Hacker News new | past | comments | ask | show | jobs | submit login
Hush: Noiseless Browsing for Safari (daringfireball.net)
164 points by ggoo 42 days ago | hide | past | favorite | 86 comments

So this is basically a wrapper for Fanboy's cookie monster list? This is really nothing special IMO.

Plus, the fact that the filters are inside of the app source and not fetched from a remote repo means that filtering errors (false-positives) will take hours or maybe days to be fixed, as the dev will need to push out an update (or pull Fanboy's upstream fixes), it will need to be approved by Apple, and then the user will need to update the entire extension.

Compare this with uBo or Adguard, where one can manually check for updates and pull a new version of a single filter list or every filter list in ten seconds. In uBo, the user can also badfilter the offending line in the list or disable uBo from running on a specific domain.

In general, as evidenced from this issue list, cookie consent lists are somewhat problematic and can break sites. Some of these issues may be fixed by now. https://github.com/ryanbr/fanboy-adblock/issues?q=%22easylis...

All these "apps" are required because Apple doesn't allow extensions like uBo to work with Safari and they force ("strongly encourage") developers who want to create simple extensions to go through and make a whole app with the right entitlements on both iOS and Mac.

It doesn't need to be approved by Apple. The app can download a new list directly. Or run in background and update the list when needed.

Yes, Wipr does exactly this. Safari content blocker extension blocklists don't have to be static — the host app and (I think) native extension code can modify blocklists as needed.

Yes, but submitting a new version is what the dev is doing, at least right now. https://github.com/oblador/hush/issues/13#issuecomment-76639...

Your mileage may vary but the first 3 websites I opened after installing it:

- https://twitter.com/ still shows cookie banner at the bottom

- https://botland.com.pl still shows cookie banner at the bottom

- https://www.17track.net started showing "You are seeing this message because ad or script blocking software is interfering with this page." at the bottom of the page and asked me to solve a captcha

I'd recommend you file an issue (or even better, a pull request) at https://github.com/oblador/hush/issues

May be better to report it to Fanboy. This app seem to be almost entirely based on it. Doing so helps many more users than those of this app. Are improvements upstreamed or does it just piggyback?


Good point. If you are already using an adblocker and are interested in this then you can just ad the fanboy list from easylist to your adblocker.

Fanboy's Annoyance should already have what Fanboy's Cookiemonster List has. And, it's one of the default, but not activated, lists in uBlock Origin.

Note that neither Safari nor Chrome are good choices if you want an effective adblocker these days.

Firefox, use it.

It turns out the author links a Google Form for reporting problems in the app:


for every site you visit? yeah no thanks

I think you’re setting unreasonable expectations. Ad blocking has years of work behind it, and it still isn’t an exact science. Cookie banners are even harder, because they usually only come in the form of an element that blends in.

That's kind of the point. The solution is one by one blacklisting?

If so it needs to be better than making tickets. What about a system to hide the elements manually and that action feeds into a database?

Have you ever looked at a blocklist? It’s literally thousands upon thousands of rules. And you blocking something shouldn’t add it to a list because what you block may not be what someone else wants blocked.

A system could work where once more than x users have created the same manual blocking rule it goes to a list for manual review, and added to the main list if it's deemed useful.

Some important privacy concerns with having that info reported back of course.

Is there any work being done to revert the requirements of cookie banners, age consent, etc? These are all utterly pointless and easy to bypass.

While we're at it, get rid of the forced "piracy is harmful" ads on every media disc too. Pirates don't actually see these messages, they're stripped out in the final copy, so the actual legal customers are the only one suffering through it as they can't be skipped either with the skip button, which is silly.

We need to do a better job of cleaning up our laws that has turned out to be worthless.

I think the cookie banner requirements are just fine: they're only required if sites are tracking you. It's a good sign that if I'm on a site that's not bothering me with a cookie banner, it's respecting my privacy: https://github.blog/2020-12-17-no-cookie-for-you/

Making the widespread surveillance that was previously invisible visible (and annoying) seems like a good move to me.

They’re ok but they should be more precise:

1. Require websites to be concise and offer a yes/no ONLY.

2. Reverse-lobby browser vendors to turn this into an API.

3. Require everyone to use the API.

Now users can block or accept all requests at once like they can block or accept Notification requests.

But virtually every site I visit is tracking me.

It doesn't change the fact that they're tracking me, it just makes me click an "X" or "OK" every damned time I visit some new site to read an article or something.

I could understand your argument if sites were actually removing tracking in order not to annoy users with the popup.

But sites aren't doing that, not in any meaningful number at all. So it's not having any effect on privacy, while annoying basically every internet user ever constantly (before you hunt for an extension to block as many of them as you can).

So I don't see how it's a good move at all, not in practice. It's just annoying, and that's it.

Before cookie banners were required, do you think the average user would have any idea how many sites were tracking them? I don't think they did. It's beneficial if only to increase public awareness, because tracking is otherwise invisible.

Heck, I'm a reasonably technical user, and I wouldn't have noticed in most cases. Again, invisible. Now I have a negative first impression of a site if it annoys me with cookie banners, and a more positive one if not.

Except now it feels like a California Prop 65 warning that you see on literally every business. “Something in here may cause cancer. Is it a bottle of toilet cleaner locked in the supply closet? Is it benzene in the hummus? Who knows!”

And what difference does it make if we now know we are being tracked?

I wonder that too. Would this be something the W3C would look into introducing some configurable cookie-consent (i.e. "Accept all", "necessary only", "block all" options) that browser vendors could then pick-up on and adopt so that it wouldn't require manual checks at each website visit?

As the DNT header history shows, the only solution is privacy laws

Something like the Do-Not-Track header? The history of that pretty much shows how much adoption to expect for a feature like this, sadly.

Cookie banners aren't required per-se, and when the website wishes to do tracking that would require consent under the GDPR, the regulation mandates that the consent prompt should be clear, opt-in (aka pre-ticked checkboxes aren't allowed) and that accepting should be as easy as declining (so if opting in takes one click, so should opt-out).

The problem is that the GDPR is not being enforced seriously so these breaches of the regulation aren't being cleaned up. I'm not sure if it's malice or outright stupidity and the companies legitimately believe they are compliant (there is tons of bad and incorrect advice out there).

If you want things to change and you're in Europe, you should start by questioning the incompetence of your local data protection agency as they are the ones that have the power to investigate breaches & impose fines. In the UK, the Open Rights Group is raising money to sue our data protection agency for its incompetence/unwillingness to enforce the regulation, so maybe it's worth checking out: https://action.openrightsgroup.org/help-us-protect-your-data... (no affiliation)

Do Not Track should have been made legally binding. Hell, with any sane interpretation of GDPR it would be.

> Hush is a throwback to the days when good clever people made good clever things

It is sad the author believes that cookies banner is here only because website owners don't care about design anymore. Banners are absolutely annoying by design because owners want people to be annoyed and click "I accept everything" to not be annoyed anymore. Owners could very well make those banners disappear with one simple trick: just don't collect any information.

The "golden past" isn't one where they used to care about users' experience, it's one where they didn't have to care about users' privacy. I personally highly welcome the change and try to websites that don't care about my privacy by default.

Plenty of those cookie banners specifically make it harder to opt out of inessential cookies, though. That part bothers me a lot.

That's by design, they want you to click on "I accept everything" without reading. It's the choice that the website owners did

This is also explicitly against the regulation they're trying to comply with - at which point they may as well just not ask for consent to begin with.

I know. I hate it.

Many websites implemented the banner because other websites are implementing them. There’s a lot of bandwagons out there.

The EU used the force and threat of law to force everyone to do it.

Two options exist:

1) ask for consent for personal data you are taking 2) do not take personal data.

The latter is clearly preferable.

The thing is, the EU is not using the force of the law because the law explicitly bans annoying or misleading consent prompts, so should the law be enforced, the problem would self-resolve very quickly.

The EU used the force and threat of law to force everyone who already should have been doing it to do it.

A bunch of other people just jumped on the bandwagon.

It's a bit puzzling, why would you add an annoying banner for 'fashion' purposes? It's more work and if you don't believe it's useful (in this case to shield yourself from potential legal trouble) why would you do it?

The key part is that many people do believe it's useful when it's not.

It's management/legal saying "Oh no, we use cookies! We need a cookie banner!", even though the only cookie used is to track state or some such thing which doesn't fall under GDPR.

Exactly. You "have to have one" even if it is nonsensical or meaningless (a number of these banners are on sites where the ONLY cookie ever recorded is one saying you've seen the banner!).

I get the name makes sense for what it does but I long for the days that products weren’t simple English words - searching “Hush” on the App Store found many results - none of which looked like this.

Which brings me to the annoyance of “go here search this”: a regressing to AOL keywords when URLs exist is madness.

I also wish the name or subtitle was more accurate. When I read "noiseless" I thought it muted all your tabs or something not that it got rid of "visual noise" or something.

I understand your frustration about generic names, but the URL situation ain’t so dire:

This HN submission links to Gruber’s website, his post title links to the app’s GitHub page (https://oblador.github.io/hush/) which has a direct App Store link. (https://apps.apple.com/app/id1544743900)

uBlock Origin has a few lists that disable annoyances. They are disabled by default, but they're arguably the most important lists.

It's weird to borrow someone's laptop, and see a barrage of ads, notices, bars and other visual spam.

It’s strange that even today, people are still not aware they should be using ad blockers with as many lists as they could live with. It’s no longer just about sanity and protecting attention, but now also about security, as we’ve heard more and more about malware running rampart from ad distribution servers.

The really crazy thing about using ad networks to distribute malware, which I think is very much still unrecognized, is how targeted you can make it.

You can, for example, target people over the age of 70 that live in high net worth areas, or people that live geographically close to some organization you're targeting specifically, in hopes of hitting an employee, or someone in their family.

How is it strange? There are way more people that are not developers that browse the web not using a desktop. Hell, I'd imagine the number of people that think the entirety of the internet are the apps on their mobile device like FB,IG,Twitter,YT,etc is much larger than the number of developers that know and care about such things.

I find it strange that "smart" people such as developers can't imagine people think differently than they do, and behave differently than they do.

I meant strange in the context of the people I normally interact with, with regards to computers, which are usually developers or otherwise relatively tech savvy.

Really strange is the anti-ad-blocking campaign saying they make browsing slow and are privacy unfriendly

Don't forget the claims that adblocks risk your privacy, because they have access to all the sites you visit. >_<

I guess uBlock blocked those too

Makes perfect sense when you consider how much money is at stake.

I can't remember a single instance of people being infected by ads after the end of the IE era. And in 20 years on the internet, often without ad-blocking, I've never been a victim of anything like that (as far as I can tell, yes. But I'm somewhat certain and don't much care about symptomless problems).

As far as I can tell, the security argument is advanced mostly as justification for blocking even unobtrusive ads by people who love to both complain about the terrible state of "mainstream media" and to read what they publish.

> the security argument is advanced mostly as justification for blocking even unobtrusive ads by people who love to both complain about the terrible state of "mainstream media"

Here are documented instances of malvertising I collated over the years, and which is by no mean comprehensive and which I haven't taken the time to update in a long while:


Additionally, excerpt from CISA's "Securing Web Browsers and Defending Against Malvertising for Federal Agencies"[1]:

> Ad-blocking software prevents advertisements from displaying or removes different types of ads (e.g., pop-ups, banner ads) when a user visits a website or uses an application. This software reduces a user’s risk in receiving malicious ads or being redirected to malicious websites. One common ad-blocking technique is the use of web browser extensions that enable a user or agency to customize and control the appearance of online ads. CISA encourages agencies to evaluate solutions that would enable malicious ad blocking.


[1] https://www.cisa.gov/publication/capacity-enhancement-guides...

I have a physicist friend who somehow installed a fake Google Chrome, which still blows my mind to this day. Either his searches must have already been hijacked or Google really doesn't filter the ads at the top of the first page.

Luckily enough he never got pwned despite conducting basically his entire digital life through that browser.

Badware is still alive and well, but it's mostly tricking people into installing it. The days of ActiveX zero clicks are indeed (and thankfully!) long behind us.

If only you bothered to do a quick search in Google before typing that ignorant comment...

> It’s strange that even today, people are still not aware they should be using ad blockers with as many lists as they could live with.

No, it's strange (or rather, it's sad and shameful) that we've allowed the web to become an environment where this attitude even needs to be considered.

> It's weird to borrow someone's laptop, and see a barrage of ads, notices, bars and other visual spam.

"Hey you should be using an ad blocker, it avoid ads and viruses, and makes websites faster. Do you mind if I install you one?"

The Ad Blocker situation on Safari is pretty poor. I've ended up with Ghostery, but really miss uBlock Origin.

I use KaBlock! Despite its silly name its great. Open Source and thanks to Safari content blocker security model I can trust it.

1Blocker is great, although it is paid.

Yeah, 1Blocker running on Safari and NextDNS connection in the background means I never see ads these days.

Thanks for the NextDNS tip, it looks amazing. I was about to set up Pi-hole today but this looks better.

AdGuard DNS is easy to set up and free. I went with it because there are 5 of us at home all the time due to COVID and I didn't know if we would hit the NextDNS limit of 300,000 queries a month.

10,000 queries a day sounds like a lot but our router (Orbi) isn't doing any caching so maybe it's not.

AdGuard DNS doesn't let you have any configuration. My college student had to change her DNS settings once because an app was being blocked as an ad blocker.

I miss uBlock Origin as well but AdGuard has really proven itself to be good thankfully.

uBlock Origin does not work on Safari so this statement is irrelevant.

I find their privacy policy rather disturbing.

Basically they initially say no data ever leaves the device but then they go on to say:

1) in case of a problem they gather detailed log data

2) They “may” store third party tracking cookies

3) Third parties will get access to my personal information (though they seem to promise they won’t abuse it) hmm

4) They directly write that they can’t guarantee the safety of my personal information

I think I’ll pass on this one.

Privacy policy: https://hush-1.flycricket.io/privacy.html

The extension was also posted here (where I originally posted the above comment): https://news.ycombinator.com/threads?id=trastknast

Author here. Apple requires you to have a privacy policy available online to even submit the an app for review. I used this from a generator I found online with the intention to update this one in the next app submission to point to the repo, but it blew up yesterday and just haven't gotten around to doing that yet. No bad intentions, what's said on the website is true, and you can verify that in the code.

I quickly pushed up the draft I had locally and will submit an update to App Store, but they have to review it before it goes public. Feedback welcome! https://github.com/oblador/hush/blob/master/PRIVACY.md

I've been using "I don't care about cookies" for years now https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-a...

It's fantastic. Browsing the web on my iPhone, I feel like slaying myself. Current state of the web is just fucking annoying.

Exactly. I don't care about cookies because I block all of them anyway except on sites I need to login to, which means those sites won't be able to remember cookie accept/decline settings either because ironically they need another cookie to store that setting.

I used a bunch of custom CSS until I got tired of it, then I started using uBlock Origin which also helps block other annoyances like those stupid "Can I help you?" chat bubbles and other popups on various websites.

Also available as an adblock list: https://www.i-dont-care-about-cookies.eu/

AdGuard is available on iOS too. It's using the same list as the one from the article (plus a few more).

I'm going to check Hush out - I hope it works as intended. I've been using Safari as my main browser for a while now, and it has been a little (very) painful since the update that broke uBlock origin. It seems a pi-hole isn't enough!

It would be great to browse the web without all the noise!

Actually, Pi-Hole can take additional lists, just like the browser extensions.

Under "Group Management", select "Adlists".

It would be awesome if it worked on Google.com / YouTube.com and some of my local news websites. Uninstalling for now, but I’ll try it again in a few weeks - the idea is very promising to me and the world desperately needs this. My day just got better thanks to this developer, even though there is still room for improvement. Good luck!

I find it difficult to take articles with such an aggressive tone and that exaggerate unimportant points seriously.

For instance:

> you’re back to approving cookie access every single goddamn time you load an article at The Guardian

I honestly don't remember the last time I saw a popup there and I read it daily. I think the consent lasts quite a while.

Furthermore, the drivel about clever people, clever things… what? How is that related to blocking a banner that sites are legally mandated to have?

Doesn't make me want to try the extension, just makes me think that someone has just discovered adblock or was paid to write it.

... but still no adblocker for safari

Not sure what you mean, are you missing a specific ad blocker? There are some ad blockers for Safari, both on macOS and on iOS. 1Blocker, AdGuard, Wipr, are examples I know to work well. (Many are paid, though, or have paid “premium” tiers.) Edit: others in this thread also mention Ghostery, KaBlock.

> Hush is a throwback to the days when good clever people made good clever things, polished them to perfection simply because they care, and just shared them with the world

Spoken like someone who doesn't need to worry about their income.

If someone gets into that situation, isn’t this exactly what you’d hope they’d be spending their time doing, for the rest of our sakes?

Always a reason to criticize everything.

I was thinking it sounded beyond arrogant. Wording like that is a surefire way to get me not to use your product.

It’s a quote from Gruber’s review, not from the maker of Hush.


Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact