Uassets: Forcible /g00 adware insertion on newspaper websites

The /g00 stuff is Instart Logic's crap. I have no problem with perceiving this as crapware -- their code goes out of its way to work against end users, doing its best to try to turn user agents (browsers) into proprietary devices.

Well is there any solution for this, besides from blocking the inline scripts ? Blocking inline scripts would be the last thing I wanna do, that's why I posted here.

is there any solution for this

I will be able to answer when I have the time to investigate.

I've investigated Instart Logic's crap for the past 3 hours, I now know how they work, how they communicate, how they implement on new customers and etc.
I have a lot of information to reveal and I know the best non "cat & mouse" solution to fight them that we can implement right now.

@gorhill , If you can arrange private channel maybe an invisible thread on issues.adblockplus.org (just give me access I am using the same username there) I will post there all the details.

I don't want Instart Logic people to see my research report.

@IsraeliAdblocker Please do. If these guys find success, soon all other major blogs and websites will be infested with it and we will be forced to block inline scripts every now and then, so far folks at easylist forum came up with a filter which no longer works and only worsens the situation.

example.com##script:inject(abort-on-property-write.js, I10C) works on my end.
Example:
Go to http://www.sandiegouniontribune.com
You will get peppered with g00 requests.
Now addsandiegouniontribune.com##script:inject(abort-on-property-write.js, I10C)
no more g00 requests, at least on my end.
Should work with all the mentioned domains.

example.com##script:inject(abort-on-property-write.js, I10C) works on my end

Tried first site in list, orlandosentinel.com, and the site is rather broken, images won't display.

I suggest:

orlandosentinel.com##script:inject(wowhead.com.js)

Will await feedback.

orlandosentinel.com displays fine on my end, nothing appears broken,
anyway, if I go to orlandosentinel.com, then clear cookies, add
orlandosentinel.com##script:inject(wowhead.com.js),
then reload this is the logger output filtered for "g00"

and this after I add orlandosentinel.com##script:inject(abort-on-property-write.js, I10C)

and like I said all the pictures display just fine on my end.

The only mentioned site that doesn´t work on my end is boston.com,
but the issue there seems to be the filter boston.com##script:inject(i10c-defuser.js)
in uBlock filters list, if I disable it, it also works on my end.

sandiegouniontribune.com##script:inject(abort-on-property-write.js, I10C)

That does stop the onslaught attack /g00 attack, however manipulates and adds /g00/refferr/i to the domain at the address bar, and still adds referrer tracking cookies.

sandiegouniontribune.com##script:inject(wowhead.com.js)

This one stops the attack from happening at the root page, however cookies are still created and inserted to the browser and occasional /g00 ads get loaded silently after few mins.

Did you clear the cookies before you added the filter?
Because I don`t see any.

Neither is there anything added to the domain.

Yes I do, I have page opened in another tab. Please let me finish what I'm testing. Also by cookies I meant third-party cookies which are inserted as first party.

https://i.gyazo.com/d40c182c13f113fb41ddee2a4ac4d5fd.png

using Wowhead reduced the amount crap cookies being inserted however some are still inserted apart from the main domain, even when I'm blocking 3rd party cookies and site data.

Apparently wowhead isn't effective as I thought. I deleted all cookies/site data related to the site sandiegounion tribune and with wowhead filter reloaded again.

Website (after few secs) - https://i.gyazo.com/b5fd844104770562743a921908b52b26.jpg

Cookies - https://i.gyazo.com/513e196f14fa3587ec624ade2a5c3bcf.png

Tested with sandiegouniontribune.com##script:inject(i10c-defuser.js)

same result as wowhead, ads manage to load after few secs and crap cookies are being inserted.

@gorhill , Please tell me how can I privately share my research with you?

@gorhill I can, not reliably, sometimes it works, reproduce a broken orlandosentinel.com
with the filter
orlandosentinel.com##script:inject(abort-on-property-write.js, I10C).

So my previous post was inaccurate. The reason that I couldn´t reproduce was that I didn´t
realize that I used Chrome 49 on that computer.
I still can never reproduce a broken orlandosentinel.com with Chrome 49, but I can with Chrome 55.
Sorry for any confusion I caused.

orlandosentinel.com##script:inject(wowhead.com.js) works fine on my side: the first load, the page will redirect to a non-g00 version eventually, as it thinks the console is opened, and as a result the Instart Logic code stops doing crappy things (not unlike cockroaches running for hiding spots when turning on the light):

There are instances of URL with g00 in it, but it's just the URL of the document itself.

I now tested Edit: orlandosentinel.com##script:inject(abort-on-property-write.js, I10C and
sandiegouniontribune.com##script:inject(abort-on-property-write.js, I10C)
with Chrome 49, Chrome 55, Firefox 50.1.0 and Microsoft Edge.
The problem you describe only occurs on Chrome 55 for me.
It works fine on all other browsers.
My OS is Windows 10.

@IsraeliAdblocker See https://github.com/gorhill/uBlock/issues/1930#issuecomment-268005424.

Tried this boston.com,mcall.com,sun-sentinel.com,sandiegouniontribune.com,orlandosentinel.com##script:inject(wowhead.com.js)

With that filter, I tested, both orlando and sandiego, the first load is very slow and takes a lot of time for the loading spinner to stop; still creates some g00 cookies. After refreshing the site upto 3 or 4 times, it becomes normal. /g00 redirection is still there, however it's like a popup defuser, it comes when you click and the URL resets back immediately like it never happened, atleast the website is browsable now. I have yet to test the remaining aforementioned ones for similar behaviour.

The boston.com one still exhibits the issue with the wowhead.com.js scriplet (I will rename more appropriately eventually). I am investigating -- I added a scriptlet which defuses Instart Logic's ability to detect that the console is opened, so I can freely investigate using dev tools now.

It seems spoofing user agent string to Firefox's ones works perfectly on Chromium. I'm using uMX for spoofing Firefox's UA and it does the job too. So only Chromium based browsers are affected by this.

Edit - sandiego one still loads slow and injects g00 cookies and other crapware cookies.

Edit2 - doesn't seem to work on sun-sentinel.com, loads ads even after spoofing the UA.

So only Chromium based browsers are affected by this.

Yes: https://np.reddit.com/r/wow/comments/5exq2d/wowheadcom_sucking_bandwidth/dagbmie/. The server will serve a different document if Firefox (or "not Chrome").

Essentially, the g00 URLs are obfuscated URLs to 3rd-parties that would normally be blocked by blockers:

And those 3rd party urls leave their crap cookies with the help of the script which inserts the cookies as first party ? I already have the Block 3rd party cookies and site data activated, so that's the only way around to insert 3rd party data onto my browser.

And those 3rd party urls leave their crap cookies with the help of the script which inserts the cookies as first party ?

Looks like this.

I find ||boston.com^$inline-script seems to work fine.

There is no obvious site breakage but www.boston.com/video will not work, if you disable
inline-script.
There is no "g00" crap in the sourcecode of www.boston.com/video, so if you add
@@||www.boston.com/video$inline-script
the video site works.

Except for boston, the rest of the lot breaks at root page with thumbnails for the articles and videos at any individual article.

timeanddate.com loads g00 too. Noticed when a video ad appeared. ##script:inject(abort-on-property-write.js, I10C) breaks the date selection menus that pop up for example on https://www.timeanddate.com/date/dateadd.html when clicking into a field. ||g00.timeanddate.com^$subdocument seems to work.

Another one - chicagotribune.com

Blocking the /g00 profiler did make it browsable, still inserts the same crap as others.

The Instart Logic's code contains a list of sites using their obfuscation scheme, all those listed here are in there -- including chicagotribune.com.

I have a solution, now I have to decide how to make it available. I am thinking of maybe turning uBO-WebSocket into uBO-Extra which would contains all the code which goes beyond filter-based solutions to address some nastiness out there, including the one reported here.

I'm not using uBO-WebSocket ext. By turning Websocket into Extra, will users have to install that extension ?

Yes.

Dear Raymond, (@gorhill)
I understand your status, but I feeling uncomfortable to reveal my research info to Public eyes.
Please send me an email to: [email protected], and I will send you what I have, I want you to have that info, you can decide to use it or not at your own choice.

Thanks.

I feeling uncomfortable to reveal my research info to Public eyes.

Given what Instart Logic's technology does, I think there is a lot of value to make public all your findings. Their technology is extremely hostile to users, as it's also a way to bypass a user's wish to block third-party cookies, or even a user's wish to block undesirable servers using a hosts file. I can see broad public disapproval to the technology and we should not underestimate the shame factor. (The company behind the technology knows this, as the obfuscation stops as soon as an investigative user open the dev console).

uBO-WebSocket has been renamed uBO-Extra, with a broader purpose of better meeting user expectations when they use uBlock Origin. It takes care of the issue here. Updated in Chrome store as well.

Works great with the mentioned sites, however with sites like
http://ottawacitizen.com or http://www.thomson.co.uk
it breaks part of the functionality of the sites.
In the case of http://ottawacitizen.com you can't use the search function or sign in.

In the case of http://www.thomson.co.uk you can't use the interactive boxes.

Other sites with that issue
montrealgazette.com, calgaryherald.com, edmontonjournal.com, theprovince.com, windsorstar.com, firstchoice.co.uk, leaderpost.com, thestarphoenix.com, falconholidays.ie

Thanks @okiehsch, I will investigate the issues.

• ottawacitizen.com: I did see the HtmlStreaming issue.
• www.thomson.co.uk: looked fine (now it's "undergoing essential maintenance"). What was broken exactly?
• montrealgazette.com: did not see the HtmlStreaming issue.
• calgaryherald.com: did not see the HtmlStreaming issue.
• edmontonjournal.com: did not see the HtmlStreaming issue.
• theprovince.com: did not see the HtmlStreaming issue.
• windsorstar.com: did not see the HtmlStreaming issue.
• firstchoice.co.uk: Site is "undergoing essential maintenance".
• leaderpost.com: did not see the HtmlStreaming issue.
• thestarphoenix.com: did not see the HtmlStreaming issue.
• falconholidays.ie: Site is "undergoing essential maintenance".

• www.thomson.co.uk see second screenshot of my previous post.
  Edit: The Question of what was broken: You couldn't use the boxes
  "Fly from" "Where to" etc.

• montrealgazette.com same issue as ottawacitizen.com, can still reproduce
  
  Same is true for the rest, except for the sites undergoing maintenance.

For example the console for leaderpost.com

List of sites gathered from the IL's g00-related script (does not necessarily mean these sites are g00 infested, this will need confirmation):

about.com
applyabroad.org
boston.com
cargurus.com
chroniclelive.co.uk
cnet.com
corriere.it
gamepedia.com
mmo-champion.com
twincities.com
edmunds.com
foxnews.com
gamerevolution.com
holidaycheck.de
i10c.net
infinitiev.com
instarttest.com
drudgereport.com
headlinepolitics.com
refdesk.com
tellmenow.com
thepoliticalinsider.com
tmn.today
legacy.com
metal-hammer.de
msn.com
nasdaq.com
photobucket.com
calgaryherald.com
calgarysun.com
canoe.com
edmontonjournal.com
edmontonsun.com
financialpost.com
ifpress.com
leaderpost.com
montrealgazette.com
nationalpost.com
ottawacitizen.com
ottawasun.com
theprovince.com
thestarphoenix.com
torontosun.com
vancouversun.com
windsorstar.com
winnipegsun.com
ranker.com
reshadi.com
saveur.com
sherdog.com
slickdeals.net
space.com
buzznet.com
celebuzz.com
deathandtaxesmag.com
gofugyourself.com
idolator.com
spin.com
stereogum.com
thefrisky.com
thesuperficial.com
vibe.com
sporcle.com
sportingnews.com
testdomain.com
thinkfu.com
timeanddate.com
tronc.com
baltimoresun.com
capitalgazette.com
carrollcountytimes.com
chicagotribune.com
citypaper.com
courant.com
ctnow.com
dailypress.com
delmartimes.com
discoversd.com
growthspotter.com
hoylosangeles.com
lajollalight.com
latimes.com
mcall.com
orlandosentinel.com
ranchosantafereview.com
redeyechicago.com
sandiegouniontribune.com
southflorida.com
sun-sentinel.com
vagazette.com
trustedreviews.com
washingtonpost.com
weather.com
destinydb.com
hearthhead.com
lolking.net
mmoui.com
opshead.com
wowhead.com
zam.com
computershopper.com
extremetech.com
geek.com
ign.com
logicbuy.com
pcmag.com
speedtest.net

montrealgazette.com same issue as ottawacitizen.com, can still reproduce

Looks like I might be served a different document, there is no instance of HtmlStreaming on my side in the source code, no such error at the console.

Seems to be the case

Edit: Your list of sites include quite a few where I can't see any remnants of g00 script
in the source code.

Ok I understand, they are browser-sniffing, and the g00 javascript is not served with Chrome 57, but occurs with Chromium 53 (I use Chrome to test uBO with default settings).

After a rather crude search here:
https://publicwww.com/websites/i10c.morph/
All the sites listed there have at least remnants of "Instart Logic" in their source code.

Edit:
thomson.co.uk, falconholidays.ie and firstchoice.co.uk have finished maintenance.
All three use different source codes on my end and work fine now.

uBO-Extra works as intended, thanks a lot. Still doubleclick.net and google-analytics's channel ID cookie was placed, can you do something about that ?

I modified the approach re. g00: the g00-busting code will be injected only on sites for which it has been tested as working. Currently there is two version of the g00-busting scriptlet: one is the same as published yesterday, the other one is specific to those sites above using HtmlStreaming. The g00-busting scriplet will be injected only on site for which it is tested and confirmed as working as intended. Thus, report here any site which must be added.

uBO-Extra 2.0 works on timeanddate.com, uBO-Extra 2.1 does not. I assume it should be added to the list of working sites then.
Is there an easier way to test sites than switching between 2.0 and 2.1?

Is there an easier way to test sites than switching between 2.0 and 2.1?

Best is to load the extension locally, and add sites to the list in the code, then restart the extension to see if it works (clear cookies for the site -- I use a new private window for each test). There are two scriptlet versions for g00 stuff, uBO-Extra v2.1 contains both, while v2.0 contains only one. If view-source: for the site shows that it used HtmlStreaming, the second scriptlet is probably the one to use. Since timeanddate.com worked with v2.0, then the first version is the one to use.

In retrospect it was bad to apply the fix indiscriminately.

@gorhill have you approached me via email? I've sent a response but now I have second thoughts that this weren't you, just checking.

@gorhill have you approached me via email?

I did not contact you by email. For personal reasons, I abstain from using my personal email for anything related to GitHub (except for _very_ rare exceptions), this is also why I pretty much never answer emails sent to me as a result of my presence on GitHub.

OK, so I was contacted by Instart Logic with this email:
`What do you want to share with me about the g00 stuff?
Again keep in mind the HTML/CSS/JS code is open to anybody.

--
gorhill`

from this address:
raymond.[email protected]

Now they have the info :) and we are sure to know that they are reading this thread and chaining everything by our comments.

This is the mail I've sent, now that I know that this is probably them that opened this email:

```I am not talking about the HTML/CSS/JS code that is opened to everyone.
I am aware of the fact that there are strings of domains that they are working with in their code.
But I've found out, that there is a single URL which you can test and find if any website has been using Instart logic tech, even those who are testing their tech in their test environment.

This URL is a good example:
http://d3btzwrpys5idxnpbmvzcy5maw5hbmnpywxwb3n0lmnvbq00.g00.zam.com/g00/2_d3d3LmZpbmFuY2lhbHBvc3QuY29t_/TU9SRVBIRVVTMiRodHRwOi8vd3BtZWRpYS5idXNpbmVzcy5maW5hbmNpYWxwb3N0LmNvbS8yMDE0LzA1L3R3ZWVkLmpwZz93PTMwMCZpMTBjLm1hcmsuaW1hZ2UudHlwZQ%3D%3D_$/$/$/$

This is an example for zam.com, all that you need to do in order to check different website is to change this to something else.
I've checked this URL against the top 10K alexa domains plus the strings from their JS file and those are the domains that they are working with correctly.
ottawacitizen.com
montrealgazette.com
leaderpost.com
thestarphoenix.com
theprovince.com
vancouversun.com
calgaryherald.com
edmontonjournal.com
windsorstar.com
orlandosentinel.com
sandiegouniontribune.com
sun-sentinel.com
mcall.com
Boston.com
Edmunds.com
pcmag.com
LolKing.net
Wowhead.com
torrentsgroup.com
nasdaq.com
saveur.com
financialpost.com
montrealgazette.com
ottawacitizen.com
ottawasun.com
vancouversun.com
windsorstar.com
celebuzz.com
deathandtaxesmag.com
timeanddate.com
capitalgazette.com
financialpost.com
weather.com
ign.com
logicbuy.com
geek.com
extremetech.com
computershopper.com
zam.com
opshead.com
hearthhead.com
destinydb.com
redeyechicago.com
latimes.com
dailypress.com
courant.com
citypaper.com
carrollcountytimes.com
baltimoresun.com
sportingnews.com
sporcle.com
vibe.com
thesuperficial.com
thefrisky.com
stereogum.com
spin.com
gofugyourself.com
celebuzz.com
sherdog.com
ranker.com
winnipegsun.com
torontosun.com
thestarphoenix.com
nationalpost.com
edmontonsun.com
canoe.com
calgarysun.com
photobucket.com
legacy.com
msn.com
tmn.today
infinitiev.com
holidaycheck.de
gamerevolution.com
edmunds.com
twincities.com
mmo-champion.com
gamepedia.com
cnet.com
chroniclelive.co.uk
about.com

as you can see, the list contains 5 of the top 100 websites in the world:
msn.com
about.com
cnet.com
ign.com
weather.com

Moreover, I have a rule that will win the game, a rule that will work in both Ublock and ABP.

if we will do this:

@@||sporcle.com^$generichide
@@|http://$image,domain=sporcle.com,third-party
||*.sporcle.com^$subdocument

we will kill the way that they detecting Adblock while blocking their iframes.
in that way, if they will change the way that they detect Adblock, they will be the ones who will destroy all of their websites functionality, so the websites owners won't allow it and Instart Logic will be stuck.
so they will have no option.

If they will change the way that they detect Adblockers and their Ads will appear, the $subdocument rule will force their code to destroy the site (with their hands, since they are doing this while listening to the iframe onerror).

If they won't change the way that they detect Adblockers, they will have to remove the part that is destroying the site before changing their inline script, and then our $subdocument rule will do it's part again.```

You should be more careful before answering e-mails. He doesn't have any e-mail address at usa.com, it's sent from an e-mail spoofing server. Check the message source and you will find out the origin of the server from where the e-mail arrived, :D

Whoever it is, judging from the e-mail, is keeping track of things on this issue tracker.

The following sites will all display
Uncaught TypeError: Cannot read property 'HtmlStreaming' of undefined
in the console and therefore potentially break some functionality of the site,
if you use uBO-Extra v2.0.

abchome.com; barenecessities.com; bergdorfgoodman.com; canada.com; calgaryherald.com; driving.ca; edmontonjournal.com; edmunds.com; esalerugs.com; essie.com; falconholidays.ie; firstchoice.co.uk; ghurka.com; hayneedle.com; hockeyinsideout.com; homes.com; horchow.com; irugs.co.uk; journeys.com; katespade.com; lastcall.com; leaderpost.com; leonardo.com; livingspaces.com; montrealgazette.com; nationalpost.com; officedepot.fr; opshead.com; ottawacitizen.com; pens.com; pens.jp; penseurope.com; petflow.com; rockler.com; rugstudio.com; smartpakequine.com; stelladot.com; theprovince.com; thereformation.com; thestarphoenix.com; thomson.co.uk; thrivemarket.com; viking.es; vikingdirect.be vikingdirect.fr; vikingdirect.ie; vikingdirect.nl; vikingop.it; viking-direct.co.uk; visiondirect.com; windsorstar.com; woodworkersjournal.com;

Many of these sites do not serve any "g00" crap, but all of them have
I10C.HtmlStreaming.PatchInit in their source codes which will lead to the aforementioned
error in the console with uBO-Extra v2.0.

thestarphoenix.com, edmontonjournal.com and montrealgazette.com are special cases, atleast on my end,
because they will not display at all with uBO-Extra v2.0 or uBO-Extra v2.1,
even if I whitelist them.

With uBO-Extra v2.0 I get the expected Uncaught TypeError: Cannot read property 'HtmlStreaming'
With uBO-Extra v2.1 I get

The other sites mentoned in Instart Logic buster: v2 work fine.

With uBO-Extra v2.1 I get

The error seems to come from a pubads_... script (which I believe is from Google Ads). I do not see such script loaded on my side. What does the logger says? Are there any exception filters on your side as a result of using non-default filter lists?

As I said this happens even if I whitelist the site as indicated by the grey uBlock symbol in the screenshot.
The logger predictably shows nothing.

The logger if i do not whitelist the site

with the console output

www.nationalpost.com
how disconnect and ghostery are preventing g00 stuff from loading. i wonder?????
i don't see cookie stored in chrome of g00 using ghostery

seems problem only with ublock origin/adguard/abp/privacy badger

They probably don't prevent it from running but they don't block the requests that g00 uses to detect adblockers. I guess their filter lists aren't as extensive and g00 simply doesn't target them (yet).

They probably don't prevent it from running but they don't block the requests that g00 uses to detect adblockers.

Yeah, notably Ghostery does not block network requests to ad servers, Ghostery left, uBO right:

nationalpost.com
also Firefox with ublock origin enabled handles g00 stuff with just 1 ublock privacy filter
seen 207 network requests blocked in Firefox ublock origin version....
Chrome going crazy

Firefox does not handle g00 stuff, the server sends a different document to Firefox users. Just spoofing the UA to Firefox when using Chrome and no g00 stuff.

Thanx. .👌 for Firefox ublock origin version😊

Spoofing UA doesn't stop the onslaught of 3rd party cookies that are fired to the browser though on Chromium.

so it's an easy solution, just spoof the UA of the user when UBo detect one of those sites.

@gorhill

Best is to load the extension locally, and add sites to the list in the code, then restart the extension to see if it works

This list works on my end.

Instart Logic buster: v1

        'baltimoresun.com',
        'boston.com',
        'capitalgazette.com',            
        'carrollcountytimes.com',    
        'celebuzz.com',
        'chicagotribune.com',
        'courant.com',                  
        'dailypress.com',                   
        'deathandtaxesmag.com',                 
        'gamerevolution.com',                   
        'gofugyourself.com',                    
        'hearthhead.com',                
        'infinitiev.com',
        'mcall.com',
        'nasdaq.com',
        'orlandosentinel.com',
        'ranker.com',
        'sandiegouniontribune.com',
        'saveur.com',
        'sherdog.com',
        'spin.com',
        'sporcle.com',
        'stereogum.com',
        'sun-sentinel.com',
        'thefrisky.com',                    
        'thesuperficial.com',                   
        'timeanddate.com',                  
        'tmn.today',
        'vancouversun.com',
        'vibe.com',
        'weather.com',
        'wowhead.com',

Instart Logic buster: v2

        'calgaryherald.com',
        'edmontonjournal.com',
        'edmunds.com',
        'financialpost.com',
        'leaderpost.com',
        'montrealgazette.com',
        'nationalpost.com',
        'ottawacitizen.com',
        'theprovince.com',
        'thestarphoenix.com',
        'windsorstar.com',

@okiehsch Can you submit a pull request for these additions?

List of sites gathered from the IL's g00-related script (does not necessarily mean these sites are g00 infested, this will need confirmation):

extremetech.com

I think this site is using g00 crapware. I see below re-directions.. pulled from the logger. Along, with turning all 3rd party requests/cookies for 1P request/cookies.

http://www.extremetech.com/
http://www.extremetech.com/g00/?i10c.referrer=

uBO v1.10.4 + uBO Extra v2.6 on Chrome v55

Fixed with https://github.com/gorhill/uBO-Extra/releases/tag/2.7.

@gorhill , you can also add
celebslam.com, computershopper.com, geek.com, lolking.net, mmo-champion.com, pcmag.com, twincities.com
All to Instart Logic defuser v1.

only celebslam.com

They do not serve it to everybody at the same time,
I can still reproduce.
Go to
view-source:http://www.computershopper.com/g00/?i10c.referrer=
view-source:http://geek.com/g00/?i10c.referrer=
view-source:http://lolking.net/g00/?i10c.referrer=
view-source:http://www.pcmag.com/g00/?i10c.referrer=
view-source:http://www.twincities.com/g00/?i10c.referrer=
Do you see any "g00" in the source code?

At mmo-champion.com they reported the ads in the forum.
http://www.mmo-champion.com/threads/631902-Advertising-Reporting-bad-ads/page45

Have you uploaded v2.7 to chrome store ?

Why not recommend disabling 3rd party cookies in the browser settings? I've been doing that for years.

Why not recommend disabling 3rd party cookies

I have always disabled 3rd party cookies and site data from the beginning and even after that they bypassed it by sending third-party cookies as first party cookies through an inline-script. It's not as simple as you think.

@gorhill uBO Extra on chicagotribune.com no longer works, ads are shown and g00 cookies are being inserted again.

Same result on others too.

for ref - https://forums.lanik.us/viewtopic.php?p=112176#p112176

Unable to reproduce. I also tried with a US VPN in case.

fixed in easylist
https://github.com/easylist/easylist/commit/9261f6a493343000916026d1e73aeae440259041

Personally I believe such solution based on such broad exception filter should come with disclosure to users:

side-effect to the solution: to unblock 3rd-party javascript resources from anywhere which URL has the pattern .js?& in it, _including_ from sites listed in your privacy or malware lists you may have enabled.

fixed in easylist

no change, g00 cookies are still being inserted and ads get loaded. Whitelisting is not going to foil this or anything 👎

https://i.gyazo.com/a345f1e6e3d037020573ccb2811ab620.png

Unable to reproduce.

I can reproduce it on Chrome 57
https://i.gyazo.com/6f5d7689f4dd5b40eb6b4aa247da342f.png

g00 cookies - https://i.gyazo.com/bf0038ffcae33a3621e7ca9ad4a12831.png

Correcting myself: I can reproduce using Chrome 57 when not using uBO-Extra. I can't reproduce using Chrome 57 when uBO-Extra is enabled (I had forgotten to enable it). Tested using uBO v1.10.5b13.

I can reproduce the same on Chromium 55 too and in both cases, I have uBO Extra 2.8 enabled and uBO version is 1.10.4.

I can reproduce the same on Chromium 55 too and in both cases, I have uBO Extra enabled

Hopefully someone else will test and report results. I also tested with uBO 1.10.4 and all was fine -- except for the now more numerous exception filters being hit as per logger.

more numerous exception filters being hit as per logger.

Shockingly, this is what I see in the popup panel - https://i.gyazo.com/b315fe066c0f741be286b662bff0a423.png

It looks like as if the entire website has been whitelisted by Easylist

PS - It's behaving similar to what was before uBO Extra patched it up the first time.

Shockingly, this is what I see in the popup panel

Weird. This is what I get (front page of chicagotribune.com, uBO 1.10.4, uBO-Extra 2.8):

Though for example it appears now tpc.googlesyndication.com, ads.twitter.com etc. are whitelisted because of broad exception filters such as @@.ico^$domain=, @@|http://$third-party,image,domain= etc.

Edit: weird, there is example.com in there..

Weird. This is what I get

Yes, I see that in the popup panel, only if I don't remove g00 cookies and first-party cookies, on subsequent visits to the website.

why you're not using this regex - /.*[/\.]g00[/\.].*/ to block them? (works for boston.com)

why you're not using this regex

That blocks the entire website. If I wanted to block an entire website, I would have done it already. That's not the solution I'm seeking.

(works for boston.com)

if that is your definition of "works" - https://i.gyazo.com/95abc501ee890a091e5f079ef4b2b281.png

If one does not mind potential breakage of some site features, blocking inline script is a better solution than any horribly inefficient filters such as /.*[/\.]g00[/\.].*/.

That blocks the entire website. If I wanted to block an entire website, I would have done it already. That's not the solution I'm seeking.

did u check it for boston.com, it works perfectly.
Its not block the entire website.

Its not block the entire website.

So tell me why do I see this - https://i.gyazo.com/95abc501ee890a091e5f079ef4b2b281.png ?

I won't argue with you any further on this. All you're doing here is create noise which is not helping the issue itself.

So tell me why do I see

Because it's not a good filter, no filter list maintainers would come up with such a bad filter. The same thing can be accomplished with saner filters:

.g00.
.g00/
/g00.
/g00/*

Or at least the regex could have been made _less_ worse:

/[/.]g00[/.]/$domain=boston.com

With that said, I didn't check if above actually work, as said I can't reproduce with uBO-Extra enabled (no g00 URLs).

Hopefully someone else will test and report results.

In case there's still interest: Chrome 57 with uBO 1.10.4 + uBlock Origin Extra 2.8 enabled/disabled

Same as @IDKwhattoputhere with Chrome 55 on my end.

Edit: weird, there is example.com in there..

A websocket connection to literally example.com appears to be present in all sites listed
in uBlock Origin Extra 2.8

I can reproduce it on Chrome 57
https://i.gyazo.com/6f5d7689f4dd5b40eb6b4aa247da342f.png

I can reproduce this behaviour with Chrome 55 and uBlock Origin Extra 2.8 enabled only if I
add the filter *$websocket,important just like @uBlock-user.

only if I add the filter *$websocket,important

@okiehsch I do not understand. How can a filter like that cause this ?

If I add *$websocket,important I can reproduce your issue, without it I can't.
Edit: And I saw in your screenshot that *$websocket,important is part of your setup.

If I remove the ||$websocket filter entirely, it works normally and the g00 stuff doesn't happen. Very strange. Good find @okiehsch ||$websocket is triggering the g00.

@gorhill Add ||$websocket or ||$websocket,important to reproduce.

Looks like they changed their inline script, and their behavior according to whether an attempt at websocket-connecting to example.com fails or not.

They're using example.com as a honeypot trap basically.

Looks like they changed their inline script, and their behavior according to whether an attempt at websocket-connecting to example.com fails or not

There seems to be a difference between simply blocking a websocket-connection and
blocking websockets via Content Security Policy.
The websocket-connection to example.com is blocked by Easylist.


This does not result in a redirection and the following "g00" crap.

If I use the CSP I get redirected and bombarded with "g00" requests and cookies.

Blocking through CSP causes an exception, as opposed to just blocking using the wrapper (in which case the connection is just closed).

Add ||$websocket or ||$websocket,important to reproduce.

@uBlock-user Could you look if the issue is fixed with 2.9?

@gorhill 2.9 does not work with a default setup. I get redirected on all websites I tried.

It works fine with 2.8

I get redirected on all websites I tried.

There is a first redirection, but the site eventually configure itself to no longer use the g00 stuff since it thinks the console is opened. The websocket @ example.com was for the IL to detect whether uBO-Extra was installed -- this is fixed now.

I agree, but looking at the logger is rather confusing now, because it looks like you are being redirected.

My logger after randomly navigating through chicagotribune.com.

Ok, this is odd.

If I understand the IL code was trying to see if the WebSocket wrapper was installed, and if so it apparently was disabling itself _completely_. Now the change make it so that IL's websocket detection code is foiled -- hence it no longer disables itself completely. The CSP directive to foil websocket was also causing the detection code to not work.

The trapping of the I10C property is not what actually works, what works is merely to make sure the IL websocket wrapper detection code is triggered. Not sure what they are trying to achieve. I will modify to ensure the detection code work in all cases, including when using a CSP.

@gorhill Sorry for the delay. Have you uploaded v2.9 to chrome store ? I'm still on v2.8 and chrome store also shows 2.8 yet.

@gorhill Tested with v2.9 by loading it manually and it works fine with ||$websocket filter, back to normal behavior 👍 You may release 2.9 to the web store.

@gorhill calgarysun.com and torontosun.com use Instart Logic code and you would expect to get "g00"cookies ads etc.
At least on my end, this is not the case with uBO-Extra enabled, even though calgarysun.com and
torontosun.com are not part of contentscript.js.
If you disable uBO-Extra you get the expected redirection.
This happens with every uBO-Extra version down to 2.2, with version 2.1 I get the
typical redirection and subsequent cookies and ads.
If you delete the websites mentioned in contentscript.js they will still be "g00" free if you have
uBO-Extra enabled.
The downside to this, at least on my end, is that all sites mentioned under Instart Logic buster: v2
have some broken functionality, for example the search function is broken on calgaryherald.com
unless I disable uBO-Extra.
Console for calgaryherald.com

To be sure I understand correctly, with uBO-Extra v2.11:

1) Removing all sites for Instart Logic buster v1 and all is still fine for all targeted sites?

2) Instart Logic buster v2 causes problem on your side (the errors in dev console) on enumerated sites? I tried with calgaryherald.com, ottawacitizen.com and I can't see these errors.

I noticed that a lot of broad exception filters have been added to EasyList for these sites.

1. I removed a few sites for example twincities.com and they are still "g00" free on my end.
2. All Instart Logic buster v2 sites have the same errors in the console on my end.
3. Do you get redirected and the subsequent "g00" cookies etc if you go to torontosun.com
   with uBO-Extra enabled?

Edit: This is a whitelisted thestarphoenix.com. It renders fine if I disable uBO-Extra

and a whitelisted ottawacitizen.com with the same console errors.

@ghajini You didn't mention Chrome version. Only Chromium 56 is affected.

@gorhill the g00 shit is back again, uBO Extra (v2.12) is no longer working again on sandiegouniontribune.com, spin.com and orlandosentinel.com. I doubt I need to check others as these three are already sprawling back.

@mapx- & @smed79
any idea why easylist allowing/whitelisting ad networks on these websites???

http://prnt.sc/ejv8ly
http://prnt.sc/ejv90r
http://prnt.sc/ejv9c2

@ghajini In most of the cases to fix an anti adblock or kill these ads pushed if an adblock is detected.

Report exploited filter at EasyList forum or use the static filter important in ubo.

@gorhill
on main homepage video not playing..nothing happen when clicking under video...
ublock origin,uBO extra all updated to latest
same problem with
calgaryherald.com
http://www.financialpost.com/index.html
http://www.nationalpost.com/index.html
and possibly other domains also...

sometime blank loading of these websites

Hey guys, after some testing, it looks like it only affect Chrome, the website works normally in Opera.
Looks like locking navigator to an empty object stops the exploit, but also stops the comment section. When Instart Logic said it's a breakthrough, they are not joking... This exploit will be so easy to kill if we have beforescriptexecute event... But their target, Chrome, doesn't have this event...
It also seems to be able to detect console opening, even if it is detached and opened before the page is loaded.

on main homepage video not playing..nothing happen when clicking under video...

Unable to reproduce with uBO-Extra 2.12 and latest uBO + default settings.

This exploit will be so easy to kill if we have beforescriptexecute event... But their target, Chrome, doesn't have this event

It's being also deprecated in Firefox, it will no longer be available with WebExtensions.

However, I experimented with using AAK's trick to mimic beforescriptexecute in uBO-Extra, and it does seem to work -- currently removing any inline scripts with the string i10c in it before they are being executed. I am considering maybe supporting this directly in uBO.

load www.ottawacitizen.com
click on video on right side corner
nothing happens
@gorhill
http://prnt.sc/ekbj9x
http://prnt.sc/ekbkuj
http://prnt.sc/ekbl37
i think ublock extra breaks brightcove on sites due to which video doesn't play....

developer console ss
http://prntscr.com/ekc1l1
http://prntscr.com/ekc1u3
http://prntscr.com/ekc20t
http://prntscr.com/ekc2d3
http://prntscr.com/ekc2nn
http://prntscr.com/ekc310
http://prntscr.com/ekc3aw

@gorhill I can reproduce with Chrome 57 and uBO Extra 2.12
If I go to edmontonjournal.com or ottawacitizen.com "TODAY'S HEADLINE VIDEOS" is visible,
but if I click to play it "disappears" and this error appears in the console log.

This occurs even if I whitelist the site. If I disable uBO Extra the video plays fine.

@gorhill
That hack kind of work, but not really for pages loaded though POST. And it has race conditions, and seems to interfere with uBO element picker. That is usually my last resort.

BTW, my implementation is:

a.patchHTML = function (patcher) {
    a.win.stop();
    GM_xmlhttpRequest({
        method: "GET",
        url: a.doc.location.href,
        synchronous: true,
        headers: {
            "Referer": a.doc.referrer
        },
        onload: function (result) {
            a.doc.write(patcher(result.responseText));
        }
    });
};

it has race conditions, and seems to interfere with uBO element picker.

Not in my implementation. The race condition is probably a result of roundtrip to/from the main extension process? There is a way uBO can avoid this roundtrip for when inline script tag filtering is required.

if I click to play it "disappears" and this error appears in the console log

Alright, strike everything I said above, I was testing on Chrome 58 and apparently the IL's crap bails out on that browser, as it does on Firefox. I can reproduce the issues with Chromium 56.

@gorhill That's awesome! If we can filter specific in-line scripts from Chromium based browsers, pretty much all our problems are solved 😄

Thanx @gorhill....you understand finally....what about revolving/rotating ad networks above sites are using......easylist is just throwing broad exceptions...what we can do for this???

v2.15b0 appears to be working, can they bypass this too though ?

Also add legacy.com to the scriptlets domain list , test case - www.legacy.com/obituaries/ottawacitizen/obituary.aspx?n=margaret-mollot&pid=144964521

v2.15b0 still has issues with edmontonjournal.com on my end.

1. The homepage is blank
   
2. The rest of the site works but there are still issues with some videos, for example
   http://edmontonjournal.com/category/news the "LATEST VIDEOS" does not show up.
   

The screenshots were taken with a whitelisted edmontonjournal.com

http://www.idigitaltimes.com/breath-wild-armor-sets-best-and-most-practical-outfits-game-587321

Using Google Chrome 58 (beta), uBO 1.11.5b2 and uBO-Extra 2.15b0, the site seems to circumvent it going by the endless /g00 spam in the logger.

@gorhill It's happening again, they patched your latest patch in v2.15, uBO-Extra no longer working.

I need to know what URLs you are talking about.

same as always - sandiegouniontribune.com

2.15b0 was a special build in a different branch. The changes from it are not in 2.15. I think it's time to bring the changes out of experimental status at this point.

Can you reproduce it with 2.15b0 ?

I brought the changes from 2.15b0 in main branch, this fixes the issue.

However, so many exception filters in EasyList, this is disheartening.

Ah yes, 2.15b0 works fine. We can just add $important for those exceptions for the time-being and when 1.15.0 is released replace them with $badfilter.

We can just add $important for those exceptions for the time-being

Can't do this, I have to assume these are needed when using just uBO alone, not everybody out there has uBO-Extra installed, I suspect not many even know of its existence.

Try 2.16b0, if all is well I will push it to the store today. Despite the exception filters, at least the browser is not abused with uBO-Extra. Without it the CPU and bandwidth when visiting one of the IL-based sites are being seriously abused.

Can't do this, I have to assume these are needed when using just uBO alone

@gorhill As far as I tested, those rules are pretty useless. They don't seem to do anything other than letting spywares in.

@gorhill Would you add legacy.com to the patch too ? It's also fetching g00 on specific pages. For example - www.legacy.com/obituaries/ottawacitizen/obituary.aspx?n=margaret-mollot&pid=144964521

I just spotted a mistake in my regex which is used to remove the i10c code. That the fix worked with this mistake is still a mystery to me. I will be pushing 2.19, and it would be nice to have help to test the fix against all known i10c sites.

edit: ok two seconds after I wrote that I realize why it worked, the regex was still (somehwhat) matching, just not _exactly_ as it was intended originally. I will still push the fix but I do not consider this an emergency fix.

g00 is back. URL - sandiegouniontribune.com uBO-Extra - 2.19 Chromium 59

Now when it detects, it sends a bit of g00 and ends the loading of the page, so thumbnails of videos and pics won't load. Opening the console, loads them back.

I10C is now renamed to IXC...

The funny thing is with Chrome 57 I still get no redirect or g00 stuff at all with uBO-Extra enabled.
It even works for sites not listed in uBO-Extra.
For example ottawasun.com uses Instart Logic, without uBO-Extra I get the redirection, the cookies etc.
If I enable uBO-Extra none of that, even though ottawasun.com is not part of uBO-Extra.

They're imitating the behavior of blocking inline-script.

Speaking of funny things, all IL v2 websites never loaded g00 for me since the beginning and still don't.

@uBlock-user that is strange, they still do for me without uBlock-Extra.

@gorhill

test the fix against all known i10c sites.

I did test all sites listed under Instart Logic v1. with uBO-Extra 2.19 and there is
no obvious site breakage on my end.

@gorhill ,@okiehsch
old problem is back, videos broken www.ottawacitizen.com
chrome 57,ubo 2.19

@ghajini that issue is fixed on your end with uBO-Extra 2.18?
I ask because I can reproduce that issue with uBO-Extra 2.12+.

old problem is back, videos broken www.ottawacitizen.com
chrome 57,ubo 2.19

I can reproduce the issue with Chromium 57. Interestingly, all works fine with Chrome 59.

@gorhill Can we just redefine user agent string to match what ever browser that is not affected? They probably have 10 different scripts and swapping them around to throw us off.

Can we just redefine user agent string to match what ever browser that is not affected?

I worry this could interfere with legitimate uses of the user agent info in code other than the IL one.

@gorhill
We don't have to apply the user agent patch to all IL websites, only ones that are not currently working, and obviously we'll test it out to see if it breaks anything else.
And I really don't think Chrome 57 to Chromium 59 would break anything else.

I was trying to find the original issue, and for whatever reason the issue has been removed from GitHub:
https://github.com/gorhill/uBO-Extra/issues/37

I asked GitHub why is this, waiting for an answer.

You can't add this rule without this issue?

This is the answer I received from GitHub:

When users are flagged by our system, their contributions are removed from view. The user who opened this issue can get more information about this situation by reaching out to us directly.

So someone flagged whoever opened https://github.com/gorhill/uBO-Extra/issues/37.

I added the filter, I just wanted to see the past conversation about it to see if there was any issue with it, or if something else worked.

https://www.lifewire.com is also inserting ads using g00.

SS: https://i.imgur.com/Cn6lUTm.png
Error URL: https://www.lifewire.com/wikipedia-3482753

@gorhill Please look into the above issue, thank you.

Does this work?

||lifewire.com^$inline-script

@gorhill CNET is now sending /g00 - https://www.cnet.com/news/samsung-galaxy-note-8-launch-reportedly-slated-for-august/

@uBlock-user I can't quite reproduce that, and it doesn't refresh when I open DevTools.

@jspenguin2017 Yeah well you may need to try multiple times to get the IL-crap loaded and executed first because of race condition

Race condition? Where is the solution? If it's in uBO-Extra then there is no race condition.

The domain's NOT added in uBO-Extra, that's why it still manages to execute the code sometimes and the code is at the very top.

@uBlock-user I mean where is the solution? What is attempting to block the code from running?

uBO-Extra and sometimes the script itself. It acts weirdly on some websites which are not added yet sometimes you cannot reproduce it while on some you can, not to mention Chromium version is also a contributing factor. Like for instance IL v2 _script_ doesn't work on my setup even when I disable uBO-Extra. I'm only affected by IL v1 _script_ from the added list.

@uBlock-user uBO-Extra will definitely not do anything if the website is not in the match list. (Except WebRTC anti-abuser, that is generic).
Also, I pasted uBO-Extra to the end of my extension, I'm not sure what will happen if you enable both...

Well then it's the script.

Maybe we should just edit the user agent to say something like Chrome 70 so the script just aborts?

You're implying that by incrementing Chromium version to a non-existing number would make it abort ? Does that work in principle ?

The code tries to avoid analysis, Chromium may add an option to disable fetching details when the DevTools is open (which prevent detection of opened DevTools), so the code needs to know which version of Chromium is "safe", it obviously won't work in general.

https://realclearpolitics.com seems to be using g00 adware now. It doesn't seem to be on their other 'realclear' sites for now, but I wouldn't be surprised if it migrates to them at some point in the future if I were to guess.

Screenshot with a sample of the logger is below:

I'm just leaving this here for future reference IF they manage to break even uBOExtra.
There is an official Google extension that permits users to spoof their user agent completely, overwriting the navigator.userAgent variable too.
https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg

The usage is pretty straightforward. You insert a custom user-agent string, e.g. Firefox's, then you add to the "Permanent Spoof List" the domain . (just one dot, it will work on every domain) or you could add specific domains you know are using the g00 thing. Unfortunately, this has to be done manually.

However, you will probably miss out on some site improvements which are designed for Chrome and you might be logged out from some sites. Don't be creative with user agent strings as you may be blacklisted, please use an actual third-party browser UA string.

element picker doesn't seem to work
steps to produce=
visit www.sandiegotribune.com
click on news
enter element picker mode,element picker not opened

video=
https://streamable.com/6bajw

@ghajini That happens when the HTML is replaced by uBO-Extra.

@jspenguin2017 Can you could please elaborate on your above comment?

@gotitbro When uBO-Extra aborts the page to replace it, it has the side effect to break element picker. I'm not exactly sure why, I'm guessing that uBO will only inject the element picker once, and it gets overwritten.

tv.com
hosting g00 .......make ublock extra updates a rolling release same as ublock protector

Okay, so this g00 crap is to blame for extremely slowing down some sites, apparently.
I've been busy with restoring a couple of old computers, and it is ridiculous how drastic the difference is on some older system. With new hardware it is probably barely noticeable..

What is the best solution right now? Is there a specific filter? Or using uBO-Extra?
Or uBlock Protector? What would you recommend?

For old computers, Firefox is probably better. Firefox is hard on CPU and Chrome is hard on RAM, but if you don't have enough RAM, then Firefox will be faster. g00 currently bails out on Firefox, not sure how long will that last though.

Based on my tests, Chrome is definitely better in this scenario. RAM is less of an issue, it's actually the CPU you will notice the most. Unless you have really ridiculously low RAM.

Just one example, really big single HTML documents are a problem, Firefox starts choking very easily while Chrome is still running smoothly.
Just opening multiple tabs to quite heavy sites (news sites, nowadays) or sites with lots of embedded GIFs slow down Chrome noticeably.

Anyway, I was more interested in how to counter that g00 crap, actually 😄

The best way to counter it is to use Firefox or, if you prefer Chrome, use uBO-Extra.

@okiehsch I wouldn't say so, the script can totally affect Firefox, it is just intentionally aborting on Firefox. It is a switch flip for it to start affecting Firefox.

I agree, I meant it is the best way to deal with IL-sites at this moment.

the script can totally affect Firefox

The IL scripts are not served with Firefox, just compare view-source:http://www.tv.com/ with Firefox vs Chrome.

The IL scripts are not served with Firefox

You are saying they cannot serve it to Firefox? I highly doubt that. An user agent will accept anything it receives.

You are saying they cannot serve it to Firefox?

Nowhere did I say this.

Okay, to conclude, Firefox has the benefit of being unaffected by this plague, at least for now.

And with Chrome (which works better on the old systems here), it is uBlock Origin + uBO-Extra, in preference to just uBO or uBO + uBlock Protector.
Agreed?

uBlock Protector defuses anti-adblock and has uBO-Extra embedded in it. If websites you use don't have anti-adblock then uBlock Origin + uBO-Extra will be faster.
I'm not very sure if Firefox is fully unaffected, as sometime g00 fallbacks to anti-adblock.

g00 can now be blocked via abort-current-inline-script.js

Example - sandiegouniontribune.com##script:inject(abort-current-inline-script.js, atob, g00)

I haven't tested all but feel free.

PS - This is a scriptlet, uBO will have to win the race condition on every page and every refresh, so if it doesn't work for you or works once or twice it's the race condition at play here, nothing wrong with the filter itself.

Does not seem to work for metacritic.com, for example.
metacritic.com##script:inject(abort-current-inline-script.js, atob, g00)

First load did work, I think, but doing a hard reload shows old behaviour.

I'm not receiving any g00 on metacritic.com even after disabling uBO-Extra, I'm on Chromium 62.

Tested on orlandosentinel.com and chicagotribune.com. Working as expected.

Tested on mcall.com, boston.com and sun-sentinal.com. Working as expected.

Chrome 60.0.3112.113 (64-bit) (Stable, latest version), uBO 1.13.8, _without_ uBO-Extra.

g00 can now be blocked via abort-current-inline-script.js

I assumed this meant uBO-Extra would not be required here, sorry if I misunderstood this.

this meant uBO-Extra would not be required here

Yes, that's exactly what I meant, however you may need uBO-Extra for blocking WebRTC connections,although you can use CSP to block them too.

I haven't tested all but feel free.

It does not work, that's the entire point of uBO-Extra. That kind of inaccurate information just add noise and confuse further anybody reading this now too huge thread. I already explained in the past why uBO-Extra is needed.

Locking this thread. For any issue with IL stuff, open a new issue at uBO-Extra repo.

To everybody: stick to observed facts please, otherwise this just contribute to propagate myths out there.

This is what we have:

• IL stuff is not _served_ if user agent is Firefox (correction, not longer true, see below):
  
  
  
  • I have also observed in the past that sometimes IL stuff is not served with development version of Chrome.
  
  
  • It seems to be a site-specific server setting. I actually just observed that IL stuff is served for Firefox here:
    
    
    
    
    
    • view-source:http://www.orlandosentinel.com/
    
    
    
    • view-source:http://www.sandiegouniontribune.com/
    
    
    
    • view-source:http://www.wowhead.com/
    
    
    
  
  
  • But not here:
    
    
    
    
    
    • view-source:http://www.tv.com/
    
    
    
  
  
  • In any case, easy to actually verify, no need to speculate: view-source:[IL-infested site URL].
  
  
• uBO-Extra is needed to deal with IL stuff because the IL inline script appears at the top of the served HTML page -- before any other secondary resource-pulling tag.
  
  
  
  • uBO-Extra injects its content script _declaratively_, i.e. on every page, hence it will _always_ run _before_ IL stuff.
  
  
• uBO-Extra no longer deals with WebRTC (https://github.com/gorhill/uBO-Extra/commit/6239f392bebbfc237062854047c845dd65e365bd).

@jspenguin2017 Sorry, you are correct about IL stuff being served on Firefox, I just tested many sites, and I see the IL script at the top with Firefox. I believe this is a new development, I am pretty sure this was not the case until no long ago. So possibly uBO-Extra will be needed for Firefox in the near future.

In any case, I rather discuss all this at uBO-Extra itself, the issue has grown too large and anyways it was solved long ago with the release of uBO-Extra.