What is Reddit's opinion of
uMatrix?
From 3.5 billion Reddit comments
100 reviews of this app found across Reddit:
For users wondering what to do now that WOT has been confirmed to be a spyware, your alternative is to use opensource security softwares. I recommend using uBlock Origin and NoScript.
You can browse pretty much any site without any concerns with those two installed. There's another awesome addon called uMatrix, which is made by the same developer as uBO, but you should get some experience with using uBO first.
This was fixed in this commit, released with 1.13.8. As part of the release, it also became possible to toggle on/off workers on a per-scope basis (I personally toggle off globally and toggle on only to unbreak pages).
Also worth considering is uMatrix - same developers, same general idea (keeping things you don't want off the site you're browsing), but totally different approach that allows for much finer control over what gets blocked. Works best alongside uBlock Origin, but can replace it entirely if necessary.
Sorry - didn't realize they had finally turned on their paywall.
FYI, if javascript is turned off, a browser will ignore a lot of paywalls. Although that breaks a lot of other stuff, so best to be able to toggle it on/off easily. I use,
>in my household UBO is used for adblocking and cosmetic filtering, uMatrix being a general blocking tool.
This is likely why they are kept separate as they are really meant to do different (though related, and sometimes overlapping) things. It makes sense to keep either one able to be used without the other.
They originally were part of the same extension -- HTTP Switchboard -- which was then split into uBlock and uMatrix.
Having both Ghostery and uBlock Origin installed at the same time will do you more harm than good as it's easier to identify you using your browser's unique fingerprint. Also uBlock Origin does all the stuff Ghostery does but better while at the same time being less memory intensive.
uMatrix (same developer behind uBlock Origin) can be used to give you full control over what a website is allowed to load or show you. It blocks scripts running in the background, flash, iframes and so on.
I've moved on to uMatrix, which is basically a media firewall for the more advanced user. It's similar to noscript but with more control over what you allow, while also blocking ads from the usual subscriptions that adblock/ublock use. Blocks most things by default, and requires you to do the whitelist setup (which is honestly the best way).
(uBlock is for everybody, uMatrix adds more options/security for advanced users. But they can be used together too.)
Then there are two options.
Either the buttons are loaded from the same domain as the main website content, in which case the demain does not deserve any more of my attention,
or
the buttons are loaded from a different domain in which case plugins like uMatrix (Github Wiki Link) can purge them by denying their connection requests when the site is still in the process of beeing put together.
uMatrix is incredible...
incredible powerful (as said above it simply denies connections for example to common ad networks and analytics networks)
incredible likely to break the functionality of websites (a lot of websites use scripts for technology like APIs and ajax from Google for example. You can whitelist those domains and subdomains though, so over time the website breaking occurs less often)
incredible easy to configure once you've learned how to do it (it has a simpler UI where you can simply allow/deny content type specific connections on a domain basis, for the currently visited subdomain, for the entire visited domain, and for the internet as a whole)
incredible informative (you can see all the domains that would be informed about your existence, and see the overall astonishing amount of cookies that domains want to set. 3rd-party cookies are blocked by default in uMatrix, maybe you have to enable some to restore functionality, but overall most cookies (and with that a ton of tracking) are beeing blocked)
I am using uMatrixs internal User-Agent-Spoofer. You suppy it with a list of user agents strings and it randomly picks a new one every n minutes from the list.
Once in a while, I will grab a list of the most common user agent strings and remove all the ones that don’t match my browser (e. g. remove all non-firefox strings). Thereby, it should be much harder for a website to detect that I am actually spoofing it, but it also makes fingerprinting me less reliable.
Never. gorhill has archived the Github repo which means no more code commits. Sad day for the Internet when one of the best Firefox extensions dies a silent death.
You should disable automatic downloading in your browser's settings. There is literally no reason to have that feature enabled. It won't protect you 100%, but it will give you a bit of a warning that something isn't right when you are asked if you want to download "totally_not_ransomware.exe".
I'd also recommend learning to use uMatrix and not browsing the internet without it. If that's too much, at least get an ad blocker. "Advertisement" and "Malware" might as well be synonyms at this point. Scan your computer for malware regularly with both a trusted anti-virus and Malwarebytes Anti-Malware. You can never be too safe.
Cookie-auto-delete, umatrix, and privacy badger are all open source on github, so that helps.
https://github.com/Cookie-AutoDelete/Cookie-AutoDelete
Remove SUMO from extensions.webextensions.restrictedDomains and set privacy.resistFingerprinting.block_mozAddonManager to true.
Edit: Credits and sources: https://github.com/gorhill/uMatrix/wiki/Privileged-Pages.
No they don't
https://github.com/gorhill/uMatrix/issues/32#issuecomment-61372436
> uBlock is pattern-based/cosmetic-based filtering (EasyList etc.), while uMatrix is matrix-based filtering. Any one of them can be used standalone, hence why some of the preset lists are the same (uBlock supports hosts files). They are not specifically made to run together, but if they are, unchecking malware-related hosts files in uBlock is suggested to avoid unneeded overlap.
Gorhill said a few months ago that when uMatrix is ported to Firefox he will likely go to Firefox as his main browser. He has also said that he plans to use Deathamns work on porting uBlock to port uMatrix himself.
\uj
It's by uBlock's maintainer: https://github.com/gorhill/uMatrix
It's more advanced (you can block CSS, images, scripts, frames, whatever) and as a result sometimes, no matter how much I activate, stuff just doesn't appear on the screen. In most of those cases I have to use Chrome and it makes me feel dirty.
> The switch to webextension might become a major hit to privacy, as many addons we rely upon will stop working.
All the addons recommended in privacytools.io will be WebExtension when 57 comes around/or there are similar alternatives.
- Privacy Badger: already compatible with 57.
- uBlock Origin: WebExt being worked on, Hybrid WebExt already done.
- Self-Destructing Cookies: wont be WebExt but I think there might be some alternative.
- HTTPS Everywhere: WebExt being worked on, see the relevant Github issue.
- Decentraleyes: WebExt being worked on, see the relevant Github issue.
- uMatrix: WebExt being worked on, Hybrid WebExt already done.
- NoScript" WebExt being worked on.
Stop spreading FUD.
Yeah, these days it's not really practical to disable JS browser-wide. The less-aggressive approach would be to use NoScript or uMatrix.
uMatrix allows you to filter requests based on source, destination and request type; and basically gives you the control to decide what to and not to block, with incredible flexibility. I definitely recommend checking out their wiki.
I use Firefox as my main browser with uBlock Origin and uMatrix. Over time, I've gathered a nice set of uMatrix rules for the sites I visit. Perhaps surprisingly, a good portion of sites work ok without you having to touch anything. And the ones that don't, you can usually unbreak them by spending a few seconds fine-tuning the uMatrix rules for their scope.
If I can't get what I want with uMatrix relatively quickly, I just fire up an incognito Chromium window that only has uBlock Origin.
AdBlock Plus has acceptable ads turned on by default, so some ads the company deems reasonable are being let through on purpose. You should switch to uBlock Origin.
Ghostery is owned by an ad company, and therefore should not be trusted. You should switch to uMatrix.
uMatrix is what the cool kids use nowadays, and it was recently ported to Firefox.
After about two years of carefully crafting rules, many sites just works wrt Youtube, Vimeo, cdnjs and so forth, even without first-party Javascript enabled.
Edit: it also comes with Adblock filters (although I've disabled those), HTTPS preference and a user agent switcher.
As u/throwaway1111139991e suggests, uMatrix is the best alternative. I switched to this a few years ago, after using NoScript for a long time. I also use uBlock Origin for filtering ads.
If you're interested here's the uMatrix Wiki.
It is, you just have to get the dev version: https://addons.mozilla.org/en-US/firefox/addon/umatrix/versions/beta
https://github.com/gorhill/uMatrix/releases/tag/1.0.1rc0 >Given the announcement that legacy extensions will be disabled tomorrow in the Nightly build, I pushed uMatrix/webext -- the pure WebExtension version -- to dev channel of uMatrix on AMO.
Unfortunately, there were changes in Chromium which now prevent uBlock Origin from being able to report and to block network requests made by other extensions.
This still works fine for Firefox though.
uMatrix, from the same developer. Development has stopped, but it still works great.
Gives you fine-grained control of what loads on a given site.
Very aggressive by default, thus many websites will be broken. However it's easy to re-allow everything, or individually.
It's missing the only two I use right now (used to have a ton more, but heh) uBlock and uMatrix. Out of the box they block pretty much everything and are really snappy.
I suggest everyone to take a look at uMatrix, the recently-added recepies make unbreaking a site really fast, and the default (allow everything first-party, block third-party scripts) works great.
Regarding cookies, I have this in my user.js which greatly limits tracking:
user_pref("network.cookie.cookieBehavior", 3); // Allow third-party cookies only from sites I have visited previously user_pref("network.cookie.lifetimePolicy", 3); // Keep cookies until they expire or until network.cookie.lifetime.days passed, whichever is shorted user_pref("network.cookie.lifetime.days", 7); // Cookies last a maximum of 7 days user_pref("network.cookie.thirdparty.sessionOnly", true); // Third-party cookies are deleted when closing Firefox
Install uMatrix. It takes a bit of getting used to, but I find it much more user-friendly than NoScript is in its current form.
There's an official wiki here: https://github.com/gorhill/uMatrix/wiki
I made this image to help too: https://i.imgur.com/PRdDqOb.png
And here's a copy of my settings to get you started: https://pastebin.com/yASWFZ1j
(* means all, 1st-party means only from the site you're on)
There's an official wiki here: https://github.com/gorhill/uMatrix/wiki
I made you this image to help too: https://i.imgur.com/PRdDqOb.png
And here's a copy of my settings to get you started: https://pastebin.com/yASWFZ1j
* means all, 1st-party means only from the site you're on
It takes a bit of getting used to, but I find it much more user-friendly than NoScript in its current form.
Maybe you have a higher chance to solve this when you open a thread at bugzilla?
If you really want to block stuff till then use a stable Version of Firefox and uMatrix - allows blocking images (And everything else) on per-site basis, etc.
Right, sorry.
On your Desktop, you can use something like UMatrix or UBlock Origin (less good, but less complex to use) to protect yourself from most forms of invasive cookies and tracking.
On Android, you have a bunch of apps that are connected and sending all sorts of calls home all the time.
To reduce this, you can make a certain set of addresses impossible to access at a root level.
It used to be that to do this, you needed to root your system, but doing a quick search before answering right now, it seems you don't need to do this anymore (be sure to read the comments, there's more to do than what's described in the top post)
I still prefer to use the rooted system-wide version, because it's easier to turn on and off, and apps cannot work around it. To do this, you'll need to root your phone and use Magisk. I will not explain how to here, because though I do it when I get a new phone, it's not my area of expertise.
I just want to reiterate; doing all of this is of ultimately little benefit for your privacy if you use Google services and browsers anyway.
But it can save battery and make browsing internet faster and more enjoyable.
I think the difference is that Cookie AutoDelete allows whitelisting which cookies to remove.
Personally I have since moved to µMatrix following https://github.com/gorhill/uMatrix/wiki/How-to-block-1st-party-scripts-everywhere-by-default except for cookies, which if I understood correctly doesn't remove cookies, but prevents them from being sent to the server.
^^^ This.
Pi-hole, or some variation of the idea is the way to go.
Getting it running will literally help all of your browsing and web activities. The Roku ads aren't bad (relatively speaking), but every time I see, say CNN's page, or the Weather Channel, I'm shocked at how horrible they are without Pi-Hole (and uMatrix and uBlock Origin, although neither of those help with Roku devices specifically).
Frames are a way for one web page to embed another. This is often used for advertising: the main page contains a frame, which contains content from an ad server.
XHR is a way for scripts to communicate with the server they came from. This is used to make pages more interactive, but it can also be used to report to the server what you do when you're looking at that page (mouse movements, etc).
I'm still not sure what the triangles mean.
You might want to look through the uMatrix documentation. In particular, the walkthrough should be helpful.
yeah here are a few
https://github.com/gorhill/uMatrix/wiki/Very-bare-walkthrough-for-first-time-users tldr version
http://www.adamantine.me/index.php/2015/11/18/umatrix-desperately-needed-guide/ one that goes over some of the other features
> I tried uMatrix but I don't know how to configure it (it blocks things that I actually need) so if you have any advices on how to configure it I would really appreciate.
Read the Wiki, there's plenty of instructions on how to configure it there.
https://github.com/gorhill/uMatrix/wiki
If you get it to work, you won't be needing NoScript. >I don't know whether I need disconnect in conjunction with ublock origins, as I've noticed the latter already has basic disconnect list.
No, you don't. Uninstall it. >Do I need something else? Are there unnecessary addons? Are there better alternatives to what I installed? Thanks for suggestions!
If you're really concerned about privacy, then it would be beneficial to install Self Destructing Cookies to get rid of unnecessary cookies, as well as blocking third party cookies globally, RefControl to forge referrers (may break some websites, but you can easily disable it for them), BetterPrivacy to delete LSOs, Clean Links to clear the links that may send feedback to the website you are coming from and UAControl to fake your useragent. It is also important to disable certain features of the browser, such as GeoLocation, Beacon, Safebrowsing, Healthreport and others. Needless to say that all of this is useless if you have a unique IP and don't use a VPN or if you use Google services and social networks such as Facebook.
Thank you for explaining that.
If I understand XSS correctly, it's scripts being injected into pages tricking the browser into thinking the source is from the original, trusted, website when it is not.
I searched the GitHub issues and found this topic: Blocking Cross-site scripts (XSS).
This kind of goes against what I was thinking of when trying to understand XSS. The dev of uMatrix says to block 3rd party content (which I believe is default, out-of-the-box, behaviour). However, isn't the point of XSS tricking the browser into believing the source is from the 1st party? So blocking 3rd party doesn't really do much here?
You can do what you want with uMatrix.
NoScript 3.0 is/was supposed to gain this capability. But it has been years in the making. Right now uMatrix will give it to you.
you can already use uMatrix on firefox, if you build it from github , Little buggy in spots but it works.
- git clone https://github.com/gorhill/uMatrix
- cd uMatrix
- sh tools/make-firefox.sh all
Nah, it's just for blocking net requests before they happen. It doesn't disable JS itself or anything like that, just prevents it (and other stuff) from even loading. It's like taking uBlock and allowing you to select which stuff gets through and which doesn't (which is much more customizable than everything or nothing on just a per-site basis).
Check it out here.
> I've considered using my ad blocker (uBlock Origin), but I don't see a way to disable video in general, only specific network sources or element IDs or classes. If I'm missing something there, please let me know!
You can with uMatrix. It's like uBO but for "advanced users", made by the same developer.
Just select the global scope, block media (must be red) and hit the padlock.
> uMatrix blocks various 3rd party stuff... including javascript. NoScript blocks all javascript- even 1st party.
uMatrix has always been able to block 1st-party javascript execution: <https://github.com/gorhill/uMatrix/wiki/How-to-block-1st-party-scripts-everywhere-by-default>
There are some okay comments here so far, but if you want to automatically block all third party domains on every site you visit then you need to configure uMatrix. It's very advanced, made by the same developer as uBlock Origin, and can do exactly what you want.
I also recommend having uBlock Origin installed alongside uMatrix, and uninstalling Ad Block Plus or any other ad blocking software you may have installed, because additional software will only cause redundancy and performance issues.
By default uMatrix blocks all third party domains on every site you visit and this leads to most sites being broken the first time you visit, meaning you will need to configure them to get them working. Personally this is what I do, because the hassle of figuring out what a site needs to properly function does not bother me, but uMatrix can be set to allow everything by default and then just turn off third party domains, ect. on whatever site you are visiting.
So why use uMatrix over uBlock? It's just more powerful and more detailed in what you can block. On uBlock Origin you can block all third party scripts, or none of them, but on uMatrix you can pick and choose which domains get to use which scripts, cookies, fonts, ect.
https://github.com/gorhill/uMatrix
I recommend reading the documentation before installing, as uMatrix is very advanced in how it functions, but you'll learn a lot about how sites work and how to do exactly what you want to do if you read the documentation and start using the extension.
> I had to turn uMatrix off just to be able to post this.
> Definitely for advanced users. > > [...] > > uMatrix does not guarantee that sites will work fine: it is for advanced users who can figure how to un-break sites, because essentially uMatrix is a firewall which works in relaxed block-all/allow-exceptionally mode out of the box: it is not unexpected that sites will break.
both are forks of HTTP Switchboard.
uBlock changed to be more like adblock.
uMatrix kept the HTTP Switchboard UI but removed ABP style filtering. all filter lists are used as hosts files. more differences
>You can find more details and a temporary fix in this issue thread: https://github.com/gorhill/uMatrix/issues/795
that's 404, gorhill disabled the issue tracker...do you have a copy or a write-up or something?
I use uMatrix to manage cookies in Chrome/Chromium. It's by the author of uBlock Origin. uMatrix allows you, among many other features, to blacklist cookies and automatically deletes them. You can also delete non-blocked cookies automatically, and clear the browser cache, according to a timer than you can set.
You can for example, establish a general policy of blacklisting all cookies by default and allow only a few exceptions, and check the delete blocked cookies option. This way once you have set up all the sites you don't want blocked, all the cleaning is done automatically.
Or (also) uMatrix.
https://github.com/gorhill/uMatrix
It is basically a firewall for your browser with explicit allow rules. In default configuration it allows everything that is same origin and nothing else.
my rules are:
https-strict: * true matrix-off: about-scheme true matrix-off: behind-the-scene true matrix-off: chrome-extension-scheme true matrix-off: chrome-scheme true
matrix-off: localhost true matrix-off: moose true matrix-off: opera-scheme true * * * block * * css allow * * frame block * * image allow * 1st-party * allow * 1st-party frame allow reddit.com redditstatic.com script allow
which effectively breaks all sorts of things (including stuff like docusign and visa card verification, so you need to disable it for the session if you are doing something like buying online; I use this in addition to ublock origin).
You can allow or block a particular content type on a per-domain basis and based on what domain the requesting site is on.
> uMatrix can replace HTTPS Everywhere
According to the author that's not the case (or the intention).
Its "Strict HTTPS" toggle will block mixed content (partially encrypted pages) but it doesn't attempt to rewrite URLs to HTTPS if they're served as HTTP by default.
O uMatrix é muito mais poderoso que o Privacy Badger, Disconnect, NoScript e RequestPolicy juntos.
Recomendo depois de instalado ler de como funciona a partir da wiki
Aber warum dann nicht gleich uMatrix? Die persönliche Firewall für den Browser.
Kleingedrucktes:
^^^WARNUNG: ^^^benötigt ^^^etwas ^^^mehr ^^^Arbeit ^^^um ^^^wieder ^^^funktionierende ^^^Webseiten ^^^zu ^^^bekommen.
If you're interested in a more "intense" adblocking, the dev of uBlock Origin also made an extension/addon called uMatrix.
It's pretty much a firewall with a matrix grid of rules (which domain and what type of resources to allow/block) where most of the stuff are blocked by default (i.e. need to create whitelist/allow rules), and you must enable them manually for most third party sites/domains for their scripts or data/cookie requests.
Takes a while to get used to, and a lot of popular sites are most likely broken when you first visit them. But once you get it running and set up for your websites it doesn't take much work to manage.
Using uMatrix in addition to uBlock Origin makes it easier to manage if you set up uBlock to block ads/tracking stuff while uMatrix blocks everything else by default. As you slowly enable things through uMatrix for legitimate scripts/needed resources, anything ad/tracking related should still be blocked by uBlock. If uBlock is only set up for ads, you can also just disable uBlock on "trusted" sites while uMatrix can keep blocking the malware hosts files (may need to adjust some uMatrix rules to allow ads, I don't use the ad host files in uMatrix for this setup).
All in all, uBlock can do everyting uMatrix can do, but uMatrix offers a separate and easier UI for more complex blocking and the modularity of having two separate types of blockers each with their own toggle.
It's also interesting to see exactly how much crap every website is using, and what is loading what as you slowly enable/allow stuff (testing umatrix rules requires a lot of page refreshes).
look at uMatrix or RequestPolicy continued for that functionality.
The former can actually take the place of NoScript for script blocking, but would not replace it for the likes of XSS protection
If it isn't bad, then shoot me a PM so I can install a program on your computer that will let me see your full browsing history. I will keep this copy indefinitely without you knowing what I will do with this data, and I can sell any information I gather to whomever I please. It may not seem too bad at first, hey I know user #10 likes to frequent sites x, y and z, but over time you start to build a better profile of user #10, find out that his name is John Doe, the city he resides in, the places he's planning on visiting thanks to your advertisements being on yelp.com. It really does become a legitimate issue.
I think the effect is more pronounced replace a faceless advertising company and instead think of them as your creepy neighbor. Would you want your creepy neighbor having this information?
As you have recommended though, I have a good degree of control over what data I share with websites, and as I mentioned before, anyone who wants to look into doing this on their own should check out gorhill's uMatrix.
https://github.com/gorhill/uMatrix/
Check out the wiki for the information as it's got one of the best documentations of an open source plugin I've seen. It will be default block any HTTP requests to EVERY 3rd party site. It's for advanced users but once you get the hang of it you'll find a good balance between usability and privacy.
Kissanime-User here:
You see this bar because an Ad does fail loading but tries forever on and on...
I know two solutions:
1. Get enough K-Points to go Premium (and if that is not enough you can block everything unnecessary with uBlock because a premium-account has no anti-adblock enabled).
2. You can block the annoying domains that load in the background (and other unnecessary content) with uMatrix.
Make sure you read the wiki and understand how uMatrix works and what it does!
When you understand everything then allow on:
kissanime.com:
cookie, css, image, script, XHR.
googlevideo.com:
other.
vjs.zencdn.net:
css, script.
For the HTML5-Player these are the minimum required permissions for browsing Kissanime and watching Videos.
Claiming that something called noscript security suite isn't about preventing malware is extremely moronic. You can choose to use it for privacy if you want, the two aren't mutually exclusive but in his case its not really relevant since OP was specifically talking about the effectiveness against malware.
Noscript is a terrible option for both. The default setting is whitelist based. It relies on the users' discretion. Which means you can spend ages of guess-and-check whitelisting to get a page working properly but as soon as you accidentally allow the wrong site the whole extension is next to useless.
Quite a few in this community has a hard-on for this particular extension for some not-so-good reasons. The rest don't understand in detail why they're using it, but hey, if multiple strangers on the internet are recommending it surely the hassle must be worthwhile right? If you have to micromanage the content your browser loads there are still more intuitive and feature complete options such as umatrix and policeman.
Ahhh my mistake. Yea I'm not too sure to be honest, since I don't use umatrix. Also I believe it hit EOL since the github https://github.com/gorhill/uMatrix is archived. If you have a site that needs to make a request to localhost, like in the situation you described, I would suggest just using the toggle to turn off Port Authority when using that site. I will try and work on making a custom white list.
Code was last updated Feb 24 2020, but Gorhill updated the wiki yesterday.
~~Anyone have more info about uMatrix being (un)maintained?~~
Nevermind:
https://www.ghacks.net/2020/09/20/umatrix-development-has-ended/
I use 1.4.1b6, you should get it from https://github.com/gorhill/umatrix/releases. It's from February, but it's better than nothing, it also changes some things up, such as the "XHR" category being replaced with "fetch".
Looks intimidating, but pretty easy after it's set up. Check the github wiki to learn into it's working.
https://github.com/gorhill/httpswitchboard/wiki (prototype version)
https://github.com/gorhill/uMatrix/wiki
uMatrix has this option, actually, in a couple of ways:
- You can directly edit the rules in the preferences. This means I can copy the rules I use for a particular site and send it to a friend. Assuming they use the same global rules, the rules that you send them should "just work"™
- You can import recipes from other users, which is pretty much exactly the usecase you're talking about (it basically automates the first way).
>Does uBO automatically offer this protection (XSS) in hard mode? I know uMatrix does as made clear here:
>https://github.com/gorhill/uMatrix/issues/276
There is no magic - if you block all third party connection, then there is no way for XSS to succeed. It's the same for uBO and uMatrix.
These are default https://github.com/gorhill/uMatrix/wiki/Default-ruleset-at-installation
All other are added by you.
>How to remove my rules?
Just delete them as any other text, then save and commit.
My desktop's Xorg is currently broken due to me recklessly WM hopping, so I'm typing this out from my phone (which is very difficult to do on my small phone). Which is why I said it might take me a bit.
Anyways, I don't use Noscript because I'm using uMatrix.
uMatrix is like a very in-depth... firewall for your browser. To make it easier to explain, I'll show you some screenshots of what it looks like (I'm running Arch on my phone from Termux, and using VNC to view the GUI I set up. In case you're wondering why the screenshots look like they are from a desktop (which I guess they technically are)).
Anyways, it allows you to block cookies, css, images, media, scripts, XHR, frames, and "other" from any website currently connected to the website you are visiting. This includes the 1st party website as well.
It is a very powerful addon (much more powerful than NoScript in my opinion), though this only meant for people who are willing to take the time to configure uMatrix to unbreak websites (because you will break a lot of websites starting out.)
By default, I acutally have my uMatrix set up to block literally everything except for css and images. Though that's because I don't mind sitting here for a few minutes per website to unbreak them. Anyways, this addon gives you a very fine-tuned control over what enters your browser and what doesn't.
By the way, uMatrix is FOSS. Ok, I think I'm done explaining now. Excuse my language, but this took so fucking long to type out on a phone. So I hope what I wrote was useful.
Then your option is uMatrix. But it is from the same developer.
Also, uBlock Origin is open source, you can manually check the source code for each release if you don't trust it otherwise :)
No, it's the opposite. uMatrix blocks content by default, and only allows content by rule. There are four colors for each cell indicating the status for each content item:
- light green = allowed by default (most first party content)
- pink = blocked by default (most third party content)
- dark green = allowed by rule (content you specifically chose to allow)
- dark red = blocked by rule (content you specifically chose to block)
"First party" means the content comes from the same origin as the url of the page you're visiting. "Third party" means content comes from a different origin than the url of the page you're visiting.
> NoScript
I used Giorgio Maone's NoScript for years, but now I prefer Raymond Hill's uMatrix. Either way, the web is much better.
> HTTPS Everywhere
I used this for a while and don't even know if it did anything useful.
> DuckDuckGo
Well it's a shot in the dark but could you try the latest dev build? (it's uMatrix.webext.signed.xpi, I need to rename to uMatrix.firefox.signed.xpi eventually).
> Is this somehow possible to edit the rules for visited sites, which are closed now?
Unfortunately, not possible, this is something I want to fix since a while now: <https://github.com/gorhill/uMatrix/issues/951>.
Better to use something a bit more transparent and customizable than Ghostery. I would suggest Umatrix, which works better than anything else I've tried after a couple of hours of learning how to use it.
There is a wiki for uMatrix, reading through it and actually installing and trying uMatrix to get a sense of how it works is probably the best way to answer your own question. uMatrix's filtering engine is entirely based on looking up rules from hostnames/resource types, so its overhead is extremely low given the control it provides.
NoScript will show the <noscript> section with js blocked, but uMatrix can't on Chrome.
Edit: I just discovered/noticed the "Spoof <noscript> tags" feature in the triple-dot menu.
https://github.com/gorhill/uMatrix/issues/319
You can find link in uMatrix About page, in issue template, contributing guide (sadly not accessible in new issue page) Now first issue in original repo have it too. This was just oversight.
Are you asking for exception for <meta ...refresh tag only? Because "Spoof noscript tags..." will show/execute what is inside <noscript>. Disable this if you don't want redirection https://github.com/gorhill/uMatrix/wiki/How-to-block-1st-party-scripts-everywhere-by-default#noscript-tags
All rules are temporary in uMatrix, there is no point adding some special button to do just what you can do in the matrix UI. The other point, from where the rule originates is already an issue opened in the issue tracker. So in the end, the issue is invalid, one part is pointless, the other is a duplicate. Also, I explicitly asked in CONTRIBUTING to not request features, and the one requested here is completely unnecessary. At this point because of repeated disrespect of what is asked before opening issue, I am very close to set the repo to read-only.
It has reasonable defaults but yes, you'll have to manually maintain it.
For example I don't use facebook. Thus I don't need a facebook cookie.
You can check out it's wiki.
For what it's worth, I've followed in the path of gorhill (uMatrix and uBO developer) and no longer use uMatrix. Instead, I only use uBO in medium mode.
You do know that uMatrix doesn't actually block cookies from entering the browser, it just prevents sites from reading those you've blacklisted.
See here
uMatrix doesn't block cookies, it just prevents sites from reading them once they've been set
> Blacklisted cookies are not prevented by uMatrix from entering your browser. However they are prevented from leaving your browser, which is what really matters. Not blocking cookies before they enter your browser gives you the opportunity to be informed that a site tried to use cookies, and furthermore to inspect their contents if you wish.
> Once these blacklisted cookies have been accounted for by uMatrix, you can ask uMatrix to remove them from your browser if you wish so: just check the setting "Delete blocked cookies" in the Privacy tab.
Maybe you should try it out in a new profile. https://github.com/gorhill/uMatrix/wiki/Very-bare-walkthrough-for-first-time-users
uMatrix's main focus is to easily block/ublock resources. It does not have any advanced script related functions.
1) You can change the settings for User agent spoofing, Referrer spoofing and Strict HTTPS using the per scope switches: <https://github.com/gorhill/uMatrix/wiki/Per-scope-switches.
2) Not that I'm aware of.
Like /u/Turtle_Tots suggested, avoid competing ad-block mechanisms, especially from different vendors where needless duplication is more likely. I would ditch AdBlock, keep üBlock Origin, add üBlock Origin Extra if applicable to your browser, then consider trying üMatrix for significantly more granular control. üMatrix has a relatively steep but, in my opinion, worthwhile learning curve; I like it primarily as a complement to üBlock Origin. As a word of caution, üMatrix is somewhat similar to NoScript in that they both have a greater likelihood of breaking certain websites until custom rules are setup.
The uMatrix developer is tracking this issue here: https://github.com/gorhill/uMatrix/issues/795
The thread also includes a workaround fix for the issue if you don't want to downgrade to the old version of uMatrix.
I was like you at first, but realized that its useless to keep NoScript around.
Anti-XSS is not needed if you default block every 3rd party. https://github.com/gorhill/uMatrix/issues/276
ClearClick is similar, but I dont find any definitive information its workings. But for the years I used NoScript, dont remember finding it too useful.
If you want to learn about uMatrix, check out the github wiki, and also its prototype, Http Switchboard.
You can set uMatrix to run in allow-all but block blacklisted domains - this will do a good job of keeping bad stuff blocked, whilst allowing most stuff to work.
There are instructions here:
https://github.com/gorhill/uMatrix/issues/146
This is the relevant part (the linked thread has an image that may help)
>What you want is to allow everything by default, except to keep blocking whatever is in the hosts lists.
>Here are the steps:
>Select the global scope (* in the drop down list at the top left) Click the all cell so that it turns green Click the frame cell to turn it pale green Save -- click the padlock so that the new rules stick This way uMatrix will run in allow-all/block-exceptionally mode.
>Keep in mind some hosts lists can break stuff, so you may still stumble on broken sites. So use the hosts lists which are less likely to break something.
Also - make sure that you're using uBlock Origin (not just uBlock)
Not sure if they are geeky but here are some of mine:
- XFCE Theme. Great place for that is: https://github.com/shimmerproject
- Thunar: Many custom actions for Thunar (edit as root, create symlink, open terminal in this folder, md5sum, etc...). Disable movie thumbnailer (which most of the time suck).
- UFW (basic Deny Incoming, Allow outgoing)
- Customize Chromium: Google Search in English (instead of the default to local), uMatrix, Animation Policy (to stop gif animation), and various custom extensions (new tab, user scripts to modify sites, etc..), add various flags to Chromium's launcher (--start-maximized --disable-webgl --disable-3d-apis --disable-bundled-ppapi-flash --disable-plugins-discovery)
- Disable flat volume in pulse audio (on debian, not sure if necessary in Ubuntu)
I think they're both pretty well set up "out of the box", actually. Just make sure you go into the options for both of them and see if there's anything that catches your attention. They have a few additional privacy options, like uMatrix spoofing your user agent. If you want to enforce Script HTTPS like you can with HTTPS Everywhere, uMatrix has that option too.
uBlock Origin (note: uBlock is developed by a separate person now, uBlock Origin is considered better and by the original uBlock developer) is pretty close to your bog-standard AdBlocker in terms of appearance, maybe a little more advanced. Easy to use interface if you click the icon, hovering over the icons has tooltips.
uMatrix (by the same person as uBlock Origin) is kind of difficult to use if you're not overly familiar with the workings of websites, but you get used to it. For a tutorial, read the README, there's links to documentation in there. It's kind of in-depth so just focus on the UI tutorial sections if you want.
Melhor mesmo é usar uMatrix e Self-Destructing Cookies
Mais informação em r/chapeubranco
uMatrix is designed for more advanced users, so it's not always easy to configure. You may want to look at these example rulesets, I added them a while back and Youtube has been working fine since. There are still some sites where I could never figure out a good balance (without essentially disabling uMatrix).
Make sure your filter lists are up to date and then clear out your caches before visiting the site again because it may be that this also affects uBlock Origin, meaning the ads could in fact be blocked but still displayed because they are already saved locally on your machine from earlier. Don't quote me on that though, it's more of a "just in case".
Just a note to others that uMatrix does this too. So either use request policy or uMatrix. If you decided to go with uMatrix, you can import your rules from requestPolicy (https://github.com/gorhill/uMatrix/wiki/FAQ) though I haven't tried it.
uMatrix is remake of the HTTP Switchboard addon. It's by the same developer as HTTP Switchboard but they completely threw out their old code and built it off the uBlock Origin codebase.
From what I hear about people who know how to use it, it's like Request Policy and uBlock Origin in one addon put together. Don't quote me on that though.
https://github.com/gorhill/uMatrix/blob/master/doc/description/description.txt
You might want to take a look at uMatrix.
I think uMatrix has many advantages over RequestPolicy - but just try it yourself, you won't be disappointed.
Here is a little introduction to uMatrix: click
And if you want also check out the AdBocker uBlock origin by the same author. These two together work like a charm!
yes it does.
it lets you block more than javascript.. it works for images/css/scripts/crosssitescripts/plugins
in a way, ..at least in 'firefox' speak.. its sort of like a combination of noscript and request policy.
but it is better than the combination in every way, in my view.
there is a firefox version.. which works just great, you need to get it from the github page as it doesn't seem to be in the addon repository yet
>NoScript, no BetterPrivacy, no CookieSafe
Ever tried uMatrix (the successor to HTTP Switchboard ) ?
They are both open-source and regroup the functionalities of NoScript, RequestPolicy, adBlocker, and cookie management.
You can block scripts, iframes, images, plugins, cookies, and more all from a single and efficient matrix based UI. Cookie management, and privacy features are also included (automatic cache deletion, HTTP referrer spoofing, strict HTTPS, etc...). It applies to 3rd-party requests too unlike the basic Chrome settings.
>No Adblock Plus, no Ghostery
Both exist on Chrome...
You might also be interested in uMatrix. Made by the same developer; designed for fine-tuned control of requests. It's in blacklist mode by default. Many people seriously interested in web privacy use uMatrix.