Are you ready for a future where addons such as NoScript, uMatrix, and any other DNS based controls no longer give you control over third party cookies/scripts due to those third party cookies/scripts being misrepresented to you as first party cookies/scripts? From Gorhill: >Instart Logic >The purpose of Instart Logic technology is to disguise 3rd-party requests as 1st-party requests, thus bypassing content blockers, and even the ability of browsers to block 3rd-party cookies (because they are stored as 1st-party cookies) github.com/gorhill/uBO-Extra/wiki/Sites-on-which-uBO-Extra-is-useful
Instart Logic is a reverse proxy service similar to Cloudflare. Their service MitMs your connection to the website that you want to view and modifies the URLs for third party requests related to ad providers on the page that you're requesting so that they point to data on the site you're visiting rather than the sites of the ad providers. Instart Logic then translates the requests you send for that data back into requests for the ad data, retrieves the appropriate data from the ad provider, and sends the ads back to you as the data you requested from the site you're visiting (pic related is an illustration of the process). Currently Instart Logic isn't targeting Firefox, so addons to fight it such as Gorhill's uBlock Origin Extra are only being compiled for Chrome/Chromium. However, Instart Logic could start targeting Firefox users as well in the future and I wouldn't be surprised if Cloudflare starts offering a similar service in the near future as well.
could of just summed all that up by saying "the ad link comes from Sup Forums.org/blablabla instead of ad.doubleclick.net"
Xavier Cox
So basically attacking the end user browser with js? uMatrix will just not run the serving js.
Gavin Brooks
Then you either don't use the website, or completely block scripts. Fixed.
Christian Stewart
Disable everything except first-party images by default >why not even CSS CSS has lots of nasty tracking abilities that can compromise privacy. browserleaks.com/css
Colton Parker
Boycott the sites that use that shit.
Same applies to CIAflare, a non-existent problem solver.
Remember the abrupt rise of DDosing?
It was an NSA project
Juan Walker
Right there - in CSS - goggle has its fonts and other useless shit that open up your browser like a gay ass.
Brandon Brooks
>couldn't you just turn on strict https and be done with it? Does doing so prevent you from going to Sup Forums (or any other site that uses Cloudflare)? Otherwise that wouldn't work.
>uMatrix will just not run the serving js. Only if you block all first party JS, which already breaks many websites. The only way for uMatrix to handle this would be to further add options for you to choose which scripts from sites you allow rather than just which sites you allow scripts from.
Ayden Richardson
>Then you either don't use the website >Boycott the sites that use that shit. And when other websites start adopting this as well?
>Same applies to CIAflare, a non-existent problem solver. You are aware that a shit ton of sites (including Sup Forums) use Cloudflare to the point where it's quite hard to avoid, aren't you?
Lucas Butler
source?
Connor Phillips
Limit detectable fonts. RandomAgentSpoofer has that ability, along with many others.
Nathan Gray
Ah, yeah. I guess we'd have to move to blocking all inline script on 1stp sites and move to a white list instead. Gonna get annoying. Especially if sites start adopting this for all scripts, because I assume the inject script reads like gobbledygook. Honestly it'll be impossible if that happens. CSS or bust I guess.
Eli Ramirez
I block first party scripts and cookies by default as well
Ayden Fisher
wow can't wait for a ruined internet filled with malvertising
fucking idiots
Alexander Bennett
It's disgusting how far corporate leeches will pervert beautiful IT to suit their disgusting desires. This kind of shit is basically rape in the form of programming things that should never exist.
Landon Parker
Firefox's new API that everybody keeps bitching about allows extensions like uBlock Origin to block inline scripts using script:contains filters.
Chromium based browsers do not allow this.
So when instartlogic becomes the norm, everyone who wants ad blocking will have to come crawling back to Firefox, the one true browser.
Jacob Kelly
The fuck are you talking about? OP literally posted a link to an extended version of uBlock Origin for Chrome that's designed to deal with these ads.
Julian Cox
how dare you
Grayson Howard
ublock can already handle inline script blocking
The problem is if they start auto generating these scripts with random text, i.e. instead of foo() we get s9dfs97gs9fs69fs97gsg(), and each time you reload it's different.
Jordan Hernandez
So the only options for fighting this shit if/when it becomes widespread are going to be: >stop trying to control scripts yourself and just trust an adblocker to take care of ads/tracking scripts/malicious scripts, and deal with ads/tracking scripts/malicious scripts occasionally getting through >try to decipher JS that will no doubt be obscured and develop a whitelist of your own, and hope that the scripts aren't regularly modified (which they no doubt will be) so that you don't have to do this every time you visit a page >completely cease to have JS enabled, and deal with more and more sites breaking as time goes on >kill yourself, they can't show you ads or track you when you're dead How did everything go so wrong?
Caleb Adams
Wouldn't work on Sup Forums. Web pages here are (relatively) simple and the userbase is autistic and intelligent enough to put in a lot of effort to circumvent this.
Aaron Sanchez
>Wouldn't work on Sup Forums. Only because Sup Forums X still exists. Without that you're stuck with the options here: like you would be with any other site.
Adrian Smith
no. because your strict https is linked to that reverse proxy, not the site behind it you can't tell if shit is reverse proxied because that's how things should work
Nathaniel Myers
Yeah the cookies, injected JS, etc will be indistinguishable from the first party website's JS that's required to display the site, etc. Especially if they scramble the names of their functions server side
Xavier Moore
This isn't the future I wanted.
Andrew Lee
Well between this and that Admiral anti-adblock company pushing DMCA bullshit over anti-anti-adblock measures circumventing their "DRM", it seems like this is almost the end as all that will leave is trying to read obfuscated JS and blocking the likely ever changing anti adblock scripts manually every time you go to a new page. Only bit worse it could get from here for the web is if more DRM gets added to the HTML standards in a way that websites can put JS behind the DRM.
bang
Brody Wright
adblocking is the new antivirus, we'll start moving to heuristic modeling...
Jonathan Hill
While that will help in dealing with this new method of showing ads, it won't help with the other problem of anti-adblock scripts if they gain legal protection as "DRM".
Carson Williams
Nonfree javascript doesn't even want me on the web.
Adrian Torres
Sooo... I just block JS in general from now on? And only allow First-Party Cookies and delete them all as soon as I close the tab? Seems good, I'll just not be able to watch legal shit in the internet from now on. Thanks Ad-Industry, I go back to VPN and Torrent / OneClick Hosters then. Your own fucking fault, shitheads.
Chase Smith
What if an addon loads the page twice and only keeps the unchanged parts?
Kayden Bell
it's not financially viable for webhosts to proxy all traffic through a single point
at the moment, anyway
Oliver White
>all this work to just ensure I never use your website again okay
Seems pretty simple. DDOS whatever's hosting the reverse proxies.
Levi Johnson
Bottom of the page >Upmanager >Working around content blockers using WebRTC. >Sites: >Sup Forums.org
Ian Anderson
This won't catch on because it would require the supposedly struggling ad-revenue based sites to spend even more money.
Past that, you could at least hinder this by running your own local caching web proxy; the useful part of ad / tracking doesn't happen in your local proxy returns what should have been 1st party cache-able content.
