Open source privacy tools µBlock and µMatrix

In the past we have been giving some attention to the tools Adblock Plus and RequestPolicy when we talked about enhancing your privacy and security online.

“The user decides what web content is acceptable or not in their browser.” – µBlock manifesto

Today we want to introduce you to two alternative (open source) tools for this, made by Raymond Hill: µBlock and µMatrix

µBlock

This is a simple tool, comparable to Adblock Plus, but it is open source and light-weight and very user friendly. This tool uses the approach and block-lists as AdBlock Plus and has the main advantage of being more lightweight as you can see in the graph below:

ublock

Source code and more information: https://github.com/gorhill/uBlock

µMatrix

This tool is comparable to RequestPolicy and is aimed at blocking non first party requests, like RequestPolicy. It has a nice matrix that you can easily click to allow/disallow certain requests. I have found that it works much better as it also allows related 3rd party domains. For instance redditmedia.com is not blocked on reddit.com, where RequestPolicy would block it.

umatrix

Source code and more information: https://github.com/gorhill/uMatrix

Installation

On the following links you find the installable extensions for Chromium and Firefox:

Conclusion

Both tools enhance your security and privacy online. They are easy to use and have great integration with the free Chrome (Chromium) browser. Unfortunately µMatrix is not yet available for Firefox, but this may only be a matter of time. I would highly recommend to use both tools in your Chromium install and I would recommend µBlock also on Firefox.

Simple video calling from Firefox using “Hello”

firefox_hello

https://support.mozilla.org/en-US/kb/firefox-hello-video-and-voice-conversations-online

Today my Firefox was updated and it contained some great new functionality: video calling! There is not much to say about it.. click the above link, read how to do it and go and try it!

firefox_hello_video

It is beta, but it works great.. 🙂

 

 

Block Google and Facebook to improve Firefox privacy

firefoxFirefox, a browser built by the Mozilla foundation, is in my opinion the best browser on the web. It is available all major operating systems including Linux and Android. Unfortunately Firefox is not available for iOS. Firefox is “Committed to you, your privacy and an open Web” and on the Mozilla website they tell us that Firefox is:

  • Trusted: Designed to protect your privacy
  • Flexible: Designed to be redesigned
  • Fast: Faster than ever

On the Firefox privacy page Mozilla says:

We build Firefox with a mission to put you first, above all else.
We do it to keep you in control. We do it so you can browse without worry.
And we do it because no one else will. – Mozilla

I think it is widely accepted (and true) that your privacy is much at risk when you are surfing the Internet. Firefox will protect your privacy (to some extent) if you tell it to, but you do have to tell it to do so. You can do this by clicking the menu button and clicking “Preferences”. This screen has a privacy tab and I strongly recommend you to set the settings as strict as shown on the screenshot below:

privacy

Pay extra attention to the “Accept third-party cookies” and “Tell sites that I do not want to be tracked” options. Unfortunately this last feature just informs any third party of your preference, but it does not actually block the tracking. This is where AdBlock Plus comes into play.

ad_block_plus_logo

Download Adblock Plus here. After installing you can configure the AdBlock Plus icon (red stop sign) to be present in the toolbar (or not) by clicking the menu icon, clicking “Add-ons” and then the “Extension” tab on the left and then the “Preferences” button of AdBlock Plus. On the bottom there is a list of checkboxes and one is “Show in toolbar”.

adblockplus

It is very convenient to have the AdBlock Plus icon in the toolbar (left from the menu icon) so that you can quickly disable it if that is needed. It may for instance happen that a site no longer shows you Facebook “Like” buttons and you are very desperate to “Like” something.

ad_block_plus_settings

For the best experience I would disable “Show tabs on Flash and Java” and disable “Count filter hits”. In the filter preferences I have added three subscriptions and unchecked “Allow some non-intrusive advertising”, like this:

adblock_filter_preferences

Most people install only “EasyList”, which is easy to find and mainly blocks advertisers.  I also recommend the “Adblock warning Removal List” to avoid any warnings that may appear due to the usage of AdBlock Plus. The other subscription you should have is “Fanbox’s Annoyance List” which sounds unimportant, but actually blocks all Google and Facebook tracking (and many other “annoying” things). I also use “EasyPrivacy”, which also blocks privacy threats. These subscriptions may not be available from the user interface, but this should not stop you. You can find them on the following link:

https://easylist.adblockplus.org/en/

AdBlock Plus will block the loading of elements that match the rules that are defined in the subscriptions. These elements can be visible or invisible (scripts or transparent tracking pixels). This does not only improve your privacy online, but also makes websites load faster. It actually matters a lot as you can see from a quick experiment I did using Firebug. I executed a full page refresh on several websites with and without AdBlock Plus enabled. Below a graph showing the loading time of the website with AdBlock Plus enabled compared to the loading time of the website without AdBlock Plus enabled. You can see that all sites load faster with AdBlock Plus enabled (<100%), since the browser has to load less elements from the website:

website_loading_times

This is the data I collected in my (single) run along some popular websites, which is used to draw the above graph:

           website   total   onload   total ABP   onload ABP   total   onload
washingtonpost.com   12.06     6.98        5.12         4.72     42%      68%
       nytimes.com   11.35     5.72        6.84         4.28     60%      75%
             nu.nl    5.17     4.07        2.29         1.63     44%      40%
     microsoft.com    3.41     2.85        2.69         2.15     79%      75%
   mail.google.com   10.19     1.15        8.47         1.12     83%      97%
        google.com    1.58     1.06        0.89         0.84     56%      79%
           cnn.com    9.48     5.45        3.09         2.17     33%      40%
           bbc.com    3.42     3.05        2.09         1.82     61%      60%

So the bottomline is this: by protecting your privacy better, surfing the Internet will go faster. This is a well-kept secret that I share with you “because no one else will.”

About privacy and the ethics of blocking ads

Some people argue that you should not install ad blocking software, because blogs can exist because banners bring income to the writers. Although I doubt that this is true (direct advertising and editorials pay a magnitude better and cannot be blocked), I want to focus on the opposite: websites stealing from their visitors. By using “free analytics”, “like buttons”, “JavaScript-driven ad engines” and “web-shop tracking” many, if not most, websites are sharing very sensitive (privacy related) information about their visitors with third parties (without the visitors consent). This information can be stored and used to identify and profile visitors. The bad thing is that many site owners do not even realize their behavior is unethical (and in some cases even forbidden by law). In my opinion this unethical behavior makes using blocking software ethical.

Browse safer by disabling SSLv3 in Firefox

vulnerable poodle sslv3

You may be at risk! A man-in-the-middle attack may be effective between you and any site that runs on HTTPS. This is explained two days ago by Google in their publication about the POODLE attack. It explains that SSLv3 has a vulnerability and negotiation of this protocol can be enforced by a man-in-the-middle. That man-in-the-middle is able to read (part of) the plaintext of your secure communication with the server. You can click the above image (that links to https://www.poodletest.com/) and if you are vulnerable you will see a poodle.

Fixing the vulnerability is also very easy. If you run a server you may want to check out my post on fixing the POODLE issue in Nginx and Apache. Even transfers from browsers that are not fixed can then no longer be intercepted  and decoded by a man-in-the-middle.

firefox poodle fix

But you should also fix this issue in your browser right now! In Firefox you simply type “about:config” in the address bar and then “tls” in the search bar. Change the value of “security.tls.version.min” from “0” to “1” as the above screenshot illustrates:

Mozilla says that it is making Firefox 34 safe from POODLE by disabling SSLv3 by default. – betanews.com

This change is so easy (only costs a few seconds and requires a browser restart) that I would not wait for Mozilla to release Firefox 34. If you run another browser, and you are looking for a guide, you may want to check out tomsguide.com.

Private Firefox browsing using cloud

In a restaurant or an airport you might be using a public WiFi network. Even though most web service login procedures are protected with SSL (you can check the “https://” prefix), there are still plenty of websites that do not use HTTPS. So if you need privacy you can apply the procedure below.

Use a cloud instance as a secure SOCKS proxy server

You can use your SSH enabled Cloud instance as a proxy server. You can buy one from LeaseWeb :-). All browser traffic to your Cloud instance will be tunneled in the SSL secured SSH tunnel. To start the socks enabled tunnel you only have to issue the following command:

$ ssh -D 8080 user@cloud_instance

If you do not run Linux, but you run Windows, you can download Putty and run from the command prompt:

C:\Users\m.vanderschee> "c:\Program Files (x86)\PuTTY\putty.exe" -D 8080 user@cloud_instance

Where “cloud_instance” is the hostname or IP address of your cloud instance and “user” is the username on that machine (it is better not to use “root”). You need to go to: Firefox > Preferences > Advanced > Network > Settings… > Manual Proxy. The in the field “SOCKS Host” you enter “localhost” and Port “8080”. You can choose “SOCKS v5”, but do NOT check “Use this proxy server for all protocols”. Press “OK” and you are done.

Proxy your DNS requests

Since you don’t want to leak any information at all about your activity, you should also proxy you DNS requests. You can do this by  opening up “about:config” in Firefox and change the setting “network.proxy.socks_remote_dns” to “true”.

Quickly enable/disable the proxy

If you set your Firefox to use a proxy you might want to easily enable and disable the proxy. The QuickProxy Addon allows this. It shows a small green (proxy on) or red (proxy off) icon in the Add-on bar in the lower right corner of your Firefox window.