Skip to content
This repository has been archived by the owner on Sep 9, 2022. It is now read-only.

Dynamic filtering: default deny

Jump to bottom
Gitoffthelawn edited this page Jun 17, 2015 · 44 revisions

Back to "Dynamic-filtering"

Default-deny is an awesome blocking mode for whoever is ready for the task of having to un-break web sites during the first visit, and agrees that in general most 3rd-party resources from web pages:

  • are not really all required
  • increase privacy exposure

Default-deny is also appropriate for people who feel the available filtering lists do not filter enough.

Default-deny
Default-deny engaged, through the default blocking of 3rd-party network requests.

The 3rd-party status of a network request is determined as follows: if the domain of a network request does not match the domain of the web page from which it originates, the network request is deemed 3rd-party. The domain information is extracted as per the official Public Suffix List.

The benefits of using default-deny include:

  • Faster page loading
  • Reduction of bandwidth consumption
  • Reduction of privacy exposure
  • Increase in browser security
  • Easier on your browser's memory and CPU footprint

The advantages do not come for free. Often, default-deny will require a bit of work the first time you visit a web site. Using The Guardian as our current example:

Default-deny

As seen in the picture above, a few 3rd-party domains related to theguardian.com had to be un-blocked for the page to display and behave properly. Notice that noop rules (dark gray) were used to un-block the domains.

A noop rule is different than an allow rule (green): an allow rule will cause all block filters from static filtering to be bypassed, while a noop rule will just disengage dynamic filtering and keep static filtering engaged.

As of uBlock v0.8.8.0, you need to click the padlock icon to save your rules: all rules are now temporary by default. This allows users to fiddle with rules without concerns about polluting their good ruleset. When you want to keep rules for a specific site, click the padlock icon. The padlock icon appears if and only if there is at least one temporary rule in the pane.

You can disengage default-deny for the current site with one click: set the "3rd-party" local setting to noop if you prefer to work this way:

Default-deny
Default-deny cancelled locally. Notice that the blocking of 3rd-party frames is still in effect: cells with higher precedence won't have their rules overriden by cells with lower precedence.

This results in default-deny being disengaged for the current site (The Guardian in our example), while keeping engaged static filtering (EasyList, EasyPrivacy, etc.). In this particular example, as can be seen in the picture, 3rd-party frames will still be blocked (usually a good thing privacy- and security-wise).

This is an important aspect of uBlock's dynamic filtering compared to uMatrix, RequestPolicy, Policeman: in uBlock, rules are ternary, not binary.

working on it.. topics to cover:

no need to use malware domain lists since all 3rd-parties are blocked by default = leaner uBlock

ubiquitous servers blocked by default, i.e. no need to pre-emptively block facebook, google, twitter, linkdin, etc. to prevent tracking by these

provide many real-life examples of how easy it is to un-break websites

Clone this wiki locally