For those not aware, the article assumes you are stuck in Google Chrome. Ublock works correctly in Firefox and derivatives, I advise you to use that instead to end the suffering.
If you find yourself in a "only Internet Explorer 5.5 is supported" situation, you could perhaps use Ungoogled Chromium and manually install Ublock Origin to buy yourself time to get out of that dead lock.
I use FF and uBO (which has always worked better on FF than on the adtech browser), but I'd love uMatrix back. The interface of uBO is a typical mobile friendly simplification. As the article says, uBO can do everything if you are willing to write rules by hand. And missing is that the equivalent in uMatrix was a single click. Simply a huge step back in UX, and while I dropped uM eventually as the lack of maintenance resulted in incompatibilities, I'm now permitting far more connections than before as anything else would require too much work when I want to actually browse the web.
If you use a browser by a company that earns most of its revenue by selling ads and wonder why the ad-blocker is not working I may have a bridge to sell to you.
Nice work! FWIW, you can still use Manifest V2 extensions, like uMatrix, uBlock Origin, or Violentmonkey, in Chrome by passing command line flags. For example, on macOS:
open -b com.google.Chrome --new --args --disable-features=ExtensionManifestV2Unsupported,ExtensionManifestV2Disabled
When Google finally nerfs that, it is past time to move to Firefox or Brave, the latter of which has explicitly announced uMatrix support.
> For as long as we’re able (and assuming the cooperation of the extension authors), Brave will continue to support some privacy-relevant MV2 extensions—specifically AdGuard, NoScript, uBlock Origin, and uMatrix
Once Google removes MV2 and it's supporting code, Brave is not going to shoulder the cost of keeping all of that patched to run on newer builds of Chromium. Especially not because their own blocking doesn't rely on it, uMatrix has been deprecated since 2021, and AdGuard is already committed to transitioning to MV3.
I thought these stopped working altogether with the release of Chrome 142? I know you could override it for awhile there, but I've been lead to believe that option is gone.
This is part of what forced my hand and made Firefox my daily driver, at least for personal use.
It works fine in Chrome 148. Earlier Chrome versions removed chrome://flags versions of the above even with "Temporarily unexpire M147 flags" (and similar), but command line invocation continues to work.
Yes, I still use it and can confirm that I have had no concerns or problems with it. On the other hand, if I had to reinstall, without research, I'm not sure how I would reinstall it. Having alternatives is a good thing.
I have had frequent enough issues with it silently blocking some things with no ui exposure of those blocks. Been a while now, but I think it was stuff like webrtc and other more "arcane" features.
Indeed, this is why I eventually stopped using it; sometimes a random site wouldn't function properly, and took time to figure out it was uMatrix. It was a nice plugin indeed though.
Weirdly enough I was wondering what Tavis Ormandy has been up to recently, as I haven't seen his name associated with any global show-stopping vulnerabilities from the Project Zero team for a while.
I miss uMatrix, too. Thank you for working on this!
Something like uMatrix should be built right into the browser, and the fact that this isn't the case really says it all about how it's not the "user agent" anymore. It's the one extension that's absolutely essential IMO -- no third-party connections at all by default, yes it breaks a lot of sites, but then you should ask yourself if the content was really worth reading in the first place!
Besides the blocking, being able to see at the click of a button what kind of crap most sites want to load is really eye opening. And they would do so completely silently if you're using a "normie" browser created or financially supported by the largest advertising company in the world.
Instead the mainstream gets "security features" like Safe Browsing, where it connects to a Google server every day without most people's consent or even knowledge, downloading a list of hashes of "bad stuff" to block. Like open source software to download videos from YouTube (yt-dlp), which it flags as malware. Of course the tinfoil hat conspiracy theory that it's also sending every URL you visit to their server isn't true -- only the ones that match a hash, "to check for false positives". It's easy to see how this mechanism could be abused to log who is visiting particular URLs of interest, without alerting the user to it happening. As far as I see it, you would just have to trust them when they super-double-pinky-swear they would never do this. And of course the TLAs wouldn't allow them to disclose it if something like this happened on their orders.
> [...] the fact that this isn't the case really says it all about how it's not the "user agent" anymore. [...] yes it breaks a lot of sites, but then you should ask yourself if the content was really worth reading in the first place!
Users want websites to work. The agent excludes a feature that, you admit, break most websites.
Yet you find it puzzling and anti-user behavior? Can you elaborate?
Would you be okay if it was built-in but disabled by default and hidden behind a setting or a flag?
Maybe websites should work without loading megabytes of scripts from third-party servers? I think that should be disabled unless you opt-in.
Also browsers by default using a blocklist from some company, and showing a giant scary warning and contacting their server when the user deliberately navigates to an URL that is on that list. That should be opt-in as well, rather than something that just happens and is considered acceptable.
>I really don’t want to give that up – is there a solution?
Use Firefox, uBO works great. While I really enjoy seeing people find creative technical workarounds, the reason for it being needed in the first place is Googles fight against Adblockers with Manifest V3. Firefox allows people to sidestep this artificial downgrade of adblocking capabilities.
If you find yourself in a "only Internet Explorer 5.5 is supported" situation, you could perhaps use Ungoogled Chromium and manually install Ublock Origin to buy yourself time to get out of that dead lock.
Firefox works fine now, I don't think I've had those memory issues that used to plague it in forever!
Firefox hasn't (yet) crippled their add-ons, and says they have no plans to do so (today).
NoScript can do what you want, and more.
Once Google removes MV2 and it's supporting code, Brave is not going to shoulder the cost of keeping all of that patched to run on newer builds of Chromium. Especially not because their own blocking doesn't rely on it, uMatrix has been deprecated since 2021, and AdGuard is already committed to transitioning to MV3.
This is part of what forced my hand and made Firefox my daily driver, at least for personal use.
Yes! I have uMatrix on all my computers. I wish it was still being updated but.. it still works great. The best ever.
I miss uMatrix, too. Thank you for working on this!
Besides the blocking, being able to see at the click of a button what kind of crap most sites want to load is really eye opening. And they would do so completely silently if you're using a "normie" browser created or financially supported by the largest advertising company in the world.
Instead the mainstream gets "security features" like Safe Browsing, where it connects to a Google server every day without most people's consent or even knowledge, downloading a list of hashes of "bad stuff" to block. Like open source software to download videos from YouTube (yt-dlp), which it flags as malware. Of course the tinfoil hat conspiracy theory that it's also sending every URL you visit to their server isn't true -- only the ones that match a hash, "to check for false positives". It's easy to see how this mechanism could be abused to log who is visiting particular URLs of interest, without alerting the user to it happening. As far as I see it, you would just have to trust them when they super-double-pinky-swear they would never do this. And of course the TLAs wouldn't allow them to disclose it if something like this happened on their orders.
Users want websites to work. The agent excludes a feature that, you admit, break most websites.
Yet you find it puzzling and anti-user behavior? Can you elaborate?
Would you be okay if it was built-in but disabled by default and hidden behind a setting or a flag?
Also browsers by default using a blocklist from some company, and showing a giant scary warning and contacting their server when the user deliberately navigates to an URL that is on that list. That should be opt-in as well, rather than something that just happens and is considered acceptable.
but cloudflare blocks my "outdated browser" all the time
Use Firefox, uBO works great. While I really enjoy seeing people find creative technical workarounds, the reason for it being needed in the first place is Googles fight against Adblockers with Manifest V3. Firefox allows people to sidestep this artificial downgrade of adblocking capabilities.