Nachdem der #DID für diesen Monat zu Ende ging, wollte ich mal als Thread 🧵 sammeln, was ich in der Vergangenheit schon alles #DUTgemacht habe.

Während ich seit ca. 2009 Feedreader zum bewussten Konsum von Medien nutze, bin in ich ungefähr 2016 hier im Fediverse aufgeschlagen, als IT-Sicherheit für mich zunehmend an Relevanz gewann.

Los ging dies mit @keepassxc (damals bei mir noch ohne XC) und später @bitwarden

Damit einher ging außerdem die Wahl von @ublockorigin als AdBlocker, welcher mein digitales Leben, wahrscheinlich wie kaum ein anderes Tool, nachhaltig bereichert hat.

1/5

How can people use #YouTube without @ublockorigin or paying for it?

I just tried to watch an assay via Tor Browser. 5 minutes 20 seconds into the video I had to view 2 pre video advertisements and 2 advertisements after 2 minutes 30 seconds and 2 advertisements after 5 minutes.

Now I do not want to watch YouTube anymore. I feel that I watched as many minutes/seconds advertisements as I watched wanted content.

@jdrm ¿usas la configuración por defecto de @ublockorigin?

«Clicking "reject cookies" might not actually do anything:
Google, Microsoft, and Meta largely ignore cookie opt-outs, independent audit says»

…and then they complain that users reduce their spying by tracking banners such as @ublockorigin, @noscript, @privacybadger or/and @libredirect?!

🍪 https://www.techspot.com/news/112073-clicking-reject-cookies-might-not-actually-do-anything.html
---
#cookies #google #microsoft #meta #web #ignorance #optout #click #block #spying #rejectcookies #cookieblocking

今晚，我想來點 - 廣告攔截器 (Ad blocker)

開源、保障隱私的廣告攔截器：
@ublockorigin@lemmy.ml uBlock Origin
uBlock Origin Lite
@adguard@lemmy.ca AdGuard
Ghostery
@brave Brave shield

全文連結：
https://vocus.cc/article/698c1fdafd89780001e79198

You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.

I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.

Claude:

• Six parallel telemetry pipelines.
• A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
• Intercom running a persistent WebSocket whether you use it or not.
• Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.

ChatGPT:

• proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
• uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
• Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
• Also runs a proof-of-work challenge before you're allowed to type anything.

Gemini:

• play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
• Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.

When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.

KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.

Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.

All three of these products cost money.
One of them is also running ad infrastructure.

Touch grass. Install @ublockorigin

#infosec #privacy #selfhosted #foss #surveillance

Is it possible to set the darkmode on The Guardian, which is currently being tested under accessibility features, as a trusted-set-cookie or something similar?

For Wikipedia someone on the internet found away as en.wikipedia.org##+js(trusted-set-cookie, enwikimwclientpreferences, skin-theme-clientpref-os%2Cvector-feature-custom-font-size-clientpref-0%2Cvector-feature-appearance-pinned-clientpref-0).

I tried that and something some other trial and error versions of that, but nothing worked.

I found these cookies so far: X-GU-Experiment-0perc-D:true and/or gu_client_ab_testsfronts-and-curation-onward-journeys:variant.

RE: https://xoxo.zone/@Ashedryden/115952812145125212

Helping people install a full-featured web content blocker, such as @ublockorigin, was already necessary for #infosec. Now it's necessary for #resistance.

Likewise, helping people set up a VPN from their phones to a non-logging network ad- and tracking-filtering server is resistance.

Likewise, helping people migrate off technofeudalist social media, onto @signalapp for DMs and federated social media for everything public, is resistance.

Likewise, denying supporters or enablers of surveillance capitalist corporations everything it is your right to deny them is resistance.

The more data and revenue we deny the #adTech and #surveillanceCapitalism industry, the more power we take away from the gestapo.

All collaborationists—companies or individuals—are traitors against the Peoples of the #USA and all their allies.

#uBlockOrigin #Wireguard #piHole

https://apps.microsoft.com/detail/12345adfgg?hl=en-US&gl=US

Example - https://github.com/dev/repo and https://github.com/dev/repo/ both works but w/o / is cleaner

https://github.com/easylist/easylist

Example

1. Fingerprinting - Are there sepearte domains that fingerprint ?

2. Email tracking - Where in the list I can see the domains of it ?,

3. User agent checks or monitoring - Where in the list I can see the domains of it ?,

4. **Resource miners **- WHat are these ? Give exmaple ,

5. CNAME trackers - WHat are these ? Give exmapl,

6. Third-party Hit counters - WHat are these ? Give exmaple,

7. Impressions / Event / Perf / Pageview logging - WHat are these ? Give exmaple,

8. Notification servers / popups including any tracking covered by Easyprivacy policy - WHat are these ? Give exmaple,

9. Linking, loading or initialising to known tracking servers or scripts Some unnecessary 3rd-party scripts/images - WHat are these ? Give exmapl

10. "Consent messages" using any of these tracking techniques, covered by Easyprivacy policy - WHat are these ? Give exmapl

What is

11. AntiBot or Bot checks - How does that work ?

12. Tracking Pixels or cookies (being set, checked or get) - What's that?

13. Beacons - What is that?

These are easy to understand - Analytics, Telemetry, Referrers

https://www.amazon.com/.............../dp/ACBDE1234

https://addons.mozilla.org/en-US/android/addon/cblock-origin/

I found this addon on firefox addon store. Its named like cblock origin. Is this genuine ?

Achtung

Achtlose #Fedinauten spammen das Fediverse mit sogenannten #Sharelinks zu.

Das heißt, eine URL zu einer Webseite, z.B. Zeitungsartikel wird verkürzt, damit es "netter" aussieht.

Der Preis dafür ist, dass der Shortener-Dienst eure Daten bekommt, die zuvor nie erhoben wurden.

Als Beispiel ein wahlloser Artikel der TAZ.
https://taz.de/Vor-den-Wahlen-in-der-Elfenbeinkueste/!6123349/

Nun gibt es Leute, die machen daraus https:// share.google/viel-bessere-url

Damit ihr nicht immer wieder in die Falle tappt, besucht 1x https:// share.google (ohne Leerzeichen) und blockt die domain und Anhang bei @ublockorigin, #umatrix oder welchen Blocker ihr gerade nutzt.

Auf direktem Wege im Browser geht das auch so.
Einstellungen – Erweiterungen und Themes – uBlock Origin – Meine Filter – eintragen, abspeichern

Die Lösung gilt für alle Shortener, die ihr ablehnt.

@kuketzblog

Currently, I have some filters set up through uBlock to make my Lemmy browsing more tolerable. For keywords, I copied some scripts that look like this, with one line and each word separated by a vertical bar: lemmy.ca##article.row:has-text(/keyword|keyword|keyword|etc/i)

But the url filters I use only seem to work if they are separated into individual lines, e.g.: lemmy.ca##div.post-listing:has([href*="url/"])

lemmy.ca##div.post-listing:has([href*="url/"])

I was wondering if it's possible to condense the url lines to make it a bit more manageable in the same way the keyword filter is.

Just discovered a @ublockorigin list that blocks pages with AI imagery from your Google (and DuckDuckGo) search results:

https://github.com/laylavish/uBlockOrigin-HUGE-AI-Blocklist

A missing and important #security feature for @ublockorigin: add a per-subscription option for whether each subscription is allowed to use trusted filters, and make it default to unchecked for all non-default subscriptions. As it stands malicious compromise of any filter subscription allows arbitrary code injection into any or every page, using, for example, trusted-replace-node-text on any script element. It's the same #supplyChain threat model as malicious Python/Ruby/Node/R/etc. packages or malicious VS Code or browser extensions.

#uBlockOrigin #supplyChainSecurity #supplyChainAttack

@ublockorigin being available on IPhone is great. Everyone should have ad blockers and try to protect what little #privacy

Google finally disabled Manifest V2 extensions in Chromium version 140!

Unlike previous releases where they already tried to push users towards removing #uBlock origin and other V2 extensions, it was still possible to re enable them.
Today I had to switch to uBlock Origin Lite and jokes on you #YouTube I don't see any ads. Just two days ago they launched another attempt to prevent me from using #adblock and within hours, uBlock managed to bypass it, thanks.

@ublockorigin #Google #Chromium

From r/ublockorigin:

"For uBO users:

A potential fix has been published which may solve the detection issue for many users.

Click here to receive the fix, and then restart your browser.

Users will also receive the fix automatically in a few hours.

It is important that everyone understands that there are many reasons for YouTube adblock detection, and the fix may not be applicable for all cases.

If the fix doesn't resolve the issue for you, then please follow ALL of the instructions in the YouTube Mega Thread, including how to properly report issues.

For uBO Lite (uBOL) users:

A new uBO Lite (uBOL) thread has been created on GitHub for YouTube issues, and this is where all uBOL-related issues with YouTube should be posted.

https://github.com/uBlockOrigin/uAssets/issues/28707

The potential fix for the YT detection issue will be included in the next release of uBOL.

Please note that filters are only updated in uBOL when a new version is released, and users will need to wait until then for the fix. There is no exact date for when that will happen, but it should be relatively soon."

Source: https://old.reddit.com/r/uBlockOrigin/comments/1l47bqa/youtube_detection_ads_or_breakages_including/

The Great #Blocklists to prevent all Mozilla spying and data collecting efforts on their users.
@Adguard #Zen @SwitchHosts @Hosty @Opensnitch @personelDNSfilter @Netguard @Adaway @ublockorigin #mozillaBlocker

https://github.com/privacyfilters/Mozilla-Blocker

Sometimes I'm even getting larger 'stacks' of lines from separators between 'promoted' content on #LinkedIn. Thanks to customer filters in #AdNauseam or @ublockorigin these can be blocked. (Too bad I haven't been able to block 'suggested' content, yet).

Total #enshittification of #BigTech social media.

Hello

It was crazy hard to find a rule that actually worked to remove any videos - so I thought I might share it with others here. There are so many old or broken Reddit and SuperUser "solutions" in the web that just do not work (anymore?).

Here is a simple rule (yet heavy on rendering time) you can add to your filterlist if you want to block videos containing a trigger word:

youtube.com##yt-formatted-string:has-text(TRIGGERWORD_HERE):upward(ytd-rich-item-renderer)

e.g: for me "Trump"

youtube.com##yt-formatted-string:has-text(Trump):upward(ytd-rich-item-renderer)

Thought that might help someone else who might be searching for this in the future.

»Cookie-Banner - So teilen die grössten Schweizer Webseiten Ihre heiklen Daten:
Alter, Standort, Vorlieben – wer Online liest wird mitgelesen. SRF zeigt, wie gross das Geschäft mit den Daten ist und welche Webseiten besonders heikle Daten teilen.«

Weshalb ich unter anderem die Werbung durch @ublockorigin und @libredirect so wie @noscript im Browser verbanne und eine Einrichtung der Firewall ist auch eine Lösung.

✋ https://www.srf.ch/news/schweiz/cookie-banner-so-teilen-die-groessten-schweizer-webseiten-ihre-heiklen-daten

#werbung #internet #cookie #schweiz #cookiebanner #srf