Skip to content

About the required permissions

Raymond Hill edited this page Jun 1, 2015 · 62 revisions

"Access your data on all web sites"

Since first version.

  • To be able to inspect all net requests so that they can be cancelled if needed.
    • Only on http- and https-based URL addresses.

See code:

"Access your tabs and browsing activity"

Since first version.

This is necessary to be able to:

  • Create new tabs (when you click on a filter list, to see its content)
  • To detect when a tab is added or removed:
  • To update badge
  • To flush from memory internal data structures
  • To find out which tab is currently active (to fill popup menu with associated stats/settings)
  • To be able to inject the element picker script
  • To implement the popup-blocker

See code:

"Change your privacy-related settings"

Since version 0.9.8.2.

This is necessary to be able to:

  • Disable "Prefetch resources to load pages more quickly"
    • This will ensure no TCP connection is opened at all for blocked requests: It's for your own protection privacy-wise.[1]
    • For pages with lots for blocked requests, this will actually remove overhead from page load (if you did not have the setting already disabled).
    • When uBlock blocks a network request, the expectation is that it blocks completely the connection, hence the new permission is necessary for uBlock to do truthfully what it says it does.

uBlock's primary purpose is to block network connections, not just data transfer. Not blocking the connection while just blocking the data transfer would mean uBlock is lying to users. So this permission will stay, and sorry for those who do not understand that it actually allows uBlock to do its intended job more thoroughly. A blocker which does not thoroughly prevent connections is not a real blocker.

Privacy Badger also requires exactly the same permissions. I want uBlock to also serve privacy-minded users first.

If prefetching had been disabled by default, this new permission would not be needed, but prefetching is unfortunately enabled by default, and under the hidden-by-default Privacy heading.

c

See code:

[1] Merely opening a TCP connection leaks your IP address to the remote server -- this is incompatible with an extension which primary purpose is to completely prevent connections to remove server, not just merely prevent the transfer of data.

Clone this wiki locally