Umatrix

does umatrix not block scripts?
i disallow scripts by default in umatrix but some scripts still seem to run?
what is going on here am i part of the botnet already?

Other urls found in this thread:

en.wikipedia.org/wiki/Web_beacon
github.com/gorhill/httpswitchboard/wiki/Blocking-javascript-execution-reliably-in-Chromium-based-browsers#the-exception-data-uri
github.com/gorhill/uMatrix/issues/775
addons.mozilla.org/en-US/firefox/addon/detect-cloudflare/
addons.mozilla.org/en-us/firefox/addon/random-agent-spoofer/
twitter.com/NSFWRedditGif

That's because you haven't read the wiki you twat.
Per default umatrix uses a blacklist.
This isn't the most efficient way to protect yourself and you know it since you tried to block the script section globally.
But when in the interface of umatrix per default you block the actual page you are on.
To block globally you need to either add this

* * * block
* * cookie block
* * frame block
* * other block
* * plugin block
* * script block
* * xhr block

Or you go in the umatrix interface select the place where the domain name is and then select *
When selected you make global rules thus it applies on every page.

by default, it runs some scripts, you have to change the default settings to block everything by default, you can leave basic things like images and css on as they are to my knowledge, harmless.

I often wonder how many people understand the concept of those scopes, and then I don't, because fuck the normies they deserve their poz.

when i installed it i selected * and set it to disallow scripts, am i safe?

You're never safe.

That said if you saved the setting (it's temporary unless you click the save button after), it'll block all scripts except those you've whitelisted.

I've noticed uMatrix and NoScript block scripts differently.
uMatrix seems to ignore '' tags.
NoScript has more sophisticated blocking mechanism, like it can block XSS and has better protection against CSRF. So it's better to use both I guess.

What really would be great is an ability to compile browser without javascript support at all, but webkit/chromium shit will never allow that.

Umatrix is shit, use noscript.

t. Giorgio "I whitelist my own ads and probe your internal network without permission" Maone

uMatrix does NOT block inline scripts. It also doesn't block in-line CSS or embedded images.
uMatrix only blocks linked resources. For script control, use another addon or the built-in browser settings.
For resource control in Firefox based browsers, I still recommend RequestPolicy next to uMatrix, because it allows protocol/port level control.

Umatrix is perfectly capable of blocking inline scripts. By its default configuration, it won't block inline scripts. You'll need to reconfigure umatrix to get it done.

Please help me out, I can't figure it out how, and I don't find any function for it in the source code either.

You need to block the script setting under the 1st party list. Taking 8ch.net as an example, the list item for exactly "8ch.net" is the first in the list. If I wanted to block 8ch's inline scripts, I would be blocking the script setting next to "8ch.net".

rate

That only blocks 1st-party linked resources from 8ch.net like:


It doesn't block in-line scripts like:
somescript();

Neither does it block inline images like:

You are using the clearnet address (hijacked by CloudFlare) with JavaScript enabled: 0/10

...

Without spaces.

get gud

There's a reason why all the intelligent people use noscript and japanese cartoon watching tards suck umatrix dick

Unfortunately, no. There is a known technique used by jewbook/jewgle to track users which relies on image/css/font requests.

en.wikipedia.org/wiki/Web_beacon


You are full of shit, noscript has been proven to be pozzed. uMatrix is the most finished web firewall if you know what you are doing.

Dude, we already told you it does. Blocking first party scripts blocks the execution of inline scripts as well. Stop spreading disinfo.

Do you explitcitly have to block 1st party or will blocking "all" also block inline scripts?

Here are the correct settings. Never allow anything globally.

Media includes plugins, and I don't want flash running anywhere other than streams.

First party scripts in themselves are relatively harmless, it's XHR that allows them to send data back to the server. They could in theory use scripts to load a first party web beacon-like images, but I doubt anyone would do anything that elaborate.

First party iframes again are harmless. If it's first party only, then it's not any different than normal HTML on the page because it's source is the same as the website it's in.

Other is disabled just because who knows what the fuck it involves.

Dude, he already told you it doesn't. github.com/gorhill/httpswitchboard/wiki/Blocking-javascript-execution-reliably-in-Chromium-based-browsers#the-exception-data-uri

The uMatrix discussion: github.com/gorhill/uMatrix/issues/775 When reading the comments please bare in mind that CloudFlare is MITM, not an XSS from a different domain.

(checked)
Dubs don't lie
But you configuration isn't complete
heresy.jpg
Some websites don't even requires their script to work.


This
Also here's a nice addon that permits to know if the website requires cloudflare services (it doesn't detect cloudflare hardware (obviously))
addons.mozilla.org/en-US/firefox/addon/detect-cloudflare/
Cuck license but works

plugins should be ask to activate anyway so it doesn't really matter if you allow first-party plugins by default or not

Anyone who did some bash knows what it means.
That means normies don't.

As far as i know, other is navigator.sendBeacon() the only purpose of which is tracking and seeking in HTML5 video after the initial load.

Web beacon is disabled in icecat
You can disable web beacon if you use Random spoofer agent
addons.mozilla.org/en-us/firefox/addon/random-agent-spoofer/

The same bug issue mentions that NoScript is also helpless against data: attacks. How is this nitpick your best argument against uMatrix?

...

Please stop random agents and use the one which comes with the latest Tor Browser. Thank you!

Currently it is Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0

Why?

Everyone using the same user-agent gives you more anonymity than everyone using a random but unique one.
For example in the second case you could very likely differentiate between 2 browsers' traffic on the same network. (assuming tracking is based solely on user-agent and IP address)

Random agent spoofer isn't necessarily used for spoofing the user agent.
If you don't want top change your UA you can disable that function.
Read the wiki.


Also this one is random thus incorrect.


True this is what is said by the Tor developers

But I am not sure on this to 100%
If you spoof the user agent with a infinite list of random users agent and change it on random times I believe that you have a better result when all tor users do so.

Or is their some mathematics behind that because the only way to know which one is better is I believe via math.
Or am I missing a piece of information.


Like it's because if you do data analytic you can determine who is who.

1. Thanks for telling us that you're retarded
2. Nice proof faggot