Table of Contents
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
3rd-party <iframe> tags blocked by default for all sites.
Malware protection
iframe
tags are very often used by malware code on compromised websites -- using 3rd-party-sourced <iframe>
to inject exploit on a user's computer is quite a common technique:
- "'Expert' hackers used 11 0-days to infect Windows, iOS, and Android users"
- "Malvertiser abused WebKit zero-day to redirect iOS & macOS users to shady sites"
- "Webkit zero-day exploit besieges Mac and iOS users with malvertising redirects"
- "Massive eGobbler Malvertising Campaign Leverages Chrome Vulnerability To Target iOS Users"
- "Kovter Group malvertising campaign exposes millions to potential ad fraud malware infections"
- "Massive AdGholas Malvertising Campaigns Use Steganography and File Whitelisting to Hide in Plain Sight"
- "Prince of pop trash PerezHilton pwned, visitors hit with cryptxxx"
- "CBS-affiliated Television Stations Expose Visitors to Angler Exploit Kit"
- "Big-name sites hit by rash of malicious ads spreading crypto ransomware"
- "Massive Admedia/Adverting iFrame Infection"
- "MSN Home Page Drops More Malware Via Malvertising"
- "Malvertising Hits DailyMotion, Serves Up Angler EK"
- "Angler Exploit Kit Blasts Daily Mail Visitors Via Malvertising"
- "Malware With Your News? Forbes Website Victim of Malvertising Attack"
- "Malvertising Hits Online Dating Site PlentyOfFish"
- "Firefox exploit found in the wild"
- "Advert Strikes Out Via Copycat Gaming Site"
- "Celebrity chef Jamie Oliver’s website hacked, redirects to exploit kit"
- "Malicious advertisements served via Yahoo"
- "jQuery.com Confirms Website Compromise"
- "Democracy in Hong Kong Under Attack"
- "Yet another case of malvertising on The Pirate Bay"
- "Hackers compromise official PHP website, infect visitors with malware".
- "Feds Are Suspects in New Malware That Attacks Tor Anonymity"
- "willysy.com Mass Injection ongoing, over 8 million infected pages, targets osCommerce sites"
- And so on.
"Compromised Pro-Democratic Hong Kong Websites", volexity.com.
uBlock Origin (uBO) shown just as a reminder on how to block 3rd-party <iframe> tags.
Simply blocking 3rd-party <iframe>
by default foils such exploit.
Blocking 3rd-party scripts is generally even better, as the malicious code would have been prevented from executing in the first place. But for users with low tolerance to site breakage, blocking 3rd-party <iframe>
tags by default (i.e. on all sites by default) is really the best solution.
Blocking 3rd-party iframe
tags will typically cause little web page breakage, far less than the more thorough alternative of blocking 3rd-party javascript, so blocking 3rd-party iframe
tags is an approach that can work even for less advanced users.
Ultimately, if a site breaks because it really does need legitimate 3rd-party <iframe>
, then un-blocking <iframe>
for a specific site is only one click away:
3rd-party <iframe> tags blocked by default for all sites,
except for the current site (this was for github.com) -- using a noop rule.
But even in this case, the best advice would be to actually find from which specific hostname iframe
tags are required, and to create a local noop
rule only for this hostname, rather than unblock all 3rd-party iframe
tags on the site -- though this approach is better suited to advanced users.
Tracking protection
Remember the article ProPublica's "Meet the Online Tracking Device That is Virtually Impossible to Block"?
The title is obviously an exaggeration (the tracking can be blocked).
The particular addthis.com
javascript code which attempts to fingerprint your browser executes from within a 3rd-party iframe
.
Contrary to what Adblock Plus (ABP) has been claiming on its blog and the media, using EasyPrivacy does not prevent AddThis from fingerprinting your browser. This is something I verified and re-verified back then, and I just re-verified again (2014-10-09):
When you visit http://www.ibtimes.com/, the following <iframe>
is dynamically created:
<iframe id="_atssh478" title="AddThis utility frame" src="//ct1.addthis.com/static/r07/sh175.html#iit=1412897324950&tmr=load%3D1412897319899%26core%3D1412897320635%26main%3D1412897324941%26ifr%3D1412897324955&cb=0&cdn=1&chr=UTF-8&kw=headline%20news%2Cdaily%20news%2Cbreaking%20news%2Cbusiness%20news%2Cpolitical%20news%2Csports%20news%2Ccurrent%20news%2Ceurope%20news%2Cworld%20news%2Casian%20news%2Ccomputer%20news%2Cairline%20news%2Cbanking%20news%2Cconsumer%20news%2Chealth%20news&ab=-&dh=www.ibtimes.com&dr=&du=http%3A%2F%2Fwww.ibtimes.com%2F&dt=International%20Business%20Times%20-%20International%20Business%20News%2C%20Financial%20News%2C%20Market%20News%2C%20Politics%2C%20Forex%2C%20Commodities&dbg=0&md=0&cap=tc%3D0%26ab%3D0&inst=1&vcl=1&jsl=143585&prod=undefined&lng=en-GB&ogt=title&pc=flw%2Ctbx&pub=ra-4fd117ff2700b0d1&ssl=0&sid=54371a28bc1109db&srpl=1&srcs=1&srd=1&srf=1&srx=1&ver=300&xck=0&xtr=0&og=title%3DAmerican%2520Horror%2520Story&aa=0&csi=undefined&rev=6.2&ct=1&xld=1&xd=1" style="height: 1px; width: 1px; position: absolute; z-index: 100000; border: 0px; left: 0px; top: 0px;"></iframe>
And within it, the fingerprinting will take place, and result reported to AddThis servers:
- Request URL:
http://ct1.addthis.com/static/r07/sh175.html
- Cookie:
uid=54371180c23c9d63; __atuvc=1%7C41; uit=1; km_ai=543717496fd011.83307994
- Host:
ct1.addthis.com
- Referer:
http://www.ibtimes.com/
The above occurred with ABP with EasyList + EasyPrivacy enabled. Note that the cookie header which contains the fingerprinting information will be stripped if you set your browser to block 3rd-party cookies and site data (preventing 3rd-party cookies is what protects you in this particular case, not ABP + EasyPrivacy).
AddThis and many other 3rd-parties which purpose is to data-mine you will be foiled by blocking 3rd-party <iframe>
tags (even more so if blocking 3rd-party <script>
tags).
By blocking 3rd-party <iframe>
tags, you don't have to ask them permission to opt-out of something you did not opt-in in the first place. ("Opting out" is a joke anyways, see "The web never forgets" (PDF), section 6.2)
In any case, keep in mind that your IP address is as good as fingerprinting if you are assigned a long-lasting one, so blocking 3rd-party <iframe>
tags goes a long way in foiling trackers out there (and 3rd-party <script>
tags even better though more site breakage to expect).
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
- Wiki home
- About the Wiki documentation
- Permissions
- Privacy policy
- Info:
- The toolbar icon
- The popup user interface
- The context menu
- Dashboard
- Settings pane
- Filter lists pane
- My filters pane
- My rules pane
- Trusted sites pane
- Keyboard shortcuts
- The logger
- Element picker
- Element zapper
- Blocking mode
- Very easy mode
- Easy mode (default)
- Medium mode (optimal for advanced users)
- Hard mode
- Nightmare mode
- Strict blocking
- Few words about re-design of uBO's user interface
- Reference answers to various topics seen in the wild
- Overview of uBlock's network filtering engine
- Overview of uBlock's network filtering engine: details
- Does uBlock Origin block ads or just hide them?
- Doesn't uBlock Origin add overhead to page load?
- About "Why uBlock Origin works so much better than Pi‑hole does?"
- uBlock's blocking and protection effectiveness:
- uBlock's resource usage and efficiency:
- Memory footprint: what happens inside uBlock after installation
- uBlock vs. ABP: efficiency compared
- Counterpoint: Who cares about efficiency, I have 8 GB RAM and|or a quad core CPU
- Debunking "uBlock Origin is less efficient than Adguard" claims
- Myth: uBlock consumes over 80MB
- Myth: uBlock is just slightly less resource intensive than Adblock Plus
- Myth: uBlock consumes several or several dozen GB of RAM
- Various videos showing side by side comparison of the load speed of complex sites
- Own memory usage: benchmarks over time
- Contributed memory usage: benchmarks over time
- Can uBO crash a browser?
- Tools, tests
- Deploying uBlock Origin
- Proposal for integration/unit testing
- uBlock Origin Core (Node.js):
- Troubleshooting:
- Good external guides:
- Scientific papers
uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.