evercookie VS uBlock

For a bad actor, this is easily work-around-able using various local persistence mechanisms like evercookie. https://samy.pl/evercookie/

If you're talking about the https://samy.pl/evercookie script, for what it's worth, you can defeat it (at least I can with my settings and no extensions) by...

This reminded me of something I haven't thought about in awhile: evercookie - https://github.com/samyk/evercookie

Sure, as Sevetarion said earlier "There is no actual cooke, it's just a metaphor". In contrast to "fingerprinting" a user's unique device configuration (as the rest of this demo does), anti-tracking folks use the term "cookie" broadly to refer to various ways sites can store unique values to be retrieved later. This usage grew out of Samy Kamkar's awesome "Evercookie" work in 2010 (later aka "supercookie") https://samy.pl/evercookie/

Nothing comes to mind directly, sorry. It’s something I want to look deeper into myself as well. One cool thing to look at is evercookie which is a GitHub project that allows you to make tracking cookies and the likes. The repo itself hasn’t been updated in a while but can probably be a good source of information.

Evercookie and the Favicon vuln

Client side: Use Evercookie

Also note, something like the Evercookie may also still be a thing that works. It stores data not only in cookies, but also in everything else that can retain any form of state (localStorage, HTTP browser history, HTTP cache for custom fingerprinted images generated by the server, etc.), and if even one spot doesn't get cleared by the user, the script can re-populate all the spots making for a very persistent "cookie."

Check out uBlock Origin's per site switches [1]

[1]: https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-...

If ads, in particular on YouTube, are the problem, anything Chromium-based is probably only going to get worse and worse (see [1] and [2]). So that basically leaves you with Firefox and Safari.

I work for Mozilla (speaking for myself, of course), so I'll leave you to guess which I'd recommend :P

[1] https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...

[2] https://arstechnica.com/gadgets/2023/09/googles-widely-oppos...

https://github.com/gorhill/uBlock

Or if on mobile, it is well worth it to look up adblock options for the browser you use.

What are the compelling advantages of Chrome nowadays?

Chrome is working to limit the capabilities of ad blockers:

https://www.malwarebytes.com/blog/news/2023/11/chrome-pushes...

Whereas a compelling advantage of Firefox is that uBlock Origin works best in Firefox:

https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...

Advertising networks have often been vectors for malware. Using an ad blocker is an important security measure. Even the FBI recommends ad blockers:

https://www.malwarebytes.com/malvertising

https://theconversation.com/spyware-can-infect-your-phone-or...

https://www.ic3.gov/Media/Y2022/PSA221221?=8324278624

> It allows for 30,000 dynamic rules

That is not what we mean by dynamic filters. From https://developer.chrome.com/blog/improvements-to-content-fi...

> However, to support more frequent updates and user-defined rules, extensions can add rules dynamically too, without their developers having to upload a new version of the extension to the Chrome Web Store.

What Chrome is talking about is the ability to specify rules at runtime. What critics of Manifest V3 are talking about is not the ability to dynamically add rules (although that can be an issue), it is the ability to add dynamic rules -- ie rules that analyze and rewrite requests in the style of the blockingWebRequest permission.

It's a little deceptive to claim that the concerns here are outdated and to point to vague terminology that sounds like it's correcting the problem, but on actual inspection turns out to be entirely separate functionality from what the GP was talking about.

> Giving this ability to extensions can slow down the browser for the user. These ads can still be blocked through other means.

This is the debate; most of the adblocking community disagrees with this assertion. uBO maintains a list of some common features that are already not possible to support in Chrome ( https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b... ) and has written about features that are not able to be supported via Chrome's current V3 API ( https://github.com/uBlockOrigin/uBOL-home/wiki/Frequently-as... ). Of particular note are filtering for large media elements (I use this a lot on mobile Firefox, it's great for reducing page size), and top-level filtering of domains/fonts.

> "Its happened before"

> That's not an argument

It's a subheading to "2. Browser engine monopoly". The subsection's purpose is describing how bad things were during the IE monopoly to reinforce that it's something to be avoided.

> in fact you could counter-argue that IE left a lot of technical debt

That would be agreeing with the article, unless I understand what you mean.

> On top of that, the internet was very different back then.

In a way that now makes it harder for truly new competing engines to pop up due to increased complexity of the web.

> I'm still not convinced, why would I change my browser?

The points made in the article are:

* Increased privacy, opposed to willingly giving your data to an ad-tech company

* Helps avoid a browser engine monopoly which would effectively let Google dictate web standards

* It’s fast and has a nice user interface

Onto which I'd add:

* Content blockers work best on Firefox (https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...), doubly so when Manifest V3 rolls out

* Allows more customization of interface and home page

* UX improvements, like the clutter-free reader mode, aren't vetoed to protect search revenue as with Chrome (https://news.ycombinator.com/item?id=37675467)

Advertising networks are vectors for malware:

https://www.cisecurity.org/insights/blog/malvertising

https://www.malwarebytes.com/malvertising

https://theconversation.com/spyware-can-infect-your-phone-or...

So if you're concerned about security then you want the browser with the best ad blocker.

uBlock Origin works best in Firefox:

https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-b...

Firefox has the best adblocking capability with ublock origin, which explicitly operates better on Firefox. https://github.com/gorhill/uBlock/wiki/uBlock-Origin-works-best-on-Firefox