does umatrix not block scripts?
i disallow scripts by default in umatrix but some scripts still seem to run?
what is going on here am i part of the botnet already?
Umatrix
Carter Harris
Other urls found in this thread:
en.wikipedia.org
github.com
github.com
addons.mozilla.org
addons.mozilla.org
twitter.com
Tyler Hill
That's because you haven't read the wiki you twat.
Per default umatrix uses a blacklist.
This isn't the most efficient way to protect yourself and you know it since you tried to block the script section globally.
But when in the interface of umatrix per default you block the actual page you are on.
To block globally you need to either add this
* * * block
* * cookie block
* * frame block
* * other block
* * plugin block
* * script block
* * xhr block
Or you go in the umatrix interface select the place where the domain name is and then select *
When selected you make global rules thus it applies on every page.
Ethan Smith
by default, it runs some scripts, you have to change the default settings to block everything by default, you can leave basic things like images and css on as they are to my knowledge, harmless.
Hudson Morales
I often wonder how many people understand the concept of those scopes, and then I don't, because fuck the normies they deserve their poz.
Elijah Sullivan
when i installed it i selected * and set it to disallow scripts, am i safe?
Mason James
You're never safe.
That said if you saved the setting (it's temporary unless you click the save button after), it'll block all scripts except those you've whitelisted.
Eli Lewis
I've noticed uMatrix and NoScript block scripts differently.
uMatrix seems to ignore '' tags.
NoScript has more sophisticated blocking mechanism, like it can block XSS and has better protection against CSRF. So it's better to use both I guess.
What really would be great is an ability to compile browser without javascript support at all, but webkit/chromium shit will never allow that.
Daniel Campbell
Umatrix is shit, use noscript.
Aaron Richardson
t. Giorgio "I whitelist my own ads and probe your internal network without permission" Maone
David Smith
uMatrix does NOT block inline scripts. It also doesn't block in-line CSS or embedded images.
uMatrix only blocks linked resources. For script control, use another addon or the built-in browser settings.
For resource control in Firefox based browsers, I still recommend RequestPolicy next to uMatrix, because it allows protocol/port level control.
Tyler Jones
Umatrix is perfectly capable of blocking inline scripts. By its default configuration, it won't block inline scripts. You'll need to reconfigure umatrix to get it done.
Mason Ward
Please help me out, I can't figure it out how, and I don't find any function for it in the source code either.
Connor Anderson
You need to block the script setting under the 1st party list. Taking 8ch.net as an example, the list item for exactly "8ch.net" is the first in the list. If I wanted to block 8ch's inline scripts, I would be blocking the script setting next to "8ch.net".
Grayson Thompson
rate
Luis Moore
That only blocks 1st-party linked resources from 8ch.net like:
It doesn't block in-line scripts like:
somescript();
Neither does it block inline images like:
You are using the clearnet address (hijacked by CloudFlare) with JavaScript enabled: 0/10
Noah Ward
...
Christopher Anderson
Without spaces.
Christopher Gray
get gud
Brody Johnson
There's a reason why all the intelligent people use noscript and japanese cartoon watching tards suck umatrix dick
Robert Morales
Unfortunately, no. There is a known technique used by jewbook/jewgle to track users which relies on image/css/font requests.
en.wikipedia.org
You are full of shit, noscript has been proven to be pozzed. uMatrix is the most finished web firewall if you know what you are doing.
Carter Gutierrez
Dude, we already told you it does. Blocking first party scripts blocks the execution of inline scripts as well. Stop spreading disinfo.
Ethan Evans
Do you explitcitly have to block 1st party or will blocking "all" also block inline scripts?
Owen Jenkins
Here are the correct settings. Never allow anything globally.
Media includes plugins, and I don't want flash running anywhere other than streams.
First party scripts in themselves are relatively harmless, it's XHR that allows them to send data back to the server. They could in theory use scripts to load a first party web beacon-like images, but I doubt anyone would do anything that elaborate.
First party iframes again are harmless. If it's first party only, then it's not any different than normal HTML on the page because it's source is the same as the website it's in.
Other is disabled just because who knows what the fuck it involves.
Noah Moore
Dude, he already told you it doesn't. github.com
The uMatrix discussion: github.com
Nathan Jenkins
(checked)
Dubs don't lie
But you configuration isn't complete
heresy.jpg
Some websites don't even requires their script to work.
This
Also here's a nice addon that permits to know if the website requires cloudflare services (it doesn't detect cloudflare hardware (obviously))
addons.mozilla.org
Cuck license but works
Hunter Howard
plugins should be ask to activate anyway so it doesn't really matter if you allow first-party plugins by default or not
Michael Morales
Anyone who did some bash knows what it means.
That means normies don't.
Justin Reyes
As far as i know, other is navigator.sendBeacon() the only purpose of which is tracking and seeking in HTML5 video after the initial load.
Nathan Thompson
Web beacon is disabled in icecat
You can disable web beacon if you use Random spoofer agent
addons.mozilla.org
Angel Myers
The same bug issue mentions that NoScript is also helpless against data: attacks. How is this nitpick your best argument against uMatrix?
Christopher Watson
...
Parker Murphy
Please stop random agents and use the one which comes with the latest Tor Browser. Thank you!
Currently it is Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Benjamin Anderson
Why?
Austin Parker
Everyone using the same user-agent gives you more anonymity than everyone using a random but unique one.
For example in the second case you could very likely differentiate between 2 browsers' traffic on the same network. (assuming tracking is based solely on user-agent and IP address)
Zachary Collins
Random agent spoofer isn't necessarily used for spoofing the user agent.
If you don't want top change your UA you can disable that function.
Read the wiki.
Also this one is random thus incorrect.
True this is what is said by the Tor developers
But I am not sure on this to 100%
If you spoof the user agent with a infinite list of random users agent and change it on random times I believe that you have a better result when all tor users do so.
Or is their some mathematics behind that because the only way to know which one is better is I believe via math.
Or am I missing a piece of information.
Like it's because if you do data analytic you can determine who is who.
Caleb Myers
1. Thanks for telling us that you're retarded
2. Nice proof faggot