- “Ultimately, saying that you don’t care about privacy because you have
nothing to hide is no different from saying you don’t care about freedom of
speech because you have nothing to say.”
- “Or that you don’t care about freedom of the press because you don’t like to read.”
- “Or that you don’t care about freedom of religion because you don’t believe in God.”
- “Or that you don’t care about the freedom to peaceably assemble because you’re a lazy, antisocial agoraphobe.”
- “Just because this or that freedom might not have meaning to you today doesn’t mean that it doesn’t or won’t have meaning tomorrow, to you, or to your neighbor – or to the crowds of principled dissidents I was following on my phone who were protesting halfway across the planet, hoping to gain just a fraction of the freedoms that my country was busily dismantling.”
“If you really care about privacy (not being tracked, data-mined, etc.), uBlock is a crutch (a good one, though), even with the EasyPrivacy list enabled (this is true for any content or ad blocker). If you want more than a good crutch, uMatrix or HTTP Switchboard can help: either gives you full disclosure and full control of what web pages do.” (src)
who is behind this?
1180 W. Peachtree Street NW, Suite 2100
Atlanta, GA 30309
“How uBlock processes and discloses collected information”
“We try to make uBlock better
We use the collected usage and analytics information to maintain and improve the uBlock extension, website and applications, to gain insight into how our services are being used, and in our efforts to prevent fraud. The information is only used internally.
Your information is not for sale
uBlock never has and never will sell your personal information to any third party without your consent. We sometimes share anonymized and aggregated information that cannot be associated with an individual with third parties or the public.
uBlock discloses personal information as required by law
uBlock cooperates with all valid United States law enforcement requests and court orders.”
what is this then?
12333 Sowden Road Suite B
PO Box #99623
Houston, Texas 77080-2059
“The AdBlock extension captures anonymous usage information including, but not limited to, the version number of the extension, preferred language, Acceptable Ads opt-in, opt-in to advanced features like our local content caching service, number of blocked requests, number of ads blocked, and browser and operating system type. The AdBlock extension also assigns an anonymous, unique ID to each installation. We store aggregate statistics about the installation connected with each user ID indefinitely. We utilize this information to help us identify and fix potential issues with AdBlock as well as to determine the performance of AdBlock features.
The iOS extension captures connection type (wifi or mobile) in addition to the data that the browser extension captures.”
Unlike HTTP Switchboard (and possibly uMatrix), uBlock can’t foil cookie headers. For privacy-minded users it is strongly suggested to:
- Enable “Block third-party cookies and site data” in “Content settings” / “Cookies”.
- It works very well: see “Outbound cookies” in this benchmark results.
- But this may break some sites. For instance, you won’t be able to enter comments on Youtube.
- Useful to know: the block also applies to local storages, not just cookies.
- Enable “Click to play” in “Content settings” / “Plug-ins”.
- Disable “Predict network actions to improve page load performance”, as this causes DNS queries to be made even for blocked network requests (see issue #232).
Chromium command-line switches
These Chromium command-line switches might be of interest to privacy-minded users:
- “Disable default component extensions with background pages” (ref)
- This seems to prevent Hangout Services to be launched by the browser as a background process. Even in Chromium there is such a process launched even if you do not use Google’s Hangout.
- With other Chromium-based browsers, maybe more stuff would be disabled, you decide whether this is good or bad.
- “Disable several subsystems which run network requests in the background” (ref)
- [add more switch of interests whenever new ones are found]
Another powerful command-line switch is:
--host-rules="MAP *.google-analytics.com 0.0.0.0","MAP
*.googleadservices.com 0.0.0.0","MAP *.doubleclick.net 0.0.0.0","MAP
- This switch maps those hostnames (or any other ones) to the IP address 0.0.0.0 (ref) and hence blocks them effectively (even on the Chrome webstore where extensions like uBlock are disabled).
- However, note that blocking those hostnames with that switch might break some websites. That’s why blocking them with uMatrix or HTTP Switchboard is preferable since you can whitelist them as exceptions for those websites which will not work without them. Alternatively, you can use the
importantfilter option mentioned below.
Using the EasyPrivacy list doesn’t protect completely against Google Analytics. So if you were using Adblock Edge or Adblock Plus with the EasyPrivacy list (as recommended by the EFF), you might have thought you were protected against Google Analytics. This is not necessarily the case.
uBlock protects you more against Google Analytics out of the box, because it includes “Peter Lowe’s Ad server” list. Yet, given that an exception filter may exist somewhere in one of the many lists, blocking Google Analytics (or any similarly ubiquitous hostname) is not possible with preset filter lists.
Overriding exception filters
However, in uBlock 0.5.5.0, a new filter option
important was introduced that results in corresponding exception rules being ignored.
to “Your filters” would block Google Analytics regardless of existing exception rules. You could restrict this rule to specific domains.
Or to all third-parties.
It is unclear why this one is not blocked by the Fanboy Annoyance list, as that list already blocks many other twitter widget-related items. If you use above list, and want to block more calls to twitter, you could add the following to your filters:
Gravatar (et al)
Each time you visit a site which puts cute little avatar images near a commenter’s name, there may be a corresponding request to the Gravatar website, and the HTTP
referer header likely contains the site you are visiting. If you want to reduce the tracking potential, you could add a filter such as:
It is unclear if, and how often this breaks things. But it will help prevent your browsing habits from being disclosed to gravatar.com.
This applies to any domain which is ubiquitous enough;
gravatar.com is just one example among many.
uMatrix or HTTP Switchboard are easy tools to deal with this, as blacklisting a ubiquitous domain is simply a matter of point and click.