[HN Gopher] Hush: Noiseless Browsing for Safari
___________________________________________________________________
Hush: Noiseless Browsing for Safari
Author : ggoo
Score : 155 points
Date : 2021-01-24 15:03 UTC (7 hours ago)
(HTM) web link (daringfireball.net)
(TXT) w3m dump (daringfireball.net)
| nicbou wrote:
| uBlock Origin has a few lists that disable annoyances. They are
| disabled by default, but they're arguably the most important
| lists.
|
| It's weird to borrow someone's laptop, and see a barrage of ads,
| notices, bars and other visual spam.
| LeoNatan25 wrote:
| It's strange that even today, people are still not aware they
| should be using ad blockers with as many lists as they could
| live with. It's no longer just about sanity and protecting
| attention, but now also about security, as we've heard more and
| more about malware running rampart from ad distribution
| servers.
| px43 wrote:
| The really crazy thing about using ad networks to distribute
| malware, which I think is very much still unrecognized, is
| how targeted you can make it.
|
| You can, for example, target people over the age of 70 that
| live in high net worth areas, or people that live
| geographically close to some organization you're targeting
| specifically, in hopes of hitting an employee, or someone in
| their family.
| foo52728 wrote:
| Really strange is the anti-ad-blocking campaign saying they
| make browsing slow and are privacy unfriendly
| LeoNatan25 wrote:
| Don't forget the claims that adblocks risk your privacy,
| because they have access to all the sites you visit. >_<
| emptyparadise wrote:
| Makes perfect sense when you consider how much money is at
| stake.
| jfk13 wrote:
| > It's strange that even today, people are still not aware
| they should be using ad blockers with as many lists as they
| could live with.
|
| No, it's strange (or rather, it's sad and shameful) that
| we've allowed the web to become an environment where this
| attitude even needs to be considered.
| dylan604 wrote:
| How is it strange? There are way more people that are not
| developers that browse the web not using a desktop. Hell, I'd
| imagine the number of people that think the entirety of the
| internet are the apps on their mobile device like
| FB,IG,Twitter,YT,etc is much larger than the number of
| developers that know and care about such things.
|
| I find it strange that "smart" people such as developers
| can't imagine people think differently than they do, and
| behave differently than they do.
| LeoNatan25 wrote:
| I meant strange in the context of the people I normally
| interact with, with regards to computers, which are usually
| developers or otherwise relatively tech savvy.
| IfOnlyYouKnew wrote:
| I can't remember a single instance of people being infected
| by ads after the end of the IE era. And in 20 years on the
| internet, often without ad-blocking, I've never been a victim
| of anything like that (as far as I can tell, yes. But I'm
| somewhat certain and don't much care about symptomless
| problems).
|
| As far as I can tell, the security argument is advanced
| mostly as justification for blocking even unobtrusive ads by
| people who love to both complain about the terrible state of
| "mainstream media" and to read what they publish.
| jorvi wrote:
| I have a physicist friend who somehow installed a fake
| Google Chrome, which still blows my mind to this day.
| Either his searches must have already been hijacked or
| Google _really_ doesn 't filter the ads at the top of the
| first page.
|
| Luckily enough he never got pwned despite conducting
| basically his entire digital life through that browser.
|
| Badware is still alive and well, but it's mostly tricking
| people into installing it. The days of ActiveX zero clicks
| are indeed (and thankfully!) long behind us.
| LeoNatan25 wrote:
| If only you bothered to do a quick search in Google before
| typing that ignorant comment...
| gorhill wrote:
| > the security argument is advanced mostly as justification
| for blocking even unobtrusive ads by people who love to
| both complain about the terrible state of "mainstream
| media"
|
| Here are documented instances of malvertising I collated
| over the years, and which is by no mean comprehensive and
| which I haven't taken the time to update in a long while:
|
| https://github.com/gorhill/uBlock/wiki/Dynamic-
| filtering:-Be...
|
| Additionally, excerpt from CISA's "Securing Web Browsers
| and Defending Against Malvertising for Federal
| Agencies"[1]:
|
| > Ad-blocking software prevents advertisements from
| displaying or removes different types of ads (e.g., pop-
| ups, banner ads) when a user visits a website or uses an
| application. This software reduces a user's risk in
| receiving malicious ads or being redirected to malicious
| websites. One common ad-blocking technique is the use of
| web browser extensions that enable a user or agency to
| customize and control the appearance of online ads. CISA
| encourages agencies to evaluate solutions that would enable
| malicious ad blocking.
|
| ---
|
| [1] https://www.cisa.gov/publication/capacity-enhancement-
| guides...
| benhurmarcel wrote:
| > It's weird to borrow someone's laptop, and see a barrage of
| ads, notices, bars and other visual spam.
|
| "Hey you should be using an ad blocker, it avoid ads and
| viruses, and makes websites faster. Do you mind if I install
| you one?"
| JosephRedfern wrote:
| The Ad Blocker situation on Safari is pretty poor. I've ended
| up with Ghostery, but really miss uBlock Origin.
| bni wrote:
| I use KaBlock! Despite its silly name its great. Open Source
| and thanks to Safari content blocker security model I can
| trust it.
| blowfish721 wrote:
| I miss uBlock Origin as well but AdGuard has really proven
| itself to be good thankfully.
| andrethegiant wrote:
| 1Blocker is great, although it is paid.
| thekid314 wrote:
| Yeah, 1Blocker running on Safari and NextDNS connection in
| the background means I never see ads these days.
| andrethegiant wrote:
| Thanks for the NextDNS tip, it looks amazing. I was about
| to set up Pi-hole today but this looks better.
| jdeibele wrote:
| AdGuard DNS is easy to set up and free. I went with it
| because there are 5 of us at home all the time due to
| COVID and I didn't know if we would hit the NextDNS limit
| of 300,000 queries a month.
|
| 10,000 queries a day sounds like a lot but our router
| (Orbi) isn't doing any caching so maybe it's not.
|
| AdGuard DNS doesn't let you have any configuration. My
| college student had to change her DNS settings once
| because an app was being blocked as an ad blocker.
| romanovcode wrote:
| uBlock Origin does not work on Safari so this statement is
| irrelevant.
| wodenokoto wrote:
| ... but still no adblocker for safari
| ludwigschubert wrote:
| Not sure what you mean, are you missing a specific ad blocker?
| There are some ad blockers for Safari, both on macOS and on
| iOS. 1Blocker, AdGuard, Wipr, are examples I know to work well.
| (Many are paid, though, or have paid "premium" tiers.) Edit:
| others in this thread also mention Ghostery, KaBlock.
| [deleted]
| mikhailt wrote:
| Is there any work being done to revert the requirements of cookie
| banners, age consent, etc? These are all utterly pointless and
| easy to bypass.
|
| While we're at it, get rid of the forced "piracy is harmful" ads
| on every media disc too. Pirates don't actually see these
| messages, they're stripped out in the final copy, so the actual
| legal customers are the only one suffering through it as they
| can't be skipped either with the skip button, which is silly.
|
| We need to do a better job of cleaning up our laws that has
| turned out to be worthless.
| rozab wrote:
| Do Not Track should have been made legally binding. Hell, with
| any sane interpretation of GDPR it would be.
| [deleted]
| _jstreet wrote:
| I wonder that too. Would this be something the W3C would look
| into introducing some configurable cookie-consent (i.e. "Accept
| all", "necessary only", "block all" options) that browser
| vendors could then pick-up on and adopt so that it wouldn't
| require manual checks at each website visit?
| colejohnson66 wrote:
| As the DNT header history shows, the only solution is privacy
| laws
| detaro wrote:
| Something like the Do-Not-Track header? The history of that
| pretty much shows how much adoption to expect for a feature
| like this, sadly.
| ryukafalz wrote:
| I think the cookie banner requirements are just fine: they're
| only required if sites are tracking you. It's a good sign that
| if I'm on a site that's not bothering me with a cookie banner,
| it's respecting my privacy: https://github.blog/2020-12-17-no-
| cookie-for-you/
|
| Making the widespread surveillance that was previously
| invisible visible (and annoying) seems like a good move to me.
| crazygringo wrote:
| But virtually every site I visit is tracking me.
|
| It doesn't change the fact that they're tracking me, it just
| makes me click an "X" or "OK" every damned time I visit some
| new site to read an article or something.
|
| I could understand your argument if sites were actually
| removing tracking in order not to annoy users with the popup.
|
| But sites aren't doing that, not in any meaningful number at
| all. So it's not having any effect on privacy, while annoying
| basically every internet user ever constantly (before you
| hunt for an extension to block as many of them as you can).
|
| So I don't see how it's a good move at all, not in practice.
| It's just annoying, and that's it.
| ryukafalz wrote:
| Before cookie banners were required, do you think the
| average user would have any idea how many sites were
| tracking them? I don't think they did. It's beneficial if
| only to increase public awareness, because tracking is
| otherwise invisible.
|
| Heck, I'm a reasonably technical user, and I wouldn't have
| noticed in most cases. Again, invisible. Now I have a
| negative first impression of a site if it annoys me with
| cookie banners, and a more positive one if not.
| kstrauser wrote:
| Except now it feels like a California Prop 65 warning
| that you see on literally every business. "Something in
| here may cause cancer. Is it a bottle of toilet cleaner
| locked in the supply closet? Is it benzene in the hummus?
| Who knows!"
| nickpp wrote:
| And what difference does it make if we now know we are
| being tracked?
| asiando wrote:
| They're _ok_ but they should be more precise:
|
| 1. Require websites to be concise and offer a yes/no ONLY.
|
| 2. Reverse-lobby browser vendors to turn this into an API.
|
| 3. Require everyone to use the API.
|
| Now users can block or accept all requests at once like they
| can block or accept Notification requests.
| Nextgrid wrote:
| Cookie banners aren't _required_ per-se, and when the website
| wishes to do tracking that would require consent under the
| GDPR, the regulation mandates that the consent prompt should be
| clear, opt-in (aka pre-ticked checkboxes aren 't allowed) and
| that accepting should be as easy as declining (so if opting in
| takes one click, so should opt-out).
|
| The problem is that the GDPR is not being enforced seriously so
| these breaches of the regulation aren't being cleaned up. I'm
| not sure if it's malice or outright stupidity and the companies
| legitimately believe they are compliant (there is tons of bad
| and incorrect advice out there).
|
| If you want things to change and you're in Europe, you should
| start by questioning the incompetence of your local data
| protection agency as they are the ones that have the power to
| investigate breaches & impose fines. In the UK, the Open Rights
| Group is raising money to sue our data protection agency for
| its incompetence/unwillingness to enforce the regulation, so
| maybe it's worth checking out:
| https://action.openrightsgroup.org/help-us-protect-your-data...
| (no affiliation)
| mikkelam wrote:
| I've been using "I don't care about cookies" for years now
| https://addons.mozilla.org/en-US/firefox/addon/i-dont-care-a...
|
| It's fantastic. Browsing the web on my iPhone, I feel like
| slaying myself. Current state of the web is just fucking
| annoying.
| dheera wrote:
| Exactly. I don't care about cookies because I block all of them
| anyway except on sites I need to login to, which means those
| sites won't be able to remember cookie accept/decline settings
| either because ironically they need _another_ cookie to store
| that setting.
|
| I used a bunch of custom CSS until I got tired of it, then I
| started using uBlock Origin which also helps block other
| annoyances like those stupid "Can I help you?" chat bubbles and
| other popups on various websites.
| benhurmarcel wrote:
| Also available as an adblock list: https://www.i-dont-care-
| about-cookies.eu/
| Nextgrid wrote:
| AdGuard is available on iOS too. It's using the same list as
| the one from the article (plus a few more).
| rakoo wrote:
| > Hush is a throwback to the days when good clever people made
| good clever things
|
| It is sad the author believes that cookies banner is here only
| because website owners don't care about design anymore. Banners
| are absolutely annoying by design because owners _want_ people to
| be annoyed and click "I accept everything" to not be annoyed
| anymore. Owners could very well make those banners disappear with
| one simple trick: just don't collect any information.
|
| The "golden past" isn't one where they used to care about users'
| experience, it's one where they didn't have to care about users'
| privacy. I personally highly welcome the change and try to
| websites that don't care about my privacy by default.
| jolux wrote:
| Plenty of those cookie banners specifically make it harder to
| opt out of inessential cookies, though. That part bothers me a
| lot.
| rakoo wrote:
| That's by design, they want you to click on "I accept
| everything" without reading. It's the choice that the website
| owners did
| jolux wrote:
| I know. I hate it.
| Nextgrid wrote:
| This is also explicitly against the regulation they're
| trying to comply with - at which point they may as well
| just not ask for consent to begin with.
| bombcar wrote:
| Many websites implemented the banner because other websites are
| implementing them. There's a lot of bandwagons out there.
| macinjosh wrote:
| The EU used the force and threat of law to force everyone to
| do it.
| Nextgrid wrote:
| The thing is, the EU is not using the force of the law
| because the law explicitly bans annoying or misleading
| consent prompts, so should the law be enforced, the problem
| would self-resolve very quickly.
| jen20 wrote:
| Two options exist:
|
| 1) ask for consent for personal data you are taking 2) do
| not take personal data.
|
| The latter is clearly preferable.
| Shared404 wrote:
| The EU used the force and threat of law to force everyone
| who already should have been doing it to do it.
|
| A bunch of other people just jumped on the bandwagon.
| yoz-y wrote:
| It's a bit puzzling, why would you add an annoying banner
| for 'fashion' purposes? It's more work and if you don't
| believe it's useful (in this case to shield yourself from
| potential legal trouble) why would you do it?
| Shared404 wrote:
| The key part is that many people do believe it's useful
| when it's not.
|
| It's management/legal saying "Oh no, we use cookies! We
| need a cookie banner!", even though the only cookie used
| is to track state or some such thing which doesn't fall
| under GDPR.
| bombcar wrote:
| I get the name makes sense for what it does but I long for the
| days that products weren't simple English words - searching
| "Hush" on the App Store found many results - none of which looked
| like this.
|
| Which brings me to the annoyance of "go here search this": a
| regressing to AOL keywords when URLs exist is madness.
| ludwigschubert wrote:
| I understand your frustration about generic names, but the URL
| situation ain't so dire:
|
| This HN submission links to Gruber's website, his post title
| links to the app's GitHub page
| (https://oblador.github.io/hush/) which has a direct App Store
| link. (https://apps.apple.com/app/id1544743900)
| jccalhoun wrote:
| I also wish the name or subtitle was more accurate. When I read
| "noiseless" I thought it muted all your tabs or something not
| that it got rid of "visual noise" or something.
| kowlo wrote:
| I'm going to check Hush out - I hope it works as intended. I've
| been using Safari as my main browser for a while now, and it has
| been a little (very) painful since the update that broke uBlock
| origin. It seems a pi-hole isn't enough!
|
| It would be great to browse the web without all the noise!
| [deleted]
| Kudos wrote:
| > Hush is a throwback to the days when good clever people made
| good clever things, polished them to perfection simply because
| they care, and just shared them with the world
|
| Spoken like someone who doesn't need to worry about their income.
| sritchie wrote:
| If someone gets into that situation, isn't this exactly what
| you'd hope they'd be spending their time doing, for the rest of
| our sakes?
| moistbar wrote:
| I was thinking it sounded beyond arrogant. Wording like that is
| a surefire way to get me not to use your product.
| eCa wrote:
| It's a quote from Gruber's review, not from the maker of
| Hush.
| moistbar wrote:
| Whoops.
| dunkeylim wrote:
| Always a reason to criticize everything.
| llacb47 wrote:
| So this is basically a wrapper for Fanboy's cookie monster list?
| This is really nothing special IMO.
|
| Plus, the fact that the filters are inside of the app source and
| not fetched from a remote repo means that filtering errors
| (false-positives) will take hours or maybe days to be fixed, as
| the dev will need to push out an update (or pull Fanboy's
| upstream fixes), it will need to be approved by Apple, and then
| the user will need to update the entire extension.
|
| Compare this with uBo or Adguard, where one can manually check
| for updates and pull a new version of a single filter list or
| every filter list in ten seconds. In uBo, the user can also
| badfilter the offending line in the list or disable uBo from
| running on a specific domain.
|
| In general, as evidenced from this issue list, cookie consent
| lists are somewhat problematic and can break sites. Some of these
| issues may be fixed by now. https://github.com/ryanbr/fanboy-
| adblock/issues?q=%22easylis...
| radicaldreamer wrote:
| All these "apps" are required because Apple doesn't allow
| extensions like uBo to work with Safari and they force
| ("strongly encourage") developers who want to create simple
| extensions to go through and make a whole app with the right
| entitlements on both iOS and Mac.
| galad87 wrote:
| It doesn't need to be approved by Apple. The app can download a
| new list directly. Or run in background and update the list
| when needed.
| kitsunesoba wrote:
| Yes, Wipr does exactly this. Safari content blocker extension
| blocklists don't have to be static -- the host app and (I
| think) native extension code can modify blocklists as needed.
| llacb47 wrote:
| Yes, but submitting a new version is what the dev is doing,
| at least right now. https://github.com/oblador/hush/issues/13
| #issuecomment-76639...
| skycocker wrote:
| It would be awesome if it worked on Google.com / YouTube.com and
| some of my local news websites. Uninstalling for now, but I'll
| try it again in a few weeks - the idea is very promising to me
| and the world desperately needs this. My day just got better
| thanks to this developer, even though there is still room for
| improvement. Good luck!
| terramex wrote:
| Your mileage may vary but the first 3 websites I opened after
| installing it:
|
| - https://twitter.com/ still shows cookie banner at the bottom
|
| - https://botland.com.pl still shows cookie banner at the bottom
|
| - https://www.17track.net started showing "You are seeing this
| message because ad or script blocking software is interfering
| with this page." at the bottom of the page and asked me to solve
| a captcha
| ronyfadel wrote:
| I'd recommend you file an issue (or even better, a pull
| request) at https://github.com/oblador/hush/issues
| swinglock wrote:
| May be better to report it to Fanboy. This app seem to be
| almost entirely based on it. Doing so helps many more users
| than those of this app. Are improvements upstreamed or does
| it just piggyback?
|
| https://github.com/oblador/hush/tree/master/data
| jccalhoun wrote:
| Good point. If you are already using an adblocker and are
| interested in this then you can just ad the fanboy list
| from easylist to your adblocker.
| unicornporn wrote:
| Fanboy's Annoyance should already have what Fanboy's
| Cookiemonster List has. And, it's one of the default, but
| not activated, lists in uBlock Origin.
|
| Note that neither Safari nor Chrome are good choices if
| you want an effective adblocker these days.
|
| Firefox, use it.
| bagacrap wrote:
| for every site you visit? yeah no thanks
| pensatoio wrote:
| I think you're setting unreasonable expectations. Ad
| blocking has years of work behind it, and it still isn't an
| exact science. Cookie banners are even harder, because they
| usually only come in the form of an element that blends in.
| Waterluvian wrote:
| That's kind of the point. The solution is one by one
| blacklisting?
|
| If so it needs to be better than making tickets. What
| about a system to hide the elements manually and that
| action feeds into a database?
| colejohnson66 wrote:
| Have you ever looked at a blocklist? It's literally
| _thousands upon thousands_ of rules. And you blocking
| something shouldn't add it to a list because what you
| block may not be what someone else wants blocked.
| ludwigschubert wrote:
| It turns out the author links a Google Form for reporting
| problems in the app:
|
| https://docs.google.com/forms/d/e/1FAIpQLSeox139lwja1Yl94dIZ.
| ..
| riggsdk wrote:
| I find their privacy policy rather disturbing.
|
| Basically they initially say no data ever leaves the device but
| then they go on to say:
|
| 1) in case of a problem they gather detailed log data
|
| 2) They "may" store third party tracking cookies
|
| 3) Third parties will get access to my personal information
| (though they seem to promise they won't abuse it) hmm
|
| 4) They directly write that they can't guarantee the safety of my
| personal information
|
| I think I'll pass on this one.
|
| Privacy policy: https://hush-1.flycricket.io/privacy.html
|
| The extension was also posted here (where I originally posted the
| above comment):
| https://news.ycombinator.com/threads?id=trastknast
| trastknast wrote:
| Author here. Apple requires you to have a privacy policy
| available online to even submit the an app for review. I used
| this from a generator I found online with the intention to
| update this one in the next app submission to point to the
| repo, but it blew up yesterday and just haven't gotten around
| to doing that yet. No bad intentions, what's said on the
| website is true, and you can verify that in the code.
| trastknast wrote:
| I quickly pushed up the draft I had locally and will submit
| an update to App Store, but they have to review it before it
| goes public. Feedback welcome!
| https://github.com/oblador/hush/blob/master/PRIVACY.md
___________________________________________________________________
(page generated 2021-01-24 23:01 UTC)