Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2016-01-21 (gunnersson): several rules (all categories) #41

Closed
wants to merge 10 commits into from
Closed

2016-01-21 (gunnersson): several rules (all categories) #41

wants to merge 10 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Jan 21, 2016

Dear all,

I eventually set up a fork of the subscriptions repository and just added my rules. They apply to several categories: allow_functionality, allow_sameorg, deny-trackers.

Please check them and hopefully include them.

Thank you,

Gunner

@nodiscc nodiscc self-assigned this Jan 21, 2016
@nodiscc
Copy link
Contributor

nodiscc commented Jan 21, 2016

Thank you, this helps. I will start the review with official-allow_sameorg.json

@nodiscc nodiscc added this to the 1.0 milestone Jan 21, 2016
nodiscc
nodiscc reviewed Jan 29, 2016
View reviewed changes
official-allow_functionality.json
{"o":{"h":"*.emp.de"},"d":{"h":"*.acfrg.com"}},
{"o":{"h":"*.microsoft.com"},"d":{"h":"*.s-msft.com"}},
{"o":{"h":"*.eff.org"},"d":{"h":"*.trackersimulator.org"}},
{"o":{"h":"*.eff.org"},"d":{"h":"*.eviltracker.net"}},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

eviltracker.net and trackersimulator.org seem to be only required from panopticlick.eff.org. Please edit these rules. Edit: same for the rule below.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. They run special tests at panopticlick.eff.org, therefore eviltracker.net and trackersimulator.org are needed. If one don't want to run those tests or are not reliant on true(?) response, we could just delete these rules (or even blacklist them).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I meant the rule should be

 +      {"o":{"h":"panopticlick.eff.org"},"d":{"h":"*.trackersimulator.org"}},

not the wildcard *.eff.org. But yes we might want to remove these rules as this demonstrates how RP can help preventing fingerprinting.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, dude. Shame on me for the missing panopticlick before eff.org. Sry.

It just leaves the questions whether to keep or delete it. Either way PROs and CONs.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fingerprinting demo is a feature of panopticlick, but effectively an "attack" on the browser (with user consent unless, you link directly to https://panopticlick.eff.org/tracker...). I think the rule should be deleted.

@nodiscc
Copy link
Contributor

nodiscc commented Feb 16, 2016

  • use the allow_embedded subscription list for the "Media/Multimedia" content for now

@myrdd what you suggest looks ok to me. Should we keep the allow_functionality rules for these domains? Or should they just be in allow_embedded?

As you can see, reviewing these patches takes a lot of time, maintaining these lists centrally is an endless task. I wish RPC could be made aware of custom subscription lists (maybe @gunnersson or other users would like to publish theirs?), by entering their URLs. The RPC wiki could point to unofficial, custom user subscriptions. Or we can have an unofficial.json pointing to them directly. This is somehow related to rp#678).

uBlock already allows using custom lists. Blocklists, but also whitelists (called unbreak lists, in case you use µB in medium/hard mode - an equivalent to RPC functionality).

I think this is the way to go for RP (allowing third party subscriptions). I would be willing to work on conversion tools between ublock/hosts/RPC lists.

nodiscc
nodiscc reviewed Feb 16, 2016
View reviewed changes
official-allow_functionality.json
{"o":{"h":"*.eff.org"},"d":{"h":"*.do-not-tracker.org"}},
{"o":{"h":"*.shortfil.ms"},"d":{"h":"*.eay.cc"}},
{"o":{"h":"*.virustotal.com"},"d":{"h":"*.virustotalcloud.appspot.com"}},
{"o":{"h":"*.upb.de"},"d":{"h":"*.pingo.cc"}},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

upb.de doesn't load pingo.cc

@myrdd
Copy link
Member

myrdd commented Feb 19, 2016

@nodiscc I'll fully respond to your questions next week; don't have the time right now.

I can see that maintaining the lists is hard work – we should find a solution there. Maybe some kind of assertions per rule could help. An example could be:

„In order to maintain the ‚allow‘ rule some-blog.com -> youtube.com in list ‚allow_embedded‘, there must be at least one request from http://some-blog.com/some-blog-entry.html to *.youtube.com.“

That assertion could be checked automatically, and the rule could be removed if the assertion fails, e.g. if the site goes down. You get what I mean? — Of course, custom lists need to be supported as well.

nodiscc
nodiscc reviewed Mar 17, 2016
View reviewed changes
official-allow_functionality.json
{"o":{"h":"*.breakofreality.com"},"d":{"h":"*.wp.com"}},
{"o":{"h":"*.physicsdatabase.com"},"d":{"h":"*.pinimg.com"}},
{"o":{"h":"*.physicsdatabase.com"},"d":{"h":"*.bookmanager.com"}},
{"o":{"h":"*.jojawendt.com"},"d":{"h":"*.server-he.de"}},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

origin doesn't load server-he.de for me. Site is blank.

@nodiscc
Copy link
Contributor

nodiscc commented Mar 17, 2016

@gunnersson the allow_functionality part of this pull request has been reviewed. Can you do the required changes, and leave the allow_sameorg part for another Pull request? Then I can proceed to merge.

@myrdd myrdd mentioned this pull request Mar 25, 2016
Open
@myrdd
Copy link
Member

myrdd commented Mar 25, 2016

use the allow_embedded subscription list for the "Media/Multimedia" content for now

@myrdd what you suggest looks ok to me. Should we keep the allow_functionality rules for these domains? Or should they just be in allow_embedded?

  • Rules for enabling embedded multimedia content (e.g. youtube videos on non-youtube sites) should go to allow_embedded.
  • Rules for enabling multimedia on the multimedia website itself (e.g. youtube video on youtube page) should go to allow_functionality. Example: *.youtube.com -> *.ytimg.com.

Does this answer your question?

I think this is the way to go for RP (allowing third party subscriptions).

This is what rp#736 is all about.

conversion tools between ublock/hosts/RPC lists.

I think it will be rather integrated into RP itself – IMHO makes sense. The user could add his personal lists in that "other" format, such as a hosts-file. I've created issue rp#768 for that purpose.

About list maintanence, see #44.

@nodiscc
Copy link
Contributor

nodiscc commented Mar 25, 2016

Does this answer your question?

Yep.

The user could add his personal lists in that "other" format, such as a hosts-file. I've created issue rp#768 for that purpose.

This is great. Support for hosts file format would be a good way to start. If you want to experiment https://github.com/StevenBlack/hosts/ is a good source for hosts blocklists (as well as uBlock's list of hostfiles)

@myrdd myrdd mentioned this pull request Mar 26, 2016
Open
@nodiscc
Copy link
Contributor

nodiscc commented Jun 12, 2016
edited
Loading

@gunnersson Can you apply the recommended changes?

@ghost
Copy link
Author

ghost commented Jun 13, 2016

Dear all,

Am 12.06.2016 um 15:15 schrieb nodiscc:

@gunnersson https://github.com/gunnersson Can you applly the
recommended changes?

Sorry I cannot help nor support any more. I don't use RPC any more.

I now use just this config:
https://github.com/gunnersson/my_Mozilla_settings
https://github.com/gunnersson/my_Mozilla_settings
https://github.com/gunnersson/my_Mozilla_settings/blob/master/Firefox/prefs.js
https://github.com/gunnersson/my_Mozilla_settings/blob/master/Firefox/prefs.js

Kind regards,

Gunner

@nodiscc
Copy link
Contributor

nodiscc commented Jun 13, 2016

@gunnersson Thanks for your reply, and no problem. For a comprehensive hardened configuration you might want to check the user.js file at https://github.com/pyllyukko/user.js/.

@nodiscc nodiscc closed this Jun 13, 2016
@ghost
Copy link
Author

ghost commented Jun 13, 2016

:-)

Am 13.06.2016 um 19:35 schrieb nodiscc:

@gunnersson https://github.com/gunnersson Thanks for your reply, and
no problem. For a comprehensive hardened configuration you might want to
check the user.js file at https://github.com/pyllyukko/user.js/.

Thank you.

I have many of @pyllyukko settings included in my profile, and some of
them less and some additional not to be found there...

Instead of RPC I have been using:

Thank you and best wishes,

Gunner

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@nodiscc nodiscc

Labels
enhancement help wanted review
Projects
None yet
Milestone
1.0
Development

Successfully merging this pull request may close these issues.
3 participants
@nodiscc @myrdd @farrel170