Today we're going to talk about uBlock Origin and if you've followed the  previous chapters on ad-blocking articles here is a little extra  information for you. Even if you are using either of the two ad blocking  apps (AdGuard Home or Pi-Hole) please use uBlock Origin additionally on top of it. Alternatively if you are a more advanced user you can install uMatrix.

uBlock Origin – Get this Extension for 🦊 Firefox (en-US)
Finally, an efficient blocker. Easy on CPU and memory.

So what is uBlock Origin?

Its lightweight, it doesn't distract and it blocks banners, ads and trackers that includes the new CNAME trackers!

And why do you need it?

uBlock  Origin is not just an ad blocker. It does block ads and the banners  (that you can see) and trackers (that you can't see) but it can  basically block anything that you don't want.

This is critical  for those of us who value our freedom and their privacy plus  it eliminates the noise and intrusion of advertising. Many of us agree  that we don't want anyone and everyone having free and unfettered access to our personal data, with or without our permission

Drilling  down, uBlock Origin operates through the use of blocking lists. These  can be customized such as the ones we have posted in Chapter 3.

One  very good reason why we like uBlock Origin on Firefox is that it  can now block first-party tracking scripts that attempt to bypass  filters and rules by utilizing DNS CNAME records to load scripts from a  third-party domain.

A first-party tracker is where the tracking  script is located on the same domain as the web site, while a  third-party tracker is when the tracking script is located on another  domain.

As browsers begin to block third-party trackers as part  of their tracking protection features, some websites have switched to  first-party trackers in order to bypass these protections.

First-party tracker protection is, however, only available on Firefox

In  order to block first-party trackers that utilize CNAME records, uBlock  Origin would first need to perform a DNS lookup of the hostname loading a  script  to determine the underlying domain that it resolves to.

For  example, if a script is being loaded from the user's domain, the ad  blocker will perform a DNS lookup and check if it resolves to known  tracking domains, and if so, block them.

Unfortunately, Chrome  does not provide an API that allows an extension to perform DNS lookups,  however, uBlock Origin developer Raymond Hill did find an API in Firefox  that could manage this:

I am looking at,  it can be used to expose the CNAME:
-Raymond Hill

Hill subsequently released  uBlock Origin 1.24.1b0 which contains a feature that "uncloaks" CNAME  records in order to block first-party tracking that utilize scripts on  third-party domains.

If using 1.24.1b0 and above, to "uncloak" actual (canonical, CNAME) hostname, set advanced setting cnameAliasList to *.

Network requests for which the actual hostname differs from the original hostname will be replayed through uBO's filtering engine using the actual hostname. When I started developing the feature I could spot in the logger when visiting, but I can no longer reproduce this. Regardless, uBO is now equipped to deal with 3rd-party disguised as 1st-party as far as Firefox's browser.dns allows it."

With this new feature added, if using uBlock Origin version 1.24.1b0 or newer, installing the extension it will require a new DNS permission described as "Access IP address and hostname information", which will be used by the extension to resolve the CNAME records.

STOP PRESS!!! uBlock Origin ( is now available and has CNAME Tracking on-board, however Mozilla is still showing it as 1.24.2 on it's download page.

Please bear in mind that this only works on Firefox! In our next chapter we explain how to make Firefox as secure and private as possible, a couple of really good tweaks and you'll never want or need to use Chrome (by Google) or any other browser again!

If you have an Android Phone, consider uBlock Origin also on your Firefox Mobile or Fennec Browser, thanks for your time :-)

We publish a daily dose of decentralization here every day (UTC+8), for additional daily updates follow us on Mastodon, Twitter, Telegram or Element(Matrix). Please like & share all our output. We rely on User-Generated Content so why not write for us and since we try to avoid ads and sponsorship, why not donate to help us continue our work - all major cryptos accepted. You can contact us at and at
Share this post