Mirrors
/
uBlock
mirror of https://github.com/gorhill/uBlock.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated µBlock and others: Blocking ads, trackers, malwares (markdown)

gorhill 2014-09-30 19:12:50 -07:00
parent d82172c7a9
commit 6f3d6d9e4d
1 changed files with 83 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
µBlock-and-others:-Blocking-ads,-trackers,-malwares.md

@ -1,6 +1,6 @@
Hard data, not hype. Hard data, not hype.
Latest benchmark: 22 July 2014 ([raw data spreadsheet](https://github.com/gorhill/uBlock/blob/master/doc/benchmarks/privex-201407-22.ods)). Latest benchmark: 30 September 2014 ([raw data spreadsheet](https://github.com/gorhill/uBlock/blob/master/doc/benchmarks/privex-201409-30.ods)).
This benchmark is to measure privacy exposure, by counting the number of **distinct 3rd-party domains** which This benchmark is to measure privacy exposure, by counting the number of **distinct 3rd-party domains** which
have been hit by net requests during the benchmark. The lower the number of distinct 3rd-party domains hit, the better. have been hit by net requests during the benchmark. The lower the number of distinct 3rd-party domains hit, the better.
@ -10,61 +10,47 @@ measurement of privacy exposure. The number of requests blocked is no guarantee
Measuring directly the number of distinct 3rd-party domains which were hit is a much better and relevant measurement for comparison of privacy protection efficiency in my opinion. Measuring directly the number of distinct 3rd-party domains which were hit is a much better and relevant measurement for comparison of privacy protection efficiency in my opinion.
![Privacy benchmark graph](https://raw.githubusercontent.com/gorhill/uBlock/master/doc/img/privacy-benchmark.png) ![Privacy benchmark graph](https://raw.githubusercontent.com/gorhill/uBlock/master/doc/img/privex-201409-30.png)
Caveat: "3rd-party" is defined as a domain which doesn't match the domain of the web page. For sure many Caveat: "3rd-party" is defined as a domain which doesn't match the domain of the web page. For sure many
domains reported as "3rd-party" actually belong to the same entity which owns the page domain (for example, `yimg.com` is owned by `yahoo.com`). There is no way for the benchmark code to know this, unless using a comprehensive database of who owns which domain -- that is beyond my means. Still, the benchmark is useful if comparing blockers among themselves, or against when no blocker is used. domains reported as "3rd-party" actually belong to the same entity which owns the page domain (for example, `yimg.com` is owned by `yahoo.com`). There is no way for the benchmark code to know this, unless using a comprehensive database of who owns which domain -- that is beyond my means. Still, the benchmark is useful if comparing blockers among themselves, or against when no blocker is used.
Results -- figures are "3rd party / all". Ordered from least 3rd-party hits to most 3rd-party hits. Privacy-wise, lower numbers are better. Results -- figures are "3rd party / all". Ordered from least 3rd-party hits to most 3rd-party hits. Privacy-wise, lower numbers are better.
#### µBlock 0.2.3.3 #### Ghostery 5.4.0
- Distinct 1st-party/3rd-party pairs: **245** - Distinct 1st-party/3rd-party pairs: **197**
- Scripts: 569 / 852 - Scripts: 490 / 796
- Outbound cookies: 1 / 112 - Outbound cookies: 0 / 135
- Net requests: 2,458 / 5,020 - Net requests: 2,548 / 5,304
#### Adblock Plus 1.8.3 #### µBlock 0.6.6.0
- Distinct 1st-party/3rd-party pairs: **255** - Distinct 1st-party/3rd-party pairs: **285**
- Scripts: 563 / 839 - Scripts: 681 / 1011
- Outbound cookies: 1 / 120 - Outbound cookies: 0 / 131
- Net requests: 2,415 / 4,963 - Net requests: 2,871 / 5,558
#### Ghostery 5.3.0 #### Adblock Plus 1.8.5
- Distinct 1st-party/3rd-party pairs: **282** - Distinct 1st-party/3rd-party pairs: **369**
- Scripts: 589 / 894 - Scripts: 774 / 1106
- Outbound cookies: 1 / 135 - Outbound cookies: 0 / 139
- Net requests: 2,605 / 5,301 - Net requests: 2,966 / 5,671
#### Adguard 1.0.2.12 #### Disconnect 5.18.15
- Distinct 1st-party/3rd-party pairs: **283** - Distinct 1st-party/3rd-party pairs: **400**
- Scripts: 637 / 930 - Scripts: 922 / 1258
- Outbound cookies: 1 / 136 - Outbound cookies: 0 / 202
- Net requests: 2,600 / 5,251 - Net requests: 3,266 / 6,141
#### Disconnect 5.18.14
- Distinct 1st-party/3rd-party pairs: **352**
- Scripts: 716 / 989
- Outbound cookies: 1 / 174
- Net requests: 2,704 / 5,276
#### Privacy Badger 2014-07-18
- Distinct 1st-party/3rd-party pairs: **604**
- Scripts: 853 / 1181
- Outbound cookies: 1 / 182
- Net requests: 3,190 / 5,990
#### No blocker #### No blocker
- Distinct 1st-party/3rd-party pairs: **1160** - Distinct 1st-party/3rd-party pairs: **1578**
- Scripts: 1471 / 1799 - Scripts: 2659 / 3156
- Outbound cookies: 1 / 216 - Outbound cookies: 0 / 250
- Net requests: 5,317 / 8,207 - Net requests: 8,225 / 11,718
### Notes ### Notes
@ -74,25 +60,14 @@ the reference benchmark (three repeats in the current instance).
The less distinct 3rd-party/1st-party pairs, the better. The less distinct 3rd-party/1st-party pairs, the better.
Adguard: it sends `GET` requests in the form `https://sb.adtidy.org/safebrowsing-lookup-domain.html?domain={page hostname}` for the first time a URL is visited. This may be related to its _"Phishing and malware protection"_ setting. Just a guess.
Privacy Badger: warning from the browser: _"This extension is slowing down Chromium. You should disable it to restore Chromium's performance."_
Ultimately, if you **really** want to increase significantly control over your privacy, [HTTP Switchboard](https://github.com/gorhill/httpswitchboard#http-switchboard-for-chromium) is the way to go.
If web page breakage annoys you, just start using HTTP Switchboard in [allow-all/block-exceptionally mode](https://github.com/gorhill/httpswitchboard/wiki/How-to-use-HTTP-Switchboard:-Two-opposing-views#the-allow-allblock-exceptionally-approach),
and blacklist your way up from this starting point. Unlike µBlock and others here, HTTP Switchboard does not
have unseen exception filters which often defeat good blocking filters. For example, [**this**](https://github.com/gorhill/httpswitchboard/wiki/About-these-%22%E2%80%98virtually-impossible%E2%80%99-to-block%22-fingerprinting-tools#kind-of-low-breakage) is the way to foil many fingerprinting tricks, canvas fingerprinting included, without preventing javascript execution.
### Methodology ### Methodology
All blockers were configured in such a way as to compare apples-vs-apples: All blockers were configured in such a way as to compare apples-vs-apples:
- **µBlock:** out-of-the-box settings -- no change. - **Ghostery:** Select all trackers. _"GhostRank"_ not checked. _"Update now"_ clicked (and ensured whatever new filters were used).
- **Adblock Plus:** out-of-the-box settings + _"EasyPrivacy"_, _"Malware Domains"_ checked. _"Acceptable ads"_ unchecked. _"Update now"_ clicked. - **µBlock:** out-of-the-box settings + local mirroring enabled (through _"Experimental features"_).
- **Ghostery:** out-of-the-box settings + _"Advertising"_, _"Analytics"_, _"Beacons"_, _"Privacy"_ checked. _"Widgets"_ not checked. _"GhostRank"_ not checked. _"Update now"_ clicked (and ensured whatever new filters were used). - **Adblock Plus:** _"EasyList"_ + _"EasyPrivacy"_, _"Fanboy's Social Block List"_, _"Malware Domains"_ checked. _"Acceptable ads"_ unchecked. _"Update now"_ clicked.
- **Adguard:** out-of-the-box settings + _"Spyware and tracking"_, _"Phishing and malware protection"_ checked. _"Social media"_ not checked. _"Acceptable ads"_ unchecked. _"Check for filter updates"_ clicked.
- **Disconnect:** out-of-the-box settings -- no change. - **Disconnect:** out-of-the-box settings -- no change.
- **Privacy Badger:** out-of-the-box settings -- no change. The extension was "primed" by visiting all the URLs in the benchmark three times before running the real benchmark.
Browser settings (if you mind your privacy, there is no way around these settings): Browser settings (if you mind your privacy, there is no way around these settings):
- _"Click to play"_ enabled. - _"Click to play"_ enabled.