uBlock Origin CNAME uncloaking now supports filtering by IP address

The title seems to be wrong, uBlock Origin supported it for many years at this point (only on Firefox). This seems to be a refactor of that code, not a whole new feature.

It did not hit me yet, but I'm already rewriting my extensions to firefox to switch if Chrome really axes uBO

uBlock Origin is what makes Firefox even greater and definitely one big reason I use Firefox over Chrome etc. It make the Internet browsable.

CNAME cloaking? Does this mean an ad site may use a randomly generated subdomain pointing to a wildcard record?

This a good example of why manifest v3 sucks. By definition, it can&#x27;t do anything like this...no live code hueristics are possible.<p>It&#x27;s a war of escalation with advertisers. Google is the arms dealer to both sides. They won&#x27;t give you what you would need to win.

As an example of what CNAME cloaking is, let&#x27;s say that a SAAS provider A wants to provide you, company Q, with fancy ad tracking software. In the olden days, they&#x27;d tell you to embed a script at e.g. <a href="https:&#x2F;&#x2F;A-ads-tracking.example" rel="nofollow">https:&#x2F;&#x2F;A-ads-tracking.example</a> into your website at address <a href="https:&#x2F;&#x2F;q-company.example" rel="nofollow">https:&#x2F;&#x2F;q-company.example</a><p>To block those ads, blocklists that uBlock Origin use have rules then that say &quot;block requests being made to the <i>domain name</i> A-ads-tracking.example&quot;, which blocks the ads.<p>CNAME cloaking is where SAAS provider A sets up their ad-tracking services not on domain A-ads-tracking.example, but instead at a specific IP address of e.g. 29.1.2.3; then (and here&#x27;s the important part) SAAS A tells you Company Q that <i>you need to set up a subdomain of q-company.example which has a CNAME record pointing to 23.1.2.3</i>, a subdomain with an innocuous name like media.q-company.example; once you&#x27;ve set up that CNAME, you at Company Q add a script tag to your website for `media.q-company.example` and now SAAS A is able to track all the users on your site. This indirection allows for effectively infinite cat-and-mouse on the part of you the owner of the Q Company vs the blocklists that the public assemble.<p>To get around this CNAME cloaking problem, the software powering extensions like uBlock Origin need to be able to see not only the destination domain of requests by browsers, but the underlying IP addresses of those domains as well. This commit makes that behavior possible, or at least is related to making that code work better.

Is chrome going to block uBO im never up to date on the latest. I do know theyre allowing 3rd party cookies now... so maybe theres a chance

Don&#x27;t some DNS servers implement something that acts like a server-resolved CNAME, where the admin puts in a record that points to some other DNS name but the client just sees an A (out AAAA) record?

uBO has had this feature for awhile, since 1.34.0 (or 1.25.0 in advanced settings).<p><a href="https:&#x2F;&#x2F;github.com&#x2F;gorhill&#x2F;uBlock&#x2F;wiki&#x2F;Dashboard:-Settings#uncloak-canonical-names">https:&#x2F;&#x2F;github.com&#x2F;gorhill&#x2F;uBlock&#x2F;wiki&#x2F;Dashboard:-Settings#u...</a><p>I think that&#x27;s around 2021 time frame. FYI.

What is the uBI status on Brave, Edge and Opera?