search

EFForg / https-everywhere

A browser extension that encrypts your communications with many websites that offer HTTPS but still allow unencrypted connections.
https://eff.org/https-everywhere
Other
3.37k stars 1.09k forks source link

radiotimes.com mistakes HTTPS Everywhere for an ad-blocker #14879

Closed HarryCutts closed 6 years ago

HarryCutts commented 6 years ago

Type: other Domain: radiotimes.com

Going to a Radio Times article (like this one) with HTTPS Everywhere enabled brings up a prompt asking you to turn off your ad-blocker (screenshot). (All the more annoyingly, it only appears after the page has fully loaded, which may take a while.) Turning off HTTPS Everywhere altogether and reloading makes it go away.

Bisaloo commented 6 years ago

Thank you for your report!

This sounds similar to #14835. I hope we are not going to see a surge of broken sites because of anti-adblocking strategies.

I could not reproduce your issue at first and I had to disable uBlock to get the result in your screenshot so I am assuming this is fixed by using the uBlockAssets filter in your adblocker (according to https://github.com/EFForg/https-everywhere/issues/14835#issuecomment-369910279).

In the meantime, I will try to see if that's something we can fix on our side for users that don't / don't want to use an adblocker.

numismatika commented 6 years ago

@Bisaloo it is not good if we have to add more and more exclusion to fastly for every site that uses this adblock detection solution. (Still wonder who produced it). Is that a fastly issue or a HTTPS-Everywhere problem that causes CORS?

Bisaloo commented 6 years ago

@numismatika, I'm not sure what you mean.

Anyways, we now have a solution to fix all CORS issues (https://github.com/EFForg/https-everywhere/issues/49#issuecomment-357693254) and stop adding exclusions but we need to implement it.

jeremyn commented 6 years ago

I can't reproduce the original problem -- getting a "turn off your adblocker" prompt at http://www.radiotimes.com/news/tv/2018-03-09/his-dark-materials-bbc-cast-director-lyra-revealed/ -- in a Firefox profile with HTTPS Everywhere, no uBlock Origin, with the Fastly.net (partial) ruleset active. Is this still an issue?

HarryCutts commented 6 years ago

I just tried again on a different computer (with Firefox ESR (52.6.0) on Debian), and I didn't get the prompt, even though both HTTPS Everywhere and Privacy Badger were enabled, so maybe they've just removed that prompt.

Bisaloo commented 6 years ago

I can't reproduce anymore either. It looks like they fixed it on their side.