Then you watch the "Important Videos" playlist (https://www.youtube.com/playlist?list=PL7XlqX4npddfrdpMCxBnN...) and half the videos are taken down because the account had too many strikes. It's really sad.
I would've never heard of the single domain on this blocklist if not for this project. We should be careful that we're not accidentally handing a new marketing tool over by "Streisanding".
Just make the Ad blocking extension retrieve an extra file outside of github automatically(default on, but leave it configurable like the other filter lists in options) or I am sure there are custom lists based on easylist or other lists available already on the net that include/can include
But props to the creator of this, great ingenuity.
Edit: replaced https with h||ps to prevent it from showing up as a link (which are apparently cut off if they're too long).
He's blazing a trail that others who may be more risk averse or have more to lose can then follow. Actually blocking these domains is kind of a side benefit, especially since the most likely people to download the extension are those who could just as easily achieve the end result themselves in other ways.
Unfortunately there is no legal concept of waiver in this situation: the other side can pick and choose weak targets at will and avoid someone who will fight back. Just one more critical flaw in the DMCA system. Contrast this with trademark law where one must universally enforce the mark or risk losing it entirely.
If you decide to use IPFS for distribution of your list, I'd be happy to donate some Eternum credits so you can pin it.
This would include all Admiral-owned domains (including those that haven't been included in DMCA takedowns yet), and all domains owned by any other companies that believe there is some legal obligation to load their trackers. It's an important list to have.
Echoing other comments, this list should be in a standard .txt form so it can be included by other extensions, so I can pick an extension that does what I want when it encounters such a site (e.g., decline to visit the page that embeds the site).
In that case, maybe the best technical and legal solution is to block any sites that contain their domains completely. I.e. boycott anyone who does business with these people, without "violating" someone's interpretation of DMCA.
Please consider publishing a version at addons.mozilla.org too.
The tool web-ext makes this almost effortless.
Edit: in my experience.
The worse part is that uglify is required for us to even get the extension signed, due to Firefox's arbitrary individual file size limit.
Prior to Mozilla getting their act together it literally was over a month of waiting for them to review our extension, so we just bailed altogether as their entire process is terrible for pretty much no real gain. I then tried again once the queue had dropped from ~400 to ~150 and the wait time finally became reasonable.
I mean the process was/is so bad, they literally had an issue on github to just automatically approve extensions based on some criteria due to the huge backlog. I cannot get an unlisted extension released with the same version as a listed extension, so we completely bailed on using Mozilla's hosting at all, since all it does is cause a liability until we can push out fixes the same day without manual intervention.
To top this off, every single time we make a new release, we'd have to explain the extension, how to build it, etc. and provide sources to the code. Our extension is also a regular web extension.
Taking a look at mozilla's publishing guidelines they're quite clear that you can publish an addon in obfuscated or minified form, but that you need to provide them an unobfuscated/unminified copy of the of the source code to review as well as instructions on how you performed the obfuscation/minification (presumably to run it themselves and compare the output). All of that seems fairly reasonable since you don't want people distributing malware on AMO. One thing I don't see mentioned anywhere in there is a size limit on files though, so I'm very interested to hear what this apparently undocumented requirement is.
I work at Virtru. The short summary is that we make a client-side encryption extension for the content of your email. There are certainly things we can do to reduce the file size. However, the business value of doing so is limited, particularly in the context of an extension. It is also much more limited when Firefox itself is vastly less popular than Chrome today and we have no issues from Chrome.
We use webpack, so all our dependencies, which may not be optimized for file size for browser usage get pulled in as well.
As I previously stated, so not sure why I'm having to repeat this, that the entire process due to the minification creates a huge barrier for any business that is trying to fix things in a reasonable amount of time. You get thrown into an admin queue, which moves at a snail's pace, EVERY time you upload a new version you have to add instructions again, EVERY time there is a different reviewer with the same question you have to answer them again. Mozilla isn't sitting there actually reviewing your source code in an intelligent way. We were dinged on 2 uses of eval. What is hilarious the uses came from within very well known libraries, jQuery, and Bluebird. If they were really reading the source code, they would have known that we didn't write that, 1 of the uses we never call the function that contained it, and bluebird is using it as a de-optimization strategy to prevent a function optimization that make objects fast.
(E: and that's currently; go back a few months and it's nearly 90% taking over 10 days. Possibly well over 10 days. https://discourse.mozilla.org/t/queue-weekly-status-2017-05-...)
As far as I can see the new web extensions based approached has much better tooling with automatic analysis and reviewing.
And the amo team is super responsive on email.
What am I missing?
We'll give up a bit first but may win eventually.
I do not know how complete it may be. It was interesting putting the list together to see how most (but not all) of the users appear just as sleezy as Admiral itself.
(Blocking these sites automatically should be done based on requests pointing to the original list, rather than this derived one, but it's here for reference.)
Could a hashed tld blacklist help? Each person downloads a unique hashed tld blacklist. Browser would calculate tld against list of hashes (or bloomfilters for what's worth)
In this case, what if a rule says
- domain starts with "functio"
- domain ends with "onalclam.com"
- domain is no longer than 18 bytes.
Instead of cleartext?
Each one downloaded can not block anything
But if a user combines some of the data, certain website gets blocked.
Either that, or it ends up being so obscure that the target company(ies) never notice.
For samsung.com to be added to the list first an ad-blocker would have to list samsung.com THEN Samsung would have to use legal shenanigans to get samsung.com removed from blacklists THEN it would get added.
It seems pretty unlikely. Its likely in fact that if samsung had content worthy of blocking it would be served in a way that would be easy to block without blocking samsung.com. Example nonsense.samsung.com or samsung.com/whatever.
See my analysis at the Anti-Adblock Killer repo for more detail -
Admiral has thousands of domains across Google Cloud and AWS hosts.
why make an entirely new plugin when you can simply make a new list? As cool as your idea is, I don't need two browser extensions to manage when the first one will happily incorporate your list.
I'm not opposed to doing both, once I have an hour to sit down and figure out what is actually involved. There's an issue to track it here: https://github.com/paulgb/BarbBlock/issues/5
I'm rather shocked HN is not well versed in this.
Moving information to outside the US juristiction will only allow abusers to continue to harass those who can't move out.
This extension isn't necessarily bad---if its purpose is simply to ensure that DMCA takedowns and cease-and-desist orders are properly supported and enforced only with good cause, then that seems valuable. If it ends up as a tool that starts making people who are legitimately trying to protect their livelihood or interests give up by making their legal remedies unenforceable or too onerous to undertake, then maybe we need something a little less cavalier.
This is a huge attack on the way we all consume the web, because in the end it leads to a society where we are forced to consume ads to participate in the society.
What's the story?
Privacy badger will only block a domain if it appears that it's tracking you. Sites linking to this JS, that don't try to send tracking info will not be blocked.
> after the page finished loading. It removed the real page content and replaced it with a box asking me to whitelist the site.
The reason why they're using so many domains is to circumvent blacklisting, and then the DMCA takedowns are another layer of circumvention on top of that.
If it's possible, then it would be a good act of protest to require individually signed (by an actual person with a pen, not a picture of a signature), individually snail-mailed requests. This would at least make the process take O(n) time and O(n) money, making it a bit harder to abuse.
It's a real question, can they easily challenge some requests and maintain their safe harbor status?
Modifying uBlock mitigates the argument but doesn't entirely remove it. For example if the people who control uBlock control a third-party source that allows the same preventions to be implemented then technological changes have been made but the situation is legally homologous (AIUI, IANAL).
IMO uBlock need to provide facility for a domain to be blocked but say "search online to find blocklists" and have no legal associations with the blocklist maintainers; akin to how emulator sites manage ROMs, they stay as legal separated from them as possible. Putting Google in the middle makes getting sued harder, in theory Google is linking the people to the tech/info that enables the alleged infringement.
Remember DMCA is strongly weighted towards the accuser in the initial instance and that a service provider has to take down content in order to maintain their safe-harbour protections, leaving it to the alleged infringer to counter the accusation (guilt until claim of innocence).
Does your link address that question? Is your opinion on the DMCA well informed?
Make a address which creates transactions containing the domains blocked. To find the list, check the transactions from this address. If an error is made, then you can just use an other address to build the list again without the domains you want to remove, and make adblocks look for transactions from this address. The adblockers only reference an address so they have no illegal content. Domains can't be removed from transactions. Adblockers can use an other address as basis if they agree too.
Doesn't sound very practical.
Note that I'm not saying it's better than the current management from the github repos. Nothing beats plain text files. What I'm saying, though, is that if DCMA takedowns on those lists become something common, engraving those domains in blockchain is a good way to defend from it.
But most people here could have got to this conclusion taking 5 minutes to think about it. I get it, guys, you've heard enough of blockchains. Let's not answer to irrational outburst of feelings with outburst of feelings in the opposite direction, please (note to parent: this remark is for the whole discussion and the downvotes, not just for you).
Nobody can take down your signed blockchain message that was published on bitcoin, unless they physically find you, and force you to sign a revoked list.
This is a situation where trying to use technical measures to try to get around a law is not a good idea. Aside from the fact that the DMCA is incredibly generic and states that "No person shall circumvent a technological measure that effectively controls access to a work protected under this title." So it doesn't matter /how/ it's circumvented, all that matters is whether it was circumvented. But more importantly, if you use a technology to try to get around copyright law (even if your usage is completely legal), you're just asking for the copyright lobby to attack you. Just look at what happened to BitTorrent.
All you got to do is know the block number that it was published on.
Maybe you could even have the "speciality purpose software" published in the bitcoin blockchain itself.
It might still be "illegal", but the purpose is not to be 100% bullet proof.
The purpose is to make enforcement so expensive as to be impractical.
I am glad that you brought up bittorrent, though.
Bittorrent and torrents in general is a great example of how you can spend billions trying to enforce copyright law, and yet free Game of Thrones episodes are still a click away, for me.
Technical solutions to fighting DMCA have worked extraordinarily well.
The copyright lobby has massively failed to achieve its goals.
> All you got to do is know the block number that it was published on.
> Maybe you could even have the "speciality purpose software" published in the bitcoin blockchain itself.
Okay, and how is your web browser going to access that list? At some point there has to be a path from the "anonymous" blockchain to your browser, and that's who will get sued.
> The purpose is to make enforcement so expensive as to be impractical.
I still think you're trying to solve the wrong problem. Breaking the law doesn't help your cause. You need to challenge people who are abusing laws, because that's how you actually make a change in this arena.
> Bittorrent and torrents in general is a great example of how you can spend billions trying to enforce copyright law, and yet free Game of Thrones episodes are still a click away, for me.
> The copyright lobby has massively failed to achieve its goals.
That's an incredibly optimistic view. The copyright lobby has successfully managed to create the most pervasive DRM systems in existence thanks to the threat of "piracy", including EME. While a large number of people still torrent, the copyright lobby has managed to smear the entire technology. Who distributes their own content via BitTorrent? Almost nobody (distributions are the only example I can think of).
That doesn't sound like success from our side to me. In Australia, ISPs will DNS-block torrenting websites and also null-route any torrent traffic.
Through blockchain.info, which is also the perfect tool for law enforcers to track possibly fraudulent money transactions, so they can't do without it.
> You need to challenge people who are abusing laws, because that's how you actually make a change in this arena.
Why choose? We can do both. EFF has expanded in parallel to TOR development. That's nothing uncommon. Plus, it's a huge argument for political groups to be able to say : "we can fight this through technical tools that we already have, but we want to find a peaceful solution with you". You don't negotiate when you can't achieve anything the other side doesn't want.
> Who distributes their own content via BitTorrent?
There's at least Blizzard that I noticed, I suppose others as well. The thing is that they don't advertise it - why would they? It's an implementation detail (built in their client). But I think of bittorrent legacy as way more than that. I'm not sure we would have had Spotify and Netflix without it. Sure, there are DRM, now. But music and movies are now affordable. Everybody wins, which is the desired end result.
Regarding ads, how could everybody win? There's one thing people made clear : they hate ads. So instead of fighting adblockers, ad industry should find a way to allow people to discover products without annoying them. For now, some prefer to fight adblockers with legal tools. We're entitled to answer with means just as aggressive, while still maintaining discussion channels with opposite side.