About the required permissions
Pages 112
- Home
- 2014 07 22: µBlock and others: Blocking ads, trackers, malwares
- About "This other extension reports more stuff blocked!"
- About that CSS selector with "www.faceporn.net" in it...
- About the required permissions
- About this "your software" mindset
- Advanced settings
- Advanced user features
- Badware risks
- Behind the scene network requests
- Block more, way more
- Blocking mode
- Blocking mode: easy mode
- Blocking mode: hard mode
- Blocking mode: medium mode
- Blocking mode: nightmare mode
- Blocking mode: very easy mode
- Can you trust uBlock?
- Change log
- Cloud storage
- Compare: Memory footprint: what happens inside µBlock after installation
- Contributed memory usage: benchmarks over time
- Cosmetic filtering in µBlock: version 0.4.0.0 update
- Counterarguments
- Dashboard
- Dashboard: 3rd party filters
- Dashboard: Settings
- Dashboard: Whitelist
- Deploying uBlock Origin
- Disable hyperlink auditing beacon
- Does uBlock block ads or just hide them?
- Does µBlock block ads or just hide them?
- Does µBlock blocks ads or just hide them?
- Doesn't uBlock Origin add overhead to page load?
- DOM inspector
- Dynamic filtering
- Dynamic filtering examples
- Dynamic filtering (obsolete, need revision)
- Dynamic filtering: Benefits of blocking 3rd party iframe tags
- Dynamic filtering: Benefits of blocking 3rd party script and iframe tags
- Dynamic filtering: default deny
- Dynamic filtering: default deny: useful rulesets
- Dynamic filtering: disabling cosmetic filtering for the current site
- Dynamic filtering: Examples of usefulness of blocking 3rd party iframe tags
- Dynamic filtering: precedence
- Dynamic filtering: quick guide
- Dynamic filtering: rule syntax
- Dynamic filtering: to easily reduce privacy exposure
- Dynamic filtering: turn off uBlock everywhere
- Dynamic filtering: turn off uBlock everywhere except
- Dynamic filtering: turn off µBlock everywhere
- Dynamic filtering: Usefulness of blocking 1st party script tags
- Dynamic filtering: Usefulness of blocking inline script tags
- Dynamic URL filtering
- Element picker
- Experimental features
- Experimental filters
- FAQ
- Filter list licenses
- Filter lists from around the web
- Filter lists: gorhill
- Filter syntax extensions
- Firefox version: benchmarking memory footprint
- Firefox version: benchmarking memory footprint (2015 03 07)
- How to ...
- How to whitelist a web site
- Inline script tag filtering
- Launch and filter lists load performance
- Maintainership transfer of uBlock: post mortem
- Manually editing per site switches
- Memory footprint: what happens inside uBlock after installation
- Memory footprint: what happens inside µBlock after installation
- My answers to web store reviews where appropriate
- Myth: uBlock consumes over 80MB
- Myth: uBlock is just slightly less resource intensive than Adblock Plus
- Myth: µBlock consumes over 80MB
- Myth: µBlock is just slightly less resource intensive than Adblock Plus
- Notes on media coverage of uBlock Origin
- Notes on memory benchmarks, selfies
- Overview of uBlock's network filtering engine
- Overview of uBlock's network filtering engine: details
- Own memory usage: benchmarks over time
- Per site switches
- Prevent WebRTC from leaking local IP address
- Privacy policy
- Privacy stuff
- Procedural cosmetic filters
- Quick guide: popup user interface
- Reference benchmark
- Regular expression based filters
- Software known to have uninstalled uBlock Origin
- Static filter syntax
- Strict blocking
- Technical inaccuracies from around the web
- The logger
- The network request logger
- Tips and tricks waterfall
- Tools
- Tricks and tips
- Troubleshooting
- Tutorial: how to unbreak a site using the dynamic filtering pane
- uBlock and others: Blocking ads, trackers, malwares
- uBlock vs. ABP: efficiency compared
- Various videos showing side by side comparison of the load speed of complex sites
- What uBlock can and can not (currently) do
- What µBlock can and can not (currently) do
- Who care about efficiency, I have 8 GB and|or a quad core CPU
- Who cares about efficiency, I have 8 GB and|or a quad core CPU
- Why don't you accept donations?
- µBlock and others: Blocking ads, trackers, malwares
- µBlock version 0.8.5: many changes
- µBlock vs. ABP: efficiency compared
- Show 97 more pages…
uBlock's required (Chromium) permissions
uBlock's required permissions are the same as those of Privacy Badger, except that Privacy Badger requires one extra permission, cookies. This is uBlock's required permissions:
"permissions": [
"contextMenus",
"privacy",
"storage",
"tabs",
"unlimitedStorage",
"webNavigation",
"webRequest",
"webRequestBlocking",
"http://*/*",
"https://*/*"
],
"privacy" is the only permission added in version 0.9.8.2. All the others were there since when uBlock was first published (except for "contextMenus" which was added at some point, to support blocking element from within the context menu).
The privacy permission is needed for uBlock to be able to disable the setting "Prefetch resources to load pages more quickly". This will ensure no connection is opened at all for blocked requests: It's for your own protection privacy-wise.
This is Privacy Badger required permissions:
"permissions": [
"contextMenus",
"cookies",
"privacy",
"storage",
"tabs",
"unlimitedStorage",
"webNavigation",
"webRequest",
"webRequestBlocking",
"http://*/*",
"https://*/*"
],
"Access your data on all web sites"
Since first version.
- To be able to inspect all net requests so that they can be cancelled if needed.
- Only on http- and https-based URL addresses.
See code:
"Access your tabs and browsing activity"
Since first version.
This is necessary to be able to:
- Create new tabs (when you click on a filter list, to see its content)
- To detect when a tab is added or removed:
- To update badge
- To flush from memory internal data structures
- To find out which tab is currently active (to fill popup menu with associated stats/settings)
- To be able to inject the element picker script
- To implement the popup-blocker
See code:
"Change your privacy-related settings"
Since version 0.9.8.2 (release notes).
This is necessary to be able to:
- Disable "Prefetch resources to load pages more quickly"
- This will ensure no TCP connection is opened at all for blocked requests: It's for your own protection privacy-wise.[1]
- For pages with lots for blocked requests, this will actually remove overhead from page load (if you did not have the setting already disabled).
- When uBlock blocks a network request, the expectation is that it blocks completely the connection, hence the new permission is necessary for uBlock to do truthfully what it says it does.
- Disable hyperlink auditing/beacon (0.9.8.5)
uBlock's primary purpose is to block network connections, not just data transfer. Not blocking the connection while just blocking the data transfer would mean uBlock is lying to users. So this permission will stay, and sorry for those who do not understand that it actually allows uBlock to do its intended job more thoroughly[2]. A blocker which does not thoroughly prevent connections is not a real blocker.
Privacy Badger also requires exactly the same permissions. I want uBlock to also serve privacy-minded users first.
If prefetching had been disabled by default, this new permission would not be needed, but prefetching is unfortunately enabled by default, and under Privacy heading, which is itself hidden by default under "advanced settings", and even at this point, you would still have to dig to find out the negative side effects of prefetching (related: dark patterns).

Also, the benefits of prefetching are probably marginal, and in the context of a blocker, the benefits could be negative, since a lot of useless connections would be made, just to be discarded after the browser find out the requests won't be made anyway. So do not fall for the "lost of major performance boost" claim I read elsewhere, this is just a silly and baseless claim.
Edit: actually, prefetching is worst than I first thought, I had tested that it was just a connection issue, but as per Google:
If you turn this setting on in Chrome, websites (and any of their embedded resources) that are prerendered or prefetched may set and read their own cookies as if you had visited them before -- even if you don’t visit the prerendered or prefetched pages after all.
See code:
[1] Merely opening a TCP connection leaks your IP address to the remote server -- this is incompatible with an extension which primary purpose is to completely prevent connections to remove server, not just merely prevent the transfer of data. For instance, see what can be found with a just that connection being established (IP, OS Fingerprinting, IP Address Location).
[2] In version 0.9.8.3, there will be a setting to allow re-enabling prefetching, default will still be to disable it though.

