uBlock Origin

uBlock Origin 1.2.5 has been released with a new feature that blocks first-party tracking scripts that use DNS CNAME records to load tracking scripts from a third-party domain and bypass filters.

A first-party tracking script is when the script loads directly from a subdomain of the web site the script is loaded. For example, if 'www.example.com' was loading a tracking script from 'tracking.example.com', it would be considered a first-party script as they share the same domain.

As uBlock Origin blocks third-party tracking scripts, or scripts loaded from another domain, sneaky tracking companies came up with a method to use CNAME records to load tracking scripts from what appears to be first-party domains.

In a sneaky, or cloaked, first-party tracking script example, 'tracking.example.com' uses a CNAME record to load a script from 'www.badtracker.com'. Even though the script is loading from a remote site, uBlock Origin still sees it as a first-party tracker because the page's HTML loads it from the same domain as the web site.

DNS lookups foil cloaked first-party trackers

On February 19th, 2020, uBlock Origin 1.2.5 was released and allows the ad blocker to block these cloaked tracking scripts by performing a DNS lookup before loading them.

If the subdomain is a CNAME to a third-party host, then uBlock Origin will block the script from loading.

When cloaked first-party trackers are blocked, they will appear in the log as blue entries with the uncloaked domain shown underneath in a smaller font.

Uncloaked first-party trackers
Uncloaked first-party trackers

Unfortunately, the DNS API that allows DNS lookups is only available for Firefox, so Chrome users are out of luck and cannot take advantage of this feature.

When loaded, uBlock Origin will now display a new permission titled 'Access IP address and hosting information' that allows uBlock to use the DNS API.

DNS Permission
DNS Permission

uBlock Origin can be downloaded from the Mozilla Add-Ons site, or if you have it installed already, you can check for the new update by going into Firefox's extensions page and clicking on 'Check for Updates' as shown below.

Check for Updates
Check for Updates

The full changelog for uBlock Origin 1.25 can be found here.

H/T Techdows.com

Related Articles:

Mozilla Enables DNS-over-HTTPS by Default for All USA Users

Google Brings Its Lighthouse Pagespeed Extension to Firefox

Firefox 73.0.1 Released With Fixes for Linux, Windows Crashes

Mozilla Firefox to Support Chrome's Image Lazy Loading Feature

Firefox 73 Released With Security Fixes, New DoH Provider, More