Mirrors
/
uBlock
mirror of https://github.com/gorhill/uBlock.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated µBlock and others: Blocking ads, trackers, malwares (markdown)

gorhill 2014-09-30 19:12:50 -07:00
parent d82172c7a9
commit 6f3d6d9e4d
1 changed files with 83 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
µBlock-and-others:-Blocking-ads,-trackers,-malwares.md

@ -1,109 +1,84 @@
Hard data, not hype. Hard data, not hype.
Latest benchmark: 22 July 2014 ([raw data spreadsheet](https://github.com/gorhill/uBlock/blob/master/doc/benchmarks/privex-201407-22.ods)). Latest benchmark: 30 September 2014 ([raw data spreadsheet](https://github.com/gorhill/uBlock/blob/master/doc/benchmarks/privex-201409-30.ods)).
This benchmark is to measure privacy exposure, by counting the number of **distinct 3rd-party domains** which This benchmark is to measure privacy exposure, by counting the number of **distinct 3rd-party domains** which
have been hit by net requests during the benchmark. The lower the number of distinct 3rd-party domains hit, the better. have been hit by net requests during the benchmark. The lower the number of distinct 3rd-party domains hit, the better.
Some benchmarks measure the amount of requests blocked, which I think is of no interest as a useful Some benchmarks measure the amount of requests blocked, which I think is of no interest as a useful
measurement of privacy exposure. The number of requests blocked is no guarantee of less distinct 3rd-party domains being hit (and leaving a trace in the servers' logs). measurement of privacy exposure. The number of requests blocked is no guarantee of less distinct 3rd-party domains being hit (and leaving a trace in the servers' logs).
Measuring directly the number of distinct 3rd-party domains which were hit is a much better and relevant measurement for comparison of privacy protection efficiency in my opinion. Measuring directly the number of distinct 3rd-party domains which were hit is a much better and relevant measurement for comparison of privacy protection efficiency in my opinion.
![Privacy benchmark graph](https://raw.githubusercontent.com/gorhill/uBlock/master/doc/img/privacy-benchmark.png) ![Privacy benchmark graph](https://raw.githubusercontent.com/gorhill/uBlock/master/doc/img/privex-201409-30.png)
Caveat: "3rd-party" is defined as a domain which doesn't match the domain of the web page. For sure many Caveat: "3rd-party" is defined as a domain which doesn't match the domain of the web page. For sure many
domains reported as "3rd-party" actually belong to the same entity which owns the page domain (for example, `yimg.com` is owned by `yahoo.com`). There is no way for the benchmark code to know this, unless using a comprehensive database of who owns which domain -- that is beyond my means. Still, the benchmark is useful if comparing blockers among themselves, or against when no blocker is used. domains reported as "3rd-party" actually belong to the same entity which owns the page domain (for example, `yimg.com` is owned by `yahoo.com`). There is no way for the benchmark code to know this, unless using a comprehensive database of who owns which domain -- that is beyond my means. Still, the benchmark is useful if comparing blockers among themselves, or against when no blocker is used.
Results -- figures are "3rd party / all". Ordered from least 3rd-party hits to most 3rd-party hits. Privacy-wise, lower numbers are better. Results -- figures are "3rd party / all". Ordered from least 3rd-party hits to most 3rd-party hits. Privacy-wise, lower numbers are better.
#### µBlock 0.2.3.3 #### Ghostery 5.4.0
- Distinct 1st-party/3rd-party pairs: **245** - Distinct 1st-party/3rd-party pairs: **197**
- Scripts: 569 / 852 - Scripts: 490 / 796
- Outbound cookies: 1 / 112 - Outbound cookies: 0 / 135
- Net requests: 2,458 / 5,020 - Net requests: 2,548 / 5,304
#### Adblock Plus 1.8.3 #### µBlock 0.6.6.0
- Distinct 1st-party/3rd-party pairs: **255** - Distinct 1st-party/3rd-party pairs: **285**
- Scripts: 563 / 839 - Scripts: 681 / 1011
- Outbound cookies: 1 / 120 - Outbound cookies: 0 / 131
- Net requests: 2,415 / 4,963 - Net requests: 2,871 / 5,558
#### Ghostery 5.3.0 #### Adblock Plus 1.8.5
- Distinct 1st-party/3rd-party pairs: **282** - Distinct 1st-party/3rd-party pairs: **369**
- Scripts: 589 / 894 - Scripts: 774 / 1106
- Outbound cookies: 1 / 135 - Outbound cookies: 0 / 139
- Net requests: 2,605 / 5,301 - Net requests: 2,966 / 5,671
#### Adguard 1.0.2.12 #### Disconnect 5.18.15
- Distinct 1st-party/3rd-party pairs: **283** - Distinct 1st-party/3rd-party pairs: **400**
- Scripts: 637 / 930 - Scripts: 922 / 1258
- Outbound cookies: 1 / 136 - Outbound cookies: 0 / 202
- Net requests: 2,600 / 5,251 - Net requests: 3,266 / 6,141
#### Disconnect 5.18.14 #### No blocker
- Distinct 1st-party/3rd-party pairs: **352** - Distinct 1st-party/3rd-party pairs: **1578**
- Scripts: 716 / 989 - Scripts: 2659 / 3156
- Outbound cookies: 1 / 174 - Outbound cookies: 0 / 250
- Net requests: 2,704 / 5,276 - Net requests: 8,225 / 11,718
#### Privacy Badger 2014-07-18 ### Notes
- Distinct 1st-party/3rd-party pairs: **604** The figures show the number of requests **allowed**, thus lower numbers are better.
- Scripts: 853 / 1181 The point is to count the number of distinct 3rd-party/1st-party pairs after running
- Outbound cookies: 1 / 182 the reference benchmark (three repeats in the current instance).
- Net requests: 3,190 / 5,990
The less distinct 3rd-party/1st-party pairs, the better.
#### No blocker
### Methodology
- Distinct 1st-party/3rd-party pairs: **1160**
- Scripts: 1471 / 1799 All blockers were configured in such a way as to compare apples-vs-apples:
- Outbound cookies: 1 / 216
- Net requests: 5,317 / 8,207 - **Ghostery:** Select all trackers. _"GhostRank"_ not checked. _"Update now"_ clicked (and ensured whatever new filters were used).
- **µBlock:** out-of-the-box settings + local mirroring enabled (through _"Experimental features"_).
### Notes - **Adblock Plus:** _"EasyList"_ + _"EasyPrivacy"_, _"Fanboy's Social Block List"_, _"Malware Domains"_ checked. _"Acceptable ads"_ unchecked. _"Update now"_ clicked.
- **Disconnect:** out-of-the-box settings -- no change.
The figures show the number of requests **allowed**, thus lower numbers are better.
The point is to count the number of distinct 3rd-party/1st-party pairs after running Browser settings (if you mind your privacy, there is no way around these settings):
the reference benchmark (three repeats in the current instance). - _"Click to play"_ enabled.
- _"Block third party cookies and site data"_ enabled.
The less distinct 3rd-party/1st-party pairs, the better.
[Sessbench](https://github.com/gorhill/sessbench) was used to run the benchmarks,
Adguard: it sends `GET` requests in the form `https://sb.adtidy.org/safebrowsing-lookup-domain.html?domain={page hostname}` for the first time a URL is visited. This may be related to its _"Phishing and malware protection"_ setting. Just a guess. and each extension was tested as the only extension active in the browser.
Privacy Badger: warning from the browser: _"This extension is slowing down Chromium. You should disable it to restore Chromium's performance."_ The official [Public Suffix List](https://publicsuffix.org/list/) is used to determine the domain of a URL.
Ultimately, if you **really** want to increase significantly control over your privacy, [HTTP Switchboard](https://github.com/gorhill/httpswitchboard#http-switchboard-for-chromium) is the way to go. **Note regarding the methodology:** It has been said that I was unfair toward ABP because I didn't
If web page breakage annoys you, just start using HTTP Switchboard in [allow-all/block-exceptionally mode](https://github.com/gorhill/httpswitchboard/wiki/How-to-use-HTTP-Switchboard:-Two-opposing-views#the-allow-allblock-exceptionally-approach), use [Peter Lowes Ad server](http://pgl.yoyo.org/) list for ABP while I did for µBlock. It is
and blacklist your way up from this starting point. Unlike µBlock and others here, HTTP Switchboard does not true that I could have imported the list into ABP, which most certainly account for the difference
have unseen exception filters which often defeat good blocking filters. For example, [**this**](https://github.com/gorhill/httpswitchboard/wiki/About-these-%22%E2%80%98virtually-impossible%E2%80%99-to-block%22-fingerprinting-tools#kind-of-low-breakage) is the way to foil many fingerprinting tricks, canvas fingerprinting included, without preventing javascript execution.
### Methodology
All blockers were configured in such a way as to compare apples-vs-apples:
- **µBlock:** out-of-the-box settings -- no change.
- **Adblock Plus:** out-of-the-box settings + _"EasyPrivacy"_, _"Malware Domains"_ checked. _"Acceptable ads"_ unchecked. _"Update now"_ clicked.
- **Ghostery:** out-of-the-box settings + _"Advertising"_, _"Analytics"_, _"Beacons"_, _"Privacy"_ checked. _"Widgets"_ not checked. _"GhostRank"_ not checked. _"Update now"_ clicked (and ensured whatever new filters were used).
- **Adguard:** out-of-the-box settings + _"Spyware and tracking"_, _"Phishing and malware protection"_ checked. _"Social media"_ not checked. _"Acceptable ads"_ unchecked. _"Check for filter updates"_ clicked.
- **Disconnect:** out-of-the-box settings -- no change.
- **Privacy Badger:** out-of-the-box settings -- no change. The extension was "primed" by visiting all the URLs in the benchmark three times before running the real benchmark.
Browser settings (if you mind your privacy, there is no way around these settings):
- _"Click to play"_ enabled.
- _"Block third party cookies and site data"_ enabled.
[Sessbench](https://github.com/gorhill/sessbench) was used to run the benchmarks,
and each extension was tested as the only extension active in the browser.
The official [Public Suffix List](https://publicsuffix.org/list/) is used to determine the domain of a URL.
**Note regarding the methodology:** It has been said that I was unfair toward ABP because I didn't
use [Peter Lowes Ad server](http://pgl.yoyo.org/) list for ABP while I did for µBlock. It is
true that I could have imported the list into ABP, which most certainly account for the difference
between ABP and µBlock. My answer to this is available at [Wilders Security Forum](http://www.wilderssecurity.com/threads/%C2%B5block-a-lean-and-fast-blocker.365273/page-3#post-2386023). between ABP and µBlock. My answer to this is available at [Wilders Security Forum](http://www.wilderssecurity.com/threads/%C2%B5block-a-lean-and-fast-blocker.365273/page-3#post-2386023).