µBlock and others: Blocking ads, trackers, malwares

Hard data, not hype.

Latest benchmark: 16 February 2015 (raw data spreadsheet). (Previous: 2014-09-30, 2014-07-22)

This benchmark is to measure privacy exposure, by counting the number of distinct 3rd-party domains which have been hit by net requests during the benchmark. The lower the number of distinct 3rd-party domains hit, the better.

Some benchmarks measure the amount of requests blocked, which I think is of no interest as a useful measurement of privacy exposure. The number of requests blocked is no guarantee of less distinct 3rd-party domains being hit (and leaving a trace in the servers' logs).

Measuring directly the number of distinct 3rd-party domains which were hit is a much better and relevant measurement for comparison of privacy protection efficiency in my opinion.

Privacy benchmark graph

Caveat: "3rd-party" is defined as a domain which doesn't match the domain of the web page. For sure many domains reported as "3rd-party" actually belong to the same entity which owns the page domain (for example, yimg.com is owned by yahoo.com). There is no way for the benchmark code to know this, unless using a comprehensive database of who owns which domain -- that is beyond my means. Still, the benchmark is useful if comparing blockers among themselves, or against when no blocker is used.

Results -- figures are "3rd party / all". Ordered from least 3rd-party hits to most 3rd-party hits. Privacy-wise, lower numbers are better.

µBlock 0.8.8.1

Distinct 1st-party/3rd-party pairs: 491
Scripts: 980 / 1635
Outbound cookies: 58 / 269
Net requests: 3,987 / 7,956

Adblock Plus 1.8.10

Distinct 1st-party/3rd-party pairs: 497
Scripts: 1009 / 1733
Outbound cookies: 67 / 284
Net requests: 4,069 / 8,166

Ghostery 5.4.1

Distinct 1st-party/3rd-party pairs: 501
Scripts: 882 / 1619
Outbound cookies: 120 / 370
Net requests: 4,031 / 8,218

Disconnect 5.18.18

Distinct 1st-party/3rd-party pairs: 555
Scripts: 1186 / 1685
Outbound cookies: 130 / 382
Net requests: 4,462 / 8,219

No blocker

Distinct 1st-party/3rd-party pairs: 2977
Scripts: 3800 / 4647
Outbound cookies: 1641 / 2097
Net requests: 12,131 / 16,851

Notes

The figures show the number of requests allowed, thus lower numbers are better. The point is to count the number of distinct 3rd-party/1st-party pairs after running the reference benchmark (two repeats in the current instance).

The less distinct 3rd-party/1st-party pairs, the better.

Data diffs

This shows the differences in what was not blocked. If something appears on side A but not on side B, this mean side B blocked something not blocked by side A, and vice versa.

µBlock/ABP: https://www.diffchecker.com/czy6h5lq
µBlock/Ghostery: https://www.diffchecker.com/zapbh5b9
µBlock/Disconnect: https://www.diffchecker.com/386c367m

These diffs may help you in deciding whether you should complement uBlock with another blocker, though keep in mind you can always ask µBlock to block more (dynamic filtering may come handy for this).

Observations

Using the data diffs, one can observe that there are large areas of privacy exposure related to:

facebook.com (44)
facebook.net (45)
googletagservices.com (39)
twitter.com (34)

So if this concerns you (it should), I would say the best way to foil these is to use dynamic filtering. Here are the rules, which will block all these 3rd-parties, except when used as 1st-party:

* facebook.com * block
* facebook.net * block
* googletagservices.com * block
* twitter.com * block
facebook.com facebook.com * noop
facebook.com facebook.net * noop
twitter.com twitter.com * noop

With these few dynamic filtering rules, you would lower the "distinct 1st-party/3rd-party pairs" figure for µBlock to 329 (from 491). As a bonus, pages will load markedly faster.

Any of the blocked domains above can easily be unblocked for a specific site. For example, if ever you want Twitter widgets to work when visiting AnandTech, just set twitter.com to a local noop for that site, a mere point-and-click when using the dynamic filtering matrix.

Methodology

All blockers were configured in such a way as to compare apples-vs-apples:

Ghostery: Select all trackers except "Widgets". "GhostRank" not checked. "Update now" clicked (and ensured whatever new filters were used).
µBlock: Out-of-the-box settings -- no change.
Adblock Plus: "EasyList" + "EasyPrivacy", "Peter Lowe's list", "Malware Domains" checked. "Acceptable ads" unchecked. "Update now" clicked.
Disconnect: Out-of-the-box settings -- no change.

Browser settings (if you mind your privacy, there is no way around these settings):

"Click to play" enabled.

I forgot to check "Block third party cookies and site data", so 3rd-party cookies were allowed during the benchmark.

Sessbench was used to run the benchmarks, and each extension was tested as the only extension active in the browser.

The official Public Suffix List is used to determine the domain of a URL.

uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.

Wiki home
About the Wiki documentation
Permissions
- Can you trust uBlock Origin?
Privacy policy
- Why don't you accept donations?
Info:
- Source (for developers)
- uBlock Origin Core (Node.js)
- About Safari, Canary, Tor and Kiwi support
The toolbar icon
The popup user interface
- The per-site switches
The context menu
Dashboard
- Settings pane
  - Cloud storage
  - Advanced user features
    - Advanced settings
- Filter lists pane
- My filters pane
  - Static filter syntax
    - Procedural cosmetic filters
    - Resources Library
- My rules pane
  - Dynamic filtering
  - Dynamic URL filtering
- Trusted sites pane
  - How to mark a web site as trusted
- Keyboard shortcuts
The logger
- DOM inspector
Element picker
Element zapper
Blocking mode
- Very easy mode
- Easy mode (default)
  - Easy mode + more privacy
  - Easy mode + enhanced security/privacy
- Medium mode (optimal for advanced users)
- Hard mode
- Nightmare mode
Strict blocking
- Badware risks
Few words about re-design of uBO's user interface
Reference answers to various topics seen in the wild
Overview of uBlock's network filtering engine
- Overview of uBlock's network filtering engine: details
- Does uBlock Origin block ads or just hide them?
- Doesn't uBlock Origin add overhead to page load?
- About "Why uBlock Origin works so much better than Pi‑hole does?"
uBlock's blocking and protection effectiveness:
- uBlock and others: Blocking ads, trackers, malwares
- About "This other extension reports more stuff blocked!"
- About "uBlock is inferior in capabilities as a result of being lighter on the browser"
- Does uBlock protect against fingerprinting?
- Does uBlock have parental control or password protection?
uBlock's resource usage and efficiency:
- Memory footprint: what happens inside uBlock after installation
- uBlock vs. ABP: efficiency compared
- Counterpoint: Who cares about efficiency, I have 8 GB RAM and|or a quad core CPU
- Debunking "uBlock Origin is less efficient than Adguard" claims
- Myth: uBlock consumes over 80MB
- Myth: uBlock is just slightly less resource intensive than Adblock Plus
- Myth: uBlock consumes several or several dozen GB of RAM
- Various videos showing side by side comparison of the load speed of complex sites
- Own memory usage: benchmarks over time
- Contributed memory usage: benchmarks over time
- Can uBO crash a browser?
Tools, tests
Deploying uBlock Origin
Proposal for integration/unit testing
uBlock Origin Core (Node.js):
- Split out uBO core functionality into separate module
Troubleshooting:
- Privileged Pages
- Software known to have uninstalled uBlock Origin
- The removed element reappears when you reload the page
- Read carefully if using uBO/webext on legacy Firefox
Good external guides:
- How to use uBlock Origin advanced user mode tutorial ↗︎
- Firefox: uBlock Origin – Firefox-Kompendium Teil2 ↗︎
- Beginners Cheat Sheet - "Syntax Meanings That Are Actually Human Readable" ↗︎
Scientific papers

Provide feedback

Saved searches

Use saved searches to filter your results more quickly