Hacker News new | past | comments | ask | show | jobs | submit login
µBlock for Firefox (github.com)
707 points by aerique on Jan 20, 2015 | hide | past | web | favorite | 264 comments

Well while this is being seen by many, I just want to take the opportunity to reiterate what is said in the README of the project:

> Without the preset lists of filters, this extension is nothing. So if ever you really do want to contribute something, think about the people working hard to maintain the filter lists you are using, which were made available to use by all for free.

Specifically, EasyList, EasyPrivacy, Fanboy Social, Malware domains, and a many more are the basis of many other blockers: Adblock Plus, AdBlock, AdGuard, BlueHell, and many others I am sure.

It seems such a tedious amount of work to maintain these lists, this needs to be acknowledged -- none of the above blockers would do very well without these lists.

I've been using this port instead of Adblock Plus for a few weeks. I like the low overhead, but usability is bad.

- It's hard to list what filters are applied (though not impossible, if you like pain: hunt for the right icon using hovertext, find an empty page, hunt for icons again this time without hovertext; one icon will trigger something that will fill up a log, but it stalls a few seconds first and there's no progress indication).

- The big green “power” icon is the wrong metaphor. IMHO uBlock should just stop using icons.

- ABP has simple and obvious text menus, uBlock fails at making its features discoverable. This despite ABP being much more feature-complete.

- There's no way to enable and disable filters from a page.

- There's no easy way to reach uBlock preferences (though not impossible, if you click random areas of the main panel)

- There's no rule editor. ABP's rule editor makes the simple cases easy and the tricky ones possible.

- The element hiding picker is unusable. The ABP picker is well polished, but ABP also integrates with the Firefox developer tools. That simple feature makes it unnecessary to code a custom picker.

I hear what you're saying but to me the advantage of ABP has been never having to see its preferences. I've used it for many years and I can't remember ever going into the preferences for any reason.

I've said this before but being a habitual user of noscript I feel that all I really need from an adblocker is to skip those annoying youtube commercials. Everything else noscript handles pretty well. So I'll have to see if uBlock can do that for me.

You need to atleast go into the preferences to select extra lists (if you want them) and to disable whitelisted sites (also, if you want to do that since ABP enables "some" ads by default).

(I'd probably enable the whitelisted stuff... IF I wasn't more concerned about adware than anything else over ad-networks)

I decided to dump extension-based privacy stuff and installed Privoxy instead.

I used to have Ghostery, Disconnect, ABP, and some other things running simultaneously. When you think about it, that's a lot of JS running and iterating the DOM multiple times every time you load a page.

Now there's a single, purpose-built, standalone process written in C doing it. Not going back.

This doesn't work with the push to HTTPS. Either you use proxy connect, and Privoxy is no better than /etc/hosts blocking. Or you'd rely on the proxy's poorer and slower implementation of TLS. Certificate verification will suffer (no certificate pinning, no certificate blacklist, no OCSP stapling, no way to verify incomplete chains), no SPDY, no sunsetting of bad ciphers or bad protocols.

Is there some reason in principle why you can't constructively MITM yourself without using piles of Javascript in the browser?

There is no reason in principle, and you can even do it for kicks.[1] The only issue here is a practical one, as the parent poster described: from an end-user perspective, browsers do SSL/TLS better than ad-blocking proxies.

[1]: An example from the other side of the coin: http://www.wired.com/2010/03/packet-forensics/

Unfortunately HTTPS makes proxy-based privacy stuff unusable without invalidating your SSL/TLS certificate in the browser. Extensions are the only reliable method AFAIK for browsing ad-free, securely. That is, if you consider the extension secure.

Actually it can make your setup far more secure.

You could move all SSL validation off to your proxy, and generate certificates from your own CA on the fly. Then within your browser or OS you can remove everything except your own CA from the trust store.

That would open up sniffing on your local machine/network would it not? I see the benefit of blocking malicious domains at a proxy or hosts file level. But aren't you sacrificing a lot of usability by blocking at a network level?

Any issues connecting to sites over SSL using Privoxy? I'm thinking mainly of banking web-sites.

I've used Privoxy since late 2002 on a Linux gateway box - never had a single issue with SSL.

In fact the only issue I've ever had was building it an forgetting to enable threaded mode ..

I don't recall any problems, but I use Foxyproxy to connect to it. In the worst case, you can just toggle it off quickly for that site, then turn it on again.

I've used Privoxy & friends (Glitterblocker on OS X) since the days of junkbusters.com, but with SSL on the rise this no longer works very well for me.

Anyone looking to follow up on this comment should search for "GlimmerBlocker", not GlitterBlocker.

Useful stuff, though, thanks!

GlimmerBlocker works the same as Privoxy, only offering support for HTTP.

Oops, brain fart - sorry :-!

For anyone searching for a blocking solution on OSX, the name is actually Glimmerblocker. It still works on Yosemite.

It really ought to be possible to have a dynamic browser hook in Firefox's parsing phase to allow pre-manipulation of the DOM (or raw HTML) in native code. However actually finding the right spot in the giant codebase to do this is another matter.

What about when you're doing development work on a site that uses content you'd normally block (Analytics, ads, etc)? When I spend a day working I don't want to have to toggle Privoxy every time I want to search for something.

Use FoxyProxy and create rules that "whitelist" the sites you're working on

You really probably want to use a separate browser profile with no plugins installed. It really sucks when you're trying to debug a problem and it turns out it's some combination of extensions you have installed causing the problem.

I agree, you had to many things running... What is the advantage of Disconnect when have ABP and Ghostery installed?

Disconnect is an open alternative to Ghostery as Ghostery has some sketchy sponsors.

Unfortunately, Disconnect (new version is $5/month for any protection) is not as good as Ghostery and the sketchy part of it is Ghostrank which is easily disabled.

Your answer was unrelated to my question... mdellabitta stated he was running Disconnect with ABP and Ghostery all together which is redundant and I was asking why he would be doing that.

Ghostrank is easily disabled, but it's off by default so you don't need to....

So simple statements of fact get downvoted? HN aspires to be Reddit ;-)

I used to run Privoxy for years and then came the time of AdBlock, NoScript, etc. Perhaps it is indeed time to look back again.

Did you manage to make it work with skype ? (it seems that skype doesn't use the proxy parameters for ads)

I've found it effective to just watch Skype with Fiddler, and add whatever ad servers it touches to my hosts file, and redirect them to Entries like this work for me:

  #BEGIN: Skype ad servers       rad.msn.com       a.rad.msn.com       secure.adnxs.com       m.adnxs.com       ads1.msads.net
  #END: Skype ad servers

To disable the banner ad you could add https://apps.skype.com/ to your restricted sites list.[1]

[1] http://www.reddit.com/r/LifeProTips/comments/27dihm/lpt_you_...

All I notice is that websites like Wired.com load faster with a ad-blocker.

Privoxy blocks ads, too.

I tried this out for a couple of weeks after the "Adblock makes things slower" article came out, and I found it was blocking more stuff - but not necessarily the right stuff. I was finding that sites were breaking, stuff was disappearing and it was because of uBlock. I think I was trying to log into Medium and the Twitter and Facebook had been hidden, literally breaking the functionality of the site. That's not what I want from an adblocker.

Well, as the README says, it's not an "adblocker" but a generic blocker.

Hiding Twitter and Facebook log-in functionality on Medium is a feature not a bug for me. By including those javascripts, both companies can build up a history of the sites I visit.

So I gather this is more of a privacy+ad blocker rather than strictly ad blocker.

Unfortunately, even with EasyPrivacy and "Fanboy's Social Blocking", you will find that blockers (ABP, AdBlock, uBlock, etc) do not prevent 100% connecting to Facebook, Twitter, and whatnot.[1]

This is one of the reasons I see dynamic filtering as a key feature: users have the last word, not the filter lists.[2]

For example, I currently block all Facebook, Twitter, Disqus, and any of similarly ubiquitous domains by default using dynamic filtering, so that I have now 100% certainty that no connections to these domains occur on any page, while such certainty is not possible when relying solely on the filter lists.

[1] https://www.diffchecker.com/pz6rv6lq

[2] https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-qu...

Oh, it's you! Great. I'm confused. I've been using HTTPSwitchboard now for the last several months and love it. Is µBlock the successor to that, or are they for different things?

edit: Ah, I followed the link to µMatrix and I see now, I think. HTTPSB became µMatrix, and µBlock is the "easy" version of µMatrix. So I guess I should upgrade my HTTPSB to µMatrix, then. Is that right? Thanks for all your work on these tools!

HTTPSB is discontinued since October last year, so yes you should upgrade to µMatrix.


>do not prevent 100% connecting to Facebook, Twitter, and whatnot //

Sounds like more of a job for a filtering proxy or hosts file.

uBlock will do it for you while keeping the point-and-click ability to un-block on a per-site basis. For example, a site which breaks if it can't connect to Facebook.[1]

[1] https://www.youtube.com/watch?v=8bzB6tESynM

Browser add-ons allow non-admin users to filter these requests. Installing a proxy or editing the hosts file requires admin privileges.

uMatrix also allows you to quickly and easily see which sites are trying to load what resources, which you lose with a hosts file setup.

This is what i like about ghostery. It will pop up a list of blocked sites in the corner each time you navigate, and you can from this list whitelist on a site-site basis.

There's already a couple of threads here discussing that uBlock is using different filters by default than other adblockers.

There's also a comment from the developer mentioning that the filter you mention has been turned off (https://news.ycombinator.com/item?id=8916774 ).

Here's a good guideline: uBlock is not yet the right blocker for people that don't want to configure anything. It's not clear to me that it is even trying to be that thing, but it's clear enough that it isn't there yet.

Can't find the article now, but it was posted on HN that these social sites' share/like/login plugins track your online activity, so blocking them is a privacy feature, not a bug. Ghosterity blocks these buttons by default too but allows them be enabled in settings.

Great feature, I don't have twitter or facebook and I have to add separate extensions to block those annoying tracking features from every other sites.

To me any website that rely on facebook or twitter to log in is broken and I just don't use them.

I recently had one that required sending my info to xiti to display a js popup to log in with email. Too bad they lost a potential client for their service because their web page sucks and is designed with them in mind instead of the actual user.

This happened to me as well, but for different sites. In the end I just had to whitelist 2 domains and I haven't run ino a problem since.

Agreed - to quote the French Revolution, "an overabundance of zeal."

I have been using µBlock for 3 weeks now.(previously adblock plus). There is one irritating thing it has that almost makes me go back to adblock again.

It is often blocking the false positives.

So if developer has named one of their assets file with social media names like "twitter/facebook/etc", it blocks the file right away. Since it does not have custom configuration options for each site, you can either disable µBlock or go with the crashed site.

Not all the sites are written professionally by experts, and this becomes an issue when you are trying to purchase stuff from small online shops. (to support local sellers)

I am too busy for a pull request these days, but maybe this will be fixed soon by someone else. My point for µBlock is for now 5/10.

> It is often blocking the false positives

It's the filter lists. Use the same filter lists with any other blockers which support ABP-filter syntax, and you will get the same result.

> named one of their assets file with social media names like "twitter/facebook/etc", it blocks the file right away

I have removed Fanboy's Social Blocking list from the pre-selected lists since a while now.[1]

I have to say that I had assumed -- wrongly obviously -- that all users knew that what is blocked or not depends completely on what filter lists are selected. So in your case it would have been a matter of un-selecting Fanboy's Social Blocking list.

[1] https://github.com/gorhill/uBlock/commit/ce04053ae3054ff287a...

I wonder what would happen if you defaulted to 0 rules active, with a huge mention in as many places as possible that rules needed to be configured (and perhaps a short list of recommendations).

I expect you would get more complaints, saying it was stupid and didn't work. But it would be interesting to see the outcome.

Didn't realise I could do that. Thanks for mentioning :)

That's an issue with the filter lists you choose, not uBlock. Also uBlock does allow you to disable on a domain or subdomain, so this is easily worked around.

uBlock is a bit more of a power user blocker than AdBlock and its variants, but I find it to be far better, both in customisability of filters, and resource utilisation.

µBlock enables Fanboy's social blocking list by default. If you want your Twitter/FB buttons and so forth back, you can turn it off in the subscription options.

The problem is that it doesn't just block the buttons, it blocks assets that just happen to have those names that are unrelated to the buttons as well.

It hasn't blocked them by default for a while now. It used to though.

Both the Chrome and Opera versions did for me, and quite recently too: only switched on Chrome about a month ago at most, and I've only even had Opera installed for about a week.

Just installed on Firefox and it looks like Fanboy's social is no longer in the default list.

You should file an issue on github at least. The developer is responsive and friendly.

I thought this was one of those "used it for <x> <y>s and everything is super duper" and wanted to add my "+1". Anyway, I've been using it for 1-2 months and it's been smooth sailing so far. Faster than AdBlock and 99.9% of the coverage coverage (usually some obscure popup ads usually – they did get fixed pretty fast though). And no false positives for me at all.

> Since it does not have custom configuration options for each site

What's the purpose of such tool really? It might sound weird, but I was happiest with opt-in (ad) blocking. Every single blocked content was (semi)manually entered by me. I really don't care if I see ads on a site I visit once in a lifetime.

You can fined tune (almost like uMatrix) the blocking in the latest version by enabling "Advanced user feature".

Same here. I only use it because it has lower resources consumption but it annoys me when it blocks Disqus even though I have added their domains to the white list.

Embedded Disqus works fine from here. If you have a URL where there is a problem, enter an issue on Github [0] -- and enumerate which filter lists you have selected.

Usually it all comes down to the filter lists, in which case I redirect to EasyList forum [1].

[0] https://github.com/gorhill/uBlock/issues

[1] https://forums.lanik.us/viewforum.php?f=64

I had this issue on Adblock too. It was down to one of the pre-installed blacklists - I can't remember which one. Try unchecking them one at a time

Similarly, it blocks all FB, Twitter buttons across all websites and there seems to be no way to white list those across all websites. Am I missing something?

Well, this in itself seems like a good reason for me to install it.

Go To Preferences, Third-party filters, and uncheck "Easy Privacy" list. It should bring back the social buttons (everywhere).

In its options, select 3rd-party filters, and under Social, uncheck Fanboy's Social Blocking List.

Have to downvote.

You have powerful editing rules, so you could certainly tune all rules and lists to your liking: " List of your dynamic filtering rules.

Rule syntax: source destination type action. " followed by a GitHub wiki link to the doc.

It's possible in theory. I have customized my ABP rules a ton, switching off rules I didn't want (impossible in uBlock), adding targeted rules for anything from annoying animated avatars to slow domains or bloated mastheads you can't scroll past (shit's almost as bad as modal pop-ups), and I've been unable to do any of it in uBlock because it's way, way too much hassle.

It seems like, if one were an evil web developer, one could thwart blockers like these with a few nasty tricks. Server-side: on each request of a resource, salt all linked resource URIs and encrypt (after the host name) before sending the final document to the client. The resources can still be fetched, because the server can decrypt any requests, but the client has no way of knowing whether a particular resource is an ad or not. That thwarts URI based filtering. To thwart DOM filtering, randomize element classes and ids.

Though impractical, I thought it was an evil/funny idea.

Messing with the URIs isn't going to work because most ads are from ad networks and their domains can be blocked. And no ad network is going to trust some system where they need to rely on the client server to not lie about ad impressions.

Adblock mostly misses self-hosted ads anyway.

If the resource names are still "static" your resources can still be blocked. But if they are altered slightly every time, you may also thwart caching, right?

Right, which is why I added the bit about salting the URIs before encryption. The salt could be per request, per session, or rotated after some period of time (say once per day). If only rotated once per day, it would still thwart ad blocking, but have less of an impact on caching. It would turn into an economic question of whether the extra ad impressions are worth the extra bandwidth.

Since most ads are effectively blocked at the domain level, I doubt your scheme would provide much bang for the buck.

The idea is that the ads would be served from the original host. Combined with encrypted URIs and the ad resources become indistinguishable from content resources. Thus thwarting blocking. As others have pointed out, yes this evil trick is incompatible with existing ad networks (which use their own domains). But it wasn't my intention to put forward a viable idea. Just an interesting one (namely, ciphering URIs to prevent blocking).

How would the ad network verify metrics under such a regime?

That's their problem. If they have to spy on me to "verify metrics" they can go fuck themselves.

Ad programs such as Google AdSense forbid modification of the ad code through their ToS. So sre, you could encrypt (and javascript-side decrypt) your ads, but Google would (or might) through you out.

I guess the problem would be that this will make these requests basically uncachable in something like Varnish :)

And in response, blockers could then create lists of hashes of ads (pictures) instead of URIs and block those ?

That would burn bandwidth and loading time, since the only way to check the hash is to download the content. Part of the point of ad blockers is to stop the request for the ad as early as possible.

Regardless, it's easy enough to salt the ads for each request, thwarting hash checks.

TPB mirrors used to do something similar and I swear I had adBlock filter that efficiently blocked them.

This is awesome! I recently read this ticket[1] mentioning that porting of µBlock seems to be a starting point for gorhill to port µMatrix. In my perfect world, I would be using Firefox with nothing but µMatrix, as it is right now I'm having to use Chrome with µMatrix and sadly can't get rid of µBlock until µMatrix can hide blocked frames. Still, getting closer to that perfect world! The work done by gorhill is amazing.

[1]: https://github.com/gorhill/uMatrix/issues/73

Check out Policeman: https://github.com/futpib/policeman

It's similar to uMatrix and is under very active development.

The GitHub site also states that it's available for Chrome, Opera and Safari (not yet in the extension gallery).

Chrome: https://chrome.google.com/webstore/detail/cjpalhdlnbpafiamej...

Opera: https://addons.opera.com/en-gb/extensions/details/ublock/

Safari: https://chrismatic.io/ublock

Haven't tried it out myself yet but it's nice to see effort put into lowering the memory & CPU usage of such blockers.

Thanks for those links. While the earlier versions for Safari (like v0.8.2.0, found here https://github.com/gorhill/uBlock/issues/117) work well on Safari 5, these new versions on your Safari link do not. They crash the browser during installation.

Safari is on version 7, why would you care about v5?

Yeah, I've used it on Chrome for half a year now. The news is that it's now available for Firefox.

If the author is here, please turn off the counter by default. We're blocking distracting things in our browser, we don't need another pointless distracting thing in our browser toolbar.

Counter opinion: I like the number because if there's a website working not quite right, I can easily see the number and disable uBlock to test out if that's the cause.

Seems already configurable:

-> Settings -> Show the number of blocked requests on the icon

But you can't, though. uBlock shows the total number of blocked items since you started Firefox. Not the number for a given page or site. Making it a basically superfluous mostly useless datapoint.

On Safari and Chrome, it displays the number of filters applied on the current site. This is (super) useful. If on Firefox you're getting a global count then that's a bug (so please report it on Github).

Perhaps changing the color from red to something more "off" (grey?) would help distract less.

Useful why? It's blocking stuff, that's great. I don't care how many things it blocks on a specific page. It make no difference to me while browsing. The little counter changing just looks like an annoying animated GIF in the corner of my browser.

I get that a subset of users would derive some pleasure at knowing how many things are blocked on every single website they visit or users who'd like to use it to troubleshoot a specific page that doesn't load when blocking is enabled (in which case having a quick right-click toggle to turn it on so users can use it to troubleshoot would be ideal), but I'd wager that most users do not. Users that want it on can turn it on. (cue subset of users responding that they either 1. enjoy seeing the count or 2. use it to troubleshoot the rare page that doesn't load as a result of blocking)

This is super useful feature for debugging. Happens sometimes that something goes wrong and an ad is regenerated after being blocked. So the ad blocker would block it again, thus generating an infinite loop that can take up all the memory (if the ad blocker saves any information about the blocked ads on the current page in memory) and crash your machine in less than a minute in the worst case. In the best case it would just lock up your browser window and you wouldn't know why. Knowing the number of ads blocked would quickly help debug such situations.

This is a very specific corner case, which doesn't justify the default settings

This is not the behavior I observe; in my case, it shows only the number blocked on the current page. Perhaps you have encountered a bug?

After turning it off and turning it back on, it's now per-page. Odd. Still, annoying and pointless for my purposes.

How is the performance for the firefox port? I might of missed it, but all I see are reports in comparison to adblockers on chrome.

Wah Chromium uses way more ram than Firefox. 425M (firefox+ublock) vs 1.04G (chromium+ublock)

in all cases memory is reduced :)

I did warn on that page:

> You can't compare directly the figures between the browsers

Still, yes, Chromium uses more memory. A good part of this is because per-process tab. Once Firefox get the same per-process tab architecture, it will be easier to compare both browsers together.

Yep, Chrome / Chromium are now the #1 reason to bump my ram to 16GB. While using a laptop for coding / VMs etc. I still find my browser eating more ram most of the time - it simply doesn't handle paging out gracefully, and is horrific for my uses with < 4GB ram on any OS.

well, firefox seems set to use a process for UI and a process for all tabs (such as in nightly right now), the consumption is still far lower.

I'd appreciate details of CPU consumption as well. Minute amounts of memory are of no concern for many people, but everyone prefers snappier browsing, every time.

Here: https://github.com/gorhill/uBlock#cpu

The details of the benchmark (if you want to reproduce) are in the spreadsheet linked in the caption.

I was aware of the contents of the front page, having skimmed it again today (and read more carefully before, although with little interest for Chromium extensions). I'm only interested in performance characteristics in Firefox, but am unlikely to test this myself before it arrives in AMO.

How is that even possible? Firefox with blocker uses less RAM than without? Does it block elements from issuing requests?

One would expect any ad blocker that actually blocks ads to reduce memory consumption significantly. Ad blockers that merely hide ads exist and have succeeded in earning reputations as ad blockers despite only doing half the job.

Alas, it's not that simple. See these bugs about AdBlock Plus's effects on Firefox's memory usage:

https://bugzilla.mozilla.org/show_bug.cgi?id=988266 https://bugzilla.mozilla.org/show_bug.cgi?id=1001426

That second bug is lacking in technical details, but the first one is clearly about the memory consumption of the CSS rules used to hide elements. If you only use rules that match URIs instead and not element ids, ABP is extremely efficient.

It's worth remembering that ABP only implemented the element-hiding feature so that things like inline text ads could be blocked, but now the popular rule lists are using a large number of broad rules to hide all kinds of elements, many of which could probably have been effectively blocked with URI-matching rules.

Additionally, it's very unfair to the ABP devs to be criticizing the performance or memory usage of ABP when the problem is really the memory usage of EasyList. Using a more restrained and targeted rule list makes the problems go away.

True, but when I uninstalled Adblock Edge, I gained almost a gigabyte of memory in Firefox. (I'm now using Ghostery to block ads. It isn't as effective but I'd rather reduce the memory footprint.)

Hopefully at some point someone will do something similar for element-level blocking.

A lot of my custom ABP rules are actually blocking dynamic HTML slide-ins, overlays, animated carousels, etc.

uBlock supports this - you can right click on any element and select "Block element", which then pops up an editor allowing you to refine the CSS selector to only get the bit you want removed.

If you just want to remove elements from the page, rather than block connections to third-party servers, I recommend Stylish. You can just write custom CSS rules and make those elements display:none. Alternatively, write a user script that does the same.

ABP prevents unwanted crap from being downloaded.

AdBlock (getadblock.com), competitor to Adblock Plus, has a wizard for blocking elements. Right click on the page, AdBlock -> Block This Ad -> adjust the slider for element-level specificity.

That creates a custom filter that you can go edit if you want.

Remove it Permanently does this, adding a submenu to right-click: http://rip.mozdev.org/

Can someone familiar with the code explain what's the difference between this & adblock/disconnect etc. Why is this lighter? (a little technical algorithm difference would be good to know)

I think uBlock only injects the CSS rules needed, not 14000+ like ABP: https://github.com/gorhill/uBlock/issues/161#issuecomment-52...

Does this work on any of the mobile browsers? I'd kill for something to block stuff properly on mobile.

I just tried and was unsuccessful at installing it on Firefox for Android. (Fails to install silently after download.)

That said, Ghostery (and for that matter, HTTPS Everywhere) both work great.

From my experience of using this for a few weeks now on Chrome, I would recommend this over AdBlock Plus etc. I haven't done any specific performance tests and personally no numbers to back it up. However, I do have the subjective impression of improvement.

I'm using it in combination with µMatrix.

> I'm using it in combination with µMatrix.

I'm curious: how do you use it? Do you have to mass-enable stuff using the 'power' icon, for many sites? Or do you just enable the things you know you need, on a per-site basis? Or are your default just good enough?

The reason I ask is that I was curious about it, so tried it out for a couple of days. I found many sites were not usable with the default settings, e.g. Udemy's login box didn't show up until I turned off µMatrix.

I haven't used uMatrix, since I use Firefox, but I can speak for RequestPolicy, which is kind of the same thing basically AFAICS. It's very very very rare that I end up whitelisting everything that's requested on a site. The more you use the extension, the more you learn to recognize what domains you need to allow in order to have the site working as intended, and this way you end up building your own whitelist: allowing requests from a domain is a one-time only thing most of the times (additionally, there's an extension you can install that syncs your whitelist to your Firefox Sync account).

> the more you learn to recognize what domains you need to allow in order to have the site working as intended

Sites using cloudflare are a major issue here, specifically their cryptic subdomains. If someone were to hide an ad network behind those they would be hard to tell apart from the rest, at least for humans.

Yes this is true. If a site is not working and the only reasonable domain to allow is something from cloudflare, I resort to allowing it temporarily. Not many ways around that, I think.

On my slightly older MBP (2011) the plugin caused performance issues. Mainly hanging when opening a new tab and navigating somewhere. Other extensions have had same problems, so I might need to move into filtering ads at network level.

They claim that when the extension gets added to addons.mozilla.org, it would start to auto-update.

Auto-updating is possible even without using addons.mozilla.org, sites like Pinterest do it all the time for their plugin.

Mozilla rolls that option into their CFX builder - https://developer.mozilla.org/en-US/Add-ons/SDK/Tools/cfx#cf... - the update file just needs a consistent place to live. I use CloudFront for it.

Unfortunately I doubt the auto-updates will work when the add-on's .xpi URL is not stable because it includes uBlock version number. He might be able to workaround that limitation by hosting a stable .xpi URL on a github.io website.


I like it, but so far anyway, I'm not feeling discernible differences in performance. That's just me though!

I would like to see something akin to Ghostery's interface where I can see exactly what trackers/ads are hitting me at a site, and whitelist by domain.

Does anybody know if I really need the "Malware domain list" if I have Chrome's malware and phishing protection activated at the same time? Sounds like they might contain the same sites anyway.

Under OS X I like https://glimmerblocker.org/

Glimmerblocker works on operating system level and you don't really need an adblocker in your browser.

I've never had an (Ad) blocker as I'm relatively happy with most sites but there are some that are not behaving well.

When I last looked (at least two years ago) there wasn't a single blocker that supports a blacklist-only mode. Meaning: Allow everything unless I block a certain domain.

Does anyone have an idea if something like this exists now?

Well if you disable all the filters of Ublock and add your block list to the "My filters" tab that should do what you want :)

Thanks but that's not what I'm looking for.

I don't want to maintain any block lists myself. I want to use all the 3rd-party Filters available but I only want them to be active on certain spammy websites. As far as I can tell ublock doesn't let me do that either.

Just don't enable any filter lists. A while back you had to add them manually; now I think it's a matter of unchecking them in the first-run dialog.

ABP also makes it easy to create very specific rules: only block a particular resource when accessed from the current domain.

Thanks but that's not what I'm looking for. I want them all enabled! But I only want to enable the addon for certain blacklisted sites.

Installed it in Firefox 35 and Chromium 39 on Arch Linux, now browsing is noticeably faster :-) Whooohooo!

I haven't been able to do performance tests, which is supposed to be the best advantage of this extension. But at least, it seems to block ads properly on Chrome.

Has anybody made some tests outside of the developers of the extension?

How does this compare/contrast with Privacy Badger?

Good question. It's a pity that the only response was a flag-killed irrelevancy. Only last week, I downloaded and started using Privacy Badger as an alternative to Ghostery. I'm liking it so far but my current laptop is 7 years old and only has 1GB RAM (running LXDE) so resource consumption is my main concern after safe-guarding my privacy.

I've been using Privacy Badger for atleast 6 months now. I really like it. I've opened a ticket on github asking for a comparison.


I tried this for Chrome for a couple days and found that it really didn't block too much ads(I can say none ads were blocked) comparing to ABP.

Awesome exactly what I was looking for. Because AdBlock Plus is extremely slow at times. Also uBlock provides many more filters. Thank You!

The official XPI are here: https://github.com/gorhill/uBlock/releases

Thanks :-) Will check it out.

Does this also work for Firefox on Android?

EDIT: it seems that it's not compatible with Firefox 35 on my Android. Oh well, more patience required :-)

Bluhell Firewall does work on Firefox for Android, if you're looking for an ad blocker while you wait for µBlock.

And so do Adblock Plus and Adblock Edge. The reason I am interested in this is because of much lower resource consumption than either of those.

I haven't tried Bluehell Firewall though. Can you comment on its performance as compared to Adblock Plus/Edge?

Bluhell is touted as a lighter weight solution. I haven't taken measurements, but Firefox Mobile certainly feels snappier with Bluhell than with Adblock Plus/Edge.

Thanks, I'll give it a try.

For system level blocking on Android, I've come to like AdAway (root required).

It isn't quite clear to me what add-ons this can replace. Obviously AdBlock, but perhaps also Ghostery and No-Script?

It's a replacement for AdBlock. JavaScript is not blocked unless it's part of an ad. The Easy Privacy list is part of uBlock by default, so there's some effective overlap with Ghostery but they're still different.

You can control javascript execution when enabling "advanced user" mode: https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-qu...

µBlock does have an option to disable "first-party" and "third-party" scripts. It's configurable globally and per-site (per-site takes precedence).

I don't think it blocks Flash. I let the browser to that anyway, so for me this isn't a problem.

There are lists available that block the same things as Ghostery. So yes, it does replace that.

Not NoScript, though.

comparison charts between HTTPSB (the predecessor of this topic's software) and Ghostery, inter alia: https://gigaom.com/2014/05/11/not-all-ad-blockers-are-the-sa...

Use /etc/hosts blocking if you are worried about CPU and memory. It also works on rooted Android devices.

Blocking at the DNS level produces a lot of requests to, which can be quite annoying e.g. if you are using a local webserver for development. Also if you do not have a local webserver on the browser still will wait for answers to your request, what can be an annoying experience. Would be interesting to measure how much CPU and memory actually is wasted with many tabs waitung for elements from

It is the better approach to not let these requests happen right in the browser, what this plugin does, if I get it right.

A warm and big THANK YOU to the developer of this great software, it is so important and good to see that many developers are helping users to protect against the morally challenged who are stealing the privacy of millions every day.

If you choose to send the blocked requests to an IP address where you also choose to put a web server, then what do you expect? There's nothing stopping you from sending blocked requests to and configuring your dev web server to listen on

"the browser still will wait for answers to your request" - Shouldn't have to wait. You should get a near instant rejection if you attempt to connect to a TCP port on your local host and there's nothing listening there... Unless you screwed up your firewall.

Use instead of, it won't make requests to localhost.


DNS blocking works quite well. It's also very effective if you can set it up on your gateway so that it blocks ads/malware for all devices (PCs, phones, tablets ... even your guests will get adblocking for free!). However, while the /etc/hosts trick works I don't think it's the best way. The reason is that while parsing a plaintext file is easy and generally fast, it doesn't scale well especially when you have to traverse several megabytes of it for _every_ DNS request.

The way I have done it is by installing unbound[0]. If you aren't using something else like dnsmasq, you will notice a speedup from the DNS caching alone. While unbound isn't supposed to serve authoritative answers (i.e.: don't use it to manage your zone) the possibility is there. The unbound-block-hosts script[1] can be used to convert Dan Pollocks' hosts file to the appropriate unbound syntax.

To avoid the timeout from localhost, my first approach was to setup a firewall rules that discards the request (the browser receives a connection refused message _immediately_)

Another way of proceeding is to setup nginx to serve a 1*1 transparent GIF for every request it receives. If you find nginx to be too big a dependency, there are alternatives such as pixelserv[2].

The issue is that you can't block a specific element, but you still catch a fair share of ads.

I have explored the possibility of running a http proxy to address this, but I haven't got around to it yet. (In addition, I'll probably need to MITM myself if I want to block elements in HTTPS; still needs some thinking :)).

[0] https://unbound.net/ [1] https://github.com/jodrell/unbound-block-hosts [2] https://github.com/h0tw1r3/pixelserv

Am I reading right - serving data for responses on localhost is "cheaper" (for some value of cheap) than letting those requests fail? Or does it just return faster, is it faster than using firewall rules?

Why serve a gif, why not a single byte or something? Does the browser require the data to be parseable?

Sorry, lots of questions.

http://proger.i-forge.net/The_smallest_transparent_pixel/eBQ gives info on smallest gif/png/jpeg files which might be useful.

No, certainly not cheaper (for any value of cheap). I haven't measured but I can't see how it would be possible, as in the first case the network stack takes care of it (in kernel land) and in the other case you have to go all the way back to userland.

The reason I tried the transparent GIF trick is because some sites have frames with ads and whatnot and having the firewall refuse the connection will result in having an error message displayed in the browser. Not really aesthetically pleasing. While I don't care, because I know the reason it is displayed; some less technical people might start thinking their Internet is broken.

In addition to that, the GIF results in a cheap form of "element hiding" since you end up replacing a 5050 banner with a 11 transparent square. Now that you mention it though, I wonder what would happen if I set the server to serve a null byte for instance.

Where do you get the filter list to modify /etc/host ? Or Is there a easier way to get the filter list from ABP or mu-block ?

Quite a few sources actually. Beware, some of them can be too restrictive. If the hosts file is too big, it can also impact performance.


(too restrictive) http://hosts-file.net/download/hosts.zip

(ad-servers n tracking only) http://hosts-file.net/ad_servers.asp





I also replace with and duplicate each entry to have it for IPV6 as well, as in this script except I don't do the iptables rules: https://gist.github.com/teffalump/7227752

curious about the performance issue. Would the impact on performance be larger than a similarly sized block list in a browser plugin?

I have a netbook, so always want to keep an eye out on performance.

I wonder if there's a GUI application which enables these hosts sources to be tweaked, searched, whitelisted etc

I use this on Windows. For a large hosts file (several megabytes), I find the DNS client service hangs until it reads the whole file. Further, there is also a noticeable delay in the order of a few seconds until the hostname is resolved. For smaller files, I find there is no noticeable lag. Can't offer you any numbers though.

Hostsman (http://www.abelhadigital.com/hostsman) on windows is the my choice of a frontend for hosts management. It's free but not open source.

Slower DNS responses with big hosts file is something to be expected.

The solution is to feed the data to a DNS caching resolver such as unbound or dnsmasq, as I have explained in reply to UserRights.

Answering here also to point out I originally implemented this on a 5y old netbook (Atom CPU, 1GB RAM) because I tend to have a lot of tabs open in firefox, and ABP's memory usage quickly becomes noticeable, and then comes the swapping. Running unbound+nginx scales remarquably well, without hogging too much memory at startup. (Sorry, I don't have access to the netbook right now to report real numbers).

I use this list and it works quite well: http://someonewhocares.org/hosts/

Is this considered stable now? Last I checked it had some problems, if fixed already that is awesome

This came just in time. My Firefox was crawling with ABP. Now it's flying along again.

Personally, I hope that this doesn't get added to addons.mozilla.org. Their arbitrary human-control editor policy would be the best thing to cause stagnation of innovative plugins such as this. If the author goes the self-hosted route, automatic updates are still achievable (and can even occur faster.)

+1 for not having this in AMO!

My version of firefox (34.05 on mac) says the tool is corrupted

try installing it from here: https://github.com/gorhill/uBlock/releases

worked for me.

is this on addons.mozilla.org? I couldn't find it there.

Please get us uBlock for Chrome on Android and iOS.

I'd recommend Javelin Browser[0] on Android.

[0] http://javelinbrowser.com/

I use Weblock on iOS: http://www.weblockapp.com/

It would be nice if the link was to the top of the page, or the start of the Readme, instead of to #installation. A bit presumptuous there.

ublock doesn't work on quite a few sites, whereas I've never had an issue with adblock. Couple of examples off the top of my head:

1. giphy: it removes the share and twitter buttons

2. doesn't block ads on hulu

There were others as well that I seem to be forgetting (I remember having to disable it on quite a few sites). Good intention (lowering memory consumption), but the execution still has some way to go.

this is just different filter presets. You can change the filters. In my case, I had ABP doing all that same blocking, only I had to opt-in, whereas with ublock that blocking is opt-out.

fair enough, but if you're going to compare ublock to ABP, as a user my expectations from it are going to be like those from ABP. By default it should work like an ad-blocker, with an option to block other stuff. For users like myself, who don't really care about tracking, just about ads cluttering up a page or delatying a video, blocking out stuff other than ads just 'breaks' the site.

Why should it have to have those same assumptions and defaults? In my view, it's fundamentally better to block that other shit too.

Some of those share/tweet/like buttons can track you without no interaction, just by loading on the page. Removing them might be intentional for this reason.

True, but imho an ad blocker should just block ads by default. I'm not sure if I'm representative of most users, but I don't really care as much about tracking, just about ads cluttering the page.

> an ad blocker should just block ads by default

First sentence on the project page:

"µBlock is not an ad blocker; it's a general-purpose blocker."



Where's the law that says I have to view web content as it's creators intend? You send me a stream of data, I decide what to do with it, what parts to render, what parts to ignore.

There's no law. I work at a newspaper. We are digitally aware and head towards a digital distribution. That means infrastructural changes and that costs money. Those advertisers pay the bills. They provide the means for us to reach you. Subscription models are (currently) not enough.

I'm not trying to guilt anyone into anything but this will be a an interesting field to watch in the coming years. How will journalism fund itself and maintain some semblance of integrity? If the ad revenues fall it will be a bumpy ride indeed.

In the December 2014 issue of Le Monde diplomatique there is an interesting article that investigates future possible press models within the French context: http://mondediplo.com/2014/12/13press (in English, but behind a pay wall). The authors argue that for public interest press (news, investigative journalism, etc), a shared publication and distribution institute/company should be funded by the government. In that way, the magazines/newspapers/whatever only have to finance the costs of the journalists and editors. Publication costs are carried by this joint/shared open publisher. The article is focussed on the French situation, and stresses that the government already hands out a yearly €1.6bn subsidy to the press, and end with concluding that funding a joint open publication institute will not be that much different money-wise compared to the current situation.

I agree that journalism is a public good. Having the government fund it sends shivers through my spine. Recently where I live the public broadcasting corp. was threatened with cutbacks due to a perceived slant in coverage. The threats were then carried out after the politician in question was given chairmanship of the parliamentary committee on the budget. That to me is so troublesome I don't consider it viable.

I guess this discussion is way off-topic at this point :-) But I find it interesting enough to keep it going. The real challenge is obviously to have this government funded publication company stay free of direct government interference. The article mentions a sort of tax that is levied before the wage is paid out, and should be delivered directly to the join publication house. Much in the same way as some European social security contributions are collected today. That would keep the funding away from the yearly government budgeting rounds.

No matter what system we think of, the powers at be will always try to influence the press and information. We can also see that in the current system, where large stakeholders can pressure/influence journalists and publications. I don't think the state has a monopoly here, on the contrary.

The government already funds mainstream media, it's called the FCC, which also means the state has a monopoly on the media it regulates.

> How will journalism fund itself and maintain some semblance of integrity?

i suspect journalists can do that by asking for a larger subscription. If society truly values the work of journalists, instead of it being a conduit for advertising, then it will be paid accordingly. If not, then, yes, it's a shame, but it really means that nobody values the work of a true journalist (especially investigative journalism), and it will die out. But that's reality, as sad as it would be if it were to be true.

I find your fatalism disheartening. Aren't good things worth fighting for? Shouldn't people care?

>> yes, it's a shame, but it really means that nobody values the work of a true journalist (especially investigative journalism)

> I find your fatalism disheartening.

It's not fatalism but rather a political statement.

OP argues from within the superficial logic of capitalist exchange: the value of a commodity is whether and for how much it sells.

Uninterestingly enough, the thing which the OP will not be sad to kill is investigative journalism, which is pretty much the only branch of intellectual work that can undo the corruption that is brought on by the above psychotic logic.

What you think is fatalism is actually poorly disguised pro-corruption propaganda.

I think conflating "viewing ads" with "fighting for good things" is going a little far. Grandparent isn't against people caring, and specifically mentioned the possibility of showing that via higher subscriptions.

I didn't intend that to be a statement about the virtue of ads.

So this is a slight digress, but while we're on the subject, how does an advertiser know that an ad has been successfully served or blocked? I've never had that part fully explained to me. If they're just basing it on number of adds clicks, I rather doubt whether I use an ad blocker or not makes much difference, because I can more or less guarantee that in the ~18 years I have actively surfed the web, the number of ad links I have consciously clicked is between 0 and 5.

So I assume, then, that they have some way of tracking whether the ad was presented to the end-user?

Ad servers keep track of the number of times the graphic (or other asset) for a particular campaign was served. Lots of other "pixels" also get bundled into the calls depending on what kinds of ad tech the advertiser, publisher, or middlemen are running.

How many people (living, breathing, checkbook-possessing people) actually see an ad is an entirely different question from how many it is served to, and there is (of course) a whole 'nother area of ad tech companies working in that space.

Not my expertise but to show an ad there is usually a request to the server to send the graphics or similar so I guess they could track if that happens. Not sure if they do in practice. Occasionally a website notices I have an adblocker and moans at me or warns that it may mess up the functionality.

With respect, this is great for me.

I would like to read articles that haven't been self-censored to keep potential advertisers happy.

For me, journalism needs to figure out other funding models to regain some semblance of integrity.

Funding comes from 3 sources: Owners, advertisers and the public (either as donationware or subscription fees). Each one comes with a set of challenges.

Owners tend to exert some sort of editorial control, making the coverage slanted towards their end-goal.

Advertisers tend to be unpalatable to the reader, sometimes editorial control is a problem but that sometimes means there's an editorial problem (advertisers stop using a paper due to consumer pressure).

Subscription means your content is not as widely distributed as it could be. Yes we want to get paid but primarily journalists are in it to be read. Getting that many people to part with money is also a hard problem when compared to the other two sources.

More Buzzfeed & more advertorials.

It seems like if you're interested in making money online with advertising with "journalism" there's strong pressure to turn yourself into BuzzFeed.... that is, low effort, cheap tricks, information pornography.

No, I am genuinely interested in how to fund real journalism. How do we go about getting money for people to expose the aggregation of wealth and power against the interests of the plebeians. (note: plebeians is used here not as a derogatory)

To fund real journalism for the filthy peasants you need to seek public and private funding for an endowment (not direct operational funding) combined with a small amount of tasteful advertising and merchandising, subscription fees, and a policy of graduating content to public domain after a certain short period (a few months and not much more).

Merchandising could be prints of artwork, cartoons, expanded versions of articles or source materials as well as branded things like coffee mugs.

The key is being lean to start and developing an endowment so you don't always have to be seeking dollars (NPR fund drives bad). Offer high value, medium to high priced merchandise, keep your journalistic standards high with a low supply of advertising (keeping demand high).

Endowment contributors will be motivated by a history of quality journalism and the fact that you open your content to the public after a certain reasonably short time. If you give people a way to buy it without abusing DRM or being otherwise obnoxious, people will pay.

I'm not sure most of the people exposing the aggregation of wealth and power against the interests of the plebeians are doing it for the money and would probably do it even if unpaid. Though for what it's worth the main guy I read doing that, Krugman, get's paid pretty well by the NYT which makes money from subscriptions which works because some people are willing to pay.

For anyone unfamiliar with Krugman here's an example:


Hehe. Surely some DRM friendly folks dreamed about a personal computer platform where you would be forced to go through commercials as with television/video before accessing content.

This episode from black-mirror:


You have to pay to skip ads.

Brilliant, the ad is the product.

More like the ad is the anti-product, the POS you have to pay to get it taken from under your nose.

Or maybe 'meta-product'. They're still getting money for it. Getting money for a description.

It's already happening with locked-down mobile devices.

Unfortunately, ad blocking has become a part of protection against malware -- especially for non-tech users.

Blame malvertising that loads exploit kits, and ads (on search engines and elsewhere with fake download buttons, etc) that point to pay-per-install malware, the kind of spyware/adware that's super easy to install and monitor-smashingly hard to remove, now the creators of those have gone as far as adding ring-3 rootkits to their dlls that hook into browsers.

Yeah it's kind of crazy. I just turned of ad block on download.com and there's like nine iffy download links for one real one.

That would be like saying a service that blacked out the ads in news papers is theft, its completely rubbish. Plus educate yourself on the definition of theft:

"theft is the taking of another person's property without that person's permission or consent with the intent to deprive the rightful owner of it."

At best its unauthorized modification of a creative work without distributing it, which is not illegal and never will be.

Don't know why parent comment was killed when the article contains a similar assertion (the other way). While not a lot is gained by using loaded words like "theft", it is a simple fact that using ad blockers causes the owners of many of the sites that you visit to receive less revenue than they would otherwise. One can argue that one is perfectly justified in doing this (e.g. many typical examples of this are included below), but one can not truthfully say that they are not taking money away from the sites they visit. (Yes I know about PPC ads and how you never click them. Other than AdSense, the vast majority of advertising out there is sold on a CPM basis.)

That's the feature I'm missing mostly from ABP: the "whitelist this site" quick toggle

That's present in uBlock too, despite some fairly unintuitive UI - the big green power icon isn't a full disable for the extension, it disables it for the current site only.

You could make a case that an ISP or proxy operator that replaces advertising with other advertising is stealing from the operator of the original website. But blocking ads is the same as not looking at ads in the paper. If you're not going to act on them or read them you might as well block them for the bandwidth savings and speed improvement. Besides that, not all advertising has your best interest at heart, there is quite a bit of malware that uses distribution via advertising networks as their vector onto your machine. So now adblocking has the perfect fig-leaf: it will keep malware of your machine. This makes adblocking mandatory within organizations if they're savvy about this, why take the risk of having to re-image a bunch of machines or allow a bunch of drive-by malware to gain a foothold behind your precious corporate firewall if you can simply block it at the source.

One day, ad blockers will learn to secure their ad networks so they don't periodically become firehoses of malware.

Until that day, ad blocking is an integral part of every internet users digital security system. Period.

Web pages are rendered by my web browser on my computer. Ad agencies do not have a right for their content to be forced upon me.

When are these ads being forced on you? When you willingly and knowingly visit content providers who make no secret of being supported by advertisements?

Often times, we land on a web page before knowing the history of the website or its funding model, privacy policy, terms of service, etc. This means that, upon visiting a new website for the very first time, consent to view advertising is not an informed decision, it's forced on us.

But aside from that, I've consented for the content provided by the content providers to execute in my browser. I did not extend the same consent to the ad agencies. If content providers wish to host the ad code, images, etc. on their own servers, then your argument starts to make sense. I would still argue that it's up to the content providers to publish whatever they see fit and it's my right as a consumer to control how the information they publish is assembled and presented to me on my machine. Not theirs.

If content providers were to host advertising materials on their own server, it would also make it harder to use ad networks for watering hole attacks and thus the internet would be more secure.

I use Privacy Badger, NoScript, and RequestPolicy to manage my browser's security, and EMET to help keep the rest of my system safe from the browser. I don't rely on AdBlock or any similar tools to achieve this.

I wonder if sites could make it so with EULA or something. Could they say that viewing an article without ads violates something? Or using this service (for example reddit) without ads? Is it legally possible?

EULA's dont usually hold up in court because contracts normally require consideration, most of the time you cant implicitly enter into a contract.

the consideration is the content of the website. EULA haven't been tested in court, sure, but i think against the average person, they won't be able to do battle against a large corporation should they decide to enforce it.

What is the consideration of the user?

Contract Consideration - Something of value given by both parties to a contract that induces them to enter into the agreement to exchange mutual performances.

> ...the inalienable right to privacy.

Yes, you have a right not to visit any website you don't want to.

If all websites declared all privacy violations up-front, that might be a viable solution.

Turn off cookies and JavaScript.

>Turn off cookies and JavaScript.

In your first comment, you seemed to be against altering the presentation of websites; you offer a binary choice: go to the site, or do not, based solely on the content. Seemingly advocating that sites should be accepted or rejected whole-cloth with no modification. Yet here, you seem to be just fine with blocking Javascript and cookies, despite the fact that both these technologies are often used as part of ad services to generate revenue.

So which is it?

I'm not against altering the presentation of websites at all; I use Ghostery myself (plus Greasemonkey etc.). I just think it's dishonest to pretend that this has anything to do with rights violations.

No, silly, they want all of the content and functionality that they developers worked so hard for, they just don't want the developers to be compensated for it.

I'm curious as to what drives the creation of this multitude of add-blocking projects? What is their income model and what supports their development?

The obnoxious and spying nature of ads.

... I'm not asking about why you'd want one. - I'm asking about why you'd make a new one and who would pay for your work on a new one when others already exist?

But that is the same question. Not everyone is trying to maximize their wealth all the time.

Do you ask "why did Linus write Linux when there were other operating systems available at the time and no one was paying him for it?" or similarly the Atheos.cx guy? Gnome when there was KDE? Gimp when there was Photoshop? Facebook when there was MySpace?

The last one isn't comparable to the others. The original Facebook made by that other guy Aaron Greenspan arguably was just someone doing something because it was useful. Zuckerberg and co. made what is today's Facebook specifically to gain profit and power.

But your point is well-made otherwise. The answer to "why?" for uBlock and others is "because people care enough to do it."

Own itch-scratching I guess.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact