Either because we haven't whitelisted ssl.gstatic.com or because we haven't whitelisted maps.google.com, I think. Or maybe maps.gstatic.com.

https://secure.timeshighereducation.co.uk/signin.aspx?navcode=26

buildtools uses M2Crypto to sign .crx files from Python. This can be done by calling the openssl command line instead, like this:

https://gitweb.torproject.org/https-everywhere.git/blob/HEAD:/makecrx.sh#l120

We get a slew of errors like this right now, though the extension seems to otherwise work:

Error
compat.js:77
Port: Could not establish connection. Receiving end does not exist. lastError:29
Port: Could not establish connection. Receiving end does not exist. lastError:29
Port: Could not establish connection. Receiving end does not exist. lastError:29
Port: Could not establish connection. Receiving end does not exist. lastError:29
Port: Could not establish connection. Receiving end does not exist. lastError:29
Port: Could not establish connection. Receiving end does not exist. lastError:29
Port: Could not establish connection. Receiving end does not exist. lastError:29
Port: Could not establish connection. Receiving end does not exist. lastError:29
Port: Could not establish connection. Receiving end does not exist. lastError:29
Port: Could not establish connection. Receiving end does not exist.

We may be able to base this off of what ABP has already.

We can change the setting via chrome.privacy to block referers entirely (my preference), we can strip the referrers alongside cookies only for third parties, and have it track our cookie policy, or we can omit any referer blocking.

I typically browse turning off referers entirely in Firefox and notice very little breakage, though there is more than 0.

Right now the actual blocking and subscription lists have been refactored, but not the popup.js logic. We need to think carefully about how to refactor.

1. Should there be an Action object, or is it OK to just have an enum and represent actions by string (e.g. "cookieblock")?
2. We should change getBlockedData in background.js to return to actions themselves to popup.js, not the list of subscriptions which fired/didn't fire.
3. We need to somehow be able to determine if a user changed a setting. Right now if I load something in Tab1, then browse to Tab2, it's possible that something will have been added to the frequencyHeuristic subscription from Tab1 that was previously unblocked. Then if I go back to Tab1, we need to update, else it could look like the user changed.

To reproduce:

1. Install extension fresh
2. Open dictionary.com

There won't be an icon. There is if you refresh.

Though perhaps there can be a (much shorter) whitelist of exceptions.

Right now we only display resources in the popup.js UI that are in some subscription list: either the heuristicblocking list, the EFF whitelist, or the cookieblocking whitelist. but this means we are blocking cookies for some resources but NOT displaying any information about them. For these resources, there is no way for the user to add to the cookieblocking whitelist.

What do we want to do about this? Display all third-party resources? OK as is?

Sometimes I've noticed that the toolbar context menu for privacybadger / trackerlab retains a bunch of domains from past uses of the window. I don't have a theory about how to reproduce quickly or why this is happening, yet. A thorough read of the code might explain it?

Charts here: http://www.worldweatheronline.com/Taldykorgan-weather-averages/Almaty/KZ.aspx

In this page for me:

http://www.canberratimes.com.au/act-news/huge-number-of-belowtheline-votes-deciding-factor-in-tight-race-for-senate-20130910-2tikv.html

Currently, the PB filters look like the user made them by hand.

Right now I don't believe ABP gives a way to do this. We want to build in this functionality to compare blocklists.

Currently if you block 3rd party cookies PB won't do anything. We can watch incoming cookie headers to work around this.

Depends on #41. What do we want the first run page to look like? Currently this is the crazy scientist.

Right now we use a single whitelist and blacklist that users can change. But in the future, we may want to ship different whitelists. It seems like a better bookkeeping to use multiple subscription lists.

Adblock Plus: Downloading filter subscription frequencyHeuristic failed (synchronize_connection_error)
Download address: frequencyHeuristic
Channel status: -1
Server response: undefined

It's a SpecialSubscription like a user-defined subscription

Right now they aren't deduped, and so we keep adding Filters for commonly blocked domains.

Right now the UI will display as red entries which are candidates for blocking, but have been whitelisted.

We shouldn't really block anything for a long time, but in my observation chrome sometimes blames us for significant latency hits. Some printfs should figure this out...

while browsing maps.google.nl, I just observed blockage of map tile loading! The list of domains we've targetted for blocking in the page is below. We may need to wildcard the whitelists around some of these?

maps.google.com
ajax.googleapis.com
fonts.googleapis.com
www.google-analytics.com
ssl.google-analytics.com
connect.facebook.net
themes.googleusercontent.com
ssl.gstatic.com
mw2.google.com
cbks3.google.com
www.google.com
maps.gstatic.com
mts0.google.com
mts1.google.com
maps-api-ssl.google.com

Our original design allowed the user to block all ads, not just privacy-invasive third party resources. It seems we've strayed from this in our extension popup UI. The machinery that allows one to do per-subscription matching is in place, so it wouldn't be too hard to restore this. The challenge is the UI (can users do any sort of toggling for first-party ads? how does one control whether this is on or off?). I think for simplicity, at this point it makes sense to omit this. I can describe how to add it back in if this is a desired feature for future versions, but my sense is that I wanted this more than others.

Low entropy cookies are not tracking tools. Maybe the domains that set them should just be in the whitelist for now?

Right now we block referers wholesale. We'd like to make this policy consistent with cookies. Marking for our launch milestone for now.