatic.net * noop
                  * yandex.st * noop
                  * apps.bdimg.com * noop
                  * libs.baidu.com * noop
                  * cdn.staticfile.org * noop
                  * cdn.bootcss.com * noop
                  * mat1.gtimg.com * noop
                  * lib.baomitu.com * noop
                  * lib.sinaapp.com * noop
                  * upcdn.b0.upaiyun.com * noop
                  * stackpath.bootstrapcdn.com * noop
                  * maxcdn.bootstrapcdn.com * noop
                  * netdna.bootstrapcdn.com * noop
                  * use.fontawesome.com * noop
                  * ajax.cloudflare.com * noop
                  * akamai-webcdn.kgstatic.net * noop
                  * sdn.geekzu.org * noop
                  * ajax.proxy.ustclug.org * noop
                  * unpkg.com * noop

                  1. I sent you a big “thank you” right after your latest reply.
                    It apparently vanished, so once again:
                    thank you so much.
                    I hope not to bother you again in a looong time ;-)

                    1. thank you for your thank you :)
                      and please don’t think you’re being a bother – not at all

                  2. Hi 12Bytes ! Please I need your help. I did what you said, but it still have this message : The test resource could not be fetched locally or remotely. LocalCDN is not working as intended.

                    Can you help me ?

                    Thanks !

                    1. i assume the error you mention is from the LocalCDN test page???
                      if so, did you enable JS for the page?

                    2. JS is on.

                      Is there any other add-on or mozilla configuration which may interact with LocalCDN ?

                      I use uBlock, Nano Defender, ClearURLs, PrivacyBadger, Cookies auto-delete, Idon’tcareaboutcookies and HTTPS Everywhere.

                      Thank you by advance !

                    3. I found the problem -> Privacy Badger -> I reinitialized it and it was ok !

                      Thanks for your support !

                      PS : wonderful website to know more about privacy, thank you for your works !

  4. Hi
    I have a couple of questions:
    1:would blocking font.googleapis.com
    raise entropy?
    I do not block remote fonts due to the issue with CSP
    2: what about blocking s3.amazonaws.com?

    1. re: #1 – far as i know google uses data in their fonts to be able to track and/or fingerprint the browser – as far as raising entropy, i would guess that blocking font.googleapis.com may raise entropy, but that may depend on whether JS is enabled – i really don’t know

      if you want to block 3rd party fonts whilst allowing 1st party and avoid the CSP issue (and some of the CSP issue will be addressed in FF 77 btw), you can add this to the ‘my filters’ section of uBO:

      ! fonts: the following line will allow 1st party fonts globally while blocking all 3rd party fonts:
      *$font,3p
      ! to allow 3rd party fonts per domain:
      ! *$font,3p,domain=~example.com
      ! to allow 3rd party fonts for additional domains:
      ! *$font,3p,domain=~example.com|~example2.com

      i’m pretty sure that avoids the CSP issue which could otherwise be a problem if you enabled ‘Block remote fonts’ in uBO settings, though i’m not entirely positive

      re: #2 – if you’re asking whether blocking s3.amazonaws.com would raise entropy, i don’t know, but i look at it a little differently: who would you rather have fingerprint the browser, amazon or the website you’re visiting? personally i block 3rd parties like amazon when and where i can … same goes for fonts

  5. Just curious, in your recommended ‘My Rules tab settings’, doesn’t the 3rd line:
    ‘behind-the-scene * * block’
    automatically includes all of the following lines (because of the asterisk), or am I missing something?

    I’m also looking for some advice. You suggested using uMatrix with uBlockOrigin, but as far as I know, you can do something like this in uBlockOrigin:
    * https://www.gstatic.com/recaptcha/ script noop
    just as an example of allowing captchas globally, but you can’t do the same thing in uMatrix without allowing all scripts from gstatic.com (potentially have to allow google.com as well globally). Or is there a way around this?

    Thanks a lot.

    1. you’re correct – behind-the-scene * * block blocks all behind the scenes requests by default so there’s no need to add the additional rules

      furthermore, there’s no need to do anything to the ‘My rules’ settings unless one has enabled advanced mode which should only be done if one is not using uMatrix to control dynamic filtering

      i updated the ‘My Rules tab settings’ section accordingly – thanks for pointing this out

      regarding your reCAPTCHA example, if you try adding that rule to the uBO rules you’ll find it will be colored in red instead of black because the rule is invalid – you cannot include the protocol, http://, nor a path, /recaptcha/ – see: Dynamic filtering: rule syntax

      so your example would have to be rewritten to something like * www.gstatic.com script noop which would allow scripts from http://www.gstatic.com to run everywhere that resource is used, whether the resource is a CAPTCHA or not

      as for using uBO and uM together, while you can manually add advanced rules in uBO, there are 2 issues to be aware of: 1) uBO is not capable of performing all of the filtering that uM is, such as filtering ‘other’ requests (requests not fitting into any other category) and 2) adding rules manually is probably more difficult/slower than using the pop-up UI – if you’re going to use both uBO and uM, i suggest using uBO for static filtering only (ads and such – the filter lists – advanced mode disabled) and uM for dynamic filtering with all static filter lists disabled

      1. Thank you for your reply. I’m not the familiar with uBO, but this is the feature I’m talking about: https://github.com/gorhill/uBlock/wiki/Dynamic-URL-filtering. I have these two rules in uBO:
        * https://recaptcha.net/recaptcha/api.js script noop
        * https://www.gstatic.com/recaptcha/ script noop
        which I’ve simply added via the logger.

        I was trying to add uM along with my existing uBO setup (I followed your guide above), but the dynamic url filtering in uBO seems too good (in terms of being specific and globally applicable) to not use it. Any ideas?

        1. this is interesting – i didn’t know uBO had this capability – frankly, you know more about this than i do so i can’t really help you – i’ve been looking for an excuse to dump uM and this may be it but i have some reading to do

  6. I just want to let you know that the malware domain filters have been made obsolete and replaced with the filter “Malicious URL Blocklist”. Also, “Blocking Web Fonts for Speed and Privacy” link suggests using fanboys font filter in place of blocking all 3rd party fonts, though I’m not sure how useful this would be if you have “use_document_fonts” set to 0 with the enable fonts extension. Ghacks wiki also suggested the following custom filters:
    ! 1x1pixel clear images on startpage.com
    ||startpage.com/do/*$image,important
    ||startpage.com/english/*$image,important
    ||startpage.com/tst2/*$image,important

    *$csp=worker-src ‘none’
    ! @@||example.org^$csp=worker-src ‘none’
    The upper set blocks what appear to be invisible tracking images on startpage and the lower allows uBlock users to turn off web works without uMatrix; the second line adds exceptions.

    1. thanks for telling me about the filter list change :)

      i had a chat with Startpage about these 1px GIFs and here’s what they said – so i think i’ll leave this alone for now

      i’m hesitant to add the workers filter stuff because uBO doesn’t have a UI option/icon to override or a method to inform that workers are blocked, whereas uM does – i figure that many people using uBO are not too tech savvy and blindly adding the filter can break pages and they won’t know why – i do thank you for mentioning it however

  7. Thank you for writing this wonderful and useful article, 12Bytes & co. I’ve saved the URL in a wordpad document and expect to return to this time and time again, especially after every bi-annual W10 update. That said, I do have some questions I’m hoping you would clarify.

    1) Why do you recommend disabling Javascript for “Dummies” (uBlock Origin ‘easy moder’ users likes myself)? As I understand it, disabling Javascript breaks most websites/portals or renders them entirely unusable (such as YouTube). I haven’t experienced this myself, as I’m far too afraid to disable Javascript (which is also a built-in feature with Google’s Chrome browser). If a user does not wish to disable Javascript, out of concerns about breakage and not knowing what is causing sites to break, is there an alternative (even “dumber”) route you would recommend?

    2) Why do you recommend disabling cosmetic filters/filtering?

    3) Why do you instruct enabling “Disable cosmetic filtering” from the ‘Settings’ tab and then going into the next tab (‘Filters List’) to disable “Parse and enforce cosmetic filters” and enable “Ignore generic cosmetic filters”? That doesn’t make sense to me. I would think that “Disable cosmetic filtering” would suffice and render both “Parse and enforce cosmetic filters” + “Ignore generic cosmetic filters” options moot. Since “Disable cosmetic filtering” would override both of those options, whether or not they are enabled/disabled. It seems like an unnecessary step to recommend that creates an internal conflict within uBlock Origin.

    1. thanks much for the kind words :)

      > Why do you recommend disabling Javascript …

      my Firefox config guides are centered around privacy first and foremost, so if privacy is something you’re concerned with, then JavaScript (JS) pretty much needs to be disabled globally because it is the number one technology that websites use to fingerprint your browser and track your browsing activities, and thus profile you as a human being

      > … I’m far too afraid to disable Javascript (which is also a built-in feature with Google’s Chrome browser)

      JS has been around a very long time and every single mainstream web browser supports it

      i’m curious as to why you would be ‘afraid’ to disable JS – you’re not breaking your browser or OS by doing so, rather you’re ‘breaking’ the web page which you shouldn’t care about in the least – it’s YOUR choice as to how YOU want to consume content, not theirs

      if you’re concerned at all about privacy, you should absolutely not be afraid to disable JS – yes, disabling JS will certainly break a lot of websites, but not all, and for those that do break you can always re-enable it if you decide the risk to your privacy is worth the benefit – using an extension like uBlock Origin or uMatrix (both by the same developer) makes it very easy to disable JS globally and then enable it ONLY WHERE YOU YOU NEED IT

      i’d highly suggest reading my guide, The Firefox Privacy Guide for Dummies!, particularly the section, Training the Foxineer

      > If a user does not wish to disable Javascript, out of concerns about breakage and not knowing what is causing sites to break, is there an alternative (even “dumber”) route you would recommend?

      personally i can’t imagine, for myself, not disabling JS globally, but if you didn’t want to do that than i would recommend a VPN at the very least, though i would recommend a VPN regardless – a VPN by itself is not enough however if your concern is privacy – there are also some browser preferences that need to be changed

      > Why do you recommend disabling cosmetic filters/filtering?

      efficiency and nothing more – cosmetic filtering adds overhead (CPU usage) that isn’t worth the benefit IMO – most obnoxious bullshit (most ads, tracking, fingerprinting etc.) are mitigated without enabling cosmetic filtering, plus there is no privacy benefit to cosmetic filtering since it is exactly that; cosmetic (it doesn’t prevent the browser from fetching the content, it only hides it from your view) – that said, if you’re sufficiently annoyed by stuff that gets through the filter lists, by all means, use cosmetic filtering (note also that cosmetic filtering can be applied to your personal filters AND/OR cosmetic filters included in the filter lists)

      also cosmetic filtering can sometimes hide stuff that shouldn’t be hidden

      if you want to enable cosmetic filtering, feel free – if you want to use the element hiding capability of uBO, it depends on cosmetic filters being enabled

      > Why do you instruct enabling “Disable cosmetic filtering” from the ‘Settings’ tab and then going into the next tab (‘Filters List’) to disable “Parse and enforce cosmetic filters” and enable “Ignore generic cosmetic filters”?

      good question – i never tested if disabling this on the ‘settings’ page is enough and the uBO wiki doesn’t seem to explain it

      see Josh’s reply below and my reply to his

      1. Thanks for the response, 12bytes & team. Since posting this, I’ve been doing some testing. There is absolutely no reason or need to activate “Ignore generic cosmetic filters” if “Disable cosmetic filtering” is selected. Going into the “Filters” to disable “Parse and enforce cosmetic filters” and enable “Ignore generic cosmetic filters” is an unnecessary extra step. It is enough to simply select “Disable cosmetic filtering” from the Settings menu and disable “Parse and enforce” from the Filters menu. No need to bother with or touch the “Ignore generic” option, which is disabled by default. In either case, going the extra step or not, the Filters tab will say “+ 0 cosmetic filters from”.

        Selecting “Disable cosmetic filtering” in the Settings tab and deselecting “Parse and enforce cosmetic filters” is enough. The “Ignore generic cosmetic filters” option seems to be there for advanced users who know how to enforce cosmetic filters on specific domains/sites, but (for whatever reason) doesn’t want the same cosmetic filtering applied everywhere. Like, if someone doesn’t want to see a Facebook or Twitter social media button at one specific website, but wants to see those social media buttons everywhere else.

        Anyway, since you’ve said that cosmetic filtering offers no privacy benefits and only hides elements from view (while not preventing those elements from loading onto the network in the first place), I’ve disabled cosmetic filtering completely. From my standpoint, it is useless for the very reasons you’ve stated. Hiding garbage from my view doesn’t address the root problem.

        1. i’m not sure either of us is understanding these settings entirely – let me know what you think…

          ‘Disable cosmetic filtering’ (settings tab) is a master switch that controls cosmetic filters created by the user AND those in the filter lists, so, if i only wanted MY filters to work, then ‘Parse and enforce cosmetic filters’ (filters list tab) has to be disabled

          and so i’m inclined to keep the suggested settings as they are

          1. If that’s the case, I don’t understand what the meaning or purpose of “Ignore generic cosmetic filters” is. I found this site because I was searching for a user friendly, easy to navigate (honestly, this isn’t quantum mechanics or Hegelian dialectics or space rocketry or multivariable calculus, this should not be so esoteric) guide to using uBlock Origin. Before you responded with an explanation of “cosmetic filtering”, I’d never found any sort of explanation of what it is and why it should or shouldn’t be used. Previously, all I found were a couple mentions of the cosmetic filterings options on Reddit, usually posed as a query, without any explanation of them.

            But it seems you’ve changed the guide again. You removed the section on how to block 3rd party fonts as well as the footnote in section 2 (‘Settings’ tab setting) indicating that this would be covered as an alternative to the nuclear option (blocking all remote fonts). May I ask why you removed this?

            12bytes says: the following is not necessary – see my reply to this comment.

            For anyone who wants instructions on this, please see: https://collinmbarrett.com/block-web-fonts/ and follow the instructions under ‘Strict Scheme: Allow Only First-Party (Recommended)’ to disable third party fonts globally.

            1. > I don’t understand what the meaning or purpose of “Ignore generic cosmetic filters” is.

              did you mouse over the little question mark at the end of that option?

              > But it seems you’ve changed the guide again.

              the method that i was recommending to block 3rd party fonts was based on a Firefox bug that involved HTTP headers – that bug was fixed somewhere around v80 but i never updated this guide – as a result of the bug being fixed, you can now use the ‘Block remote fonts’ option

              you can also do it as outlined in the link you provided (which is the same as i did it here), but why wold you?

  8. Hi!

    I did scan my ~/home dirrectory with clamscan and it find:
    extensions/uBlock0@raymondhill.net.xpi: Urlhaus.Malware.191095-8836388-0 FOUND

    I did remove uBO, clean everything and was okay. After add uBO back there is the same find.

    Thank you.

    1. as long as you downloaded uBO from AMO or github, i’m sure you can ignore that – it’s almost certainly a false-positive

      also i’m not sure that clam is worth using on a Linux system – at least i was told it wasn’t from people more knowledgeable than myself

      i would also highly recommend NOT using any of the big name A/V’s on Linux either since they essentially are malware, and potentially very dangerous

Leave a Reply to 12Bytes Cancel reply

Your email address will not be published. Required fields are marked *