disconnectme / disconnect-tracking-protection Goto Github PK
View Code? Open in Web Editor NEWCanonical repository for the Disconnect services file
License: Other
Canonical repository for the Disconnect services file
License: Other
Dada
Has control of my settings
I see trackers slipping through from s.youtube.com
. Example: https://www.youtube.com/watch?v=fd-VFBOOL5c
Privacy Pro on iPhone bypasses the VPN when connecting to disconnect.me.
Turn (now part of Amobee) is an ad tech company which has has used very user-hostile tracking techniques in the past. They're currently classified as "Content", and thus won't be blocked in Firefox Tracking Protection.
All videos on CNET are being misidentified as trackers and will not play.
nbcnews.com is currently listed under Microsoft: https://github.com/disconnectme/disconnect-tracking-protection/blob/master/services.json#L7156
From https://en.wikipedia.org/wiki/NBCNews.com:
"On July 14, 2012, NBC officially announced that Microsoft had sold back its half share of msnbc.com for $300 million"
I'm happy to create a PR for this if you approve of removing it from the list of Microsoft properties.
Getting The resource at “https://cognito-idp.us-east-1.amazonaws.com/” was blocked because tracking protection is enabled.
using "Disconnect.me strict protection" on FF Nightly.
Please consider whitelisting AWS Cognito. Without this it's impossible to login to any site that uses AWS Cognito for authentication.
Hello! Does Disconnect exclude sites that support https://www.eff.org/dnt-policy? This PR suggests that this may be the case: #4
Context: I am a former author of Privacy Badger Firefox and now a maintainer of Brave browser, which uses this list for tracking protection. If you are whitelisting sites that post EFF's DNT policy, Brave should be enabling DNT on those sites (we do not by default). I would suggest that this be documented somewhere for downstream users of this repo.
A disconnect.me user reported that submit form on www.virtkick.io doesn't work for him. I tried disconnect.me and I reproduced the problem. Why are you blocking legitimate JSONP requests to MailChimp?
Resource interpreted as Script but transferred with MIME type text/html: "about:blank". mailchimp ajax submit error: parsererror
I can confirm this is an issue, MailChimp email signups are blocked under Advertising, causing signups to fail silently on many sites.
disconnect-tracking-protection/services.json
Line 3879 in efbfeab
In your Blocking List, you also block Google Tag Manager.
Since Google Tag Manager is not collecting any data, you should remove it from your list.
If someone opts out of tracking, you disable Google Analytics or other Trackers already. But Google Tag Manager can also be used for essential features without any tracking of users.
This issue is causing a breakage bug in Firefox right now, please see https://bugzilla.mozilla.org/show_bug.cgi?id=1518872.
The reason is that Firefox classifies live.com as a third-party tracker on sharepoint.com without realizing that both of these domains belong to the same entity (Microsoft). Having sharepoint.com classified on the Content category in addition to the other Micorosft domains there would allow Firefox to work around this bug by correctly recognizing the entity relationship between these two domains.
I would appreciate the help in adding this domain to the list. Thanks!
Please consider whitelistsing requests to Google domains that contain the &npa=1
URL parameter.
These requests are for non-personalized/non-tracking ads (usually contextual page-relevant ads) that don’t serve ads based on the user’s past browsing behavior, and don’t store information about the page/ad that requested the ad.
“Although these ads don’t use cookies for ad personalization, they do use cookies to allow for frequency capping, aggregated ad reporting, and to combat fraud and abuse.”
(These are the same exceptions as found in the GDPR.)
More information:
https://support.google.com/adsense/answer/7670312
Disconnect.me should whitelist these to encourage publishers to adopt non-tracking ads.
All Shareaholic CDN assets (images, fonts, CSS, JS) are loaded from apps.shareaholic.com which causes site functionality and site admin interfaces which are part of WordPress and Drupal Admin areas to break.
For example - WordPress:
http://jay.meattle.com/wp-admin/admin.php?page=shareaholic-settings
Blocking all resources loaded from shareaholic.com
feels extreme as it breaks functionality across 200,000+ WordPress and Drupal site admin screens.
Possible solution:
Re-classifying shareaholic.com as Content
seems more appropriate and it would at least stop breaking Admin interfaces in some cases. If someone has the "strict" list turned on in Firefox, then they at least have been given the heads up that site functionality can break.
(Originally posted in Mozilla issue tracker)
It would be nice, if AddToAny service will be removed from Firefox blacklist. At the time social buttons of service block in Firefox (beginning at Firefox 63) by default.
If I need to make another actions, that AddToAny buttons works for Firefox users with Always
value of Trackers
key, please, tell me.
<!-- AddToAny BEGIN -->
<div class="a2a_kit a2a_kit_size_32 a2a_floating_style a2a_vertical_style" style="left:0px; top:150px;">
<a class="a2a_dd" href="https://www.addtoany.com/share"></a>
<a class="a2a_button_mastodon"></a>
<a class="a2a_button_diaspora"></a>
</div>
<script async src="https://static.addtoany.com/menu/page.js"></script>
<!-- AddToAny END -->
If Only in private windows
value of Trackers
key:
Buttons are shown:
Else Always
value of Trackers
key:
No buttons:
Privacy Policy from official site:
Do Not Track (DNT):
+ When a supported browser's DNT header is enabled, we prevent tracking across sites where AddToAny is used.
+ For example, we disable Like & Tweet buttons to prevent Facebook & Twitter tracking when DNT is enabled.
+ See our full Do Not Track Compliance Policy.
Full Do Not Track Compliance Policy in AddToAny site.
As user, I use Privacy Badger of Electronic Frontier Foundation (EFF) for tracking preventing → Privacy Badger allow AddToAny:
Firefox support EFF blacklists.
a2a_config = a2a_config or {}
a2a_config.no_3p = true
a2a_config.track_links = false
This code prevents any tracking:
Thanks.
This happens on the iOS Safari content blocker. Example: https://www.google.com/amp/abcnews.go.com/amp/Technology/wireStory/apple-slowing-iphones-cuts-battery-price-50-52034050
The following study has listed two offenders that are using 3rd party scripts to collect user behavioral tracking data from password managers.
These are the vendors called out in the piece:
audienceinsights.net
behavioralengine.com
Not sure whether it belongs under advertising or social, but the domain is owned by twitter.
Domain observed on NYTimes, for example.
do-not-tracker.org
eviltracker.net
trackersimulator.org
These try to load code to actually test fingerprinting. By simply blocking the domains your just saying "Yay, we block those 3 harmless test domains" but the actual tracking techniques that they present would then remain undetected on every other domain on the web.
disconnect-tracking-protection/services.json
Line 2238 in 40846f7
I'm seeing trackers from youtubei.youtube.com
. For example, you might see it here: https://www.youtube.com/watch?v=V6mQYfrbuDQ
I think that domain needs to be added to the json.
I think there's a tracker slipping through from clients1.google.com
. Example: https://www.youtube.com/watch?v=iLoM3lGGJxk.
https://webbkoll.dataskydd.net/sv/ uses your database to classify third party requests.
So far the following seem to be missing:
See https://bugzilla.mozilla.org/show_bug.cgi?id=1432650 ...
yandex.ru
appears in the "Advertising" section, which means all of its subdomains (like api-maps.yandex.ru) are blocked. But api-maps.yandex.ru
is categorized as "Content".
Can we adjust the yandex entries in "Advertising" to use the fully-qualified domain names of the advertising Yandex domains, so that other non-advertising Yandex domains will be allowed?
I think there's a tracker slipping through from www.youtube-nocookie.com
. Example: https://www.youtube.com/watch?v=V6mQYfrbuDQ.
This was observed with focus ad blocker, but may impact other disconnect based blockers.
See ampproject/amphtml#6163 for our investigation.
To reproduce:
In general, AMP does not do any tracking itself (documents and most resources are served from a cookieless domain). It can instrument traditional tracking services, so things should just work if you block those.
Please block app.yieldify.com
, used by Yieldify.
FYI, akamaihd.net listed as a Facebook domain, and even though lots of Facebook traffic resolves there, it is an Akamai domain that is used by other clients as well.
Heatmap tracking via static.hotjar.com
is not blocked on normal or strict.
For reference: www.hotjar.com
Intrusive profiling company, Lead Forensics, uses the following tracking domains (non-exhaustive list):
secure.leadforensics.com
lead-123.com
mon-com-01.com
infra-gtc.com
lansrv040.com
Appears to follow the form:
//www\.example\.com/js/[0-9]+\.js
and noscript as //www\.example\.com/[0-9]+\.png
There is a form on this domain that becomes non-interactive when this domain is blocked.
Found on Firefox iOS and Focus iOS:
https://bugzilla.mozilla.org/show_bug.cgi?id=1499201
iOS-specific usage of this list is an ancillary use case of course, so I am filing mostly for future reference; I don't imagine there is a way to change this entry in the list without affecting non-iOS platforms.
bucksense.com tracks users and serves ads
styria-digital.com serves ads and tracks users, please block it
Belongs to Symphony Technological Group via Connexity, not Experian.
I see the Google tracking NID
cookie being sent to https://adservice.google.ca/adsid/integrator.js?domain=tpc.googlesyndication.com, see:
The response headers for this URL includes the following which I found interesting:
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
Hello,
Inspired by this discussion: https://news.ycombinator.com/item?id=18890356 - looks like FireFox blocks ajax requests to fetch reddit posts (demo https://jsbin.com/fuyijan/2/edit?js,console)
Is there a way to enable https://www.reddit.com/r/
and keep everything else as is?
Please block dwin1.com
.
AKA Digital Window. Used by affiliate marketing company Awin.
365dm.com is a domain used for serving images across Sky content sites. It is in no way affiliated to 365media.com as you can see from the WHOIS data below:
https://www.whois.com/whois/365dm.com
https://www.whois.com/whois/365media.com
A pull request has been opened to remove 365dm from the list:
#40
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.