Hacker News new | past | comments | ask | show | jobs | submit login

I see NoScript being recommended but if you're not using Firefox this isn't an option. Lukily both uBlock[1] and uMatrix[2] are cross platform and will work on most (any?) Chromium based browsers as well as Firefox. All instances of uBlock in this post are referring to uBlock Origin[1].

In addition to NoScript both uBlock[1] and uMatrix[2] can be configured to block javascript (you can block both 3rd and 1st party javascript with either). In fact even on Firefox I would recommend trying uMatrix instead of NoScript because of the interface but my opinion is probably biased since I've been using it for some time now. You can keep NoScript enabled in this situation just make sure to whitelist TLD's and allow scripts globally (also remove the built in whitelist while you're at it).

If you want a simpler solution which offers the best bang for your buck then using uBlock in medium mode[3] is what I would recommend. This will block 3rd-party scripts and iframes (globally). Any page breakage that occurs as a result can be very easily handled by setting a noop for scripts and/or iframes for that pages scope. You can also block 1st party scripts if you really want to but it will likely cause a lot more stuff to break. uBlock can also enable browser settings that will prevent WebRTC leakage under certain circumstances.

On a side note if you're using even just uBlock then that will likely remove the need for running additional privacy extensions (save ones that deal with cookies) like Disconnect which also block network requests (you can use the Disconnect lists from within uBlock). uMatrix does give you the control over cookies.

[1] https://github.com/gorhill/uBlock

[2] https://github.com/gorhill/uMatrix

[3] https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium...

I switched from easy to medium mode after reading following your advice. How would you suggest dealing with for instance youtube.com now that no videos will load?

Btw only hard mode stops any browser details leaking on the test site: http://webkay.robinlinus.com/ which is awesome, but I wonder how much time you have to spend fixing all the sites that you visit that will be broken in this mode.

Anyone using "hard mode"?

The easiest way is to enable 3rd party scripts on youtube. While at youtube open the uBlock Origin menu and set 3rd party scripts locally to no-op. After you enable advanced mode the two columns the now appear are for blocking stuff globally (left side) and locally (right side). Globally blocked stuff (like when you set up medium mode to block 3rd party scripts and iframes) automatically gets applied to the smaller scope (local to the site currently open).

To unblock scripts just turn the 3rd party scripts block to gray which equals a noop for that. Green is explicitly allow which is what we DON'T want since we still want filtering from the filter lists to apply. Basically to unbreak sites you start with setting 3rd party scripts to noop then iframes if that doesn't fully fix a site. This setup is rather course grained but is the easiest way to increase security and privacy with the least amount of user interaction (the most bang for your buck basically).

As you browse with this "medium mode" you'll probably interact less and less as your dynamic filtering list gets built up. I wouldn't recommend using the "hard mode" since there's not a lot to gain from it and it will cause a lot more breakage.

Edit: Also I just noticed this but font blocking is also enabled in the medium mode screenshots. This isn't part of the described medium mode and the author of the screenshots likely forgot to turn it off before taking them. However you're free to try it out if you want but keep in mind it can break the look and feel of sites. Also it may not actually block the downloading of the font if you're using Chrome or a Chromium based browser so there's less of a reason to use it on Chrome.

Subjectively, uBlock doesn't seem to be catching everything recently - has something been changed?

If you're only relying on the filter lists then you're at their mercy.

Without using NoScript, what else should I be doing?

Learn to use "Dynamic filtering" or check about the "Blocking Modes"for example, uBO's abilities far exceed those of your average adblocker that relies only on filterlists https://github.com/gorhill/uBlock/wiki

There's also Xombrero, a minimalist web browser on top of WebKit with whitelisting for JS, plugins and cookies. It's also keyboard oriented.

Thanks a lot for your detailed explanation! I added a link to your post on the page.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact