Cloud Firewall: Block G%§$e, Amazon, Facebbok, Microsoft, Apple & Cloudflare

privacy

#1

Avoiding G%§$e is a great first step, but there are many more companies taking part in surveillance capitalism.

This Firefox addon lets you browse while completely avoiding them:

It doesn’t work with /e/'s standard browser, but with most Firefox forks. I successfully tested Fennec F-Droid and IceCatMobile. On Firefox Klar it (as all addons) can’t be installed.

Some surprises:

So blocking these clouds blocks those sites.


DuckDuckGo browser
#2

Hi, Thank you Paula! :slight_smile:

Hello /e/ Community, I created Cloud Firewall addon. The inspiration behind the project is the “Life Without the Big Tech” Research journalism series by Kashmir Hill and I reused the ASN.csv data from the VPN a Technologist Dhruv Mehrotra created for her series. I wished to enable everyone to easily replicate her research in their browser without complex VPN setup etc.

Please take a minute to read the Gitlab (it’s in GCP…) readme here which is the same as the description in AMO store listing and also the Help Page within the addon. Created this account here in /e/ to provide any answers or clarifications needed.

Common questions :

  • It’s not a hosts/filter list based “ad/tracker blocker” addon. We already have the fantastic UblockOrigin for it and I would never want to compete with it :slight_smile: as I am a big fan and promoter of UBO too and its advanced mode!
  • It’s literally a firewall - looks at IP for both address bar URL and also the 1p/3p resources and blocks the connection if and only if user chooses to block a cloud and IP of URL bar hostname or 1p/3p resource match the bundled IP address ranges owned by a cloud which the user chose to block.
  • User can choose to enable persistence of block/allow rules across browser restarts, in Settings page. By default upon install, it does not block anything. And by default, it does not persist allow/block rules across restarts.
  • Chromium (Chrome, Brave, Opera, Vivaldi etc) is not supported because it does not provide to extensions an API that resolves DNS to IP the way firefox does (Refer compatibility table developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/dns/resolve#Browser_compatibility) for DNS.resolve API which Firefox provides to addons) And I would never want any of my 3 addons to make a network call from addon code - so I don’t want to add an option for DOH/DOT type DNS --> IP resolution from addon code.
  • TBB is not supported and also not supported for use with “Proxy addons” in addons.mozilla.org store. If someone can show me in issue #18 how to use TBB’s DNS resolver from another addon, I could do it - PR welcome for it too! :slight_smile: (I am aware users are not supposed to use addons apart from official bundled ones in TBB by its developers, but nothing stops a user from installing stuff from AMO and this is a feature request from advanced technical user)

#3

Thanks @PaulaFairphone, playing with it now in IceCat… Surprisingly no more duckduckgo… Most websites unreachable…
For convenience I use NoScript. https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=search
To block scripts from G%§$e, Fakebook, etc.no-facebook-me


#4

Hi @pjmbraet, let me know any feedback,issue or feature request :slight_smile: It’s only 14 days old and more features are coming!

Yes, Noscript is superb, I also like UblockOrigin’s advanced user mode which lets us disable scripts too!

And Cloud Firewall looks at all types of resources as it’s a …firewall!

Supported resources list : (all of them)
[ “image”, “imageset”, “main_frame”, “object”, “other”, “script”, “stylesheet”, “sub_frame”, “xmlhttprequest”, “beacon”, “csp_report”, “font”, “media”, “object_subrequest”, “ping”, “speculative”, “web_manifest”, “websocket”, “xbl”, “xml_dtd”, “xslt” ]

(Main_frame is address bar URL, rest are obviously 1p/3p resource/background calls)


#5

Hi @gkrishnaks, a screenshot

You can see Google is really everywhere! The 7 times blocked Cloudflare are from one website, two visits. It doesn’t matter if Cloudflare is blocked or not for the performance of that particular site which I visit almost daily. Tried it out in NoScript on desktop too: blocked or trusted doesn’t make any difference for Cloudflare. Guess it depends on what service a site uses. Here’s one I always keep blocked: https://www.trackuity.com/ There are a lot of small data-miners too. I don’t surf a lot on phone, in fact only on the road sometimes, so 80 times Google is really impressive!


#6

@pjmbraet, Cool! :slight_smile: I will check that tracker you mentioned if it’s there in my UblockOrigin addon/Blokada app filter/hosts lists, if not present, I’ll include it, ty!

The other day I mentioned that we need to start a new hashtag called #CloudFirewallStats so everyone can post stats screenshot on that tag. You are the first user to show me stats screenshot…! :sunglasses:


#7

Thank you for this!!!
Using it already. I love it!


#8

Hi, glad to hear. After you use for some time, please share issues/bugs that you observe, and feature requests or general feedback too. This add-on is now only 3 weeks old after first release, I’m collecting feature requests from users, and going to work on with regular updates :slight_smile:


#9

No problem!
Will do, thanks for telling me about it!!! :+1:


#10

Hi @gkrishnaks, made a picture of some screenshots about my experience with Cloud Firewall (also the “Pocket” in IceCat Mobile seems hosted by Amazon), where to find the #CloudFirewallStats?


#11

Thank you @pjmbraet for the feedback and observations pics. I just meant posting the screenshot of popup menu showing counts in a social network like Mastodon with that hash tag, not really required :slight_smile:

Yes, Startpage documentation mentions that they are not hosted on any cloud. I also use Qwant, seems to be not hosted on a cloud but I didn’t search their site docs yet.

I noticed you have a proxy addon in Icecat in bottom right screenshot? Good idea to not use Cloud firewall when you use any such proxy add-ons or TBB as I mentioned in my first post above, it is also mentioned in settings page and AMO install page opening paragrah. I have an open feature request documented here for such proxy support here #18. When that proxy addon is ON, you can just click “allow all” in CF which will de-register the request analyzer i.e a soft “disabled” state.

Sneak peek : Next version will show “per-page” stats in screenshot, planning to release this update today or tomorrow:


#12

@gkrishnaks I have tested this for 3 weeks almost. I love this. Very nice job!!! :+1:
Unfortunately I use Duckduckgo, it’s in amazon cloud… :frowning:
But I just turn off Amazon blocking, then it works great.
Terrible how many sites use Gxxxx tracking or Faecbook!!


#13

I’m glad to hear that you like this addon very much, @donut3 :slight_smile:

The next version of addon will include a “Disable for {site}” button in popup menu so you can pick and choose whichever sites you want to exclude from global allow/block rules, i.e for those sites, it will be as if you don’t have Cloud Firewall installed. This feature is the first ticket I wrote in my issue tracker as users requested for it on the day of first release.


#14

@gkrishnaks I noticed the new version shows me trackers blocked on each site!
I’m so eager to be able to allow connections on only on site (such as allowing Amaxon on DDG web browsing but no other site).
I really love this addon. Some would say it makes life hard (some sites break) but in my consideration, if makes my life easy. I can now know I’m not being tracked!1 :joy: (I use Cloud Firewall as well as a VPN.) :slight_smile:


#15

@donut3, yes, the goal of this addon is to help everyone replicate Kashmir Hill’s research journalism series “life without the tech giants” in browser! (And the blocking rules is entirely user’s choice as per user’s wishes)

Regarding the VPN/proxy, it is setup in system side, right? And Not in browser like a proxy add-on? If yes, it’s probably fine that Cloud Firewall can be used when that VPN is ON. There’s an open feature request for resolving dns over a proxy addon user has, I’m yet to work on it… researching further. For example, made this ticket in Mozilla tracker as a feature request for the same https://bugzilla.mozilla.org/show_bug.cgi?id=1545937

If possible, can you use some Network Monitoring tool to do this check : have Cloud Firewall ON any block switch, VPN at system level also ON, can you see if DNS resolution happens over VPN or not? (Browser simply uses system’s network settings for DNS resolution, so I guess it may be fine if vpn is at system level) Since I don’t use VPN, will help other users if you can verify this.


#16

@gkrishnaks I don’t know how to do this.
Yes, the VPN is system-side. My VPN doesn’t use dns servers, it connects to a different server every time I start it over… I use Nordvpn BTW.


#17

Hi, Firefox disable Cloud Firewall because there is a problem related to signed add-on


#18

An update of Firefox (the main one, for the large public) is now available in order to solve the big add-on issue.
https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/


#19

ok, thanks, the lastest minor update solve the problem


#20

I hope Mozilla’s permanent fix for the expired cert issue reaches everyone soon.

Here’s a sneak peek of next Cloud Firewall version - a new option to disable the global allow/block rules only on some selected websites (as per user’s wishes). This is a popular feature request I received from many users! I will release this update later this week.