New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Request for block] Crypto Miners #690

Closed
aequasi opened this Issue Sep 15, 2017 · 111 comments

Comments

Projects
None yet
@aequasi

aequasi commented Sep 15, 2017

I would love to see ublock start blocking the crypto miners that people have started to embed on their pages (or fetch)

URL(s) where the issue occurs

Warning, these link will end up consuming over 80% of your CPU

https://gus.host
https://spoopy.link/facebook.com
https://thepiratebay.org/search/Some%20Movie/0/99/0

Describe the issue

This page requests this: https://gus.host/coins.js via a script tag, which in turn runs a fetch to grab this script: https://coin-hive.com/lib/coinhive.min.js. This script then hammers your CPU cores.

@aequasi

This comment has been minimized.

Show comment
Hide comment
@aequasi

aequasi Sep 16, 2017

Script was removed from page, but description should give enough information

aequasi commented Sep 16, 2017

Script was removed from page, but description should give enough information

@devsnek

This comment has been minimized.

Show comment
Hide comment
@devsnek

devsnek Sep 16, 2017

i think the focus should be on blocking coinhive not sites using coinhive 🤔

devsnek commented Sep 16, 2017

i think the focus should be on blocking coinhive not sites using coinhive 🤔

@aequasi

This comment has been minimized.

Show comment
Hide comment
@aequasi

aequasi Sep 16, 2017

That is the request

I would love to see ublock start blocking the crypto miners that people have started to embed on their pages (or fetch)

aequasi commented Sep 16, 2017

That is the request

I would love to see ublock start blocking the crypto miners that people have started to embed on their pages (or fetch)

@aequasi

This comment has been minimized.

Show comment
Hide comment
@aequasi

aequasi commented Sep 16, 2017

Apparently, pirate-bay is doing it now too: https://betanews.com/2017/09/16/pirate-bay-secret-bitcoin-miner/

@gorhill

This comment has been minimized.

Show comment
Hide comment
@gorhill

gorhill Sep 16, 2017

Member

Apparently, pirate-bay is doing it now too: https://betanews.com/2017/09/16/pirate-bay-secret-bitcoin-miner/

Anything that abusively auto-opt-in users deserve to be blocked by default. Now the problem I am having is, in which filter lists does this go?

Given this previous issue, and the one here, maybe it's time to create a new filter lists for anti-users auto opt-in abusive behavior. Name? "Dark patterns"?

Member

gorhill commented Sep 16, 2017

Apparently, pirate-bay is doing it now too: https://betanews.com/2017/09/16/pirate-bay-secret-bitcoin-miner/

Anything that abusively auto-opt-in users deserve to be blocked by default. Now the problem I am having is, in which filter lists does this go?

Given this previous issue, and the one here, maybe it's time to create a new filter lists for anti-users auto opt-in abusive behavior. Name? "Dark patterns"?

@aequasi

This comment has been minimized.

Show comment
Hide comment
@aequasi

aequasi Sep 16, 2017

Yeah, even worse is that you can't opt out of it in some of these cases (like the two i posted), by any means other than blocking.

Dark Patterns sounds good to me.

aequasi commented Sep 16, 2017

Yeah, even worse is that you can't opt out of it in some of these cases (like the two i posted), by any means other than blocking.

Dark Patterns sounds good to me.

@devsnek

This comment has been minimized.

Show comment
Hide comment
@devsnek

devsnek Sep 16, 2017

I wonder if a situation like how https://gus.host works is ok

devsnek commented Sep 16, 2017

I wonder if a situation like how https://gus.host works is ok

@aequasi

This comment has been minimized.

Show comment
Hide comment
@aequasi

aequasi commented Sep 16, 2017

No...?

@okiehsch

This comment has been minimized.

Show comment
Hide comment
@okiehsch

okiehsch Sep 16, 2017

Contributor

in which filter lists does this go?

How about adding it to ublock-badware and renaming the list to something that makes it clear that it includes issues like this one.

Contributor

okiehsch commented Sep 16, 2017

in which filter lists does this go?

How about adding it to ublock-badware and renaming the list to something that makes it clear that it includes issues like this one.

@gorhill gorhill closed this in 8cbb35c Sep 16, 2017

@aequasi

This comment has been minimized.

Show comment
Hide comment
@aequasi

aequasi Sep 16, 2017

Thanks dude! Super fast reply :)

aequasi commented Sep 16, 2017

Thanks dude! Super fast reply :)

@gorhill

This comment has been minimized.

Show comment
Hide comment
@gorhill

gorhill Sep 16, 2017

Member

How about adding it to ublock-badware and renaming the list to something that makes it clear that it includes issues like this one.

I don't know what to think yet, I will listen to all arguments pro/for. "Dark patterns" and "Badware risks" are both self-explanatory, I suppose "badware risks" is a subset of "dark patterns"?

Member

gorhill commented Sep 16, 2017

How about adding it to ublock-badware and renaming the list to something that makes it clear that it includes issues like this one.

I don't know what to think yet, I will listen to all arguments pro/for. "Dark patterns" and "Badware risks" are both self-explanatory, I suppose "badware risks" is a subset of "dark patterns"?

@okiehsch

This comment has been minimized.

Show comment
Hide comment
@okiehsch

okiehsch Sep 16, 2017

Contributor

You could name the list badware risks/dark patterns because I do think that the two issues are related, but a standalone list is fine too.

Contributor

okiehsch commented Sep 16, 2017

You could name the list badware risks/dark patterns because I do think that the two issues are related, but a standalone list is fine too.

@gorhill

This comment has been minimized.

Show comment
Hide comment
@gorhill

gorhill Sep 16, 2017

Member

Off topic: Anybody knows whether a link to the commit not showing in the auto-generated "gorhill closed this 15 minutes ago" above is a temporary GitHub quirk or a new by-design behavior? I kind of relied a lot on the commit being auto-linked in the issue.

Member

gorhill commented Sep 16, 2017

Off topic: Anybody knows whether a link to the commit not showing in the auto-generated "gorhill closed this 15 minutes ago" above is a temporary GitHub quirk or a new by-design behavior? I kind of relied a lot on the commit being auto-linked in the issue.

@okiehsch

This comment has been minimized.

Show comment
Hide comment
@okiehsch

okiehsch Sep 16, 2017

Contributor

I think this behaviour is a quirk, because the link to the commit does not show if you also closed the issue with that commit.
If you commited a fix to an already closed issue, the link to the commit is still there.
Example: #678

Contributor

okiehsch commented Sep 16, 2017

I think this behaviour is a quirk, because the link to the commit does not show if you also closed the issue with that commit.
If you commited a fix to an already closed issue, the link to the commit is still there.
Example: #678

@iCrawl

This comment has been minimized.

Show comment
Hide comment
@iCrawl

iCrawl Sep 16, 2017

Off-topic:
@gorhill
It does show on mobile, not sure if that's any better:

iCrawl commented Sep 16, 2017

Off-topic:
@gorhill
It does show on mobile, not sure if that's any better:

@jjohns71

This comment has been minimized.

Show comment
Hide comment
@jjohns71

jjohns71 Sep 16, 2017

Shows on email summary sent out by GitHub as well as on mobile so must be a bug?
screenshot_20170916-165756

jjohns71 commented Sep 16, 2017

Shows on email summary sent out by GitHub as well as on mobile so must be a bug?
screenshot_20170916-165756

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 17, 2017

@gorhill The "uBlock filters – Badware risks" filter list should not be renamed. I do not use it as it blocks download.com which I visit.

The list in the end is subjective to how grave the user perceives the risks of the listed blocked sites to be and as it states it is a "risk" but not directly harmful.

Filters such as these should be added to the main "uBlock filters" list itself with additional text on why so in the wiki. A new list can be created if need be but things such as a javascript miner are directly harmful to a users machine not to say even more than ads.

@gorhill Also what is meat by "Non-pro-users auto opt-in abusive behavior."?

gotitbro commented Sep 17, 2017

@gorhill The "uBlock filters – Badware risks" filter list should not be renamed. I do not use it as it blocks download.com which I visit.

The list in the end is subjective to how grave the user perceives the risks of the listed blocked sites to be and as it states it is a "risk" but not directly harmful.

Filters such as these should be added to the main "uBlock filters" list itself with additional text on why so in the wiki. A new list can be created if need be but things such as a javascript miner are directly harmful to a users machine not to say even more than ads.

@gorhill Also what is meat by "Non-pro-users auto opt-in abusive behavior."?

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 17, 2017

@aequasi Thanks for opening this issue I was going to myself but thankfully I checked if it was already there. I haven't been going through news lately and I would've definitely not become aware of this if I was not randomly checking out website tech on BuiltWith (a great website).

I was checking this out on:
https://builtwith.com/?http%3a%2f%2fvumoo.li%2fvideos%2fcategory%2ftrending-television

Here I noticed that the website was using Coinhive what was described as a JavaScript miner on BuiltWith, I instantly recognized what it was and went to see the CPU usage of the website I was checking out. These things are designed to kill browser performance.

Went looking for more info and it turns out even TPB is using this. I said enough this needs to be blocked, came here to open an issue but you had already opened one 👍.

Edit: Also, here is the original report by TorrentFreak about TPB using the cryptominer.

gotitbro commented Sep 17, 2017

@aequasi Thanks for opening this issue I was going to myself but thankfully I checked if it was already there. I haven't been going through news lately and I would've definitely not become aware of this if I was not randomly checking out website tech on BuiltWith (a great website).

I was checking this out on:
https://builtwith.com/?http%3a%2f%2fvumoo.li%2fvideos%2fcategory%2ftrending-television

Here I noticed that the website was using Coinhive what was described as a JavaScript miner on BuiltWith, I instantly recognized what it was and went to see the CPU usage of the website I was checking out. These things are designed to kill browser performance.

Went looking for more info and it turns out even TPB is using this. I said enough this needs to be blocked, came here to open an issue but you had already opened one 👍.

Edit: Also, here is the original report by TorrentFreak about TPB using the cryptominer.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Sep 17, 2017

This shit is also trying to connect with WSS after blocking ||coin-hive.com/*:
image

wss://ws001.coin-hive.com/proxy
wss://ws002.coin-hive.com/proxy
wss://ws003.coin-hive.com/proxy
wss://ws004.coin-hive.com/proxy
wss://ws005.coin-hive.com/proxy
wss://ws006.coin-hive.com/proxy

ghost commented Sep 17, 2017

This shit is also trying to connect with WSS after blocking ||coin-hive.com/*:
image

wss://ws001.coin-hive.com/proxy
wss://ws002.coin-hive.com/proxy
wss://ws003.coin-hive.com/proxy
wss://ws004.coin-hive.com/proxy
wss://ws005.coin-hive.com/proxy
wss://ws006.coin-hive.com/proxy

@gangsthub

This comment has been minimized.

Show comment
Hide comment
@gangsthub

gangsthub Sep 17, 2017

I think that we should not mix ads and on-site cryptocurrency mining. Examples like @devsnek have an opt-out option and show transparency.

Mining cryptocurrencies on-site could be a nice way to get rid of ads. IMO, you have rushed. How cool would it be if you had an option to block ads and another option to block mining on the uBlock Origin panel? Thanks in advance.

gangsthub commented Sep 17, 2017

I think that we should not mix ads and on-site cryptocurrency mining. Examples like @devsnek have an opt-out option and show transparency.

Mining cryptocurrencies on-site could be a nice way to get rid of ads. IMO, you have rushed. How cool would it be if you had an option to block ads and another option to block mining on the uBlock Origin panel? Thanks in advance.

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 17, 2017

@gangsthub FYI, @gorhill has put out a separate list for these incidents: https://github.com/uBlockOrigin/uAssets/blob/master/filters/dark-patterns.txt

It is different from the ads filter, nothing has been rushed.

Just an open source project open to ideas :)

gotitbro commented Sep 17, 2017

@gangsthub FYI, @gorhill has put out a separate list for these incidents: https://github.com/uBlockOrigin/uAssets/blob/master/filters/dark-patterns.txt

It is different from the ads filter, nothing has been rushed.

Just an open source project open to ideas :)

@Avamander

This comment has been minimized.

Show comment
Hide comment
@Avamander

Avamander Sep 17, 2017

I'd say a single quite verifiable crypto-miner during short exposures absolutely isn't worse than malicious ads. It definetly isn't badware per se, it would be a badware if injected maliciously into websites. It's another adware.

Avamander commented Sep 17, 2017

I'd say a single quite verifiable crypto-miner during short exposures absolutely isn't worse than malicious ads. It definetly isn't badware per se, it would be a badware if injected maliciously into websites. It's another adware.

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 17, 2017

@Avamander I don't see any problem in putting these filters in a special filters list (as has been done) or the main ads filter as you suggest.

I did comment above that these filters be put in the main filter but I do see now why people may have problems with this as these are not ads per say but I am all go for putting them in a different list and I think it should be a default one as well.

The main issue here is of user consent which is non existent and that fits the definiton of putting a block on it.

gotitbro commented Sep 17, 2017

@Avamander I don't see any problem in putting these filters in a special filters list (as has been done) or the main ads filter as you suggest.

I did comment above that these filters be put in the main filter but I do see now why people may have problems with this as these are not ads per say but I am all go for putting them in a different list and I think it should be a default one as well.

The main issue here is of user consent which is non existent and that fits the definiton of putting a block on it.

@Avamander

This comment has been minimized.

Show comment
Hide comment
@Avamander

Avamander Sep 17, 2017

@gotitbro Fair enough, but how many ads ask for consent though? I would like to see them in a different list, just that people would have a choice now.

Avamander commented Sep 17, 2017

@gotitbro Fair enough, but how many ads ask for consent though? I would like to see them in a different list, just that people would have a choice now.

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 17, 2017

@Avamander As I said above they already are in a different list: #690 (comment)

What seems to be the issue here?

gotitbro commented Sep 17, 2017

@Avamander As I said above they already are in a different list: #690 (comment)

What seems to be the issue here?

@keraf

This comment has been minimized.

Show comment
Hide comment
@keraf

keraf Sep 17, 2017

Shameless plug here. I wrote a tiny extension specifically for blocking coin miners (which works using a domain blacklist): https://github.com/keraf/NoCoin

I have plans to add a white list feature to temporarily allow a certain domain to use coin miners, for example if you need to pass one of these coin-hive Captchas.

keraf commented Sep 17, 2017

Shameless plug here. I wrote a tiny extension specifically for blocking coin miners (which works using a domain blacklist): https://github.com/keraf/NoCoin

I have plans to add a white list feature to temporarily allow a certain domain to use coin miners, for example if you need to pass one of these coin-hive Captchas.

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 17, 2017

@keraf I saw your extension mentioned somewhere else as well. I am not sure if I will use a separate extension for this but I have a few concerns that I just came upon for you and @gorhill.

Coinhive also has recaptchas and URL shorteners using the same CPU hashes to verify them. Here are some examples:
https://cnhv.co/6fq (Shortlink)
https://coin-hive.com/account/signup (Captcha)
Here blocking the Coinhive domain also blocks the URL shortener redirection. What to do here?

More info:
https://hackernoon.com/monetise-with-your-users-cpu-power-def05a66fff3
https://coin-hive.com/

gotitbro commented Sep 17, 2017

@keraf I saw your extension mentioned somewhere else as well. I am not sure if I will use a separate extension for this but I have a few concerns that I just came upon for you and @gorhill.

Coinhive also has recaptchas and URL shorteners using the same CPU hashes to verify them. Here are some examples:
https://cnhv.co/6fq (Shortlink)
https://coin-hive.com/account/signup (Captcha)
Here blocking the Coinhive domain also blocks the URL shortener redirection. What to do here?

More info:
https://hackernoon.com/monetise-with-your-users-cpu-power-def05a66fff3
https://coin-hive.com/

@gorhill

This comment has been minimized.

Show comment
Hide comment
@gorhill

gorhill Sep 17, 2017

Member

What to do here?

Just disable uBO if the site informs you of what it's trying to do and you agree.

The reality is that despite all the ostensible wishful thinking by the authors of those miners and other schemes using user resources (bandwidth, CPU), those miners and other resource-eating approaches will be used against users by default without their consent, the ones playing nice will be the exception -- this is what advertising/tracking/data mining has shown.

Member

gorhill commented Sep 17, 2017

What to do here?

Just disable uBO if the site informs you of what it's trying to do and you agree.

The reality is that despite all the ostensible wishful thinking by the authors of those miners and other schemes using user resources (bandwidth, CPU), those miners and other resource-eating approaches will be used against users by default without their consent, the ones playing nice will be the exception -- this is what advertising/tracking/data mining has shown.

@funkydude

This comment has been minimized.

Show comment
Hide comment
@funkydude

funkydude Sep 23, 2017

@gotitbro you seem to acknowledge that people can abuse a bitcoin miner maliciously, and your solution for this is blocking it for everyone, even if they are not using it maliciously.

However, you don't seem to acknowledge the ability for list authors to abuse the power they have to block whatever they want. You don't think uBO should protect the user from this form of abuse, but it should protect them from the former form of abuse (with a wide ranging block).

Am I understanding this correctly?

funkydude commented Sep 23, 2017

@gotitbro you seem to acknowledge that people can abuse a bitcoin miner maliciously, and your solution for this is blocking it for everyone, even if they are not using it maliciously.

However, you don't seem to acknowledge the ability for list authors to abuse the power they have to block whatever they want. You don't think uBO should protect the user from this form of abuse, but it should protect them from the former form of abuse (with a wide ranging block).

Am I understanding this correctly?

@Avamander

This comment has been minimized.

Show comment
Hide comment
@Avamander

Avamander Sep 23, 2017

I think there are ad networks that aren't evil, I demand that you whitelist the entire network until a specific filter is enabled with a bunch of other stuff you do not want to disable

This will never work. Don't use lists you don't like, it's that simple.

Avamander commented Sep 23, 2017

I think there are ad networks that aren't evil, I demand that you whitelist the entire network until a specific filter is enabled with a bunch of other stuff you do not want to disable

This will never work. Don't use lists you don't like, it's that simple.

@funkydude

This comment has been minimized.

Show comment
Hide comment
@funkydude

funkydude Sep 23, 2017

@Avamander Whether an ad is evil or not is irrelevant. People install an [ad] blocking list to block ads, not bitcoin miners.

The same can be said for a dedicated miners list. Whether they are evil or not is irrelevant, they can use the list to block them all, and ONLY them.

This is what I mean by scope.

funkydude commented Sep 23, 2017

@Avamander Whether an ad is evil or not is irrelevant. People install an [ad] blocking list to block ads, not bitcoin miners.

The same can be said for a dedicated miners list. Whether they are evil or not is irrelevant, they can use the list to block them all, and ONLY them.

This is what I mean by scope.

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 23, 2017

@funkydude uBO has and always will be about protecting users as they wanted it to when they installed it in the first place. Coinhive is being blocked as it gives no user consent, give me one site which uses Coinhive with user consent maybe then we can take this further.

List authors aren't abusing anything they do what they do in the interest of users and that is what is being done. Open source being the mindset behind it all.

gotitbro commented Sep 23, 2017

@funkydude uBO has and always will be about protecting users as they wanted it to when they installed it in the first place. Coinhive is being blocked as it gives no user consent, give me one site which uses Coinhive with user consent maybe then we can take this further.

List authors aren't abusing anything they do what they do in the interest of users and that is what is being done. Open source being the mindset behind it all.

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 23, 2017

People install an [ad] blocking list to block ads, not bitcoin miners.

And you bring this up again which ad list is blocking the miners btw?

gotitbro commented Sep 23, 2017

People install an [ad] blocking list to block ads, not bitcoin miners.

And you bring this up again which ad list is blocking the miners btw?

@okiehsch

This comment has been minimized.

Show comment
Hide comment
@okiehsch

okiehsch Sep 23, 2017

Contributor

@funkydude so your proposal would be to add

||coin-hive.com^$third-party,badfilter
||jsecoin.com^$third-party,badfilter

to uBO-filter list to deal with the filters in EasyPrivacy, which you think are beyond the scope of that list?

Contributor

okiehsch commented Sep 23, 2017

@funkydude so your proposal would be to add

||coin-hive.com^$third-party,badfilter
||jsecoin.com^$third-party,badfilter

to uBO-filter list to deal with the filters in EasyPrivacy, which you think are beyond the scope of that list?

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 23, 2017

@okiehsch That is what I think is trying to be communicated. But I don't think it should be done.

gotitbro commented Sep 23, 2017

@okiehsch That is what I think is trying to be communicated. But I don't think it should be done.

@funkydude

This comment has been minimized.

Show comment
Hide comment
@funkydude

funkydude Sep 23, 2017

@okiehsch which could then be overwritten by a dedicated miners list if a user wanted to block miners, evil or not.

funkydude commented Sep 23, 2017

@okiehsch which could then be overwritten by a dedicated miners list if a user wanted to block miners, evil or not.

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 23, 2017

I don't think a specific miners list would be created as it is beyond this projects scope.

gotitbro commented Sep 23, 2017

I don't think a specific miners list would be created as it is beyond this projects scope.

@funkydude

This comment has been minimized.

Show comment
Hide comment
@funkydude

funkydude Sep 23, 2017

It doesn't have to be started by this project, you can debate that at will.

I've already seen people linking to lists with only this entry, on various forums and news articles.

funkydude commented Sep 23, 2017

It doesn't have to be started by this project, you can debate that at will.

I've already seen people linking to lists with only this entry, on various forums and news articles.

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 23, 2017

Then why is it being debated here in the first place?

gotitbro commented Sep 23, 2017

Then why is it being debated here in the first place?

@funkydude

This comment has been minimized.

Show comment
Hide comment
@funkydude

funkydude commented Sep 23, 2017

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 23, 2017

I am not talking about the EasyPrivacy issue. I am talking about creating the miners list which as I said seems to be beyond this project's scope and to which you also seem to agree.

gotitbro commented Sep 23, 2017

I am not talking about the EasyPrivacy issue. I am talking about creating the miners list which as I said seems to be beyond this project's scope and to which you also seem to agree.

@funkydude

This comment has been minimized.

Show comment
Hide comment
@funkydude

funkydude Sep 23, 2017

I never said I agree that a miners list is beyond the scope of this project, I don't care who wants to do it, I'm stating that's the "proper" way to deal with this situation.

A list dedicated for ads.
A list dedicated for trackers.
A list dedicated for miners.

This entire ticket was debating the bitcoin miner issue, I'm not sure why you think it should not be debated.

funkydude commented Sep 23, 2017

I never said I agree that a miners list is beyond the scope of this project, I don't care who wants to do it, I'm stating that's the "proper" way to deal with this situation.

A list dedicated for ads.
A list dedicated for trackers.
A list dedicated for miners.

This entire ticket was debating the bitcoin miner issue, I'm not sure why you think it should not be debated.

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 23, 2017

Creating a miner list was never the scope of this issue. It was about blocking a specific one that was being abused majorly.

It doesn't need a debate if you want a miners list that badly maybe you can create one. If its good enough it might even become the de facto list for blocking miners.

gotitbro commented Sep 23, 2017

Creating a miner list was never the scope of this issue. It was about blocking a specific one that was being abused majorly.

It doesn't need a debate if you want a miners list that badly maybe you can create one. If its good enough it might even become the de facto list for blocking miners.

@okiehsch

This comment has been minimized.

Show comment
Hide comment
@okiehsch

okiehsch Sep 23, 2017

Contributor

@funkydude even if one agrees with you that the filters in EasyPrivacy are beyond the scope of that list,
disabling them in uBO-filters via

||coin-hive.com^$third-party,badfilter
||jsecoin.com^$third-party,badfilter

would make dedicated anti crypto-miner lists like
https://github.com/hoshsadiq/adblock-nocoin-list/blob/master/nocoin.txt pointless, because they would be disabled too.

Contributor

okiehsch commented Sep 23, 2017

@funkydude even if one agrees with you that the filters in EasyPrivacy are beyond the scope of that list,
disabling them in uBO-filters via

||coin-hive.com^$third-party,badfilter
||jsecoin.com^$third-party,badfilter

would make dedicated anti crypto-miner lists like
https://github.com/hoshsadiq/adblock-nocoin-list/blob/master/nocoin.txt pointless, because they would be disabled too.

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 23, 2017

@funkydude And you filter creation debate has already been solved as @okiehsch has provided us with a working example.

gotitbro commented Sep 23, 2017

@funkydude And you filter creation debate has already been solved as @okiehsch has provided us with a working example.

@funkydude

This comment has been minimized.

Show comment
Hide comment
@funkydude

funkydude Sep 23, 2017

@okiehsch I'm open to suggestions. How would one prevent a list author abusing a specific list for blocking something out-of-scope without harming a legitimate list?

@gotitbro Personal lists are not a solution, sorry. If you're not interested in this debate, stop partaking in it.

funkydude commented Sep 23, 2017

@okiehsch I'm open to suggestions. How would one prevent a list author abusing a specific list for blocking something out-of-scope without harming a legitimate list?

@gotitbro Personal lists are not a solution, sorry. If you're not interested in this debate, stop partaking in it.

@mapx-

This comment has been minimized.

Show comment
Hide comment
@mapx-

mapx- Sep 23, 2017

Contributor

@okiehsch , it seems
||coin-hive.com^$third-party,important overwrites ||coin-hive.com^$third-party,badfilter , so only an uBo specific list could fix this "issue".

Contributor

mapx- commented Sep 23, 2017

@okiehsch , it seems
||coin-hive.com^$third-party,important overwrites ||coin-hive.com^$third-party,badfilter , so only an uBo specific list could fix this "issue".

@okiehsch

This comment has been minimized.

Show comment
Hide comment
@okiehsch

okiehsch Sep 23, 2017

Contributor

@mapx- technically it does not overwrite it, it is a different filter, so badfilter does not apply, but you are correct of course, a uBO-"Resource Abuse" list could work arround it, but some third-party lists like
https://github.com/hoshsadiq/adblock-nocoin-list/blob/master/nocoin.txt would have no clue why it does not work.

Contributor

okiehsch commented Sep 23, 2017

@mapx- technically it does not overwrite it, it is a different filter, so badfilter does not apply, but you are correct of course, a uBO-"Resource Abuse" list could work arround it, but some third-party lists like
https://github.com/hoshsadiq/adblock-nocoin-list/blob/master/nocoin.txt would have no clue why it does not work.

@gotitbro

This comment has been minimized.

Show comment
Hide comment
@gotitbro

gotitbro Sep 23, 2017

@funkydude Who said the list has to be personal put it on GitHub. You are just humdrumming the same thing again and again. When provided with alternatives you don't acknowledge them.

As to stopping an author from the abuse of power short answer we can't. But I don't believe anyone is abusing their power or is going to. These projects have been up for years with many supporters.

gotitbro commented Sep 23, 2017

@funkydude Who said the list has to be personal put it on GitHub. You are just humdrumming the same thing again and again. When provided with alternatives you don't acknowledge them.

As to stopping an author from the abuse of power short answer we can't. But I don't believe anyone is abusing their power or is going to. These projects have been up for years with many supporters.

@funkydude

This comment has been minimized.

Show comment
Hide comment
@funkydude

funkydude Sep 23, 2017

@gotitbro I'm the one bringing up a valid debate, you're the one moaning that's it happening. Pro tip: leave.

Users that opt into a TRACKING list do not expect to be blocking bitcoin miners. It is a simple abuse of their trust. When you tell a user "this list blocks trackers", don't lie to them. Telling people to "use other lists as a workaround for having your trust abused" is not a viable solution.

We should be debating this and considering all the angles, instead of smacking it down with a giant hammer. You risk killing the potential of a real solution for replacing ads.

funkydude commented Sep 23, 2017

@gotitbro I'm the one bringing up a valid debate, you're the one moaning that's it happening. Pro tip: leave.

Users that opt into a TRACKING list do not expect to be blocking bitcoin miners. It is a simple abuse of their trust. When you tell a user "this list blocks trackers", don't lie to them. Telling people to "use other lists as a workaround for having your trust abused" is not a viable solution.

We should be debating this and considering all the angles, instead of smacking it down with a giant hammer. You risk killing the potential of a real solution for replacing ads.

@aequasi

This comment has been minimized.

Show comment
Hide comment
@aequasi

aequasi Sep 23, 2017

The insults you are lashing out with are doing nothing for your side of the argument @funkydude. Try to have a little bit more tact when you are having a "debate", and people might be more apt to work with you.

You risk killing the potential of a real solution for replacing ads.

Good. That's the purpose of ublock. To block stuff that people find annoying.
I find crypto miners in my browser to be annoying. If I find a site that is doing it well enough to not be blocked, then I'll whitelist the site.

aequasi commented Sep 23, 2017

The insults you are lashing out with are doing nothing for your side of the argument @funkydude. Try to have a little bit more tact when you are having a "debate", and people might be more apt to work with you.

You risk killing the potential of a real solution for replacing ads.

Good. That's the purpose of ublock. To block stuff that people find annoying.
I find crypto miners in my browser to be annoying. If I find a site that is doing it well enough to not be blocked, then I'll whitelist the site.

@funkydude

This comment has been minimized.

Show comment
Hide comment
@funkydude

funkydude Sep 23, 2017

The insults you are lashing out with are doing nothing for your side of the argument

You said something dumb and got schooled, not my problem. Also I don't really care what you think of me, as I don't hold you in a high regard either, considering your attitude earlier. If you dismiss valid talking points on the grounds of not liking the person speaking them, that says more about you.

Good. That's the purpose of ublock. To block stuff that people find annoying.

No. The purpose of uBlock is to block what you tell it to block. That can be ads, trackers, miners, or entire websites. "uBlock" not "uSafety". If I've told it to block trackers, it needs to block trackers, not crypto miners.

funkydude commented Sep 23, 2017

The insults you are lashing out with are doing nothing for your side of the argument

You said something dumb and got schooled, not my problem. Also I don't really care what you think of me, as I don't hold you in a high regard either, considering your attitude earlier. If you dismiss valid talking points on the grounds of not liking the person speaking them, that says more about you.

Good. That's the purpose of ublock. To block stuff that people find annoying.

No. The purpose of uBlock is to block what you tell it to block. That can be ads, trackers, miners, or entire websites. "uBlock" not "uSafety". If I've told it to block trackers, it needs to block trackers, not crypto miners.

@aequasi

This comment has been minimized.

Show comment
Hide comment
@aequasi

aequasi Sep 23, 2017

@gorhill can we lock this. This is quickly going to turn into just snipes and jabs, and i have no interest having my name dragged through the mud.

aequasi commented Sep 23, 2017

@gorhill can we lock this. This is quickly going to turn into just snipes and jabs, and i have no interest having my name dragged through the mud.

@Avamander

This comment has been minimized.

Show comment
Hide comment
@Avamander

Avamander Sep 23, 2017

@funkydude "If I've told it to block trackers, it needs to block trackers, not crypto miners." Yeah, that's not how it works, you can't tell uBlock to "block ads" or "block trackers", you enable lists, and if the list is unsuitable for you then DISABLE IT. Stop complaining here.

Avamander commented Sep 23, 2017

@funkydude "If I've told it to block trackers, it needs to block trackers, not crypto miners." Yeah, that's not how it works, you can't tell uBlock to "block ads" or "block trackers", you enable lists, and if the list is unsuitable for you then DISABLE IT. Stop complaining here.

@funkydude

This comment has been minimized.

Show comment
Hide comment
@funkydude

funkydude Sep 23, 2017

@Avamander I honestly don't understand your logic. The lists you choose to install are the very action of you choosing what you want to block. If you don't enable any lists, you won't block anything.

I have to wonder if you'd have the same attitude if it was something being blocked that you didn't want blocked, or if you just have this attitude because you're ok with having miners blocked.

funkydude commented Sep 23, 2017

@Avamander I honestly don't understand your logic. The lists you choose to install are the very action of you choosing what you want to block. If you don't enable any lists, you won't block anything.

I have to wonder if you'd have the same attitude if it was something being blocked that you didn't want blocked, or if you just have this attitude because you're ok with having miners blocked.

@uBlockOrigin uBlockOrigin locked and limited conversation to collaborators Sep 23, 2017

@okiehsch

This comment has been minimized.

Show comment
Hide comment
@okiehsch

okiehsch Oct 5, 2017

Contributor

@gorhill websites have started crypto mining using random domains:
jspenguin2017/uBlockProtector#636 (comment)

The only practical solution I can come up with, is

oload.info##script:inject(abort-on-property-read.js, WebAssembly)

or

oload.info##script:inject(abort-current-inline-script.js, document.createElement, (/[A-Z0-9]{8}-[A-Z0-9]{4}-[A-Z0-9]{4}/.test(key)

or do you prefer a different fix?

Edit: 638ad54

Contributor

okiehsch commented Oct 5, 2017

@gorhill websites have started crypto mining using random domains:
jspenguin2017/uBlockProtector#636 (comment)

The only practical solution I can come up with, is

oload.info##script:inject(abort-on-property-read.js, WebAssembly)

or

oload.info##script:inject(abort-current-inline-script.js, document.createElement, (/[A-Z0-9]{8}-[A-Z0-9]{4}-[A-Z0-9]{4}/.test(key)

or do you prefer a different fix?

Edit: 638ad54

HappyZombies pushed a commit to Team-Rocket-FIT-2017/uBlock that referenced this issue Dec 5, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.