See the change log at the end for a complete revision history.
Introduction
First and foremost, use only uBlock Origin (uBO) by Raymond 'gorhill' Hill (here's the uBlock Origin page on the Firefox Add-ons website). While there may be some legitimate forks, there are also many ripoffs out there and i would highly recommend avoiding them.
uBlock Origin is not simply an ad blocker as many might assume, rather it is a powerful content filter, similar to a firewall, that is capable of both dynamic and static filtering. In addition to blocking annoying content such as ads, it can also block JavaScript, frames, images, 3rd party fonts and more, as well as help to prevent tracking and malware. For even finer grained control, uBO can be used in conjunction with uMatrix by the same developer, however in this case it should be configured in its easy mode with the appropriate static filters enabled while uMatrix is used to handle the dynamic filtering.
So what is the difference between static and dynamic filtering you ask? Static filters are filter rules which are provided by the various filter lists. Essentially you have no control over the filters provided by these lists; they are either enabled or disabled. Static filters filter out content like ads, malware, tracking technologies, annoyances and more. Static filter lists are enabled from the 'Filter lists' tab of the uBO dashboard. Dynamic filters are controlled from the pop-up interface when you click the uBO toolbar icon. Here you can create temporary or permanent filter rules to control images, JavaScript and frames and the rules can be applied globally or per-domain. Dynamic filtering only becomes available after you enable the 'I am and advanced user' option in the uBO settings and it is crucial to read the uBO wiki before enabling this option.
Following are my personal preferences for setting up uBlock Origin. The configurations in the 2nd and 3rd columns of the table are intended to be used with the The Firefox Privacy Guide For Dummies! and the Firefox Configuration Guide for Privacy Freaks and Performance Buffs, respectively, the former of which does not rely on uMatrix and the latter of which does. In both cases the advanced mode of uBO is disabled because i felt it would be too overwhelming for 1st time users and followers of the 'dummy' guide and it isn't needed for followers of the advanced guide since all dynamic filtering is handled with uMatrix which offers more granular control. Keep in mind these are my personal preferences and by no means do i claim they're the best possible for every use case, however i like to think they are generally sensible.
Regardless of which guide you are following, it is essential that you read the uBlock wiki with the exception of the Advanced-user-features section. If you are not following either guide and not using uMatrix, i would highly suggest enabling the advanced mode option in uBO in order to leverage its dynamic filtering capability and reading the Advanced-user-features section of the wiki. The suggested configuration for this scenario is in the 4th column of the table.
Once uBO is installed, click its toolbar icon to reveal its popup user interface, then click the little sliders icon to reveal the "secret" Dashboard (i say "secret" because apparently quite a few people don't know it exists). These are the settings i recommend:
'Settings' tab
Settings not shown here are optional.
Setting name | 'Dummy' guide settings, no uMatrix | Advanced guide settings, with uMatrix | Advanced usage, no uMatrix |
Hide placeholders of blocked elements 1 | disabled | optional | optional |
Show the number of blocked requests on the icon | enabled | optional | optional |
Disable tooltips | disabled | optional | optional |
I am an advanced user 2 | disabled | disabled | enabled |
Privacy: | |||
Disable pre-fetching | enabled | enabled | enabled |
Disable hyperlink auditing | disabled 3 | disabled 3 | disabled 3 |
Prevent WebRTC from leaking local IP addresses | enabled | enabled | enabled |
Block CSP reports | enabled | enabled | enabled |
Uncloak canonical names | enabled | enabled | enabled |
Default behavior: | |||
Disable cosmetic filtering | enabled | enabled | enabled |
Block media elements larger than [50] KB | disabled | optional | optional |
Block remote fonts | disabled | enabled4 | enabled4 |
Disable JavaScript 5 | enabled | disabled 6 | optional |
dom.security.https_only_mode
is enabled in your user.js or user-overrides.js, otherwise it should be enabled. [4] If you're using uMatrix then you may want to disable font blocking and control 3rd party fonts with uM instead. [5] Enabling this option disables JavaScript globally by default and causes uBO to honor
<noscript>
HTML tags. A potential problem with this is that some page elements that might have been displayed had the
<noscript>
tags been ignored, may not display when this option is enabled. On the flip side, some websites may display a JavaScript disabled warning message which can be beneficial for novices. Also see Display website content hidden by JavaScript and Display YouTube videos hidden by JavaScript. For anyone concerned with their on-line privacy, JavaScript must be disabled globally, then allowed only for the websites where the functionality it provides is necessary. If you're using uMatrix to handle dynamic filtering then you probably want to allow JS with with uBlock and control it with uMatrix instead. If you are not using uMatrix then you can either enable the 'Disable JavaScript' master switch in uBlock's settings, or block inline, 1st party and 3rd party scripts from the toolbar popup. [6] Control JavaScript with uMatrix instead since it allows more granular control.
Next we want to temporarily enable the 'I am an advanced user' option after which a little gear icon will appear to the right of the "I am an advanced user" text. Click the icon to display some advanced settings and change
suspendTabsUntilReady
to
yes
. Although there is no guarantee, when you start Firefox uBO will attempt to delay network requests until it is fully loaded. This is most useful if you exit Firefox with open tabs and have it set to restore your previous tabs on restart. If you are following one of my Firefox guides, don't forget to return to the Dashboard and disable the 'I am an advanced user' option.
'Filter Lists' tab
Filter lists: | |
Auto-update filter lists | enabled |
Parse and enforce cosmetic filters | disabled |
Ignore generic cosmetic filters | enabled |
Network filters: | |
My filters | enabled |
Built-in: | |
uBlock filters | enabled |
uBlock filters – Badware risks 1 | enabled |
uBlock filters – Privacy | enabled |
uBlock filters – Resource abuse | enabled |
uBlock filters – Unbreak | enabled |
Ads: | |
AdGuard Base | disabled |
AdGuard Mobile Ads 2 | disabled |
EasyList | enabled |
Privacy: | |
AdGuard Tracking Protection | disabled |
EasyPrivacy | enabled |
Malware domains: | |
Online Malicious URL Blocklist | enabled |
Spam404 | enabled |
Annoyances: | |
AdGuard Annoyances | enabled |
AdGuard Social Media | disabled |
Anti-Facebook List | disabled |
EasyList Cookie | optional 3 |
Fanboy’s Annoyance | enabled |
Fanboy’s Social | disabled |
uBlock filters – Annoyances | enabled |
Multipurpose: | |
Dan Pollock’s hosts file | disabled |
MVPS HOSTS | disabled |
Peter Lowe’s Ad and tracking server list | disabled |
Don't worry about the 'Regions, languages' section unless you browse sites in languages other than English in which case you'll want to enable those languages.
As of this writing you can find over 12 million filter lists on the FilterLists website, however i strongly advise to be very careful about what ones you add, if any. In my experience the default filter lists offered by uBO are quite sufficient for general web browsing and adding more will use more memory, slow things down and potentially break more web pages.
'My filters' tab
If you are not using uMatrix, or are not blocking 3rd party fonts with uMatrix, it is suggested to disable the 'Block remote fonts' option on the 'Settings' tab add the following to the 'My filters' settings. This code will block all 3rd party fonts while allowing all 1st party fonts (such as icon fonts for example):
! block 3rd party fonts, allow 1st party fonts:
*$font,third-party
! allow 3rd party fonts for a single domain:
!*$font,third-party,domain=~example.com
! allow 3rd party fonts for a multiple domain:s
!*$font,third-party,domain=~example.com|~example2.net
To block all 3rd party fonts but allow them for a single domain, change the above code to the following and replace 'example.com' with the domain for which you want to allow 3rd party fonts:
! block 3rd party fonts, allow 1st party fonts:
!*$font,third-party
! allow 3rd party fonts for a single domain:
*$font,third-party,domain=~example.com
! allow 3rd party fonts for a multiple domain:s
!*$font,third-party,domain=~example.com|~example2.net
To block all 3rd party fonts but allow them for multiple domains, change the above code to the following and replace 'example.com' and 'example2.net' with the domains for which you want to allow 3rd party fonts. To add additional domains, separate each domain with a pipe (
|
) character:
! block 3rd party fonts, allow 1st party fonts:
!*$font,third-party
! allow 3rd party fonts for a single domain:
!*$font,third-party,domain=~example.com
! allow 3rd party fonts for a multiple domain:s
*$font,third-party,domain=~example.com|~example2.net
'My rules' tab settings
If you are following the Firefox Configuration Guide for Privacy Freaks and Performance Buffs or otherwise using uBO on its own, and are not using uMatrix, and you have enabled the 'I am an advanced user' setting (there's no reason to enable this setting if using uMatrix to control dynamic filtering), you can, optionally, replace the default
behind-the-scene
rules on the 'My rules' tab with the the following, however understand that these filters can break some websites for which you may need to add exceptions by using uBlock's logger feature:
no-large-media: behind-the-scene true
behind-the-scene * * block
behind-the-scene * 1p-script block
behind-the-scene * 3p block
behind-the-scene * 3p-frame block
behind-the-scene * 3p-script block
behind-the-scene * image noop
behind-the-scene * inline-script block
If you are using the LocalCDN add-on you will need to add some rules to the 'My Rules' tab in the uBO Dashboard. The rules can be found in the preferences section of the LocalCDN add-on from where you will copy the rules specific to uBlock Origin. After copying the rules, paste them on a new, blank line in the 'Temporary rules' section of the 'My Rules' tab after which you need to save and commit the changes. When adding the rules, be sure to remove any conflicting rules for the same domains if there are any (there won't be if you're starting fresh).
Dynamic filtering
If you are running uBO with the 'I am an advanced user' option enabled in order to activate dynamic filtering, i recommend setting the following rules in the 'Global rules' column of the popup interface:
Setting the 'images' item to gray (noop) will allow all images everywhere, but still subject them to the static filter lists which may remove some annoying ones. All of the rest you should set to red to block these resources globally, then allow them (noop/gray) as needed per domain in the local rules column.
Revisions
Click to expand...20-Mar-2021
- added the 'Uncloak canonical names' setting
- removed 'Fanboy’s Enhanced Tracking List' (thanks to 'tiger_man' for informing me of a change)
- minor edits
6-Jan-2021
- re-added the 'My filters tab' section with code to block all 3rd party fonts while allowing all 1st party fonts
- minor edits
4-Jan-2021
- several edits and a few changes to the 'Settings tab settings' section
- changed the value of the
behind-the-scene * image
filter from 'block' to 'noop' in the 'My rules tab settings' section - minor edits
1-Dec-2020
- changed the setting for the 'Disable hyperlink auditing' option
24-Oct-2020
- fixed formatting and made minor change to the 'My rules tab settings' section
- added missing settings for 'images' and '3rd-party' rules
- rewrote the 'Dynamic filtering' section
- minor edits
23-Oct-2020
- edited information regarding remote fonts
- added a footnote for the 'Disable JavaScript' setting
- reversed order of change log items (newest first)
- minor edits
5-Sep-2020
- updated the information for the
behind-the-scenes
rules\
30-Aug-2020
- updated 'Filter Lists tab settings' section - credit to reader '512Kb' for reminding me :)
- removed link: Blocking Web Fonts for Speed and Privacy | InfoSec
26-Jul-2020
- minor edit: expanded instructions for adding LocalCDN rules to uBO
5-Jul-2020
- edited unclear/incorrect information
- added a 4th column to the 'Settings tab' section for advanced users not following either of my guides and using uBlock Origin without uMatrix
- misc. minor edits
4-Jul-2020
- minor edits
1-Jul-2020
- corrected an error in the 'My rules tab settings' section - thanks to commenter 'Hash' for notifying me
6-Jun-2020
- removed information regarding the CSP (Content Security Policy) issue since this is fixed with Firefox v77
2-May-2020
- replaced reference to Decentraleyes with LocalCDN and added additional information
24-Apr-2020
- changed 'I am an advanced user' setting from 'enabled' to 'disabled' for the 'Advanced guide settings' - i don't know why i ever had this set to 'enabled', especially for those using uMatrix, which is the case in the advanced guide
- removed filter lists no longer included with newest version of uBO - thanks to 'theltalpha'
- minor edits
24-Mar-2020
- removed Adblock Warning Removal List (thank you 'someone')
7-Jan-2020
- updated filter list settings
- minor edits
1-Dec-2019
- removed
cnameAliasList
from uBO settings (depreciated) - minor edits
22-Nov-2019
- changed value of
suspendTabsUntilReady
fromtrue
toyes
- separated settings according the Firefox guide being followed
- added a table of contents
- misc. edits
20-Nov-2019
- added info regarding
cnameAliasList
option
6-Nov-2019
- article first published
Comments
Note that both reader and my comments, while they may have been accurate at the time, might be inaccurate today. This is a highly dynamic environment so please verify the accuracy of comment content should you wish to utilize it. Failing that, ask me and i'll give it a crack.
Another useful link I forgot to post earlier: https://github.com/DandelionSprout/adfilt/discussions/163
It seems uB0 dev also recommends this filter list.
I use the ClearURLs addon but I just discovered this filter list: https://raw.githubusercontent.com/DandelionSprout/adfilt/master/LegitimateURLShortener.txt
Seems to be working pretty well, what do you think? I’m all for 1 addon installed less….
very interesting – thanks for sharing!
it’s very new and reading through the uBO issue you linked to, i’m not sure how well versed the author is in RegEx, so personally i think i’ll let the project bake a while before kicking the tires but, yeah, i too am all for dumping as many extensions as possible
I don’t know if it’s the author being inexperienced as you said or the fact that it’s a filter list and not an extension like ClearURLs but after using it for a whole day I can agree with you that it needs some serious polishing as I noticed it removes parameters for sites that have no tracking parameters in their urls thus rendering them almost unusable. I’ll stick with ClearURLs for now.
thanks for the update – i don’t think i’ve ever had anything break with ClearURLs so i don’t mind sticking with it
The “Fanboy’s Enhanced Tracking List” filter got moved from the Privacy group to Custom, dunno what that means for the grand scheme of things though.
thanks for letting me know – i addressed the change and made a few other small edits
No problem. I’m not sure about this but if you fresh install uB0 will the Fanboy’s Enhanced Tracking List even be in the Custom group though?
glad you brought that up, i should’ve known better – no, it is not available by default on a fresh install – i removed it from the guide – also see: Removing Fanboy Enhanced Tracking
How do i block the pop up when visiting google (‘Before you continue…’ & youtube (sign-in) popup through uBlock?
by reading the uBO manual :)
I tried and no luck..also followed your write ups, no luck. I probably need to try the uMatrix route
i don’t use gaagle directly so i don’t know what pop-up you’re referring to, nor do i log on to ThemTube
Firefox has a built-in pop-up blocker and you could also use CSS if you know how – i use basically the same config as outlined in the advanced guide, less uMatrix (i’m testing without it), and i never see any pop-ups anywhere – i do see stupid CSS-styled overlays on occasion, but i destroy them with CSS
uBO also has an element hider function you might find useful
Sorry I should have linked it.
https://www.ghacks.net/2020/09/27/how-to-deal-with-googles-and-youtubes-aggressive-popups-before-you-continue-sign-in/
The add to my filter list method didn’t work in uBO
I’ll play around with the settings.
if you’ve set up uBO according to my guide, check that ‘element hiding’ is not disabled – uncheck ‘Disable cosmetic filtering’ in settings and on the filter lists tab, check “Parse and enforce cosmetic filters”
didnt still help, i’ll keep trying. Thanks
what doesn’t work? you can’t hide the pop-up, or the element hider in uBO doesn’t work?
Ah you mean to use use element hider. Yes that does work
your recommendations (and settings) do work for for example for translate.google com or maps.google com, but they don’t work for youtube.com. one still gets the “sign in to youtube” popup
i’m using uBO in advanced mode without uM and i never see a log-on pop-up – are you allowing ‘accounts.google.com’? if so, that may be why
if you don’t see that domain in the uBO pop-up, click the ‘+all’ label
the problem with youtube/google exists only if the users IP is in EU and while using Firefox.
using Brave browser there is no need to turn on uBlock at all as well as turn on built into the browser trackers&ads blocking or fingerprints blocking.
i don’t know what the YT pop-up looks like – if it’s a DIV layer, you can easily kill it with CSS – if it’s a page that forwards, you can possibly use a redirect
whatever the case, more people need to stop using the platform
please relax ;) this is not a new issue. Just a big Thank You for all your good work and guidance.
Merry Christmas
thank you Jane – same to you and yours :)
Hi
It puzzles me, that the filterlists in UblockOrigin do not update automatically, even though auto-update is enabled. I noticed a while ago, but I don’t know for how long this has been the case. at one point after a manual update, I discovered 3 cookies set by some of these filterlists. I don’t recall which. normally I only allow cookies, if necessary. Any suggestions to why this happens and how to solve it?
Best Regards
odd, in my case the filter lists are auto-updating as they should
regarding cookies being set by a filter list, i didn’t even know that was possible – can you provide more detail, such as how you knew they were set by a filter list and perhaps their name(s)?
to see which cookies are being set by filter lists purge all caches then update list then look under Options-Privacy&Security-Manage Data… sorting it by Last Used
hmmm… not sure what to think of that – for the lists i use, cookies were set by…
fanboy.co.cz
adtidy.org
easylist.to
i tried looking at these cookies with the browser console and i’m not seeing anything that looks nefarious to me – i suspect they are probably set in order to establish the time that the client last updated the lists, perhaps to avoid unnecessary concurrent downloads from the same client – that’s just a guess though and, frankly, i’m not concerned enough to look into it deeper, but if you do, let us know
thanks for reporting this
exactly the same cookies as mentioned by you, are set in my browser too.
Besides: am I supposed to activate “purge all caches” once in a while, given the fact that these filterlists do not auto-update? I’m not quite sure what the term means/involves in regards of UblockOrigin settings
you should not ever have to purge the filter lists cache and they should update automatically
i think the purge thing is for when you want to disable a list where purging will remove it from memory
when you purge, are you able to manually update this lists? and are you sure they are actually updated? – to test, disable your network connection, purge a list, click the ‘eye’ looking icon (view content) for the list and make sure the list is empty, then enable your connection and manually update and check the list again
also…
enable the ‘I am an advanced user’ setting and you’ll see a gear icon appear right after that option – click that and then press Ctrl+F and enter:
asset
and check those settings – here’s mine:
assetFetchTimeout 30
autoUpdateAssetFetchPeriod 120
manualUpdateAssetFetchPeriod 500
updateAssetBypassBrowserCache false
also check…
autoUpdateDelayAfterLaunch 180
on a side note, try setting
uiTheme
todark
… pretty cooldon’t forget to disable advanced mode
if that doesn’t straighten things out, let me know and we’ll dig deeper
I found all the mentioned asset settings as well as autoUpdateDelayAfterLaunch and with the same numbers. I think things might work as they should by now: when I hover over the clock-symbol all lists have been automatically updated after the date of my manual update.
I feel a bit uneasy about the cache purge action: it is not clear to me how to purge one list without disabling all the others. I will leave it be and cross my fingers for the update problem to be solved.
I searched for how to change theme color but couldn’t find where to do this. Is it the colorblind- help out -option in the settings?
you can’t purge a single list apparently – sorry, i didn’t realize that
to change the theme color, enable advanced mode and in the advanced settings change the value of
uiTheme
– i didn’t look up what the possible values are, but i found that ‘dark’ worksregarding uiTheme, it says: unset.
am I to manually delete these 5 letters and afterwards type: dark?
if you want to change the theme, yes, replace ‘unset’ with ‘dark’ – 3 possible values are ‘light’ ‘dark’ and ‘unset’
ps: don’t forget to disable advanced mode if you weren’t already using it
Hello. I tried looking at the uBO wiki but couldn’t find an answer (at least in plain view, I’m still a newbie) so I ask you: what does “no-large-media: behind-the-scene true” do and should I set it to true if I have the “Block media elements larger than …” option enabled?
Thank you and keep up the good work.
from the wiki…
Behind the scene network requests
i’m really not sure how to advise regarding this setting – i have it set to ‘false’ for potentially less breakage, but that may not be necessary
behind-the-scene stuff is, as it says, requests that uBO can’t associate with a tab (doesn’t know where the request originated) – the ‘Block media elements larger than’ option is for media elements that CAN be associated with a tab – this sets the default for the per-site switch on the main pop-up, ‘click to block large media elements for this site’ – so if you don’t want media elements larger than ‘x’ to be loaded for a given site, you can specify a size and then use the per-site switch
personalty, i wouldn’t bother unless you need to conserve bandwidth – most all this stuff will be blocked by default anyway if you have blocked JS globally (which you should) – then you can allow JS per-site or certain JS (such as for youtube) globally
also see…
No large media elements
Actually I have it enabled not for bandwidth saving but because I have an 11 years old laptop running Win7 (can’t install a Linux distro on it thanks to the graphic chip…) with only 4gb of ram and I thought that would help in terms of performance. Dunno if this assumption is correct though.
I guess I’ll have to start getting used to disable js and whitelist sites I uses regularly.
Another thing: I dumped LocalCDN because I read it’s basically redundant with the arkenfox user.js (and also because like I said the less stuff I have installed the better) but I noticed I have to whitelist a lot more stuff in uBO now to make sites work (Cloudfare mostly), so do you think I should go back to it or keep whitelisting them as I use said sites?
Linux is great for older machines i’ve heard (over and over) – as far as the graphic chip, you *should* be able to use the open source driver at least
i don’t think (really not sure though) blocking large media will help performance wise, but pages with large media might load faster
> I dumped LocalCDN because I read it’s basically redundant with the arkenfox user.js …
true, but sites relying on CDNs will likely take a bit longer to load since that content is no longer loaded locally
> … do you think I should go back to it or keep whitelisting them as I use said sites?
totally up to you – personally i still use LocalCDN for speed reasons and because i don’t think the redundant privacy hurts anything
I reinstalled LocalCDN after all and started getting used to hard blocking mode + JS disabled, it’s actually pretty comfy, pages finally load faster. Sure, the ‘My rules’ panel is loaded with lines now but it can’t be helped I guess.
Off-topic:
>Linux is great for older machines i’ve heard (over and over) – as far as the graphic chip, you *should* be able to use the open source driver at least
I know, I have an even older netbook with Bunsenlabs on it and it goes like a true champ. Unfortunately the laptop I use regularly (and has a bigger screen too) is “infected” with the SiS Mirage 3+ 672 graphic chip and the 2 solutions I found (1: https://gist.github.com/fevangelou/46a2885233c45011ad5c8752f18eac73 , 2: https://linux-sis-driver.weebly.com/linux-ubuntu-distros-and-the-infamous-sis-chips/linux-driver-for-infamous-sis-671-672-771-772-717) don’t work no matter how many times I try… Oh well.
> JS disabled, it’s actually pretty comfy, pages finally load faster.
sure do, also most tracking and fingerprinting (and malware, pop-ups, etc.) require JS
so you’re using uBO without uMatrix i take it?
>sure do, also most tracking and fingerprinting (and malware, pop-ups, etc.) require JS
Well they load faster because there’s nothing left to load most of the times, hahaha
>so you’re using uBO without uMatrix i take it?
Yeah, I’m still at the stage of constantly learning how to use uBO properly. Also from the little I’ve read uBO can actually do a fair amount of the things uM does, so I feel comfortable using just one right now.
A question: have you ever thought of making a uMatrix setup guide just like this one? I know you basically already did in the Freaks Firefox guide but having a separate one would be nice.
> uBO can actually do a fair amount of the things uM does
it can, but if you want granular control uM is easier to work with IMO – actually i think it’s easier period, but it might be a good thing if you stuck with uBO for a bit and learned how to use it well – the wiki is a great resource and it actually covers some stuff that’s missing in the uM wiki
> have you ever thought of making a uMatrix setup guide…
i recommend uM in the advanced guide only, so no – i broke out the uBO guide from both config guides only because a lot of the stuff was redundant and i got tired of having to edit both guides every time i changed stuff for uBO in one of them
Fair enough.
Last question: what’s the rationale you used on selecting these Filter lists? For example, the uBO wiki recommends the “Peter Lowe’s Ad and tracking server list” enabled for medium blocking mode and higher but you have it disabled in your guide?
that’s a hosts file list and they can be problematic for some reason – this is even discussed in one of the wiki’s i think – my choices are based on my experiences and pretty much never give me any trouble
Hi!
I did scan my ~/home dirrectory with clamscan and it find:
extensions/uBlock0@raymondhill.net.xpi: Urlhaus.Malware.191095-8836388-0 FOUND
I did remove uBO, clean everything and was okay. After add uBO back there is the same find.
Thank you.
as long as you downloaded uBO from AMO or github, i’m sure you can ignore that – it’s almost certainly a false-positive
also i’m not sure that clam is worth using on a Linux system – at least i was told it wasn’t from people more knowledgeable than myself
i would also highly recommend NOT using any of the big name A/V’s on Linux either since they essentially are malware, and potentially very dangerous