Cloud Firewall: Block G%§$e, Amazon, Facebbok, Microsoft, Apple & Cloudflare

privacy

#1

Avoiding G%§$e is a great first step, but there are many more companies taking part in surveillance capitalism.

This Firefox addon lets you browse while completely avoiding them:

It doesn’t work with /e/'s standard browser, but with most Firefox forks. I successfully tested Fennec F-Droid and IceCatMobile. On Firefox Klar it (as all addons) can’t be installed.

Some surprises:

So blocking these clouds blocks those sites.


DuckDuckGo browser
#2

Hi, Thank you Paula! :slight_smile:

Hello /e/ Community, I created Cloud Firewall addon. The inspiration behind the project is the “Life Without the Big Tech” Research journalism series by Kashmir Hill and I reused the ASN.csv data from the VPN a Technologist Dhruv Mehrotra created for her series. I wished to enable everyone to easily replicate her research in their browser without complex VPN setup etc.

Please take a minute to read the Gitlab (it’s in GCP…) readme here which is the same as the description in AMO store listing and also the Help Page within the addon. Created this account here in /e/ to provide any answers or clarifications needed.

Common questions :

  • It’s not a hosts/filter list based “ad/tracker blocker” addon. We already have the fantastic UblockOrigin for it and I would never want to compete with it :slight_smile: as I am a big fan and promoter of UBO too and its advanced mode!
  • It’s literally a firewall - looks at IP for both address bar URL and also the 1p/3p resources and blocks the connection if and only if user chooses to block a cloud and IP of URL bar hostname or 1p/3p resource match the bundled IP address ranges owned by a cloud which the user chose to block.
  • User can choose to enable persistence of block/allow rules across browser restarts, in Settings page. By default upon install, it does not block anything. And by default, it does not persist allow/block rules across restarts.
  • Chromium (Chrome, Brave, Opera, Vivaldi etc) is not supported because it does not provide to extensions an API that resolves DNS to IP the way firefox does (Refer compatibility table developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/dns/resolve#Browser_compatibility) for DNS.resolve API which Firefox provides to addons) And I would never want any of my 3 addons to make a network call from addon code - so I don’t want to add an option for DOH/DOT type DNS --> IP resolution from addon code.
  • TBB is not supported and also not supported for use with “Proxy addons” in addons.mozilla.org store. If someone can show me in issue #18 how to use TBB’s DNS resolver from another addon, I could do it - PR welcome for it too! :slight_smile: (I am aware users are not supposed to use addons apart from official bundled ones in TBB by its developers, but nothing stops a user from installing stuff from AMO and this is a feature request from advanced technical user)

#3

Thanks @PaulaFairphone, playing with it now in IceCat… Surprisingly no more duckduckgo… Most websites unreachable…
For convenience I use NoScript. https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=search
To block scripts from G%§$e, Fakebook, etc.no-facebook-me


#4

Hi @pjmbraet, let me know any feedback,issue or feature request :slight_smile: It’s only 14 days old and more features are coming!

Yes, Noscript is superb, I also like UblockOrigin’s advanced user mode which lets us disable scripts too!

And Cloud Firewall looks at all types of resources as it’s a …firewall!

Supported resources list : (all of them)
[ “image”, “imageset”, “main_frame”, “object”, “other”, “script”, “stylesheet”, “sub_frame”, “xmlhttprequest”, “beacon”, “csp_report”, “font”, “media”, “object_subrequest”, “ping”, “speculative”, “web_manifest”, “websocket”, “xbl”, “xml_dtd”, “xslt” ]

(Main_frame is address bar URL, rest are obviously 1p/3p resource/background calls)


#5

Hi @gkrishnaks, a screenshot

You can see Google is really everywhere! The 7 times blocked Cloudflare are from one website, two visits. It doesn’t matter if Cloudflare is blocked or not for the performance of that particular site which I visit almost daily. Tried it out in NoScript on desktop too: blocked or trusted doesn’t make any difference for Cloudflare. Guess it depends on what service a site uses. Here’s one I always keep blocked: https://www.trackuity.com/ There are a lot of small data-miners too. I don’t surf a lot on phone, in fact only on the road sometimes, so 80 times Google is really impressive!


#6

@pjmbraet, Cool! :slight_smile: I will check that tracker you mentioned if it’s there in my UblockOrigin addon/Blokada app filter/hosts lists, if not present, I’ll include it, ty!

The other day I mentioned that we need to start a new hashtag called #CloudFirewallStats so everyone can post stats screenshot on that tag. You are the first user to show me stats screenshot…! :sunglasses:


#7

Thank you for this!!!
Using it already. I love it!


#8

Hi, glad to hear. After you use for some time, please share issues/bugs that you observe, and feature requests or general feedback too. This add-on is now only 3 weeks old after first release, I’m collecting feature requests from users, and going to work on with regular updates :slight_smile:


#9

No problem!
Will do, thanks for telling me about it!!! :+1:


#10

Hi @gkrishnaks, made a picture of some screenshots about my experience with Cloud Firewall (also the “Pocket” in IceCat Mobile seems hosted by Amazon), where to find the #CloudFirewallStats?


#11

Thank you @pjmbraet for the feedback and observations pics. I just meant posting the screenshot of popup menu showing counts in a social network like Mastodon with that hash tag, not really required :slight_smile:

Yes, Startpage documentation mentions that they are not hosted on any cloud. I also use Qwant, seems to be not hosted on a cloud but I didn’t search their site docs yet.

I noticed you have a proxy addon in Icecat in bottom right screenshot? Good idea to not use Cloud firewall when you use any such proxy add-ons or TBB as I mentioned in my first post above, it is also mentioned in settings page and AMO install page opening paragrah. I have an open feature request documented here for such proxy support here #18. When that proxy addon is ON, you can just click “allow all” in CF which will de-register the request analyzer i.e a soft “disabled” state.

Sneak peek : Next version will show “per-page” stats in screenshot, planning to release this update today or tomorrow: