Hacker News new | comments | show | ask | jobs | submit login
UBlock Origin 1.17.4 released (github.com)
418 points by ronjouch 12 days ago | hide | past | web | favorite | 149 comments





One third-party filter list for uBO that I absolutely love is Web Annoyances Ultralist: https://github.com/yourduskquibbles/webannoyances, for unsticking fixed headers, floating boxes, and elements like that.

I also use uBO for injecting my own styles on pages, like adding an absolute timestamp to github: https://news.ycombinator.com/item?id=15743008


> One third-party filter list for uBO that I absolutely love is Web Annoyances Ultralist

Glad you find it useful!

Personal anecdote: While developing & maintaining a list it can be difficult to know if others are finding it useful because once it is being used (if it is done properly and doesn't break sites), there should be almost no feedback from the user base because they may just think the web is working as it should be and don't realize why it is how it is.


@yourduskquibble awesome list! Thanks :) . I've been actively searching for something like it a few weeks ago to get rid of sticky headers, and didn't find it. In my searches I used the term coined by John Gruber for annoying stick headers: "dickbar" [0]. Maybe consider adding it to the list of GitHub keywords?

Also, to iOS passersby: here's an annoyances blocker for your Safari blocking pleasure: https://itunes.apple.com/us/app/unobstruct/id1255281426

[0] https://daringfireball.net/2017/06/medium_dickbars


Great suggestion I will add that. How discovery happens for others is great info.

Do you have weird bugs with it? I like the idea but I will be worried of having random bugs time to time that are more annoying than the annoyance the list try to remove.

I've never had any issues with it. (At least that I'm aware of - I block lots of stuff by default with uMatrix, so I usually assume breakage is due to that.)

In case you're worried that it'll catch incorrect elements via generic selectors or the like, the list is almost entirely site-specific selectors (see [1]). The (much smaller) list of generic selectors can be found at [2].

[1] https://github.com/yourduskquibbles/webannoyances/blob/maste...

[2] https://github.com/yourduskquibbles/webannoyances/blob/maste...


how does one go about finding lists like these?

hmmmmm, IIRC I just found this one via DDG. This is the only third-party list I use. From a quick look-around, I just found https://filterlists.com/ though.

I wonder if we see it on mobile platforms someday. Not having a norootneeded adblocker on android or ios is very sad

> I wonder if we see it on mobile platforms someday. Not having a norootneeded adblocker on android or ios is very sad

Not sure if this is what you mean exactly, but uBlock Origin (as well as a lot of other Firefox extensions) can be installed[1] on Firefox for Android.[2]

[1] https://addons.mozilla.org/en-US/android/addon/ublock-origin...

[2] https://www.mozilla.org/en-US/firefox/mobile/


Thx! Didn't notice that Mozilla introduced Add-On support on their mobile Browser. I guess extensions support for Chrome Mobile is not coming in the near future, but who knows.

Try Blokada, it is even open source. Like pi-hole for android

just like adclear, it creates a vpn tunnel and had a massive performance impact and also stopped forwarding packets sometimes.

Adaway was great, but that required root of course


Adhell 3 on Android is non-Root and system-wide.

looked promising but seems to be suitable for samsung android devices only.

The first plugin I install on a freshly installed system with Firefox is uBO. After that I harden the browser by changing stuff in about:config.

Chrome has never been an option for us with privacy in focus.

The guys behind uBO should get some price or something.


I don't see anyone mentioning the ability to store about:config settings in a user.js file.

Unless you have some reason not to use it, it's much easier than changing about:config on each computer, you just copy over the user.js file.

Here's a hardened option (no affiliation): https://github.com/pyllyukko/user.js

And a relaxed version: https://github.com/pyllyukko/user.js/tree/relaxed


You can (and should) give them money if you find value. Do it, feels good.

I'm not sure who you have been giving money to, but Gorhill notoriously does not accept donations as he does not want this project to have money be a goal what-so-ever and does not want to feel like he needs to work on ublock origin. That said he strongly encourages donating to the ublock origin lists as without them ubo would be nothing.

See here: https://github.com/gorhill/uBlock/wiki/Why-don't-you-accept-...


I would absolutely love to, but does the author even accept donations? I just combed through my about page and the Github README and didn't see anything related. I was kinda hoping he had a Patreon. Am I blind, or is it just not there?

He writes in his FAQ [1]:

> I don't want the administrative workload coming with donations. I don't want the project to become in need of funding in any way: no dedicated home page + no forum = no cost = no need for funding. I want to be free to move onto something else if ever I get tired working on these projects (no donations = no expectations).

> Have a thought for the maintainers of the various lists. These lists are everything. This can't be emphasized enough.

[1] - https://github.com/gorhill/uBlock/wiki/Why-don't-you-accept-...


Dude could still do a monthly patreon and cancel it if he didn't want to work on it anymore

The maintainer of Ublock Origin does not want to make money from this. He does not want Ublock to turn into Adblock Plus.

If there is no money involved the project cannot be bribed by ad tech. The only acceptable ads are the ones the user white lists.


The point is to make money from the users, not from advertising companies, which is the opposite of adblock. He could still refuse ads by ad tech, I don't see how donations by users would force him.

Money corrupts. The tech sector is living proof at that.

That's exactly the point. You want to be financially independent, or at least earn enough to live to reduce the risk of being corrupted by ad tech money.

I wouldn't do that if I were him because I don't know how to explain that income to the IRS (or rather, the Finanzamt, since I'm German).

In general, the IRS rarely cares about how you're generating income more that you just remember to pay taxes on it appropriately.

Is that income uniquely difficult to explain?

How would you explain that you're making money from a project summary of UBlock?

"Freelance software development", problem solved. Not that the tax authority cares at all where the money comes from. They don't have a "cash income" category because they have a deep and burning desire to know these things. They're primarily busy with taking their cut.

It might depend, on country, but I know that usually you can mention donations as "donations" in your income papers/form.

Don't know how it would be for an opensource project. Mentioning something like "open source browser extension uBlock Origin" probably...

Interesting how people report their donations, patreons, etc.


Patreon aren't donations, they are recurring income in exchange of something (membership model with specific rewards per tier). In many jurisductions these must be declared differently.

Patreon sends a 1099-K if you get more than $20K in a year.

https://support.patreon.com/hc/en-us/articles/207099566-Will...



What sorts of things do you change in about:config?

Thanks for asking.

Many stuff is disabled by default, but it’s a moving target. There are some tutorials online to read.

It depends on what the browser is used for. Some hardening breaks certain sites.

Some stuff to look at:

- dns-prefetch - geo - cookie - dom (disable, breaks sites) - browser.cache.disk - clipboard.events - media.peerconnection - healthreport - spoofRefererHeader

Chrome doesn’t remove history when closed is a big issue.


I search config for "autoplay" and disable everything related. It's not a privacy issue - just annoyance avoidance.

I've got this list in my favs, I think it was posted on HN a while ago:

https://gist.github.com/0XDE57/fbd302cef7693e62c769

I had some problems with sendRefererHeader, so it can definitely break some websites


See, there are some good ideas in that list, but then it gets to disabling Safe Browsing without any explanation. There's a lot of false information around about what Safe Browsing sends to whom, and you should make sure you know what you're doing when disabling it.

Also, the DNS cache size explanation is a bit backwards. "Number of cached DNS entries. Lower number = More requests but less data stored." Where do you think that data is stored? Bigger cache size means fewer requests that inform a third-party (your DNS server) of which sites you're visiting. (Information leaks from the speed of resolving a query might be a concern, but I'm not sure how doable this is from a webpage.)

And then it disables all caches (including in-memory) for... what reason, exactly? You can configure firefox to clear all your browser data when you close it.

But then they force-enable WebGL, which enables quite a few tracking techniques. This list is weird.

I guess all I want to say is don't blindly apply settings from this list. The author traded a lot of convenience, speed, and security for some perceived privacy.


> don't blindly apply settings from this list

I am not a security expert, but I tend to agree with this. I took a look at the script and noticed a few of the things you pointed out, and I have had horrible experiences running random scripts I found on Github before from claimed-to-be "experts", so I'll stick with the defaults (and UBlock).


> don't blindly apply settings from this list.

Unfortunately, there is no real documentation of the various about:config parameters. So one has to trust doubtful sources on what settings would be useful, or spend many hours reading the source code of Firefox.

I don't understand why each setting is not documented on the about:config page. It would bind the documentation to the release, providing the info suitable for the FF version. I can't see any drawback, except that developers would have to provide a small description of every setting they introduce, which I hope they already do somewhere.

Here is my own frustrating experience with about:config. I sometimes hit Ctrl-q when I meant Ctrl-w. So instead of closing a tab in FF, I close the application and loose my input on some pages. I tried to restore the (previously default) behavior of asking for confirmation before quitting. I had 2 settings in "about:config" named "browser.warnOnQuit" and "browser.showQuitWarning". Only the former one is documented in the mozillaZine wiki. It seems the latter was the old name of this setting, which FF updates never migrated.

So I changed the config, and nothing happened. After several variations, I headed for the source code of FF, and saw this setting was ignored when "restoring sessions" was active. There is no way to ask for confirmation in modern FF.


This was just fixed in the latest release.

Cached DNS queries / speed to resolve can indeed be exploited, as shown here: https://www.chaoswebs.net/timebleed/

There are efforts to prevent this in the future but for now disabling or limiting DNS cache seems the only viable option.


Safe browsing would not be bad if it were just a warning. Unfortunately the concept of personal responsibillity is absent from Firefox. I remember a time when you could click "I know what I am doing take me to the site anyway".

it can definitely break some websites.

That makes sense. Checking the Referer header is a quick and dirty way to implement cross-site request forgery (CSRF) protection.


Not as extensive, but certainly more user friendly option:

https://ffprofile.com/


As a smb sysadmin for a GSuite based company, I've forced it as an extension to Chrome, so whenever any employee logs into Chrome, it automatically adds it.

curious, is this your job description "smb sysadmin"? sounds awfully specific for a job.

I expect it was meant as in "small and midsized business" rather than Samba :)

One thing that block my migration to firefox is the zoom thing. In chrome I can zoom pages and it stick (I need bigger fonts everywhere). Can't replicate the same with safari or firefox.

In Firefox the zoom levels are saved per website. It has had that feature for a long time. Or do you want to zoom once and have it zoomed on all websites you visit?

Yes, I wanna a option for all

There's a minimum font size setting which works globally for every site in Firefox' preferences under Fonts & Colors ==> "Advanced..."

As expected it will increase any font that doesn't meet your minimum size.

If you're fine with per-site settings, just use the zoom option.


Yeah, this is a major pain in the butt for me as well. I want to only use Safari and Firefox but they really should finally pay attention to this pretty intuitive feature.

this isn't true on safari. On preferences > web sites > zoom, you can see the zoom level that you choose for each sites

Oh! this is new? Because it look like it work well!

Same here, the very first thing I do on a new FF is install uBO, switch to advanced mode and default-deny 3rd party scripts and frames. Then I noop sites only as needed:

https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-de...


What does your workflow look like in terms of Firefox? What all sites do you visit where UBO doesn't mess it up too much to not have any work done?

Just curious. I am on a similar boat but sometimes find some sites to be unreadable after having UBO and some other privacy adjustments through about:config.

Thanks!


I'm not parent commenter, but other than the occasional misconfigured internal work LAN webpage, I've had zero to little problems with UBO.

Is there an example of a site that is unreadable after a default install of UBO for you? I'd be curious to check it out..


>UBO doesn't mess it

Never had this issue. Even in Slack, where UBO blocks 778 elements atm.


It's just fine on actual websites. The only things it breaks are the single page app monstrosities (and the occasional crappy newspaper site) that I don't use anyway. It's very rare that I have to disable uBlock for anything.

On the otherhand I also run NoScript temp-whitelist only so all sites that rely on javascript are broken by default for me until I figure out which CDN/etc to temp whitelist.


> Chrome has never been an option for us with privacy in focus.

You can use ungoogled-chrome.


What about chromium? (just found out today that there are APK for it :).

UBlock Origin is more than an ad-blocker. Some usecases other than being ad-blocker

1. Hide Quora notification icon

2. Hide YouTube notification icon

3. Hide stackoverflow questions you might be interested section(right bottom section)

How do you use other than ad-blocker?


Hide YouTube suggested / recommended sections both on the front page and to the right of the player. It's disturbing to see how much this changes my consumption patterns.

I'm beginning to realize that instead of using YouTube: explicitly search for video -> watch video -> read a comment or two -> close tab

YouTube has been using me: open main page -> get distracted by a video that an algorithm knows I'll be interested in -> click a couple more recommended videos -> fall down the auto-play ad revenue rabbit hole -> hour later: 'oh yeah, why did I open YouTube...?' -> perhaps search for intended video, perhaps get distracted again -> etc. etc

This trend has become synonymous with popular internet services over the past 10-20 years. These services are marketed as a way to connect with distant friends, view all the multimedia the internet has to offer, save us money, etc. when in reality the majority are leveraging large-scale data collection combined with neural nets to hijack our brains' reward systems just for the sake of greed. God bless uBlock!


Example: I use default-deny 3rd party scripts and frames + disable javascript everywhere by default. I temporarily enable these only on a per-site basis only if really needed (permanently for the few sites I visit regularly).

It’s really a content blocker, primarily used to blog ads.

4. Hide humongous Wikipedia donation element after having donated.

This.

The wikipedia page is completely broken on mobile devices during the fundraiser. (Text in the popup is so large that it becomes impossible to hit the close button).

I have donated to wikipedia for the past 5 years, and will continue to do so. But the fundraiser banner is just terrible, and persists after you donated.


It is really annoying to get that even after donating. I have never signed up for a wikipedia account (which, now that I think about it, is kind of amazing?) but if I had one, would the donation dialog disappear after donating? Maybe I will sign up to find out.

At the very least for me it didn't last time I donated: the donation seems to be completely untied to your account.


To be fair, that is an ad.

Hide gmail's quick-reply suggestions

Thank you so much gorhill. So much, for making the web a better place.

> The original prototype was to develop an idea I had about using jump indices in a TypedArray for quickly matching hostnames (or more generally strings)[1]. Once I had a working, un-optimized prototype, I realized I had ended up with something formally named a "trie": <https://en.wikipedia.org/wiki/Trie>, hence the name. I have no idea whether the implementation here or one resembling it has been done elsewhere.

So I heavily experimented with squeezing performance out of a JS-based trie-implementation for LZString[0]. Back then some early experimentation suggested that using TypedArrays was likely to be slower than using objects with numerical keys, and for non-degenerate input using a trie based on plain arrays and indexOf calls was the fastest[1]. However, it's been a while since I looked at those numbers (and I suspect that with uBlock's use case look-up performance matters more than insertion performance, which makes it very different from LZString's).

But it should be obvious that HNTrie's implementation[2] is something I'm very interested in ;).

[0] https://github.com/pieroxy/lz-string/pull/98

[1] https://github.com/pieroxy/lz-string/blob/ba8988028d78962eba...

[2] https://github.com/gorhill/uBlock/blob/2a91a685ce3d2dae5d3c2...


> So I heavily experimented with squeezing performance out of a JS-based trie-implementation for LZString.

Incidentally, I did write a JS/WASM version of LZ4 block encoding[1] (also used in uBO). I do wonder if it could be of interest for the LZString project.

My understanding is that the output of LZ4 compression would need to be further processed to make it JS string-friendly (for localStorage purpose).

Maybe worth exploring if even with that extra step[2], the performance gain if any is worth it?

[1] https://github.com/gorhill/lz4-wasm

[2] Encode 7 bytes into 8 valid ASCII characters?


Dman. So how many awesome things do you casually do on the side just in the name of improving uBlock?

*Damn.

The idea I had a year ago [0] was to bake the host names inside of WASM with hardcoded character lookups. You can build WASM from inside JS easily enough, or in other ways, and just ship hostnames.wasm with the product. Maybe I should revisit the idea with benchmarks.

0 - https://github.com/cretz/software-ideas/issues/68


I believe I saw similar results comparing typed arrays vs simple objects with numerical keys when doing this refactor[0] at least in V8. In my case case multiple child keys may match so I need to scan them instead of indexOf but otherwise it sounds similar. Also didn't see benefits from turning non-branching paths into arrays, maybe due to fairly shallow trees. I've also used a very simple trie implementation for public-suffix tree matching in my own extension[1] so interested in what the current best way to implement this sort of thing is in JS.

[0]https://github.com/yahoo/ycb/pull/54

[1]https://github.com/billdorn/cookiekiller


Addendum: to clarify, with "non-degenerate input" I mean that for the vast majority of nodes in the resulting trie we have a handful of charCodes to search through at most. This holds true for most normal types of text. It is however trivial to create string that breaks this assumption: make one that features every legal UTF16 charCode. Throwing this at lzstring-unsafe.js will freeze it. So this could be another assumption that does not hold for uBlock's use case.

I wish gorhill would make a Safari content-blocker version of ublock. None of the existing blockers (who mostly just package existing block lists and charge money for it..) work as well as uBlock IME.

Unfortunately, all Safari releases going forward (12 onwards) are removing APIs that allow uBlock Origin to do what it does.

Apple are basically neutering _all_ blockers, unfortunately. I don't know if they're planning on filling the void though.


The reason these APIs are being removed are to improve the privacy of users.

Apple recommends all adblock extensions now use the content blocking API which is superior from a user privacy perspective. When using the content blocker apis, the extension cannot view or read which web pages are visited. Prior extension APIs had full access to browsing history (which obviously can be easily abused).

The content blocker API is different but does allow full featured and sophisticated adblockers. I know because I create one which is very efficient, effective and free - Magic Lasso Adblock (https://www.magiclasso.co/)


Except that API kills one of the main use cases - live blocking annoying stuff that's already on the page. Apple's gimped API, as far as I can tell, offers no way with the user to interact with the plugin.

Meaning that if the blocker misses something (and it will), I have no way to deal with it.

This "privacy" canard is just Apple being Apple and punishing users in the name of full control. The #1 and #2 most used adblockers by everyone have no legitimate privacy concerns.


That's Apple's model - users cannot make their own decisions.

as usual apple doing weird things that only people deeply invested in their platform will bother learning.

While Apple has been guilty of this, but I think in this case this has actually improved their platform. I’d really like for the API they are proposing become a web standard, but unfortunately I doubt it would ever do so…

This is not quite true; what Apple has done is deprecate the old extension API (which has not been removed yet! You can still install these extensions from the Safari Extension Gallery in Safari 12, and will be able to do so until some unspecified point in the future which is extremely likely to be next year), which is what uBlock Origin was written using. Apple would like extensions to move to an app extension based model, which while lacking some API is not actually missing anything that uBlock Origin needs to function to my knowledge, which is to say that an enterprising individual is free to port uBlock Origin almost unchanged to this new model.

However, as of iOS 9, Apple has provided a new model for blocking ads: the content blocking API, which relies on lists of filters that the browser applies automatically. This is meant to replace an extension running JavaScript on your page to do the same thing, which means that blocking is faster and doesn't mean you have to trust the extension author to make sure they're not doing anything malicious.


> Unfortunately, all Safari releases going forward (12 onwards) are removing APIs that allow uBlock Origin to do what it does.

This is extremely disappointing. There are "Apple-approved" blockers on the App Store but none is as efficient as uBlock Origin, they also lack transparency.


App Store blockers can be and in some cases are as efficient as uBlock Origin. Many are likely more efficient as the blocking is implemented directly by Safari using optimised content blocking rules that are executed by native code (as opposed to Javascript execution as per UBlock Origin).

When compiling the content blocking rules, Safari also ensures the rules fit within reasonable execution limits to ensure there is absolutely no speed decrease due to blocking. If the rules are excessive, they are rejected by Safari.

In terms of effectiveness, yes there is variability between different blockers. We are the creators of one blocker for iOS and Mac and have found that it is extremely effective and in tests we've done provides a 2x speed-up on web page loading and rendering speed (for the top news and media sites we tested)

https://www.magiclasso.co/insights/difference-adblocking/


HN is full of advertising posts now...

Buddy, your product is not fully featured. In ublock, you can click and block individual elements or domains, in your product,the feature to whitelist any site is even a beta feature... And your app costs money, because the free version doesnt offer all blocking lists.

It also seems like i can not use my own lists, or language specific lists. Btw, where can we download your content lists to make sure you do not just resell free, community driven lists?

So thanks for promoting Safaris terrible adblocker framework with a paid product that is lightyears inferior to the free Ublock we are discussing here.


You may be looking for something like AdGuard: https://github.com/AdguardTeam/AdGuardForSafari

Big fan of 1blocker! It works just perfectly. I think that Apple has created a really nice concept for adblocking. They leverage native performance with enough flexibility for 3rd parties. Plus, the privacy aspect is great.

There's a fantastic fork/port available: https://safari-extensions.apple.com/details/?id=com.el1t.uBl...

It's not a content-blocker version, but it's a port of Chrome version.


This point release is broken [0], the maintainer has disappeared [1], and Safari will kill it shortly [2].

[0]: https://github.com/el1t/uBlock-Safari/issues/122

[1]: https://github.com/el1t/uBlock-Safari/issues/130

[2]: https://developer.apple.com/documentation/safariextensions


Do you mean on iOS? I find that AdGuard works pretty good and uses pretty much the same lists as uBlock anyway.

Use a different browser?

I'm a sucker for random benchmarks, and seeing there was a benchmark against the hostname-lookup stuff, I took a quick shot (2015 MacBook Pro, running High Sierra)

Anyone know why regex performance on Safari is so diabolically bad?

    Safari 12.0.1 on OS X 10.13.6.
    
    Test 100 needles against 16 dictionaries of hostnames
      -                 Set-based x 3,149 ops/sec ±0.75% (59 runs sampled)
      -               Regex-based x 281 ops/sec ±0.78% (61 runs sampled)
      -      Trie-based (1st-gen) x 14,118 ops/sec ±1.66% (66 runs sampled)
      -   Trie-based JS (2nd-gen) x 12,349 ops/sec ±0.58% (61 runs sampled)


    Chrome 70.0.3538.110 on OS X 10.13.6 64-bit.

    Test 100 needles against 16 dictionaries of hostnames
      -                 Set-based x 3,376 ops/sec ±1.95% (61 runs sampled)
      -               Regex-based x 4,492 ops/sec ±1.66% (27 runs sampled)
      -      Trie-based (1st-gen) x 9,431 ops/sec ±0.69% (51 runs sampled)
      -   Trie-based JS (2nd-gen) x 8,627 ops/sec ±0.63% (47 runs sampled)
      - Trie-based WASM (2nd-gen) x 12,169 ops/sec ±0.58% (64 runs sampled)
    Done.

Since the last major Firefox update, I haven't needed to run an adblocker. I set Firefox to block trackers always (not just in private mode) and I hardly ever see ads, or I don't notice them at least.

Despite built in options for ad-block, uBlock Origin is still essential for me.

There is too much junk on sites, poorly designed elements that take up half my screen, social media elements, video elements - I tend to block those elements freely.


Good to see wat being used over bringing in emscripten baggage: https://github.com/gorhill/uBlock/tree/master/src/js/wasm

I wonder if this wouldn't be a good use-case for Walt. It's close enough to the metal to avoid bringing in unwanted baggage, but still a lot more convenient to write in than the .wat format.

[0] https://github.com/ballercat/walt


1.17.4 not functioning with Firefox 52.9.0 (32-bit) Reverting to 1.17.2 it works again.

I've been using uBO in advanced (dynamic filtering) mode for a few weeks now. I strongly recommend everyone wary of privacy to start doing that now. It's surprisingly not so difficult at all!

I've been having a lot of cosmetic filtering issues with UBlock lately, not sure if it's an issue with the lists or with UBO itself.

Sites that load but stay "blank" until you disable filtering


This type of issue is usually solved for me by going into uBlock Origins settings and pressing update for the blocking list

some websites out there will detect that no ad code was allowed to run and then refuse to show you a page.

This is widely known. It's also why uBlock replaces ad scripts with "neutered" scripts to make the page render anyway. It's good stuff!

Are you using this list?

Adblock Warning Removal List

https://easylist-downloads.adblockplus.org/antiadblockfilter...


What is a good ad blocker like this for Safari?

I use 1Blocker. It exists for both macOS and iOS. It uses Safari's native content blocking API, so it's supposedly fast. As far as I know, the developer is not engaged in any shady dealings with ad companies. The only downside is that it's not free.

The Dev did something shady on iOS by releasing a second version just because he split up the lists.

His argumentations don't seem shady to me: https://backstage.1blocker.com/say-hello-to-1blocker-x-8b55e...

Safari now has excellent privacy features, so I just don’t block ads, allowing the people creating the content I consume to, you know, eat.

[flagged]


Don’t use outrage if you want to misunderstand metaphors.

uBlock exists also for Safari, however you need to download it through the App Store these days. https://www.ublock.org/safari/

That’s not uBlock Origin, that’s the icky one. I use the AdGuard extension for desktop Safari, and the app for mobile Safari, which use the content blocking feature of Safari itself.

My bad, thanks for the clarification. As @heartbreak pointed out, this seems to be the real deal https://safari-extensions.apple.com/details/?id=com.el1t.uBl...

That's.. also not exactly the real deal. It's a community fork of uBlock Origin with some patches and then became unmaintained. That's why I use AdGuard for Safari.

https://itunes.apple.com/app/adguard-for-safari/id1440147259

https://itunes.apple.com/app/apple-store/id1047223162

These two.


This is the correct link for uBlock Origin from the Safari Extension site: https://safari-extensions.apple.com/details/?id=com.el1t.uBl...

The one linked by fragebogen is the non-origin version which you probably do not want to use.


Any idea why I can access this extension through Apple's webpage, but not through the App Store? The App Store only shows the non-Origin uBlock.

Apologies for the week late reply. Apple has classified this extension as one which might slow your browsing down (of course it does, though the impact is imperceptible to me). Because of that, it’s not only unlisted but also will show a warning banner in Preferences after install, and will occasionally be disabled by Safari updates.

Keep on fighting the good fight, gorhill.

the most important browser extension

Are there benchmarks where the wasm engine of a browser beats the Js engine of the same browser in compute heavy code?


Results on mine:

    Benchmarking, the higher ops/sec the better.
    Firefox 63.0 on Windows 10 64-bit.

    Test 100 needles against 16 dictionaries of hostnames
      -                 Set-based x 1,443 ops/sec ±3.46% (54 runs sampled)
      -               Regex-based x 4,093 ops/sec ±1.18% (25 runs sampled)
      -      Trie-based (1st-gen) x 8,993 ops/sec ±1.92% (59 runs sampled)
      -   Trie-based JS (2nd-gen) x 7,923 ops/sec ±2.81% (44 runs sampled)
      - Trie-based WASM (2nd-gen) x 10,100 ops/sec ±1.75% (54 runs sampled)
    Done.

Interestingly, my numbers are completely different relative to each other when compared with yours... I wonder how the number of runs is determined and if this affects the results.

  Benchmarking, the higher ops/sec the better.
  Firefox 63.0 on Fedora 64-bit.
  
  Test 100 needles against 16 dictionaries of hostnames
    -                 Set-based x 1,707 ops/sec ±1.93% (60 runs sampled)
    -               Regex-based x 4,078 ops/sec ±0.88% (25 runs sampled)
    -      Trie-based (1st-gen) x 10,038 ops/sec ±1.41% (64 runs sampled)
    -   Trie-based JS (2nd-gen) x 7,258 ops/sec ±1.03% (40 runs sampled)
    - Trie-based WASM (2nd-gen) x 8,033 ops/sec ±1.08% (44 runs sampled)
  Done.

  Benchmarking, the higher ops/sec the better.
  Firefox 65.0 on Windows 10 64-bit.

  Test 100 needles against 16 dictionaries of hostnames
  -            Set-based x 1,647 ops/sec ±2.23% (13 runs sampled)
  -          Regex-based x 1,178 ops/sec ±4.95% (48 runs sampled)
  -                 Set-based x 1,854 ops/sec ±1.94% (59 runs sampled)
  - Trie-based (1st-gen) x 275 ops/sec ±4.61% (56 runs sampled)
  -               Regex-based x 2,947 ops/sec ±2.32% (61 runs sampled)
  - Trie-based (2nd-gen) x 671 ops/sec ±2.60% (47 runs sampled)
  Done.

  -      Trie-based (1st-gen) x 9,311 ops/sec ±1.61% (51 runs sampled)
  -   Trie-based JS (2nd-gen) x 7,121 ops/sec ±1.28% (40 runs sampled)
  - Trie-based WASM (2nd-gen) x 7,983 ops/sec ±2.44% (63 runs sampled)
  Done.
And mine seems to look different than yours, but similarly lopsided.

I got these results on an i7 8700K (not overclocked):

  Benchmarking, the higher ops/sec the better.
  Firefox 63.0 on Windows 10 64-bit.

  Test 100 needles against 16 dictionaries of hostnames
    -                 Set-based x 1,917 ops/sec ±1.21% (14 runs sampled)
    - Trie-based (2nd-gen) x 829 ops/sec ±0.64% (66 runs sampled)
  Done.

    -               Regex-based x 4,475 ops/sec ±0.37% (27 runs sampled)
    -      Trie-based (1st-gen) x 8,624 ops/sec ±0.29% (48 runs sampled)
    -   Trie-based JS (2nd-gen) x 8,848 ops/sec ±0.43% (49 runs sampled)
    - Trie-based WASM (2nd-gen) x 10,441 ops/sec ±0.30% (57 runs sampled)
  Done.
Interestingly, my CPU only boosts to 4.3 GHz during this benchmark and CPU utilisation of the Firefox process only goes up to 8%.

That's what I got too:

    Benchmarking, the higher ops/sec the better.
    Firefox 63.0 on Linux 64-bit.

    Test 100 needles against 16 dictionaries of hostnames
      -                 Set-based x 1,992 ops/sec ±0.71% (15 runs sampled)
      -               Regex-based x 5,148 ops/sec ±0.18% (30 runs sampled)
      -      Trie-based (1st-gen) x 11,797 ops/sec ±0.49% (63 runs sampled)
      -   Trie-based JS (2nd-gen) x 8,471 ops/sec ±0.50% (47 runs sampled)
      - Trie-based WASM (2nd-gen) x 9,543 ops/sec ±0.48% (52 runs sampled)
    Done.
I don't see why trie matching performance would depend on the host OS... Unless WASM runs out of process and requires some form of IPC, I guess?

Interesting that an iPhone XS is the fastest of all the benchmarks above.

Benchmarking, the higher ops/sec the better. Safari 12.0 on Apple iPhone (iOS 12.1).

Test 100 needles against 16 dictionaries of hostnames - Set-based x 3,763 ops/sec ±0.19% (68 runs sampled) - Regex-based x 392 ops/sec ±0.16% (66 runs sampled) - Trie-based (1st-gen) x 20,669 ops/sec ±0.15% (69 runs sampled) - Trie-based JS (2nd-gen) x 16,926 ops/sec ±0.71% (69 runs sampled) Done.


Safari is also a lot faster than Firefox/Chrome on the Trie-based versions (non-wasm)

For some reasons, I found that Firefox's results for WASM are always better after a first run -- i.e. clicking "Lookup" again without reloading the page. I don't know what is the explanation of this.

Firefox can cache the compiled WASM. So perhaps your benchmarks include compilation warm-up on the first run.

  Benchmarking, the higher ops/sec the better.
  Safari 12.0.1 on OS X 10.14.1.

  Test 100 needles against 16 dictionaries of hostnames
    -                 Set-based x 3,801 ops/sec ±1.01% (62 runs sampled)
    -               Regex-based x 370 ops/sec ±0.68% (60 runs sampled)
    -      Trie-based (1st-gen) x 15,679 ops/sec ±0.73% (63 runs sampled)
    -   Trie-based JS (2nd-gen) x 16,408 ops/sec ±2.50% (62 runs sampled)

  Benchmarking, the higher ops/sec the better.
  Firefox 63.0 on OS X 10.14.

  Test 100 needles against 16 dictionaries of hostnames
    -                 Set-based x 1,703 ops/sec ±3.46% (57 runs sampled)
    -               Regex-based x 4,210 ops/sec ±1.95% (26 runs sampled)
    -      Trie-based (1st-gen) x 9,961 ops/sec ±0.74% (65 runs sampled)
    -   Trie-based JS (2nd-gen) x 7,120 ops/sec ±0.61% (40 runs sampled)
    - Trie-based WASM (2nd-gen) x 7,993 ops/sec ±0.81% (44 runs sampled)

  Benchmarking, the higher ops/sec the better.
  Chrome 70.0.3538.110 on OS X 10.14.1 64-bit.

  Test 100 needles against 16 dictionaries of hostnames
    -                 Set-based x 3,414 ops/sec ±5.66% (53 runs sampled)
    -               Regex-based x 4,667 ops/sec ±2.50% (28 runs sampled)
    -      Trie-based (1st-gen) x 10,665 ops/sec ±1.31% (56 runs sampled)
    -   Trie-based JS (2nd-gen) x 7,852 ops/sec ±1.66% (43 runs sampled)
    - Trie-based WASM (2nd-gen) x 11,930 ops/sec ±2.49% (58 runs sampled)

MacOS 10.14.1

Hardware:

MacBook Pro (15-inch, 2017)

Processor: 2.9 GHz Intel Core i7

Memory: 16 GB 2133 MHz LPDDR3

Graphics: Radeon Pro 560 4096 MB

Intel HD Graphics 630 1536 MB


  Benchmarking, the higher ops/sec the better.
  Safari 11.1.2 on OS X 10.12.6.

  Create dictionaries
  -Set-based x 1,393 ops/sec ±0.85% (60 runs sampled)
  -Regex-based x 1,798 ops/sec ±0.75% (61 runs sampled)
  -Trie-based (1st-gen) x 419 ops/sec ±1.35% (61 runs sampled)
  -Trie-based (2nd-gen) x 986 ops/sec ±0.77% (63 runs sampled)
  Done.

[flagged]


Since when is uBlock an Anti-Virus?

If you benchmark the latest Ferrari against a wooden boat for driving on water you will get the same results as this test.


None of the other browser extensions in the test are Anti-Viruses yet they seem to block fine many of the malware threats

Furthermore, what is the purpose of Malvertising filter list by Disconnect​​​​​​​​​, Malware Domain List​​​​​, Malware domains, in uBlock Origin if they can't protect the user from malwares?


What. Everyone of them is an anti-virus extension except uBlock Origin:

Avast, Avira, Bitdefender, CheckPoint SandBlast Agent, Malwarebytes, McAfee, Panda, Windows Defender,... All are extensions made to enhance the effectiveness of it's own security suite.

uBlock is just a content-blocker.


Fair enough, uBlock Origin advertises itself as following (from the github page):

uBlock Origin is NOT an "ad blocker": it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker". The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites -- through EasyList, EasyPrivacy, Peter Lowe’s ad/tracking/malware servers, various lists of malware sites, and uBlock Origin's own filter lists.

However, I assume that most people still use it mainly for blocking ads. And for that it is excellent.


can those companies provide free access to their blocking lists they created based on their research? ublock will work just as well if so.comparing paid products to freeware is madness in the malwertising space

Judging by these tests Google safe browsing (as Chrome in these tests) is more than enough for malware blocking https://malwaretips.com/threads/updated-24-11-2018-browser-e...

The blocker's effectiveness is only as good as its blocklists.

uBO, however, is the most efficient blocker out there. And it comes with some of the best default blocklists for blocking ads and trackers.


uBlock Origin + Google's Safe Browsing (or SmartScreen if you're an Edge user) should be enough for just about anyone. Furthermore one of the strengths of uBO is the ability to use dynamic filtering[1] which bypasses the filter list problem entirely.

[1] https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium...


I wonder how long will take until they ban/remove this as well using DCMA



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: