cname-trackers VS uBOL-home

Note that CNAMEs is literally caused by GDPR, and the pathway every single ad or tracking company seems to go sooner or later.

For people not understanding how it works: you can set a CNAME entry on your tracker.domain.tld to bypass all Browser's third-party tracking preventions, and make it look like it's a normal subdomain of your website.

You need to make a CNAME tracker database manually by resolving the reverse entries for known IPs. Usually there is hundreds or thousands of CNAME entries pointing to the same IP address.

The AdGuard team also made a database for this, in case anyone needs it for UBOL [1]

[1] https://github.com/AdguardTeam/cname-trackers

So nextdns’s third party disguised trackers is actually really tiny of a list, like 30 domains. (Im trying to add more so it has the same amount of cname’s blocked as adguard). Anyways, the reason why the list is so tiny is because it uses wildcard logic so all subdomains get blocked. It already uses some of the cname companies that adguards cname-tracker list uses but not all. Hopefully my pull request can get merge eventually because then the setting will be a little bit more effective

I see fathom on Adguard CNAME tracker. Example:

> uBlock Origin already performs CNAME decloaking and blocks this approach, it’s pretty cool.

... which in return is a static list of domains which needs to be regularly updated, and therefore is not really failsafe. uBlock0 uses Adguard's scraped dataset [1] as a source to do this, as Chrome Extensions cannot make DNS requests without a DNS-via-HTTPS endpoint.

[1] https://github.com/AdguardTeam/cname-trackers

Not sure where I should report this, but I seem to have found a CNAME cloaking tracker which i don't find in either the original or disguised tracker lists here https://github.com/AdguardTeam/cname-trackers Is there a mechanism for reporting these? I saw someone posted a list on github, but no response there. Maybe this example is just ordinary tracking though?

Are you able to block trackers/ads using this new CNAME cloaking technique? https://github.com/AdguardTeam/cname-trackers

> It allows for 30,000 dynamic rules

That is not what we mean by dynamic filters. From https://developer.chrome.com/blog/improvements-to-content-fi...

> However, to support more frequent updates and user-defined rules, extensions can add rules dynamically too, without their developers having to upload a new version of the extension to the Chrome Web Store.

What Chrome is talking about is the ability to specify rules at runtime. What critics of Manifest V3 are talking about is not the ability to dynamically add rules (although that can be an issue), it is the ability to add dynamic rules -- ie rules that analyze and rewrite requests in the style of the blockingWebRequest permission.

It's a little deceptive to claim that the concerns here are outdated and to point to vague terminology that sounds like it's correcting the problem, but on actual inspection turns out to be entirely separate functionality from what the GP was talking about.

> Giving this ability to extensions can slow down the browser for the user. These ads can still be blocked through other means.

This is the debate; most of the adblocking community disagrees with this assertion. uBO maintains a list of some common features that are already not possible to support in Chrome ( https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b... ) and has written about features that are not able to be supported via Chrome's current V3 API ( https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as... ). Of particular note are filtering for large media elements (I use this a lot on mobile Firefox, it's great for reducing page size), and top-level filtering of domains/fonts.

For an extension to be entirely declarative, it must package all the scripts to inject anywhere, the scripting.registerContentScript API doesn't allow injecting code as string[1], the content scripts must be part of the package.[2]

There is userScripts API which allows injecting code as string, but it's impractical as in Chromium-based browsers this requires extra steps by the user to enable the API.[3] In Firefox, the documentation for this API has the following note[4]:

> When using Manifest V3 or higher, use scripting.registerContentScripts() to register scripts

* * *

[1] https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

[2] https://github.com/uBlockOrigin/uBOL-home/tree/main/chromium...

[3] https://developer.chrome.com/docs/extensions/reference/userS... ("Availability Pending")

[4] https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

AIUI it's because declarativeNetRequests requires the filters to be specified statically, see https://developer.chrome.com/docs/extensions/reference/decla...

Also note that the site you linked is for UBlock, which is a different extension from UBlock Origin. The UBlock Origin Lite (UBlock Origin for MV3) page has an explanation: https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as...

You can also use a declarative adblocker like uBlock Origin Lite [1], which only provides the browser with a list of elements to filter, but doesn't have any permissions to read content or perform requests. Or simply use your hosts file to apply OS-wide filtering with no browser add-ons needed: https://github.com/StevenBlack/hosts

Be aware that if you use these "passive" blocking methods, there are some sites like YouTube where you will see ads, because in these cases it's necessary to actually manipulate page content to hide them. What you can do is use a traditional adblocker but enable it only for these few sites where the declarative approach is not enough, take a look at [2] for more details.

[1] https://github.com/uBlockOrigin/uBOL-home

[2] https://seirdy.one/posts/2022/06/04/layered-content-blocking...

> The author's description even seems to praise Manifest v3 in the same way Google PR did.

No, it simply declares the goal of that add-on: to fully comply with declarative ways of MV3 and its limitations, and no uBO extended features that need workarounds to be implemented.

He's more strict to Lite than full version:

- https://github.com/uBlockOrigin/uBOL-home/issues/17

Obviously a project like this has already been offered 7-figure deals already: https://github.com/uBlockOrigin/uBOL-issues/issues/44

And he declined all.