From 72fd47e8eaed2e95d44b29f64c529223d7963dfc Mon Sep 17 00:00:00 2001 From: Tommy Date: Sat, 10 Sep 2022 18:06:14 -0400 Subject: [PATCH] Mention uBO Minus Signed-off-by: Tommy --- content/knowledge/Badness Enumeration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/knowledge/Badness Enumeration.md b/content/knowledge/Badness Enumeration.md index 97f7f96..f8edb0a 100644 --- a/content/knowledge/Badness Enumeration.md +++ b/content/knowledge/Badness Enumeration.md @@ -19,7 +19,7 @@ On top of the [obvious problem](#the-obvious-problem) mentioned above, there are The problem here is that adblockers (especially with Manifest v2) are highly privileged and have access to all of your data within the browser. All it takes is for the extension developer to turn malicious for your passwords, session ids, TOTP secrets, etc to get compromised. Even if you were to assume that the extension developer is trustworthy, one vulnerability within the extension could still be catastrophic. This is made worse by the fact that adblockers typically use third-party blocklists, extending trust to the blocklist maintainers to not exploit the extension should a vulnerability be found. The ["uBlock, I exfiltrate"](https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css) blog post describes in detail how a CSS injection vulnerability in uBlockOrigin lead to data exfiltration with one single bad filtering rule. -Overall, adblockers weaken your security for dubious privacy benefits. You are better off not using any advertisement/tracker blocking extensions at all. If you want to avoid stateful tracking, consider clearing all cookies and site data upon exit, using [FireFox containers](https://linuxbsdos.com/2021/11/27/see-multi-account-containers-extension-is-not-needed-to-use-containers-in-firefox/), or using multiple browser instances. You would also need to hide your IP address using a VPN or something like the Tor network as well. If you are worried about stateless tracking, use a browser with fingerprinting protection like Brave (which can fool naive scripts) or Tor Browser (which has the best fingerprint protection in the market, albeit [a lot less secure](https://medium.com/@thegrugq/tor-and-its-discontents-ef5164845908)). +Overall, adblockers increase your attack surface for dubious privacy benefits. If you insist on getting an adblocker however, I highly recommend that you use purely declarative, permission less Manifest V3 ones like [uBO Minus](https://chrome.google.com/webstore/detail/ubo-minus-mv3/ddkjiahejlhfcafbddmgiahcphecmpfh). While they do block fewer ads and trackers than their Manifest V2 counterparts and V3 extensions with "Read and change all your data on all websites", they pose much less of a threat to your privacy and security while still providing the convenniece that of blocking annoyances. ## DNS Filtering