Building a UMatrix Replacement(lock.cmpxchg8b.com)
64 points by taviso 1 day ago | 9 comments
exceptione 1 day ago
For those not aware, the article assumes you are stuck in Google Chrome. Ublock works correctly in Firefox and derivatives, I advise you to use that instead to end the suffering.

If you find yourself in a "only Internet Explorer 5.5 is supported" situation, you could perhaps use Ungoogled Chromium and manually install Ublock Origin to buy yourself time to get out of that dead lock.

Semaphor 8 hours ago
I use FF and uBO (which has always worked better on FF than on the adtech browser), but I'd love uMatrix back. The interface of uBO is a typical mobile friendly simplification. As the article says, uBO can do everything if you are willing to write rules by hand. And missing is that the equivalent in uMatrix was a single click. Simply a huge step back in UX, and while I dropped uM eventually as the lack of maintenance resulted in incompatibilities, I'm now permitting far more connections than before as anything else would require too much work when I want to actually browse the web.
marysol5 11 hours ago
Outside of "Cast" to Google Devices, what is any benefit in Chrome?

Firefox works fine now, I don't think I've had those memory issues that used to plague it in forever!

atoav 11 hours ago
If you use a browser by a company that earns most of its revenue by selling ads and wonder why the ad-blocker is not working I may have a bridge to sell to you.
anonymousiam 23 hours ago
The "solution" is to not use Chrome anymore.

Firefox hasn't (yet) crippled their add-ons, and says they have no plans to do so (today).

NoScript can do what you want, and more.

madars 23 hours ago
Nice work! FWIW, you can still use Manifest V2 extensions, like uMatrix, uBlock Origin, or Violentmonkey, in Chrome by passing command line flags. For example, on macOS:

    open -b com.google.Chrome --new --args --disable-features=ExtensionManifestV2Unsupported,ExtensionManifestV2Disabled
When Google finally nerfs that, it is past time to move to Firefox or Brave, the latter of which has explicitly announced uMatrix support.
jorvi 20 hours ago
> For as long as we’re able (and assuming the cooperation of the extension authors), Brave will continue to support some privacy-relevant MV2 extensions—specifically AdGuard, NoScript, uBlock Origin, and uMatrix

Once Google removes MV2 and it's supporting code, Brave is not going to shoulder the cost of keeping all of that patched to run on newer builds of Chromium. Especially not because their own blocking doesn't rely on it, uMatrix has been deprecated since 2021, and AdGuard is already committed to transitioning to MV3.

SoMomentary 18 hours ago
I thought these stopped working altogether with the release of Chrome 142? I know you could override it for awhile there, but I've been lead to believe that option is gone.

This is part of what forced my hand and made Firefox my daily driver, at least for personal use.

madars 18 hours ago
It works fine in Chrome 148. Earlier Chrome versions removed chrome://flags versions of the above even with "Temporarily unexpire M147 flags" (and similar), but command line invocation continues to work.
teddyh 23 hours ago
If you are running a modern Firefox, there’s still nuMatrix: <https://codeberg.org/arek/nuMatrix>
yborg 21 hours ago
There's still uMatrix, for that matter. gorhill hasn't updated it in 5 years, but still just werks.
jjav 11 hours ago
> There's still uMatrix, for that matter. gorhill hasn't updated it in 5 years, but still just werks.

Yes! I have uMatrix on all my computers. I wish it was still being updated but.. it still works great. The best ever.

Semaphor 8 hours ago
I have had frequent enough issues with it silently blocking some things with no ui exposure of those blocks. Been a while now, but I think it was stuff like webrtc and other more "arcane" features.
kencausey 20 hours ago
Yes, I still use it and can confirm that I have had no concerns or problems with it. On the other hand, if I had to reinstall, without research, I'm not sure how I would reinstall it. Having alternatives is a good thing.
dehrmann 19 hours ago
It mostly still just works. Sometimes even with everything enabled, a site won't work.
gitaarik 11 hours ago
Indeed, this is why I eventually stopped using it; sometimes a random site wouldn't function properly, and took time to figure out it was uMatrix. It was a nice plugin indeed though.
dehrmann 3 hours ago
uMatrix is very hard on sites by default. When something is glitchy, I assume it's because uMatrix blocked random third-party code.
Semaphor 8 hours ago
Oh, that is nice, I'll have a look at that when I'm back home.
rep_lodsb 2 hours ago
Something like uMatrix should be built right into the browser, and the fact that this isn't the case really says it all about how it's not the "user agent" anymore. It's the one extension that's absolutely essential IMO -- no third-party connections at all by default, yes it breaks a lot of sites, but then you should ask yourself if the content was really worth reading in the first place!

Besides the blocking, being able to see at the click of a button what kind of crap most sites want to load is really eye opening. And they would do so completely silently if you're using a "normie" browser created or financially supported by the largest advertising company in the world.

Instead the mainstream gets "security features" like Safe Browsing, where it connects to a Google server every day without most people's consent or even knowledge, downloading a list of hashes of "bad stuff" to block. Like open source software to download videos from YouTube (yt-dlp), which it flags as malware. Of course the tinfoil hat conspiracy theory that it's also sending every URL you visit to their server isn't true -- only the ones that match a hash, "to check for false positives". It's easy to see how this mechanism could be abused to log who is visiting particular URLs of interest, without alerting the user to it happening. As far as I see it, you would just have to trust them when they super-double-pinky-swear they would never do this. And of course the TLAs wouldn't allow them to disclose it if something like this happened on their orders.

tredre3 2 hours ago
> [...] the fact that this isn't the case really says it all about how it's not the "user agent" anymore. [...] yes it breaks a lot of sites, but then you should ask yourself if the content was really worth reading in the first place!

Users want websites to work. The agent excludes a feature that, you admit, break most websites.

Yet you find it puzzling and anti-user behavior? Can you elaborate?

Would you be okay if it was built-in but disabled by default and hidden behind a setting or a flag?

ldayley 1 day ago
Weirdly enough I was wondering what Tavis Ormandy has been up to recently, as I haven't seen his name associated with any global show-stopping vulnerabilities from the Project Zero team for a while.

I miss uMatrix, too. Thank you for working on this!

m463 23 hours ago
I still use umatrix

but cloudflare blocks my "outdated browser" all the time

comment0r 1 day ago
I don’t like Heroism, but finally a new article from Tavis Ormandy. Thanks for your work.
lpcvoid 1 day ago
>I really don’t want to give that up – is there a solution?

Use Firefox, uBO works great. While I really enjoy seeing people find creative technical workarounds, the reason for it being needed in the first place is Googles fight against Adblockers with Manifest V3. Firefox allows people to sidestep this artificial downgrade of adblocking capabilities.

tadfisher 20 hours ago
But performance? Question mark?
SoMomentary 18 hours ago
Webpages run a lot better when I block all that extra shit from running!