4 minutes reading time (780 words)

Privacy Cookbook - Chapter 3.3 - uBlock Origin

uBlock Origin

Today we're going to talk about uBlock Origin and if you've followed the previous chapters on ad-blocking articles here is a little extra information for you. Even if you are using either of the two ad blocking apps (AdGuard Home or Pi-Hole) please use uBlock Origin additionally on top of it. Alternatively if you are a more advanced user you can install uMatrix.

So what is uBlock Origin?

Its lightweight, it doesn't distract and it blocks banners, ads and trackers that includes the new CNAME trackers!

And why do you need it?

uBlock Origin is not just an ad blocker. It does block ads and the banners (that you can see) and trackers (that you can't see) but it can basically block anything that you don't want. 

This is critical for those of us who value our freedom and their privacy plus it eliminates the noise and intrusion of advertising. Many of us agree that we don't want anyone and everyone having free and unfettered access to our personal data, with or without our permission

Drilling down, uBlock Origin operates through the use of blocking lists. These can be customized such as the ones we have posted in Chapter 3.


Privacy Cookbook - Chapter 3 - Ad and Bad traffic filtering - Decentralize.Today

The internet is one scary place. Most people wouldn't know that as they go to their favourite website that they have no idea what else is connecting to their device. I have a crazy example: my Samsung Note 10 had most of the requested connections coming all day from Samsung.com.cn and from Baidu.com. I've never been to mainland China so that was an interesting block! Now why do I said block? Personally I block a hell of a lot of traffic with blocklists!

On iOS, we have already reviewed DNSCloak and nextDNS where you can block traffic using blocklists but what about your computer, or better yet, what about your router?

One very good reason why we like uBlock Origin on Firefox is that it can now block first-party tracking scripts that attempt to bypass filters and rules by utilizing DNS CNAME records to load scripts from a third-party domain.

A first-party tracker is where the tracking script is located on the same domain as the web site, while a third-party tracker is when the tracking script is located on another domain.

As browsers begin to block third-party trackers as part of their tracking protection features, some websites have switched to first-party trackers in order to bypass these protections.

First-party tracker protection is, however, only available on Firefox

In order to block first-party trackers that utilize CNAME records, uBlock Origin would first need to perform a DNS lookup of the hostname loading a script  to determine the underlying domain that it resolves to.

For example, if a script is being loaded from the user's domain, the ad blocker will perform a DNS lookup and check if it resolves to known tracking domains, and if so, block them.

Unfortunately, Chrome does not provide an API that allows an extension to perform DNS lookups, however, uBlock Origin developer Raymond Hill did find an API in Firefox that could manage this:

I am looking at https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/dns/resolve, it can be used to expose the CNAME:

Raymond Hill

Hill subsequently released uBlock Origin 1.24.1b0 which contains a feature that "uncloaks" CNAME records in order to block first-party tracking that utilize scripts on third-party domains.

If using 1.24.1b0 and above, to "uncloak" actual (canonical, CNAME) hostname, set advanced setting cnameAliasList to *.

Raymond Hill
Network requests for which the actual hostname differs from the original hostname will be replayed through uBO's filtering engine using the actual hostname. When I started developing the feature I could spot eulerian.net in the logger when visiting https://www.liberation.fr/, but I can no longer reproduce this. Regardless, uBO is now equipped to deal with 3rd-party disguised as 1st-party as far as Firefox's browser.dns allows it."

With this new feature added, if using uBlock Origin version 1.24.1b0 or newer, installing the extension it will require a new DNS permission described as "Access IP address and hostname information", which will be used by the extension to resolve the CNAME records.

STOP PRESS!!! uBlock Origin ( is now available and has CNAME Tracking on-board, however Mozilla is still showing it as 1.24.2 on it's download page.

Please bear in mind that this only works on Firefox! In our next chapter we explain how to make Firefox as secure and private as possible, a couple of really good tweaks and you'll never want or need to use Chrome (by Google) or any other browser again!

If you have an Android Phone, consider uBlock Origin also on your Firefox Mobile or Fennec Browser, thanks for your time :-)

Comments (0)

Rated 0 out of 5 based on 0 voters
There are no comments posted here yet

Leave your comments

  1. Posting comment as a guest. Sign up or login to your account.
Rate this post:
Attachments (0 / 3)
Share Your Location