On Thu, Jan 24, 2019 at 09:08:38AM -0800, Rick Welykochy wrote: > At the risk of repeating meself, there is an alternative solution with very > low overhead, superfast at the application level, but perhaps not for the > faint of heart: > > http://winhelp2002.mvps.org/hosts.htm > > The idea is so simple I should have thought of it myself. I've been using it > on laptops and desktops for years.
Unfortunately, hostname-based blocking is inadequate. It's only a very small part of the solution. It's fine for blocking specific malware-only[1] domains like doubleclick, when you want to block the entire domain. It's completely useless for any finer-grained blocking - which is essential on the modern web (and has been for 20 years or more). It's also useless for blocking "cloud" based malware unless you want to block AWS, cloudfront, and several other CDNs and hosting services - resulting in a LOT of false-positives, breaking lots of other sites. And useless for blocking URLs without hostnames - i.e. ipv4 or ipv6 addresses instead of names, which is very common with spam and malware. Even squid (or other proxy) based blocking is pretty much useless these days - unfortunate collateral damage in the move to "https everywhere". The proxy only sees a single CONNECT request, doesn't see any of the URLs being requested, so is unable to block access to any of them. A shame, i've been using squid to block ads and other crap since the mid 1990s. What this means is that (ignoring things like running your own Man-In-The-Middle https proxy, which is hugely problematic for all sorts of reasons anyway) malware blocking has to be done at the end-point - i.e. IN THE BROWSER. This is less than ideal, but it is what it is - to block malware we have to deal with the world as it is, not as we wish it to be. The single most effective thing anyone can do to block advertising and other malware is to disable javascript by default. e.g. by installing the uMatrix[2] plugin. And use an ad-blocker too, like uBlock Origin[3] Both of these are available for both chromium & firefox and work identically on both. The Stylus[4] plugin is also useful, not only for fixing brain-damaged web-designer CSS (like tiny font sizes and specifying all sizes in pixels so they're unreadable on high DPI monitors), but also for blocking unwanted/annoying stuff with CSS over-rides (like "display: none !important;" or "animation: none !important;"). Stylus is also available for both Chromium and Firefox. e.g. I've been using Stylus for years on newspaper websites like The Age to block sports and celebrity bullshit and other garbage I have no interest in, as well as advertising. Lots of other uses too - I recently used it so I could read an article on vice.com that someone sent me a link to, WITHOUT enabling javascript: 3 lines of CSS was all that was required for the hidden article to be displayed without having to run their javascript and click their "View More" button. There are also javascript-based page modding with plugins like GreaseMonkey[5]. Stylus is good for page-modding with CSS (which is all you need in most cases), while GreaseMonkey is for page-modding with javascript - I only use this when there's no other choice, e.g. one the very rare occasion that js is required on a page that I actually want to view and I want to de-fang the site's js as much as possible. GM can also be useful for stuff like enforcing my choice to disable smooth-scrolling (some areshole web devs use javascript to over-ride the browser setting and do smooth-scrolling whether you want it or not). NOTE: Stylus requires a pretty good understanding of HTML and CSS. GreaseMonkey requires at least a rudimentary ability to code in javascript. Both require a willingness to read and examine source code and to tinker. Anyway, to get back to the point: If Chrome (or its open-source version chromium) does end up breaking plugins like these, then THE ONLY SOLUTION IS TO STOP USING IT. THERE IS NO OTHER SOLUTION: DON'T USE SOFTWARE WITH ANTI-FEATURES. Use only browsers that respect the end-user's absolute right to control what gets downloaded, displayed, and/or executed on their own computers. Firefox is OK for now, although I wouldn't trust them in the long run (they've done too many shady things in recent years that are for the benefit of them and their sponsors rather than their users), and the open source chromium will probably be forked to avoid anti-features[6] like this. Finally, malware like this is primarily a social and legal problem rather than a technical problem. Under ideal circumstances, it would be solvable by social and legal means. Unfortunately, that's unlikely to happen - there's too much money riding on this shit, and too many powerful vested interests who benefit from malware (for everything from marketing campaigns to rounding up and imprisoning or even executing dissidents), and the malware giants like google and facebook just know too much about any politician who does more than make vague, ineffectual noises to oppose them. So technology is the only tool we have to resist....and most people aren't capable of that, or even willing to put in the effort to learn how. [1] including the sub-set of malware called "advertising" and associated spyware. [2] https://github.com/gorhill/uMatrix/wiki [3] https://en.wikipedia.org/wiki/UBlock_Origin and https://github.com/gorhill/uBlock use only "uBlock ORIGIN". Don't use any other version claiming to be "uBlock", there's at least one malicious fork of it. uBlock Origin is by Raymond Hill aka "gorhill", who is also the author of uMatrix. [4] Stylus is the open source fork of the original Stylish plugin, which got taken over by a scumbag with connections to the advertising/spyware industry. Don't use Stylish, it's trojaned with spyware that tracks every URL visited or embedded in a page. [5] https://en.wikipedia.org/wiki/Greasemonkey [6] https://www.fsf.org/blogs/community/antifeatures https://www.digitalethics.org/essays/it-feature-it-bug-no-its-antifeature craig -- craig sanders <[email protected]> _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
