For the last year or so I have been running with JavaScript mostly turned off, and what I have learned is this:- Almost nothing works. 95% of the web just shows you a blank page.
- Most sites start working again if you allow one or two JavaScript URLs to load and block all of the others.
- Those others are the ones that are super annoying trackers and popups and selection-interceptors and shit.
- Most sites host their "render the page" JS locally, but load the "annoy and surveil" JS from outside domains.
- Blocking ".js" URLs is better than turning it off entirely, because the <noscript> tag typically just does a table-flip and tells you to fuck off.
Well, Safari 13 kneecapped content filtering by removing Safari Extensions entirely, so JS-Blocker doesn't work any more (it was not very good, but I had a hand-hacked version that I could mostly live with). But now I'm back in an ad-tracking sign-up-popup "let's keep the conversation going" hell again.
Did Apple replace Safari Extensions with anything useful? Does there exist, or can I write, a content filter that blacklists any URL ending in ".js" with whitelisting based on the domain of the parent URL?
This latest indignity is almost enough to make me try out Firefox again -- almost -- but since I am also a heavy iOS user, that's a fucking nightmare. Using a non-Safari browser on iOS is basically impossible (all URLs open in Safari, all app embeds are Safari, all share menus are Safari, etc.) and so using something else on desktop would mean no synchronization of browser history, bookmarks or Reading List between desktop and mobile.
Previously, previously, previously, previously, previously, previously, previously, previously.
Have you considered using third party tools for bookmarks and Reading List? Pinboard is really good, IMHO. Pocket is not so bad.
No I have not, because there's no way to make the "Add to Reading List" menu item in literally every application do something different than add to the Safari reading list.
I got tired of futzing with continually fiddling with extensions and blockers and tigers and bears, oh my, so I bought a Pi-Hole and dropped it on my network. Blackholing the trackers and such via DNS works pretty well for me.
I’m now iOS and RPi only. Intel-free-ish (I’m sure there’s a chip somewhere on my network) feels pretty good.
No longer running Photoshop?
Haven’t run Photoshop at home for almost four years. The 10.11.something update borked my Mac, and it was stuck on that OS. I eventually gave up on it and put my 4K monitor on my RPi.
Last time I powered up the Mac (in March or April) was to rip a CD so I could put it on my iPad.
Safari Extensions has been replaced with Safari App Extensions. Instead of Safari Extensions JS, you now have the Safari App Extensions API.
I used an Apple support incident to ask how to port my tab sorting extension to the new thing and Apple said “hehe cant.” So no more tab sorting extension for Safari.
They do have a special content blocker API that might do what you want. good luck.
I want to be reading the documentation (https://developer.apple.com/documentation/safariservices/creating_a_content_blocker) wrong, because it looks to me like you need to cut a new release to make any changes to the rules.
That said, it seems like this has the primitives that should be needed for the blocking logic... Could start with bulk-blocking all third-party js. The tricky part looks like it'll be fine-tuning the logic.
I have not seen anything in the “App Store” that would do the same thing for Safari. My solution on the Desktop has been to use LittleSnitch and liberally block stuff on first loading. It’s annoying and I have broken some sites that way, but by and large it works well. On iOS of course that does not work.
Little Snitch is great, but it (and Pi Hole) can only block by IP address (or, if you're lucky, by domain name). To match the URL pattern, you need to run in-browser, pre-TLS. There are many domains where you want to block the JS but not the pages themselves. There are many domains where you want to block the JS only when it is loaded by a 3rd-party site but not when you are visiting them directly.
Yeah, it’s not ideal, but in absence of anything like NoScript it’s the best approach I found.
Got to see a pitch for this privacy blocker through a friends work event. Seemed pretty on the up an up from an ex-AdGuru guy who was against the advertising tracking JS invasion.
If I look at what you want correctly, you want to block all third party .js files. It looks like https://www.infoq.com/articles/safari-content-blockers/ has a solution in the "Blocking scripts and images outside a domain" section. Just remove the image part.
https://developer.apple.com/documentation/networkextension/nefilterprovider
This is new to macOS 10.15, but previously existed on iOS. Basically it lets you write a user land process that intercepts and optionally blocks network traffic. Anything that uses WebKit will send URLs (including HTTPS) through your filter.
I have been using 1Blocker X on desktop and iOS and have had success, even under the new regime of no extensions. It’s $5 IIRC.
1Blocker is supposed to be the best replacement, but it's $10, and it doesn't seem to do anything with YouTube ads or Facebook trackers. I'm manually copy-pasting YT links over to FF, when the need arises. This situation sucks, and it seems like a golden opportunity for someone to make a better mousetrap.
Is it worth me suggesting a proxy autoconfig file or did you guys mean to leave it stillborn? :-p
On iOS, the app Refine lets you block URLs by regex: https://apps.apple.com/us/app/refine-customizable-ad-blocker-for-safari/id1011678834
I don’t know if an equivalent exists for macOS but it should be equally possible since content blockers are also available there.
I'm using Ghostery Lite on Mac + Firefox Focus on iOS, with the Safari integration turned on.
Unfortunately, both blockers have predefined lists, and I'm not sure whether Ghostery allows custom rules. Focus doesn't.
Also Ghostery's mission is specifically trackers only, not ads and signup dialogs and other toxins.
I'm a bit out of my depth here, so apologies if this isn't what you're looking for. AdGuard for Safari under this new extension regime has a custom filter. Will that work?
I've got Safari 13.0.2
And there are extensions available
What do you think has been "kneecapped"?
Screenshot of my current install of Safari with the App Store view of some available extensions: https://twitter.com/warrenmyers/status/1184469674630754305
Apple removed support for "Safari Extensions". They invented some new, less powerful thing that requires many more App Store hoops before you can make it go. If you still have "Show Extension Builder" on your "Develop" menu you are not running Safari 13. If you want a list of the thousands of extensions that they caused to stop working overnight, LMGTFY.
Turns out that the CADT model is better than CADM (Clusterfuck of Advertising-Dependent Megacorps).