Thread replies: 38
Thread images: 6
Thread images: 6
Anonymous
reverse proxies and the future of adblocking and other user controls 2017-08-13 01:10:47 Post No. 61875274
[Report] Image search: [Google]
reverse proxies and the future of adblocking and other user controls 2017-08-13 01:10:47 Post No. 61875274
[Report] Image search: [Google]
File: Instart Logic reverse proxy ads.gif (48KB, 844x762px) Image search:
[Google]
48KB, 844x762px
reverse proxies and the future of adblocking and other user controls
Anonymous
2017-08-13 01:10:47
Post No. 61875274
[Report]
Are you ready for a future where addons such as NoScript, uMatrix, and any other DNS based controls no longer give you control over third party cookies/scripts due to those third party cookies/scripts being misrepresented to you as first party cookies/scripts? From Gorhill:
>Instart Logic
>The purpose of Instart Logic technology is to disguise 3rd-party requests as 1st-party requests, thus bypassing content blockers, and even the ability of browsers to block 3rd-party cookies (because they are stored as 1st-party cookies)
https://github.com/gorhill/uBO-Extra/wiki/Sites-on-which-uBO-Extra-is-useful
Instart Logic is a reverse proxy service similar to Cloudflare. Their service MitMs your connection to the website that you want to view and modifies the URLs for third party requests related to ad providers on the page that you're requesting so that they point to data on the site you're visiting rather than the sites of the ad providers. Instart Logic then translates the requests you send for that data back into requests for the ad data, retrieves the appropriate data from the ad provider, and sends the ads back to you as the data you requested from the site you're visiting (pic related is an illustration of the process). Currently Instart Logic isn't targeting Firefox, so addons to fight it such as Gorhill's uBlock Origin Extra are only being compiled for Chrome/Chromium. However, Instart Logic could start targeting Firefox users as well in the future and I wouldn't be surprised if Cloudflare starts offering a similar service in the near future as well.
uBlock Origin Extra:
https://github.com/gorhill/uBO-Extra
The PDF pic related is taken from:
http://go.instartlogic.com/rs/781-WKX-723/images/Ad%20Integrity%20Datasheet%20v1.1.pdf
>>
>>61875274
If it's a mitm, couldn't you just turn on strict https and be done with it?
>https://github.com/gorhill/uBO-Extra/wiki/Sites-on-which-uBO-Extra-is-useful
glad I have webrtc disabled.
>>
>>61875274
could of just summed all that up by saying "the ad link comes from 4chan.org/blablabla instead of ad.doubleclick.net"
>>
So basically attacking the end user browser with js? uMatrix will just not run the serving js.
>>
>>61875274
Then you either don't use the website, or completely block scripts. Fixed.
>>
Disable everything except first-party images by default
>why not even CSS
CSS has lots of nasty tracking abilities that can compromise privacy.
https://browserleaks.com/css
>>
>>61875274
Boycott the sites that use that shit.
Same applies to CIAflare, a non-existent problem solver.
Remember the abrupt rise of DDosing?
It was an NSA project
>>
>>61875481
Right there - in CSS - goggle has its fonts and other useless shit that open up your browser like a gay ass.
>>
>>61875408
>couldn't you just turn on strict https and be done with it?
Does doing so prevent you from going to 4chan (or any other site that uses Cloudflare)? Otherwise that wouldn't work.
>>61875449
>uMatrix will just not run the serving js.
Only if you block all first party JS, which already breaks many websites. The only way for uMatrix to handle this would be to further add options for you to choose which scripts from sites you allow rather than just which sites you allow scripts from.
>>
>>61875480
>Then you either don't use the website
>>61875487
>Boycott the sites that use that shit.
And when other websites start adopting this as well?
>Same applies to CIAflare, a non-existent problem solver.
You are aware that a shit ton of sites (including 4chan) use Cloudflare to the point where it's quite hard to avoid, aren't you?
>>
>>61875487
source?
>>
>>61875504
Limit detectable fonts. RandomAgentSpoofer has that ability, along with many others.
>>
>>61875517
Ah, yeah. I guess we'd have to move to blocking all inline script on 1stp sites and move to a white list instead. Gonna get annoying. Especially if sites start adopting this for all scripts, because I assume the inject script reads like gobbledygook. Honestly it'll be impossible if that happens. CSS or bust I guess.
>>
>>61875274
I block first party scripts and cookies by default as well
>>
wow can't wait for a ruined internet filled with malvertising
fucking idiots
>>
>>61875274
It's disgusting how far corporate leeches will pervert beautiful IT to suit their disgusting desires. This kind of shit is basically rape in the form of programming things that should never exist.
>>
File: carpe_diem.jpg (36KB, 500x375px) Image search:
[Google]
36KB, 500x375px
>>61875274
Firefox's new API that everybody keeps bitching about allows extensions like uBlock Origin to block inline scripts using script:contains filters.
Chromium based browsers do not allow this.
So when instartlogic becomes the norm, everyone who wants ad blocking will have to come crawling back to Firefox, the one true browser.
>>
>>61875976
The fuck are you talking about? OP literally posted a link to an extended version of uBlock Origin for Chrome that's designed to deal with these ads.
>>
>>61876008
how dare you
>>
>>61875976
ublock can already handle inline script blocking
The problem is if they start auto generating these scripts with random text, i.e. instead of foo() we get s9dfs97gs9fs69fs97gsg(), and each time you reload it's different.
>>
File: 1480012861065.png (319KB, 850x683px) Image search:
[Google]
319KB, 850x683px
>>61875274
So the only options for fighting this shit if/when it becomes widespread are going to be:
>stop trying to control scripts yourself and just trust an adblocker to take care of ads/tracking scripts/malicious scripts, and deal with ads/tracking scripts/malicious scripts occasionally getting through
>try to decipher JS that will no doubt be obscured and develop a whitelist of your own, and hope that the scripts aren't regularly modified (which they no doubt will be) so that you don't have to do this every time you visit a page
>completely cease to have JS enabled, and deal with more and more sites breaking as time goes on
>kill yourself, they can't show you ads or track you when you're dead
How did everything go so wrong?
>>
Wouldn't work on 4chan. Web pages here are (relatively) simple and the userbase is autistic and intelligent enough to put in a lot of effort to circumvent this.
>>
>>61876500
>Wouldn't work on 4chan.
Only because 4chan X still exists. Without that you're stuck with the options here: >>61876407 like you would be with any other site.
>>
>>61875408
no. because your strict https is linked to that reverse proxy, not the site behind it
you can't tell if shit is reverse proxied because that's how things should work
>>
>>61876665
Yeah the cookies, injected JS, etc will be indistinguishable from the first party website's JS that's required to display the site, etc. Especially if they scramble the names of their functions server side
>>
>>61875972
>>61876407
This isn't the future I wanted.
>>
File: 1482771328190.png (3MB, 672x6287px) Image search:
[Google]
3MB, 672x6287px
>>61875274
Well between this and that Admiral anti-adblock company pushing DMCA bullshit over anti-anti-adblock measures circumventing their "DRM", it seems like this is almost the end as all that will leave is trying to read obfuscated JS and blocking the likely ever changing anti adblock scripts manually every time you go to a new page. Only bit worse it could get from here for the web is if more DRM gets added to the HTML standards in a way that websites can put JS behind the DRM.
bang
>>
>>61877908
adblocking is the new antivirus, we'll start moving to heuristic modeling...
>>
>>61878044
While that will help in dealing with this new method of showing ads, it won't help with the other problem of anti-adblock scripts if they gain legal protection as "DRM".
>>
File: 1485233279533.png (597KB, 1280x720px) Image search:
[Google]
597KB, 1280x720px
Nonfree javascript doesn't even want me on the web.
>>
Sooo...
I just block JS in general from now on? And only allow First-Party Cookies and delete them all as soon as I close the tab?
Seems good, I'll just not be able to watch legal shit in the internet from now on.
Thanks Ad-Industry, I go back to VPN and Torrent / OneClick Hosters then. Your own fucking fault, shitheads.
>>
>>61875274
What if an addon loads the page twice and only keeps the unchanged parts?
>>
it's not financially viable for webhosts to proxy all traffic through a single point
at the moment, anyway
>>
>>61875274
>all this work to just ensure I never use your website again
okay
>>
>>61879404
https://nonfree.pizza/ this still exists, lol.
>>
File: 1496939926506.jpg (108KB, 925x1004px) Image search:
[Google]
108KB, 925x1004px
Seems pretty simple. DDOS whatever's hosting the reverse proxies.
>>
>>61875274
Bottom of the page
>Upmanager
>Working around content blockers using WebRTC.
>Sites:
>4chan.org
>>
>>61875274
This won't catch on because it would require the supposedly struggling ad-revenue based sites to spend even more money.
Past that, you could at least hinder this by running your own local caching web proxy; the useful part of ad / tracking doesn't happen in your local proxy returns what should have been 1st party cache-able content.
Thread posts: 38
Thread images: 6
Thread images: 6