uBlock Origin: Complete Guide (Domain by Domain)

"you have a lot more control over what data is collected about you than you realize"

uBlock Origin

uBlock Origin is a super useful browser extension to see what third party JavaScript a website is using. Very often you can block this JavaScript and still get near full functionality or partial depending on what they use.

First we’ll go over the basics (you can skip this if you already know), and then go Domain by Domain, so you can only allow what you absolutely need.

Basics (skip if you know)

Extension Overview

The uBlock extension is by default included in the browser LibreWolf, so if you don’t want to even go to the Mozilla or corrupt Google extension store, then that’s a good way to get it.

After you first install it, you’ll need to go to the settings (the gear icon in bottom right),

and then toggle the “I’m an advanced user” to get the better functionality.

Then when you open the extension in “advanced user” mode, you’ll see 2 columns, with 4 buttons total in a grid. The right two boxes are this domain only. So here, I’m allowing all JavaScript for this domain only:

Then within each column, If you check off on the left in grey it allows it, while the right in red blocks it.

So here we can see on CryptoPanic, which is supposed to be “decentralized” user-driven RSS feeds, but they are using a massive amount of Big Tech. So in this example, I’m blocking Facebook, but allowing Amazon’s Cloudfront. Notice Cloudfront is in blue, showing it’s required for the site to load.

So you can block all third party JavaScript for ALL domains by hitting the left column’s red button like this:

Then, once you hit the lock icon, it saves these settings for the next time. Alternatively, you could hit the erase icon to wipe the changes.

Domain by Domain

The strategy I use is to by default block all third party JavaScript. While this is fine for just browsing/reading, most interactive websites won’t function. So then I add domains as needed, and then save the changes for that domain only with the lock icon.

Let’s go domain by domain, so you can better understand who you’re giving data to, and when you may not need to.

Important: These are in the order of the most required to the least!!!

hCaptcha.com

This code was made by Brave and is open source, but it’s on Cloudflare’s servers. It’s BETTER than Google captcha, but it’s still tyranny as Cloudflare sees what IP is visiting what website or using what app. It’s unfortunate Signal uses this, since you have no way to verify what this code from the cloud is doing. In this sense, Signal is not really open source. Most websites will force you to submit to this, as they are ignorant and do not realize that it centralizes all traffic to be observed by a single entity that has to comply with government requests.

CloudFront

Cloudfront is a CDN from Amazon’s AWS. I’d enable this one first if a site won’t load, since it’s got the web developer’s core html, css, or javascript files that you need for the site to function. It’s unfortunate they use AWS, but your only other option is to bounce. Sometimes it’s got domains like amazonaws, for example “privacy evangelist” Rob Braxman’s website uses AWS, which is a CIA contractor:

Website-files.com

This is a third party CDN, that usually does images and a bulk of a website’s layout. If you don’t allow it, then the website will be ugly, however you can usually get some text without it. If a website won’t load, try enabling this one first.

Google.com & gstatic.com

This is Google Captchas for forms. First it’ll display google.com, when you allow that, it will then load gstatic. So most websites will allow you look at the site with it blocked, but not submit forms or sign-up unless you allow gstatic. For example this divorce lawyer Darren Shapiro requires Google fingerprint you, in order to contact him with your sensitive marriage information:

Whenever you need to fill out a form, FIRST immediately check IF they are corrupt and use Google, because if you have to enable this after then it will refresh the page and wipe out your form entries.

Fill out your form entries first in LibreOffice or offline text editor, then copy-paste them into the browser to not only avoid the risk of Google error, but also fingerprinting. You want to avoid typing large blocks on websites directly because they can measure keyboard typing style.

Another strategy when filling out a form is to look for a listed email to avoid the form. This evades Google fingerprinting your browser and seeing your IP address. However, don’t get too excited about evasion here, because they’re probably using Gmail to receive the form entries, which you could find out from a DNS lookup. But at least Google won’t match your browser fingerprint to your form entry, which might have your real name.

Jsdelivr.net

This usually means the person is using stock WordPress. It might break basic functionality without it, but for just viewing text you’re usually fine to block it. For example Rob Braxman’s What the Zuck website, which is supposed to be teaching me about privacy, is using both Google analytics and JQuery.

Fontawesome.com & fonts.googleapi.com

This is WordPress fonts and a dead give-away the person is using WordPress. I’ve never seen this required. Keep it 100% BLOCKED. Google is so corrupt, they are trying to sneak connecting to your IP address baked into the WordPress fonts.

By the way, for website owners out there, this can be removed with the following plugin, search on your dashboard for: “Disable & Remove Google Fonts By Fonts Plugin”

Googletagmanager.com & Google-analytics.com

Both of these are Google analytics. You NEVER want to enable this. You DON’T need it to pass Captchas, that’s gstatic. Most websites on the internet use this, even the freedom and/or privacy ones. For example the wallet MyMonero.com does not really care about your privacy and tries to sneak Google up your rear-end,

CloudflareAnalytics.com

Usually Cloudflare does NOT need this to load. When you first get to the page, it may call upon the official cloudflare.com which is the captcha you’re forced into submission to allow. But then once you’ve loaded the site, this analytics URL can be blocked.

Facebook.net & Twitter.com

This means the website owner copy-pasted the widget or code from the social media firm to put a button on their site. The site owner probably is dumb and doesn’t realize it allows the social media firm to spy on users. ALWAYS block it. For example the official Libertarian Party gets their ideas censored by Facebook, but yet they still allow Zuckborg to leech data off their visitors for the NSA. Maybe this can help the government oppress Libertarians with audits:

CookieBot.com

CookieBot is a supposed “privacy” compliance solution that advertises how you can remain compliant while maximizing data collection. For example WebMD uses this to spy on users with sensitive medical problems. But there is NO PURPOSE in using CookieLaw if they ALSO use Google Tag Manager, since that’s not compliant with those restrictions.

Then WebMD blocks Tor, to prevent you from finding out about your medical problems anonymously and harvest your data for sale. Google’s goal here to fingerprint you and then put ads for drugs pre-rolled on Youtube, so you can be embarrassed when showing friends videos and your exact medical problem pops up.

Chimpstatic.com

This means the person is using ChimpMail for email, which his not good because they changed their policy to censor “misinformation”, which usually means anything critical of the government. This is dangerous when combined with core internet infrastructure. For example Tom Woods, the Libertarian podcaster, is selling his book on covid, unfortunately unaware that right during covid October 2020, Chimpmail coincidentally updated their misinformation policy.

As reclaimthenet.org points out, Mailchimp added to their policy Section IV. Rules and abuse:

“Mailchimp also does not allow the distribution of Content that is, in our sole discretion, materially false, inaccurate, or misleading in a way that could deceive or confuse others about important events, topics, or circumstances.”

And even worse, Tom Woods is unaware that Google, Cloudflare, Facebook, and all these firms are literally piping into the NSA who his fans are, their emails, and what their browser fingerprints look like.

For all of the WordPress site owners out there, check out Fluent CRM’s open source WordPress plugins to make your own self-hosted email list. These can be used with a self-hosted email such as aaPanel with WordPress, or Mail in a Box in docker. Take control of your own infrastructure my friend. I LOVE Woods, so if he would let me help him, I would. I listen to nearly every show. Even back when he first started on Schiff’s show.

Doubleclick.net

This is google ads. Block it. Lots of mainstream news websites use this. You can always view the site without it, although it’s usually propaganda misinformation anyway.

Newrelic

This is data collection for the site’s developer, but you should block it because it’s centralizing a lot of data to across the web to one firm.

OneSignal

This is annoying marketing where they try to send you push notifications in the browser on OTHER websites. Die in a pool of your own blood, block.

Bootstrapcdn.com

This is a CDN, but usually most stuff loads with it blocked.

Conclusion

To summarize, you have a lot more control over what data is collected about you than you realize. Tools like uBlock Origin not only help you stop collection, but also evaluate if you trust these companies. If more people were aware of this tool, it would put pressure on supposedly “decentralized” cryptocurrencies, medical websites, “privacy” sites, and even “anti-NSA” Libertarians to stop using these Big Tech companies.

Some will curse me out and say nobody cares. But I’m an optimist. I believe that if presented with this free tool and knowledge, some may become self-empowered. So today I ask, who will help me? Show your friends how to use it. Will the internet change overnight? No. But some sites might use other options. And maybe… just maybe, we might be a little more free.

If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push.

[SP]

• Browsers
• Plugins
• uBlock Origin

Jan 12, 2024