Skip to content

Don't block domains by etld+1 for non-cookie tracking. #1527

New issue
New issue
Closed
#2891
Closed
Don't block domains by etld+1 for non-cookie tracking.#1527
#2891
Assignees
bcyphers
Labels
enhancementfingerprintingRelating to (canvas) fingerprinting detectionheuristicBadger's core learning-what-to-block functionalityimportantyellowlistDomains on this list are allowed but with restrictions: no referrer headers or cookies/localStorage
@cowlicks

Description

@cowlicks
cowlicks
opened on Jul 25, 2017

When we see a 3rd party tracking on a website, we block the etld+1 associated with the 3rd party.

This makes sense when we see cookie tracking, because cookies are scoped by domain.

However it does not make sense for localstorage or fingerprinting tracking. Localstorage tracking is scoped to a domain. Fingerprinting tracking is probably most easily associated with URLs (or something like them).

An example of how this might be a problem:

  • we see fingreprinting tracking from a third party https://cdn.jsdelivr.net/fingerprintjs2/1.5.,1/fingerprint2.min.js
  • we block jsdelivr.net
  • this breaks stuff so we add jsdelivr.net to the cookieblock list (it is actually on there)
  • fingerprinting tracking can now continue, just as before

So we didn't actually fix anything.

It is hard to tell how big of an issue this is, since we don't get information about why a thing was blocked (related to #1289 #963), but we should keep this in mind as we develop a new action_map.

Metadata

Metadata

Assignees

Labels

enhancementfingerprintingRelating to (canvas) fingerprinting detectionheuristicBadger's core learning-what-to-block functionalityimportantyellowlistDomains on this list are allowed but with restrictions: no referrer headers or cookies/localStorage

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions