You know what would be a great addition to uMatrix? Some kind of website where people can submit what scripts that are actually needed for a website to function (and if applicable, what scripts pertain to what function).
These days the internet is just unusable without uMatrix, but with it you constantly get broken sites and have to play guess the scripts. Where it gets really bad is when you need to login and they use a complicated authorization scheme, bouncing you back and forth, so simply enabling one cell at a time and F5 doesn't work since you need to start the whole login process from the beginning.
Instead suppose you could click a button, like tos;dr does, that pulls up some notes from a user-maintained wiki: Scripts needed for the site to work at all, scripts needed so that it works and looks pretty, scripts needed for successful login (as opposed to just browsing), and a list of harmful, useless scripts (tracking and analytics). You can then enable/disable things based on this and get the site working in only one refresh.
What do you think, Holla Forums? Does it sound viable?
One big problem I can see is that if the extension fetches a domain's info page on demand, then whoever runs the site will know what domains your IP visits. There are two ways of mitigating it on the platform side:
1. Have the extension automatically locally cache top n most popular pages for everyone. The more obscure ones you'd still have to fetch, and presumably those are higher entropy, but oh well. 2. Server groups the sites randomly in batches of 10-1000. The extension fetches a block at a time, so the server can only know "IP so and so requested info for one of these 10-1000 sites but I don't know which one". In fact these blocks could be "poisoned" with very popular sites like google.com, gmail.com, etc to completely destroy their entropy content.
I'm glad I'm not the only one who thought of this. I think it would be an indispensable resource if constructed even just as a simple website or wiki. You know what else would be great: a platform to communicate with hobbyist programmers for commissioning and funding these ideas that make the web a better place.
Isaiah Scott
pastebin.com
Juan Harris
You should only really need to visit about 50 different websites to get all the content you need, use a different browser for when you want to visit some obscure site.
Hudson King
Well the 3 core skill areas are Unfortunately I'm absolutely useless for the latter two, and a noob at the first. Although the good news is just the first one is already half the job, the extension is just to streamline it. User count is important here since the more uMatrix users use the site/extension, the more information there will be. Also if you reach the critical mass of usefulness you might help spread script blocking as well.
I don't want to redo it if it's already done, though. I couldn't find much from some basic searches but I don't really know what keywords to use in this case. The closest thing I know is LibreJS but that just tries to automate something which IMO shouldn't be automated. You should look at third party information about what each script does and make your own decision case-by-case.
There's bountysource.
You couldn't automate fetching this information from pastebin though. Unless you mean just putting up the uMatrix ruleset, which isn't really practical because you wouldn't be able to trust someone else's rules. The real problem is websites that want to load 100 scripts, of which maybe 5-15 are actually relevant to you, but they won't tell you what each script's purpose is.
That doesn't really work, I end up at all sorts of places whenever I'm combing through search results, and I don't really want to give up script blocking to do that.
Alexander Wilson
"I am terrified by the mere idea of accidentally exposing my eyes to a 5 line commented text file before I download it and click the import button and I need a Bootstrap+NodeJS platform to hide it away for me"
This is it. The fucking web is over, completely suffocated by facebook-using drooling dipshits like this.
Mason Bell
disliked and reported ;-)
Josiah Wood
You don't even need to really know much to use it, The downside is some garbage on it needs JS. But it werks.
Chase Williams
Yeah, it would be great if this could work without any JS whatsoever. You'd also want to allow anonymous editing, retaining only the hashed IP (maybe similar to how 8ch assigns IDs) for purposes of dealing with abuse while not exposing the contributors' IPs to everyone.
I think the stages of such a project would be: 1. Rudimentary website where you manually open the page and read it, with a link format that can be typed easily like www.jsdr.com/google.com 2. Barebones browser extension similar to tosdr that simply gets the page for the current domain from the wiki and displays it in a popup window 3. Integrate with uMatrix so you can automatically view and apply the relevant "recommended" ruleset with one click (after seeing what it would of course)
1 is very easy. 2 isn't hard, probably a week or two of work. 3 is where it becomes practical for non-turboautists to use, but I think you also need to either have custom wiki that can be parsed by the extension or provide an api for the extension that talks to the wiki somehow. However presumably you would accumulate a lot of user-submitted data between 2 and 3, so for 3 you will also need to migrate your old crap to the new wiki.
Wikidot isn't a bad start (haven't used their syntax much though), but I think we can do better with something like gollum. For starters I don't mind paying a few bucks for a VPS and then pointing a freedns domain to it, I think that could probably handle the handful of initial users. Since gollum uses markdown it should be reasonably easy to parse or convert things for migration later. I'm not sure how much JS it requires, though. I found wiki.freeradius.org which is apparently based on it, and it has 7 scripts, but I don't see what difference it makes to block them.
Anyway, platform aside one obvious place to start would be a list of most popular websites, and simply write an article for each one about what scripts it needs to load for what purpose. That's already a small but pretty useful goal with >>691069's logic. The rest is a question of someone caring enough to write down the working uMatrix config they've come up with.
Carter Johnson
I have no idea how to use uMatrix.
Jordan Scott
That's the thing though isn't it, they idea is that users are gonna decide what kind of functionality they desire and in turn allow/block the scripts. With ad blocking it is easy, just block each and every ad, done. But here you will be trusting not only someone else's rules but also their idea about functionality/privacy/cpu-load ration.
Luis Miller
Turns out gollum is a pain to do authentication in, so I guess Wikidot it is.
Here it is: jsdr.wikidot.com
For an example, see jsdr.wikidot.com/8ch-net
You do need JS to edit the site (see jsdr.wikidot.com/contributing )
pls contribute
Owen Long
This is not a bad idea but frankly I haven't had many problems figuring this out on umatrix on my own.
Noscript on the other hand could be a real nightmare toggling scripts.
Jacob Carter
This is a good thing. Manually loosening the firewall is far secure to having open access by default.
Ryder Ward
Hey, thanks for first edit, guy! Hope you don't mind if I move your stuff a bit.
I also realized that "Javascript; didn't load" is a better name, so I'm wondering whether to move to jsdl.wikidot.com, or maybe I'm being dumb.
Seems like the ff extension is hello world tier if just for displaying pages from the wiki, at least with webextensions. I think I can get one one working this week.
Ian Parker
CRIPPLEKIKE
Lucas Garcia
Well, I moved it to jsdl.wikidot.com, and I think I caught all the old references. I'll keep jsdr.wikidot.com with a notice about it in case anyone doesn't see this post.
Gonna take a stab at the extension now, hold on to your butts.
You sure earned that tendiem, didn't you, meido-chan?
Evan Barnes
is there any downside to this? most unsafe script pulls from remote servers anyway
Leo Miller
I typically just greenlist "all" when I actually care to see a broken site in its entirety. Doing that will enable everything except for the really obnoxious datamining shit, which is hard redlisted by default.
Owen Collins
On the other hand there are things that definitely should be blocked. This is what I have to do to mediafire to get it to stop redirecting the tab to some cancer advertising page after you click download.
John Gomez
use plowshare you fucking faget
Chase Barnes
Think something simpler guys, just use Github (where it's already hosted for some reason) so people can submit scripts via pull requests and patch uMatrix to have a "load script" buttom (if it hasn't already). Das it. No need to complicate it further than that. Whoever is interested in a script for 8ch for instance just clones the scripts repo and `find | grep 8ch`.
Michael Perry
...
Ryan Morris
lmao
Brody Wood
Are you me?
Jordan Rivera
Too smart to understand uMatrix huh, brainiac?
Logan James
Noscript works on a global basis. Assuming you're working in whitelist mode, any domain that is in the whitelist will be permitted from all websites that you visit.
uMatrix is a firewall that provides a finer level of control in how the resources are permitted. uMatrix can block cookies, images, plugins, Javascript programs, XMLHttpRequest (XHR), HTML frames, and other while Noscript will only block Javascript programs. Resource requests are permitted on a domain basis rather than the way Noscript works on a global basis. The consequence is that users need a higher level of sophistication to control uMatrix but allows such users the ability permit only the minimum amount of resources as required.
Evan Perry
But I have disabled plugins and have self destructing cookies and ublock installed. Both which offer far superior level of control over cookies and images.
Justin Murphy
Not exactly what you're asking for, but there's an addon called Decentraleyes that replaces the functional scripts of some CDNs with local content.
Adrian Sanchez
ublock in advanced mode can do 99% of what you need umatrix for.
This is some bizarre shilling. I wonder (((who))) would want everyone to go back to NoScript's archaic model?
This is a local CDN cacher. What does it have to do with uMatrix? You must not understand why people use uMatrix.
Hudson Walker
Go back to Holla Forums, retard.
Colton Wood
You're right about the issue of NoScripts rules being global, but NoScript doesn't just block JavaScript. I also find it problematic that the NoScript addon phone home, albeit to provide a feature, but no thank you.
I've slowly adapted uMatrix, but the default config suck and permit too much (and so did it in NoScript). Once it has been customized I think it's an excellent addon that replaces both NoScript and RequestPolicy.
I still use other extensions for fine grained cookie control, user agent customization and refeRer control.
Henry Williams
That's what I don't get. Between the domain chooser and the logger, there's really not a lot that umatrix can do that ublock doesn't/can't. I guess if you like your big grid and all the pretty colored blocks, and it makes you feel like you're in control, whatever.
Matthew Mitchell
Obs: For mobile it's usually necessary to use a global ad/trackware blocking scheme such as via hostsfile or a custom nameserver that blocks ad servers and tracking companies. Try using Wireshark to sniff your phone's traffic. Don't even unlock the screen, just reboot it a few times and leave it capturing packets for 5 minutes and count how many ad servers it contacts before you even unlock it.
Parker Stewart
uMatrix does have finer control, images etc are important tracking-wise. However, I do agree that uBlock in advanced mode fits well for most users.
Xavier Torres
We already had something similar to this working perfectly with grease monkey. Then it was forked into tamper monkey as the main repository for userscripts went down. Greasyfork.org still seems active.
It seems the natural progression for taking control of your web browsing is starting off by installing an ad blocker. Then either userscripts or addons for sites you frequent. Before you know it you're reading raw html in your inbox as a remote server wget the pages for you. You might open it with a web browser on rare occasions but you took care to compile it with the --disable-network flag. Most of your web browsing is done from a terminal or text editor.
One benefit by going this route is you could lose your sight and still be able to use the internet. More proficiently than those who can see.
Dominic Brooks
How would that possibly work? Half the internet is a blank page without JS. And before you get boycott-happy, good luck finding a bank that doesn't use heavy JS - just one example.
Charles Butler
Many banks offer telnet services for their visually impaired clients or businesses that refuse to upgrade their technology when it works fine. You're still thinking of the internet as something you interact with solely through a web browser.
And if a web page loads nothing without javascript a web caching service like archive.is will get around that.
Mostly everything I use works without JS. For those who use JS, I think re-writing the scripts as free software would be much better than making whitelists.
Asher Russell
Problem is, sites can be volatile, you'd have to have a team dedicated to checking sites for any changes, or this wouldn't work.
Adblocking is done by basically trusting someone's ruleset. Nothing bad has happened that I know of.
Joshua James
Whether an ad should be blocked or not is not exactly controversial. There is no good reason to not block ads, ever.
With functional scripts it depends on what you want to use the site for and how much you trust the website.
Noah Edwards
I believe in non-intrusive ads. Apparently, you don't. For me non-intrusive ads have no javascript behind them and do not track me beyond a single domain.
Samuel Thompson
No need to use find, you can do recursive `grep -r 8ch .`
Matthew Thomas
Overcomplicating things.
First party scripts: Required Third party scripts: Not required If it still breaks, into the trash it goes.
Michael Mitchell
How about just making a database of presets with documentation. You could have presets for base functionality intact, functionality balanced and just a "no-snooping" preset. Then people could add and comment on the presets. You could even make a quick import preset on the site if uMatrix allows it.
Noah Davis
I can't remember the last time I saw one of those. I used to click on them just to show some support.
Everyone uses Google Ads now, so it's rare to find actual good ads.
Brody Watson
Nice meme. In the ad marketplace a "non-intrusive" ad is a worthless ad. Tracking is 80% of the point, and invasiveness the remaining 20%.
It's understandable that tech people see ads from a tech perspective, and don't understand anything about the business behind them.
Ethan Bennett
Good luck going to 99.999% of relevant websites
Aiden Harris
Pastebin and repos exist, so that's already done.
This, I don't give a fuck about the (((industry's))) attempts to meet halfway. Over the decades they've shown themselves to be completely untrustworthy, and I'm supposed to believe it when they say "okay guize we won't track you anymore goy we promise plz turn off your adblocker"? Haha, fat chance. Maybe if they didn't raise that shitstorm over DNT on by default.
Nicholas Lewis
I don't trust it because Tor browser did not adapt it yet. Is this better for ad blocking than Edge? Will websites notice you blocking their ads? This is very annoying for some pages I visit.
Tyler Cruz
By this standard, the only thing I need to block ads is to use Noscript in whitelist mode. Since most ads require Javascript, I am able to block most ads without explicitly targeting them. These days, I use uMatrix since it's a sophisticated firewall to block extra-webpage requests.
Hunter Perez
ublock is a sophisticated regex based system for matching things to block. umatrix is much simpler and compares the origin of the web page itself and the origin of the resources that the web page will request. ublock works as a blacklist while umatrix works as a whitelist. In practice, this means that ublock requires more processing power to process a web page in comparison to umatrix.
Guess you didn't read the thread, that's okay, lots of trash replies.
Your idea is exactly what my thoughts were. For now I made a wiki at jsdl.wikidot.com to store presets. Hopefully in the future the WebExtensions poz will be less worse and I can learn how to write an extension that fetches data from the wiki. Or maybe we can accumulate enough useful information that someone else will want to make one.
Agreed, non-intrusive ads is a meme. It can theoretically exist if people weren't niggers, much like communism, but in reality you will just get fucked over by greedy advertisers who don't give a fuck.
Besides ads are a red herring. A banner is ugly but doesn't really hurt me much. The real problem is invisible tracking schemes that violate my privacy and spy on me.
Cool experiencing tech with a 10 year delay. Now actually try doing what you say, and perhaps you will realize why uMatrix was made.