Future of Nano Project Firefox Port? about nanodefenderfirefox HOT 72 OPEN

@CharmCityCrab

Anyone who trusts this guy's server to accept and store reports, even though the owner doesn't want to reveal how it's done, at this point is just asking for trouble.

My server code is always proprietary, It's been like this for years. Funny how it's only now that you criticize me for it. Did you find anything wrong with my comments above? Or you're just trying to find all possible ways to criticize me?

@jspenguin2017 I have no pre-existing beef with you. To be honest, I don't even use your (former) extensions. However, these issues have been news a lot of places I read and sometimes participate in conversations on, and of course have implications in the broader concepts of extensions and how much power they are given over APIs, something both Google and Mozilla have been chipping away at for years in various ways, which is something that is a concern for me as a user of extensions in general.

On mobile, I had years ago begun to use Firefox on that platform because it was a mobile browser with extensions, and then I switched from it to the Iceraven fork of Firefox in part because Firefox cut the number of mobile extensions they offered from thousands to nine (Yes, nine), though that was not the only reason I switched, or the primary one (Although it was related, the general lack of customization and information flow to the user and such were big deals to me, something their lack of complete extension support related to, but was not synonymous with.).

What has and is happening with Nano is going to be used as an example of security issues with extensions and an excuse for the big browsers to cut back on what they allow extensions to do for a long time to come. I am sure that you are aware of the issues with Chrome's Manifest v3, and the ways they would have limited your primary extension as soon as Manifest v2 is deprecated (Edge actually looks like it'll be doing that before Chrome, oddly enough). Fortunately, Firefox and it's forks aren't going to be immediately affected, and some Chromium forks may be able to keep some API support there for this stuff in the short-term, but things tend to follow the market leader, which sets expectations, eventually.

What has happened here with Nano has implications that actually go way beyond you, the people you sold to, and even the users of the extensions. You have really hurt a cause a lot of us care about, which is having powerful user extensions. You've given browser companies another talking point and another excuse. And that could impact everyone who uses extensions, eventually.

It'd be nice if you would provider a fuller explanation of exactly how this sale transpired, exactly how much you made from it, why you initially said there were two developers and now talk about "developer(s)" as if there may only be one, who, or what company, wrote you a check, why you didn't look into them more closely or pass your extension on to a trusted contributor or developer, and so on and so forth.

Taking a little personal responsibility would be nice, too. You blew it, and you owe people an apology. Instead, you are being defensive and snarky and saying things like "Honestly I'm not even sure why I'm here, I have other things to do".

If you want your public image as a developer to rebound from this mess, you would be well advised to take a different tact. A lot of your users have potentially been compromised by this. They could incur very real financial losses and have to go through a lot of bureaucracy and spend a lot of time trying to fix certain things. Have you even looked at what's been done to the code to tell them just what could be being sent? You know, like, should they be calling their banks?

I'm going to assume you live in a free country and don't have to do any of that. You can use your new money and, if you're not in an area with a Covid outbreak, hit the beach or whatever it is you want to do with the money and ignore what's happening with your old extensions. However, while that may be legal and whatever, you probably at some level know that you have an ethical obligation to your former former user base to try to explain this, to apologize, and, if you can, make it right.

from nanodefenderfirefox.

@CharmCityCrab

It looks like you didn't read the original announcement post [1], I recommend you to read it (the whole thread). If you don't want snarky replies, don't randomly attack people without knowing the full story.

[1] NanoAdblocker/NanoCore#362

from nanodefenderfirefox.

I can't tell you exactly how my server accepts and stores reports as I don't want to reveal how the anti-spam system work

Says the guy who sold his main extension to secretive people who immediately turned it into malware. Anyone who trusts this guy's server to accept and store reports, even though the owner doesn't want to reveal how it's done, at this point is just asking for trouble.

I would urge caution in dealing with anything even distantly relating to this guy and his current or former projects at this point. The one thing that might be okay, is the Firefork fork of NanoDefender that is being renamed and was always maintained and will continue to be maintained by someone not in the line of authority of the old Nano developer or the new Nano developers- and even there I would wait until it's renamed and people who know what they are talking about weigh in on the new code and how it operates. And I would urge him to not take anything the old owner says at face value- if he needs a mentor in figuring out how to work the system, trying to talk to someone like gorhill (Who maintains UBO) or another trusted developer who may be able to reverse engineer how the old system was working before it became malware would be a much better option.

from nanodefenderfirefox.

I will push one urgent update to disable issue reporter first, their new privacy policy is too shady for me.

from nanodefenderfirefox.

@LiCybora

Also for this: https://github.com/LiCybora/NanoCoreFirefox#what-should-i-do
I highly recommend users to manually copy settings instead. Below is part of the original project changes announcement that I drafted before the new developer(s) contacted me, I hope that it helps.

Migrating to uBlock Origin

Due to the many differences, I strongly recommend you to copy the settings over
manually instead of using the backup and restore feature. Below are the details
about the differences between Nano Adblocker and uBlock Origin which should
hopefully assist you with a smooth transition:

• Filter editor/viewer and syntax highlighter
  • uBlock Origin has its own editor/viewer which should be overall an upgrade,
    but a few minor features are missing:
    • Double-click to select domain is not supported (you can always drag to
      select)
    • Search and replace is not supported (you can use an external editor)
    • The search widget is simpler and lacked a few features (explicit mode
      toggles, search in selection, etc.)
      • It supports regular expression, so it is not really less powerful, just
        that it can be a bit harder to use
• Filter linter
  • uBlock Origin does not have display explicit linting warnings and errors,
    but its syntax highlighter is a lot better at highlighting invalid filters
• Extra redirect and script snippet (scriptlet) resources
  • The most useful resources became part of uBlock Origin over the years
  • You can load the rest into uBlock Origin with advanced settings, but this
    is strongly discouraged (since the extra resources are unmaintained), so
    please only do so if you are absolutely sure that you know what you are
    doing
• Quick Issue Reporter
  • You can still use the Quick Issue Reporter through Nano Defender
• Force scroll mode
  • Although less convenient, it is possible to emulate force scroll mode with
    a filter rule, simply replace example.com with the domain you want to
    force scroll

    example.com##*:style(overflow: auto !important;)
    

• Visualize hidden elements with the DOM inspector
  • It should start to work in uBlock Origin once this Chromium issue is
    resolved (you can star it to give it more weight):
    • https://bugs.chromium.org/p/chromium/issues/detail?id=1101473
• Short aliases for filter options
  • uBlock Origin now supports most of these aliases, with the exception being
    the iframe option, if you have custom filters using iframe, be sure to
    change them to frame
• Settings
  • Settings in the dashboard may have different default values and/or be at
    different places, when copying settings, be sure to read the description
    text for each option instead of going by the order in which the options
    appear
• Advanced settings
  • Nano Adblocker has different default values for some advanced settings,
    these are mostly subjective, but if you like the tweaked values better, you
    can copy them over
  • Nano Adblocker also has a few extra advanced settings options, but I
    question their usefulness since I never found myself using them
    • uBlock Origin does not have the force recompile button in the advanced
      settings page, but the button is only useful alongside the extra options
      that uBlock Origin does not currently have
• Other small changes
  • uBlock Origin swallows all script snippet (scriptlet) errors, this should
    only affect filter list maintainers, if you are affected, you can give the
    debugScriptletInjector advanced setting a try
  • uBlock Origin will only show the refresh button in the extension popup
    panel if there were changes, but you can simply use the native refresh
    button of your browser
  • Nano Adblocker comes with a slightly different set of default filter lists,
    you can subscribe to the extra filter lists if you want (be sure to check
    whether the lists are still maintained, remember that Nano Filters are no
    longer maintained!)
  • To hard purge cached assets in uBlock Origin, you need to click the button
    (in the filter lists tab of the dashboard) while holding both Ctrl and
    Shift keys, instead of either Ctrl or Shift
  • When restoring uBlock Origin to default settings, the statistics in the
    extension popup panel is not cleared, you can clear them by doing a
    reinstall instead of using the restore to default settings feature
  • Nano Adblocker caps filter lists update interval to 60 days, uBlock Origin
    does not enforce a cap
  • If configured in the assets manifest (which cannot be modified by users),
    Nano Adblocker will revert the update interval to a default value when the
    update interval header is removed, uBlock Origin does not have this feature
    • I do not even remember why I implemented this...

from nanodefenderfirefox.

@jspenguin2017 I want to say thank you for developing and maintaining Nano Adblocker and Nano Defender and whatever you did for the community as a whole. Nano Defender's Quick issue reporter was what got me into using Nano Adblocker. It helped me immensely as most of the website I used implemented anti-adblocks, pop-ups, popunders, had broken websites, etc. and uBO didn't exactly made it easy to report website issues. I had to go through several steps to report websites using their GitHub repo, Reddit, etc. but Nano Adblocker made reporting websites really really easy in just a few taps and anonymous too (with a few extra steps like using VPN). I'm very thankful for what you have done.

Everybody does mistakes and everyone should get chances to fix and/or at least acknowledge them that what they have done is wrong and accept that they will try to not do these kind of things again. We are human beings and we are made to make mistakes and we need to do them in order to not do them again. After all we are just human beings. What matters are the intentions with which they are doing what they are doing.

Even the uBlock Origin's developer is criticizing like they have not done any mistakes whatsoever...

I know you have always had good intentions to help the community; your actions, I think, spoke them all. Thank you very much for everything you have done.

P.S. I keep deleting my online accounts and GitHub is not an exception.

from nanodefenderfirefox.

If I want to start fresh with Ublock Origin + NanoDefender, does these steps still applied to me?

For now, yes. I will make announcement later to notify what you need to change when new project released.

@jspenguin2017

I will get started with glitch first to see what's next. New GitHub account is ready, although domain is not yet ready. Will ping you again once everything is ready.

Don't worry, I am not going to blindly apply whatever he say and give.

Btw, this is not an offensive statement to you, just means I will not simply direct re-apply everything you provide to me. If you feel offensive then I am sorry about that.

@CharmCityCrab

@jspenguin2017 I have no pre-existing beef with you. To be honest, I don't even use your (former) extensions.

I understand your concern and feeling about addons being sold to stranger that annihilate almost all trust from past. However, I want to keep this thread focus on discussion for Firefox port. Maybe move personal discussion to his issue thread instead please? Thanks.

from nanodefenderfirefox.

How about removing these instructions since nano is archived ,dead(malicious)

Resources and filter are required and should be safe for now. I may make a quick clone if people fear to archived repository.

Second image still link to upstream website which is something I need to migrate as well. Thanks for reminder.

from nanodefenderfirefox.

Came to basically just say the same as thelittlemike.
Thank you so much for your work and integrity @LiCybora.

from nanodefenderfirefox.

May I suggest putting out a text on the AMO page of Nano Defender

Thanks for suggestion, it is done now.

Sorry for my late response to everyone. I thought I can rebrand new product and publish shortly, but found many links are link to old repository and I need to clone and rebrand all of them. I also need to analysis the usefulness of each filter list and maintain the old rule in ND. So this will take some time before I can publish.

It is no harm to keep using Nano Filter/Resources for now as former developer keep his control and archived as read-only, but it is up to users decide keep or not. Actually some rules will still work even Nano Defender run independently without any adblocker, but that is not a supposed behavior and very hard for us to handle such issue reports. Anyway, I will update them in future on another repository and announce the how to do it.

@ameyvaidya I am sorry that I can't tell much as those aftermath thread are too long and fragmentary for me to read them all, but from MDN docs and gorhill's analysis seems do not contain web page payload, only header. The attack is via using cookieStoreId to login with Cookie and control your account without even retrieve your password. But it will be better for you ask in related thread as there maybe other volunteers analysis for this.

from nanodefenderfirefox.

@LiCybora Do you want to maintain the Quick Issue Reporter? I can give you some of my backend code. Let me know if you're interested.

from nanodefenderfirefox.

New devs never show up or provide any ways to contact them. No one knows who they are and how to contact them except former developers. I can only ask via former developer and he reply he do forward the information to them, but I receive no words from them for more than a week.

Anyway, I decide not to port for them now. Many users are asking who they are for a week here, they still no-show, no reply.

from nanodefenderfirefox.

How many resources does hosting it require? I host quite a few things for FOSS-focused Discord communities and the like, and I wouldn't mind adding something else on top as long as it doesn't use like 20GB of RAM or similar 😅.

(For the record, I would also understand if anyone is reluctant to take the help of a random GitHub user, given what just happened with Nano...but do note that I work with many open source projects and have been active on GitHub for a very long time, so it's not exactly the most completely random thing.)

from nanodefenderfirefox.

@CharmCityCrab

Anyone who trusts this guy's server to accept and store reports, even though the owner doesn't want to reveal how it's done, at this point is just asking for trouble.

My server code is always proprietary, It's been like this for years. Funny how it's only now that you criticize me for it. Did you find anything wrong with my comments above? Or you're just trying to find all possible ways to criticize me?

trying to talk to someone like gorhill

Honestly I'm not even sure why I'm here, I have other things to do. If someone wants to step up, I'm happy to leave this to them. @gorhill do you want to take over from here?

from nanodefenderfirefox.

@LiCybora

May I suggest putting out a text on the AMO page of Nano Defender, stating that the Firefox version is maintained by you (and not @jspenguin2017) and is thus unaffected? This is not about shaming @jspenguin2017, this is about protecting you from low-rated reviews and undeserved malware reports reaching Mozilla. I can already see many 1 star reviews saying that the extension is malware despite this not being the case on Firefox, I think we should do our best to prevent such misunderstandings...

from nanodefenderfirefox.

@LiCybora

I think Glitch will give you a subdomain.

Also remember to use timing safe compare to check admin password (or use an authentication related package).

from nanodefenderfirefox.

A quick FYI: I still control legacy.hugoxu.com, but I will shut down my Quick Issue Reporter backend service later this week or early next week.

from nanodefenderfirefox.

@gorhill I investigated the case that I found and concluded that a specific filter rule was needed. Unfortunately I do not have the link anymore. I will let you know when I find other cases so you can check if a generic heuristic can be implemented.

from nanodefenderfirefox.

Umm... Seems lots of services I have to purchase before goes on. I need several days to look up and compare available services.

This weekend I will finalize and terminate Nano Adblocker and launch new project to continue Nano Defender since users are too fear about the product name "Nano" and looking for alternative.

@jspenguin2017 I may ping you again once I have resources ready. Thanks for your details on per-requisite.

from nanodefenderfirefox.

Since the installation of Nano Defender for Firefox required changing the userResourcesLocation in uBlock to a url from @jspenguin2017 repo (that is now archived), should we now change it? What else should I change if I want to still use Nano Defender fo Firefox alongside uBlock?

You will receive guiding information once I release the update. Before that release, you can still keep it for now. His repo is archived and cannot do anything harm if secure is your concern.

I would urge caution in dealing with anything even distantly relating to this guy and his current or former projects at this point.

I understand your concern, but just knowing how he made the backend server without actual implementation harms nothing. Don't worry, I am not going to blindly apply whatever he say and give.

from nanodefenderfirefox.

@537 It was already answered => #187 (comment)

from nanodefenderfirefox.

@gorhill

uBO's zapper already has code to unlock scrolling

Sometimes the scrollable section is in a div instead of being the body itself. The force scroll mode injects an UserCSS rule to forcefully enable scrolling on all elements, and is intended to be used as a fallback.

from nanodefenderfirefox.

@GrPK #187 (comment)

from nanodefenderfirefox.

I have 5 minutes free .... I prepare to return to the use of ublock origin.
Thanks again to those who until now had dedicated themselves to carrying out this branch for firefox....

from nanodefenderfirefox.

You can also give Heroku a try if you don't want to spend money, but I think you still need to give them a credit card.

There is also https://glitch.com/, which doesn't require giving credit card.

from nanodefenderfirefox.

I'm here not to discredit ND, quite opposite and personally very appreciated for Quick reporter and @LiCybora 's intention to take over it. Just wanna add something to @NLZ 's question. Scriptlet is not the only solution for anti-adb, if it can't be used usually the combination of $ghide and redirect-resource solves the issue. I'm not aware of any single anti-adb labeled as Can't fix. It's possible there're some old anti-adb not reported to uAssets which ND's generic solution helps. These third-party anti-adb plugins are now so easy to disarm that one can write a template about how to disarm each types of them, and thus no more major.

from nanodefenderfirefox.

@LiCybora Question, do any new reports with anti-adblockers not getting blocked get moved here? Or do we bother reporting at all?

I think it's better reporting directly here:
https://github.com/uBlockOrigin/uAssets/issues

from nanodefenderfirefox.

i hope them can support you more

from nanodefenderfirefox.

i hope them can support you more

Who are them refers to? If you mean "new developers", they are unlikely to support me because they refuse to being interacted with.

from nanodefenderfirefox.

i hope them can support you more

Who are them refers to? If you mean "new developers", they are unlikely to support me because they refuse to being interacted with.

it's like that they are working on offical version for firefox??? maybe not?

from nanodefenderfirefox.

The App Nano Adblocker and Nano Defender is an extension for Google Chrome internet browser.

Their privacy policy only claims for Google Chrome. They leave no words about Firefox so their stance are still unknown.

Similarly, the Edge version still showing the former developer name. Most likely they don't care at all.

from nanodefenderfirefox.

Did you ask new devs for make a port version, or you did and they dont care about that?

from nanodefenderfirefox.

Thanks for the guide. I will add it and link it such that your past effort on this guide not waste but benefit users to migrate.

from nanodefenderfirefox.

@jspenguin2017 Yes I am interested. If I have enough resources I can try to implement it.

from nanodefenderfirefox.

So first, you need a server, a domain, a GitHub bot account, and some knowledge of Node.js.

For server, I use AWS. You can use Digital Ocean, GCP, etc. I think GCP is the cheapest, but I'm not sure. I recommend DO or AWS Lightsail if you have no experience with cloud. This should cost you at most $5 a month, it currently costs me USD $3.5 a month.

For domain, I'm with Namecheap. I recommend a .com domain to avoid headaches down the line. Try to avoid those "free domains". This should cost you about $12 a year.

You can also give Heroku a try if you don't want to spend money, but I think you still need to give them a credit card.

I recommend you to register a new GitHub account for your bot to use. You can use your current account, but if something goes wrong, it can be a pain to clean up. If you accidentally leaked your API key, revoke it immediately and generate a new one, don't hope that "no one saw it".

My server is written in Node.js, so you need to know how that works. I didn't use any packages, but using a good server package (for example, Express.js) should make things easier. Be sure to set up a vulnerability watcher if you use a package. Also remember to update your server regularly to make sure you're not running vulnerable software. I update my server once a week.

I can't tell you exactly how my server accepts and stores reports as I don't want to reveal how the anti-spam system work, but take a look at the frontend code (the one in the extension) to see what the backend server should be expecting. I can tell you how I process reports and call GitHub APIs if that's needed.

Let me know how it goes.

from nanodefenderfirefox.

Since the installation of Nano Defender for Firefox required changing the userResourcesLocation in uBlock to a url from @jspenguin2017 repo (that is now archived), should we now change it? What else should I change if I want to still use Nano Defender fo Firefox alongside uBlock?

from nanodefenderfirefox.

should we now change it

It wasn't forked yet, so for now no.

What else should I change if I want to still use Nano Defender fo Firefox alongside uBlock?

Same case, for now nothing to change.

from nanodefenderfirefox.

@LiCybora

You can get started with Heroku (or Glitch), but be careful that those services tend to not offer a persistent file system. So you need to store data in a proper database. I think Heroku also offers a free database, you'll have to look into that.

If you use Heroku (or Glitch), your app (backend service) will be shut down (I think it's SIGINT or SIGTERM) after some time of inactivity (no incoming requests). It can take up to a few minutes for your app to wake back up. This may not may not be a problem for you, but it's something to keep in mind.

Also, I would discourage you to use a server provided by someone else unless you can trust them with your API key.

from nanodefenderfirefox.

@LiCybora

Don't worry, I am not going to blindly apply whatever he say and give.

Don't worry, I'm not going to give you anything that can be applied blindly.

from nanodefenderfirefox.

If I want to start fresh with Ublock Origin + NanoDefender, does these steps still applied to me?

from nanodefenderfirefox.

Hi @LiCybora
If you find you can't maintain the webserver functionality on glitch etc. without paying for the boost or whatever they call it, set up a patreon and I and I'm sure many others would be willing to help keep the project alive

@jspenguin2017 I'm curious about this force scroll mode you mentioned earlier. Does this have anything to do with these websites that have anti-adblock overlays which make the content beneath unscrollable, so that even if you block the DOM elements contained in the overlay you still can't scroll through the content? I have always been trying to figure out a way to get past that without breaking other sites

from nanodefenderfirefox.

Also @jspenguin2017 thanks for spending so much of your time on this and trying to implement a stable transition. I have switched back to ublock origin but it's not fair to blame you for this when all of us would never have stopped using ubo in the first place were it not for your contributions

from nanodefenderfirefox.

@aminomancer

I'm curious about this force scroll mode you mentioned earlier

The force scroll mode is designed to be used with the element zapper. Force scroll mode will break the layout of the webpage though, it's more of a temporary solution. You should report those issues to filter lists maintainers so that you won't need the force scroll mode.

Note that if the webpage has scroll locking implemented in JavaScript, the force scroll mode won't work. It only works for CSS-based scroll locking.

from nanodefenderfirefox.

So Firefox folk are alright for now but... Should I undo the things in the extra installation steps here? Or am I good with those? I'm using uBlock Origin with Nano Defender.

from nanodefenderfirefox.

uBO's zapper already has code to unlock scrolling, this has been there since I first implemented it years ago.

from nanodefenderfirefox.

Sometimes

Any issue can be reported, they will be investigated and fixed. If nothing is reported, I can't investigate. Did you ever report an issue regarding this?

from nanodefenderfirefox.

I can use this https://jspenguin2017.github.io/uBlockProtector/#extra-installation-steps-for-ublock-origin on UBlock for import all filter from nano to UBlock? is secure this?
i want Nano filter to UBlock, but i not have find link for add this filter to UBlock.
thanks for all the work done so far.

from nanodefenderfirefox.

I switched from ubo to NA just so I could use ND. Is it possible to get the same benefits from ND with ubo?

from nanodefenderfirefox.

@jshir yes, follow the instructions on the nano defender page, you just need to tick the 'advanced user' box and paste in the resource URL

from nanodefenderfirefox.

@LiCybora
I'm using NA and ND on firefox... should I stay with those forks or should I switch to uBO??

from nanodefenderfirefox.

Switch to uBO and uninstall NA. You may also refer to #187 (comment) for migration note.

You may still keep ND.

from nanodefenderfirefox.

Hello @LiCybora
How about removing these instructions since nano is archived ,dead(malicious)

from nanodefenderfirefox.

Thanks @LiCybora for all of this! And thank you for adding the notification in Firefox about what had occurred. I would have never have known otherwise. Much appreciated!

from nanodefenderfirefox.

correct me if i wrong somethings:
@LiCybora you are the maintainer of both extension for firefox.... that's "Nano Adblocker" and "Nano Defender for Firefox" right ?

The 2 counterparts for chrome it's not anymore avaiable (and we all know the right reasons or not).

The project "Nano Defender for Firefox" it is not abandoned but it will most likely change its name right ?

At today therefore it would be recommended to switch to "Ublock Origin" and remove (or better disable) "Nano Defender for Firefox" and wait some next news in future right ?

Honestly I have read a lot and not understanding English very well I have a lot of confusion in my head :)

EDIT
Meantime i stay to open my Chrome Portable to uninstall "Nano AdBlocker" also even though I still have the version 1.0.0.154 installed and i not obtain the "BAD" version only because Chrome it's not my main browser.....

from nanodefenderfirefox.

@DjDiabolik

Nano Defender for Firefox is still safe to be enabled for now, but it is up to user decide keep, disable or remove.

Perhaps you may mention which language you understand so other volunteers may assist you?

from nanodefenderfirefox.

@LiCybora Hello and sorry for PMing you but I really need an answer from you, because you may be the person that knows the best - first of all, I used the nano defender for firefox for the moment, i deleted it until new instructions are set However, my biggest concern - So, for the last time, just to be extra-sure - the nano filters/ nano integration filter ( the ones tat can be downloaded from here https://jspenguin2017.github.io/uBlockProtector/#extra-installation-steps-for-ublock-origin) were under original dev, and new devs don't have acess to them? (PLEASE confirm if so). So, they practically released a new extension (probably with new filters) that have nothing to do with those

@jspenguin2017 if u can, waiting for an answer as well. Just tell me that those filters werent compromised, please...

from nanodefenderfirefox.

@LiCybora

Nano Defender for Firefox is still safe to be enabled for now, but it is up to user decide keep, disable or remove.

Perhaps you may mention which language you understand so other volunteers may assist you?

oh yeah... i'm italian :)
Anyway i can read english.... not perfectly but I can more or less understand what happened :)
where I can not even I always help them with google translator......

from nanodefenderfirefox.

@GrPK #187 (comment)

Still doesnt have a clear answer, but I understand that they are safe, for the moment? I've already deleted them, but I understand that it wasn't a problem having them, right?

from nanodefenderfirefox.

Still doesnt have a clear answer, but I understand that they are safe, for the moment? I've already deleted them, but I understand that it wasn't a problem having them, right?

@GrPK
Now... then we all agree that firefox ports there's clear and and have not been touched....

If you step back to use "Ublock Origin" someone suggest to use it alone and report an issue on in his tracker when you found a website identify the ads blocker installed on your browser so that the developer or who manages the filter can apply a possible fix....

likewise i think a usage of config "Ublock Originin" + "Nano Defender for Firefox" it's also safe... the extra steps need to apply on ublock to "make a perfect association" whit Nano Defender they don't seem to refer to any of the new Turkish repo.

on my side.. for now and on firefox i have untoch.. i din't touch anythings.... maybe I'll wait to see how it's reprogrammed/renamed the currectly "Nano Defender for Firefox" and at that point I'll see what to do.

I hope you can understand my bad english......

from nanodefenderfirefox.

If someone liked to have a loaded Firewall panel as the last one (form click load more) [and always see version of addon in pop-up], so they seem to be responsible for this behaviour:

"popupPanelSections": 47,

"popupPanelLockedSections": 32,

I can't really check if the popupPanelSections is ingored / overwritten by "63". Maybe 47 was added scroll fixer button...

from nanodefenderfirefox.

If someone liked to have a loaded Firewall panel as the last one (form click load more) [and always see version of addon in pop-up], so they seem to be responsible for this behaviour:

"popupPanelSections": 47,

"popupPanelLockedSections": 32,

I can't really check if the popupPanelSections is ingored / overwritten by "63". Maybe 47 was added scroll fixer button...

but this where? on which addons and on which port?

from nanodefenderfirefox.

In avanced uBO settings:

Gear ⚙️

chrome-extension://cjpalhdlnbpafiamejdnhcphjbkeiagm/advanced-settings.html
extension://odfafepnkmbhccpbejgmiehpchacaeak/advanced-settings.html

Firefox no have stable UUID or something like "WebStore ID".

I liked the firewall to be hidden and the version of the addon was visible in the pop-up.

from nanodefenderfirefox.

By the way, what does NanoDefender(forFirefox) provides currently that cannot be solved simply by userscripts and filterlists?

Asking because as far as I see from the commits, LiCybora only provided the maintenance for the Firefox package, jspenguin2017 provided all the code from upstream. So with jspenguin2017 retiring, what will happen with the addon? Is there even a need for the addon?
Because gorhill just retired uBO-Extra citing the lack of need for it[1], which is listed as one of the source for NanoDefender. Are there other mitigations in the addon that cannot be solved inside uBO or with userscripts? Is there a list of anti-adblock technologies or example websites that was marked by uAssets as cannot fix?

[1] https://github.com/gorhill/uBO-Extra#readme

from nanodefenderfirefox.

By the way, what does NanoDefender(forFirefox) provides currently that cannot be solved simply by userscripts and filterlists?

Is there a list of anti-adblock technologies or example websites that was marked by uAssets as cannot fix?

Firefox obey too much on CSP that do not even allow extension to inject script (although most likely is browser bug). Some site may use this to ban script injection from uBO. I think this is the niche that Nano Defender may fill up, since standalone extension is allowed to modify web response. I will see if I can somehow handle "can't fix" issue on uAssets.

uBO Extra is however, the story of Chrome and not about Firefox.

Is there even a need for the addon?

Of course for now, you may not see above happen because ND is not updated for quite a while. I am just starting to maintain in this direction. You might also think it may not worth to install extra extension for just small list of website, but if you frequently use affected site, you will find this extension is somehow useful. So whether you need is situational dependent.

from nanodefenderfirefox.

I don't want to discredit ND, just trying to understand the added value.
Does this mean that there are already sites where NDforFirefox works around maliciosuly restrictive CSPs?

Reading further since writing my original questions, I see gorhill stating that the AAK userscript, which ND was based off, is actually harmful for uBO.[1] So there might be a need to overview what ND is blocking via js versus what covered by uBO/uAssets already, but I understand that it would require a lot of effort and probably help from volunteers.

I mentioned uBO Extra because NDforFirefox contains it[2], at least on file level. If it never worked for Firefox, it could probably be removed.

Edit:
Adding to the issues with AAK, since uBO 1.30.0 there is a filterlist blocking functionality that contains AAK's filters[3], which is the base for ND's filters[4], this also makes me question if ND is actually benefitial.
Not sure how much you are in contact with gorhill or other uAssets contributors (I think jspenguin2017 had some disagreement with them), but they might be able to provide further context on the issues that I found or if they are actually a problem.

[1] https://www.reddit.com/r/uBlockOrigin/comments/jd1cy3/nano_adblock_ublocko_fork_getting_shut_down_will/g94vwi5/?context=3
[2] https://github.com/LiCybora/NanoDefenderFirefox/blob/master/src/content/ubo-extra.js
[3] https://github.com/uBlockOrigin/uAssets/blob/master/filters/badlists.txt#L4
[4] https://github.com/LiCybora/NanoDefenderFirefox/blob/master/uBlockProtectorList.txt

from nanodefenderfirefox.

https://github.com/JustOff/scriptlet-doctor - few repair, but normal works on only few Russian sites.

from nanodefenderfirefox.

Scriptlet Doctor comes with a predefined list of known domains with restrictive CSPs, most of which are currently related to Russian sites, but this list is user configurable and allows uBO scriptlets to run on any site where 'unsafe-inline' is not allowed by CSP.

from nanodefenderfirefox.

@LiCybora Question, do any new reports with anti-adblockers not getting blocked get moved here? Or do we bother reporting at all?

from nanodefenderfirefox.

I was updating some stuff, and saw this and the defender drama............wow, shit happened

What TL;DR I can simplify/put together, is Nano Defender (Firefox Port) is still good for now this current version (15.0.0.206), but things might get hinky in the future, so .........wait and see, is that it?

from nanodefenderfirefox.

I was updating some stuff, and saw this and the defender drama............wow, shit happened

What TL;DR I can simplify/put together, is Nano Defender (Firefox Port) is still good for now this current version (15.0.0.206), but things might get hinky in the future, so .........wait and see, is that it?

it's time to pass to ublock origin directly..... apparently using it it's not need nano defender.

from nanodefenderfirefox.

So it's been several months. Are there still no instructions for ND + uBO users?

I've noticed that gitcdn.xyz, which hosts the ND resources that we're supposed to add to uBO, now has an SSL certificate that doesn't match its domain name, so that's fun.

I'd also like a more detailed explanation of what ND does that uBO doesn't (and this information should probably be added to the project's readme too). The few sentences that the topic has been given in this thread so far haven't really helped my understanding much.

from nanodefenderfirefox.

I've noticed that gitcdn.xyz, which hosts the ND resources that we're supposed to add to uBO, now has an SSL certificate that doesn't match its domain name, so that's fun.

@awebeer256 FYI: it's an open issue on the gitcdn.xyz project schme16/gitcdn.xyz#75

from nanodefenderfirefox.