search

AdguardTeam / AdguardFilters

AdGuard Content Blocking Filters
https://adguard.com/
GNU General Public License v3.0
2.96k stars 627 forks source link

stockx.com #181955

Closed adguard-bot closed 1 month ago

adguard-bot commented 1 month ago

Issue URL (Ads)

https://stockx.com/?nrtv_cid=.nrtv_plchldr.&ar=1845742109423608737&impactSiteId=xRM2Pu24%3AxyKRpuRnMXYg3DRUkHSPCW5hQDo1w0&clickid=xRM2Pu24%3AxyKRpuRnMXYg3DRUkHSPCW5hQDo1w0

Comment

Analytics.

https://stockx.com/16uD0kOF/xhr/api/v2/collector

https://api.sardine.ai/assets/collector.min.6ea1273.js

https://api.sardine.ai/v1/events

pixel - https://npjudfkwqn91oj1pvjvksy8ihucad3ae.d.sardine.ai/bg.png

websocket - wss://api.sardine.ai/v1/events/stream

Screenshots

System configuration

Information Value
AdGuard product: AdGuard Browser Extension v4.3.53
System version: Windows 11
Browser: Brave
Stealth mode: disabled
Filters: Ad Blocking:
AdGuard Base

Privacy:
AdGuard Tracking Protection,
AdGuard URL Tracking

Annoyances:
AdGuard Cookie Notices,
AdGuard Popups,
AdGuard Other Annoyances

Security:
Online Malicious URL Blocklist,
Phishing URL Blocklist,
Scam Blocklist by DurableNapkin

Language-specific:
AdGuard Russian,
AdGuard German,
AdGuard Japanese,
AdGuard Dutch,
AdGuard Spanish/Portuguese,
AdGuard Turkish,
AdGuard French,
AdGuard Ukrainian,
AdGuard Chinese
jellizaveta commented 1 month ago

Not sure if sardine.ai should be blocked, the js code looks like a logger, the company itself deals with fraud preventions

andris86 commented 1 month ago

@jellizaveta But it's still a form of tracking. Their website says

"Capture deep device intelligence and behavior biometrics for every customer touchpoint and interaction on your website or app."

And they log information about user and their actions, possibly using the websocket. Many users would not like it. They even say:

"Behavior Biometrics Typing speed, mouse movement, scrolling and swiping patterns, hesitation and distraction events, stressed behavior, and context switching.

Device Intelligence Device and browser fingerprints, True IP and location, emulators, tampered apps, remote access tools (RATs), Proxy piercing, VPN detection, bots, and device farms."

Does not matter if it is done for fraud detection, it is still invasive tracking.

adguard-bot commented 1 month ago

Issue URL (Ads)

https://stockx.com/?nrtv_cid=.nrtv_plchldr.&ar=1845742109423608737&impactSiteId=xRM2Pu24%3AxyKRpuRnMXYg3DRUkHSPCW5hQDo1w0&clickid=xRM2Pu24%3AxyKRpuRnMXYg3DRUkHSPCW5hQDo1w0

Comment

api.sardine.ai domain is used for invasive tracking. Please consider adding it. They say that they track:

"Behavior Biometrics Typing speed, mouse movement, scrolling and swiping patterns, hesitation and distraction events, stressed behavior, and context switching.

Device Intelligence Device and browser fingerprints, True IP and location, emulators, tampered apps, remote access tools (RATs), Proxy piercing, VPN detection, bots, and device farms."

This is way too invasive, do you agree? Username: @andris86

Screenshots

System configuration

Information Value
AdGuard product: AdGuard Browser Extension v4.3.53
System version: Windows 11
Browser: Brave
Stealth mode: disabled
Filters: Ad Blocking:
AdGuard Base

Privacy:
AdGuard Tracking Protection,
AdGuard URL Tracking

Annoyances:
AdGuard Cookie Notices,
AdGuard Popups,
AdGuard Other Annoyances

Security:
Online Malicious URL Blocklist,
Phishing URL Blocklist,
Scam Blocklist by DurableNapkin

Language-specific:
AdGuard Russian,
AdGuard German,
AdGuard Japanese,
AdGuard Dutch,
AdGuard Spanish/Portuguese,
AdGuard Turkish,
AdGuard French,
AdGuard Ukrainian,
AdGuard Chinese
andris86 commented 1 month ago

Can be closed.

jellizaveta commented 1 month ago

If I understand correctly, this need to prevent payment fraud and to protect against bots. There is nothing that says about personal user data. You can block these scripts in a user rules.