Add CNAME-cloaked trackers to uBlock Origin filter list

This list is a good addition to your uBO filter lists — AdguardTeam/cname-trackers

I believe this would be good because it addresses a common, yet none-too-much discussed, problem of trackers using CNAME to disguise their tracker domains. To avoid repeating what is already on the site, and because paraphrasing wouldn’t be an effective method of explaining, you can check out the GitHub here:

I feel that adding this to the import list is a good use of filters to avoid tracking that otherwise goes unnoticed and unmitigated by 95% of the community.

From Trackers and scripts Firefox blocks in Enhanced Tracking Protection | Firefox Help

By default, Firefox blocks the cookies that track your browsing activity across multiple websites. This includes cross-site tracking cookies set by ad, social media, and analytics companies. Other cookies, such as those that remember your login credentials or items in your shopping cart, are still permitted by default.

^ Above, you see that they do not address the CNAME-cloaked trackers.

How do I add this list to uBlock origin? is there a guide?

  1. Click uBO extension
  2. Click “Filter lists”
  3. Expand “Import” box
  4. Paste: into the box.
  5. Apply changes

In uBlock there is an option to uncloak CNAMES, do we actually need one more filter list?

“For all browsers, uBlock Origin blocks CNAME cloaking-based tracking on around 70% of websites. Adblock and Adblock Plus provide insufficient protection abilities for all browsers.” — Source

This isn’t 100% effective. It works on maybe 80-90%, and, tbh, even Dan Pollock’s list doesn’t block all the things, e.g., the Clickspring variant PurityScan.

Maybe a/the uBO owner or developers can weigh in. What is the point of all these filter lists? Malware and trackers always seem to find a way. CNAME-cloaking is just one of those tricks. If we’re being honest, again, I have seen malware droppers on gaming (mobile) websites where they use copy/pasted scripts from the Shadow Broker dump. Those sites target older browsers on older machines, but guess who updates their software? :eyes:

@team thoughts?


uBO on FF-based browsers and Brave’s built-in content blocker already do CNAME unclocking, so at least there adding this list is not needed.

Which leaves Chromium-based and Safari browsers. Some popular lists like EasyList already contain uncloaked addresses, but I do not have looked into all popular lists.


Relevant 2020 research paper showing the effectiveness of various adblocker+browser combinations against CNAME cloaked trackers.

Firefox + uBO (with the “uncloak canonical names” box checked) was the most effective combination (~95%)

In the chart the red line (labelled “ublock origin (rc1)” is the version with the cname uncloaking feature in settings (which only works with Firefox). But you can see, even for browsers that don’t support that feature, uBO was still the most effective (~70%), probably because one of its default blocklists (easyprivacy) can detect about 70% of cloaked cnames.

I don’t have a lot of knowledge in this particular area, so I’d suggest having a look at the research paper (or this shorter article based on it) rather than taking my musings as authoritative. edit: also note, this is a research paper from 2020, things may have changed.