What’s the logic behind the filter lists recommended for uBlock Origin, or how should one decide which ones to enable?
The PG recommendation is to leave the default lists and just enable one built-in list (Adguard URL tracking protection) and add one external list (legitimate URL shortener tool). This is the same recommendation as Arkenfox’s.
A few questions:
What about the regional or language-based filter lists? Is there any harm in enabling the relevant ones? If not, it should be mentioned in a sentence on PG.
Why is the “legitimate URL shortener tool” not already part of the uBlock Origin list of lists if it is so useful?
Why shouldn’t you just enable all the non-default lists that are listed under ads, privacy, and malware?
What about the Cookie banner filter lists? Is there any harm in enabling some or all of them?
The main reason is because of research like this which has shown it’s possible for a compromised or malicious filter list to exfiltrate data from your browser:
Although the specific vulnerabilities in that post have been fixed, it’s still a potential risk to think about. Thus, as far as our recommendations go, we want to limit them to:
Being from as few authors as possible, because that reduces the number of parties you’re trusting
Being either as easily auditable as possible, or popular enough that many eyes are on the lists
The second (less important) reason is that your fingerprint can become more unique depending on what you block, since sites can detect what you block. I say this is less important because the likelihood of sites doing this seems small, and if you’re really concerned about fingerprinting you should use Mullvad Browser or Tor Browser, but it’s still something to consider.
You can install anything you want if you understand these two things and do your due diligence about the list’s author(s) yourself. As far as what we’re going to tell everyone to install, we’re going to stick with only the biggest ones that provide the most widespread benefit to most people, because we simply can’t continuously validate every niche filter list.
Use what works for you (minimalism is good, but optimizing your setup to your needs/wants also matters)
But take a conservative ‘additive’ approach (start with the default lists, and only add additional filterlists to solve specific problems/achieve specific goals not addressed by the default lists. Resist the urge to enable a bunch of lists just because ‘they might help’ or sound good).
"Why shouldn’t you just enable all the non-default lists that are listed under ads, privacy, and malware?"
Why shouldn’t you just enable all the non-default lists that are listed under ads, privacy, and malware?
The simplest answer if you ask in uBO communities is because the default lists just work for most people. They are well curated, tested, and receive the most attention so issues are identified and fixed quickly, it is also easier to receive help/troubleshoot issues when you stick with the defaults.
But beyond that, I think it comes down to diminishing returns and higher likelihood of false positives, breakages, or performance issues the more lists you add.
Personally I enable a few additional lists (uBlock and Easylist Annoyances, Adguard URL Tracking Protection, I-Am-Py’s combo list, and Bypass Paywalls Clean)
I value Yokoffing’s opinions and experience, and roughly followed their guide when I was configuring NextDNS a while back. I’ve looked over their uBO guidance as well, and sometimes use it as a reference, but I don’t follow it, I prefer a simpler and more diy approach, and am not convinced that many of the lists they recommend add enough value/utility to be worth adding to my setup.
One thing to bear in mind with uBO is you don’t necessarily need to change anything. The defaults are good for most people. You can add what you want/need, but I personally don’t see the need for a guide like that for uBO.
Mostly because of breakages / anti-adblock. The more lists you enable, more chances that you can encounter breakages / anti-adblock. If you are familiar with uBO syntaxes and able to investigate the issue, it’s fine. If not, most will have to disable the whole uBO on that site which is worse.
And for some lists like Adguard’s, they may have filters that allow trackers’ connections (to deal with some issues in the past) while the issue might/could have been solved with uBO’s default settings without the need of allowing those connections. It’s because they have multiple versions of their own lists made for different products, and sometimes they can have their own fix for the websites’ issues but those fixes cannot be applied (or they think so) to other products and the solution resorts to just allowing the trackers.
I personally don’t use Adguard’s lists because of that, except AdGuard URL Tracking Protection which is for removing tracking parameters in the URL using removeparam.
If you usually visit non-English websites, yes you might need to enable that language’s list. Just enable the one(s) you visit the most, don’t enable all of the language’s lists. The problem would be the same as the Adguard’s lists I said above.
enable AdGuard URL Tracking Protection as recommended by PG & Arkenfox
add custom list Actually Legitimate URL Shortener Tool as recommended by PG & Arkenfox
enable my relevant regional/language filter list (as I’m bilingual)
enable EasyList/uBO – Cookie Notices for convenience
(Is there any reason why the cookie list isn’t recommended by PG & Arkenfox? I would have guessed because it doesn’t add any privacy compared to just manually rejecting all cookies, while theoretically increasing fingerprintability?)
The cookie lists have to balance between rejecting cookies and preventing breakages. For some sites, the only way to allow some websites’ features to work is accepting the cookies (or accepting some cookies choices), otherwise those sites will be broken.
I personally just build my own cookie list.
For others who are not familiar with uBO syntaxes, EasyList/uBO – Cookie Notices is good enough.
Off-topic
Off-topic but LMAO for someone saying Brave does not use uBO under the hood. No. They are using uBO filter lists and just add/adjust some filters for few websites that specifically have issues with Brave.
And upcoming to MV3, fewer uBO volunteers would care/be able to solve issues on chromium/brave so good luck (brave did 0-to-few things on youtube’s blocker war, only few people at uBO and Adguard investigated those deeply).
It’s explained above, mostly because of breakages / anti-adblock / unnecessary whitelisting filters. You can open the lists via eye icon to see the description of each list
AdGuard Tracking Protection is Adguard’s additional list for EasyPrivacy with their own additions / fixes, but can include unnecessary whitelisting filters
AdGuard URL Tracking Protection removes tracking parameters in the URL. (Actually, uBO’s own privacy list already includes popular tracking parameters that have low chances of breakages and covers more than Brave + FF’s default parameter removal feature)
Block Outsider Intrusion into LAN prevents websites accessing your localhost connections/files
Still a valid question, because you’d think that the built-in filter lists shouldn’t have such problems! For custom lists this is taken for granted.
edit: specifically I wonder why it’s recommended to add the Adguard URL tracking list but not the other big Adguard lists (ads, mobile ads, privacy, cookies).
Thanks for the information, due to my lack of technical knowledge I have no idea what Block Outsider Intrusion into LAN means, but this sounds super important. Why is this not recommended by PG?
Generally it is because of breakages, anti-adblock or unnecessary whitelisting filters you say, I have no idea if these apply here.
Yeah, I see that you mean. They do have different profiles that you can choose from similar to how uBlock Orgin’s developers have different “modes” you can use. From a quick glance, they do seem to have some nice lists like “Most Abused TLDs”, but I feel like most of the filters could be replicated with a DNS.
I agree, the defaults are lightweight and are tested by the developers of uBlock to make sure they are compatible and are working correctly. If people want additional functionality out of uBlock, they could follow the documentation from the developers.
Well, it is true, Brave does not use uBO under the hood, so I don’t know what your problem is. Filterlists and filterlist syntax is something else.
Most Brave users do not use uBO. Brave’s ad blocker is not an extension and thus MV3 has zero impact on it. There are plenty of independent filterlist projects. I don’t know why they would suddenly go away just because of MV3.
I think are confusing uBlock Origin (adblocking software) with Easylist/Easyprivacy (The name of the primary filterlists used in both uBO and Brave and many many other adblockers. These filterlists predate both uBO and Brave by many years).
Can’t speak to PG’s reasons, but one reason I see is that URL Tracking Protection addresses a specific niche not (fully) addressed by the general purpose blocklists. While the other lists you mentioned are addressed by the general purpose default ad and tracker blocklists enabled by default in uBO (with the exception of the cookie banner list which is an annoyance/UI consideration, not a privacy or adblock consideration, and not something everyone wants to block).
I agree, there is nothing wrong with doing this sort of blocking at the browser level, but it seems more logical to block malicious and suspicious domains and malware domains at the DNS level).
I know they are using another engine for the filtering, but the filter lists they are using are uBO’s (except few filters crafted for their specific issues), and any concern about what the filters could do apply to both (of course except the filters that can only be applied to Firefox). EasyList and EasyPrivacy are already the common filter lists for multiple products before Brave (and because of that they can’t resolve more complex issues in nowadays websites).
Any new features uBO introduces to resolve new issues from the websites (scriptlets, static network filters…), Brave will have to follow, or those new filters will be discarded inside Brave. This showed the most clearly in YouTube’s war when new features were constantly be created due to YouTube’s constant interfering to uBO’s filters. That’s what I want to clarify, instead of the blanket “Brave does not use uBO” because there are 2 critical components for the blocker: the engine AND the filter lists, without any of them, there’s no blockers.
As said above, filter lists and engine are both critical components of the blocker.
The problem is the solutions for the future issues. Filters are created to be compatible with both chromium and firefox. Without the ability to investigate on chromium, the incompatibility gap will be bigger, especially for the product that is using uBO’s lists. If they are using their own solutions like Adguard, they can do that by their own, but currently not. And no, there are very few filter lists projects that tackle more complicated issues of nowadays websites. Most of them are just ABP-style (EasyList, EasyPrivacy…). The problem also comes from the nature of the blocker where there’s 0-to-few assisting tool for anyone who wants to investigate with Brave Shield. That hinders a lot of contributions and communications to the project itself. Blockers are products that need to solve issues everyday and need as much transparent as possible, and more people able to investigate the issues, the better.