EFForg / privacybadger

Privacy Badger is a browser extension that automatically learns to block invisible trackers.
https://privacybadger.org
Other
3.2k stars 386 forks source link

www.spiegel.de is withholding contents even when whitelisted / PB disabled #1607

Open Spiegel-Leser opened 7 years ago

Spiegel-Leser commented 7 years ago

My news site www.spiegel.de seems to use tracking ads, which are blocked by PB, correspondingly. As they see that as a non-discriminating ad-blocker, they don't serve contents to me any more but for a frame asking me to whitelist / disable my ad-blocker. Thing is, regardless of the PB whitelist or a disabled (!) PB, they still recognize an ad-blocker. Only removing PB helps! How can they even recognize the disabled PB? Why does whitelisting www.spiegel.de not help?

Spiegel-Leser commented 7 years ago

Additionally: Even HTTPS everywhere is treated the same, but disabling helps in that case.

ghostwords commented 7 years ago

Sounds related to #1596.

ghostwords commented 7 years ago

www.spiegel.de, like www.washingtonpost.com (#1444), has consistently been a top-reported domain by Privacy Badger users.

ghostwords commented 7 years ago

I can reproduce the ad blocker message (screenshot from Chrome below), but disabling Privacy Badger on the page does work (in Chrome and Firefox); the message goes away while tracking/ads come back.

screenshot from 2017-08-28 12 29 44

alanton commented 7 years ago
  1. I can reproduce this problem with PB but HTTPS does not cause any problem on Chrome.

  2. @ghostwords do you know why the message is still triggered if the site if manually whitelisted? I presumed that whitelisting would unblock all third parties and have the same effect as the 'Disable Privacy Badger For This Site' button, but @Spiegel-Leser is correct, one works and not the other.

  3. We are contacting Spiegel about this problem and we'll see how they respond. The anti-adblock notice I received states if this message appears even though you are not running an adblocker, you should disable any similar extensions and the Do Not Track preference. This is a strange and incorrect idea. They are also blocking readers who are using a Firefox private window, presumably because that mode has Tracker Protection enabled.

spiegel_anti_adblocker
Spiegel-Leser commented 7 years ago

I just tested, HTTPS is not causing problems on Spiegel.de in Firefox either. They seem to have changed that. PB is still a problem. Didn't test whitelisting, disabling helps.

Am 21.09.2017 um 03:42 schrieb alanton:

1.

I can reproduce this problem with PB but HTTPS does not cause any
problem on Chrome.

2.

@ghostwords <https://github.com/ghostwords> do you know why the
message is still triggered if the site if manually whitelisted? I
presumed that whitelisting would unblock all third parties and
have the same effect as the 'Disable Privacy Badger For This Site'
button, but @Spiegel-Leser <https://github.com/spiegel-leser> is
correct, one works and not the other.

3.

We are contacting Spiegel about this problem and we'll see how
they respond. The anti-adblock notice I received states if this
message appears even though you are not running an adblocker, you
should disable any similar extensions and the Do Not Track
preference. This is a strange and incorrect idea. They are also
blocking readers who are using a Firefox private window,
presumably because that mode has Tracker Protection enabled.

spiegel_anti_adblocker https://user-images.githubusercontent.com/11096622/30674892-663a2c7e-9e7d-11e7-8bf5-26936b6f7409.png

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/EFForg/privacybadger/issues/1607#issuecomment-331027010, or mute the thread https://github.com/notifications/unsubscribe-auth/Ad89MajR-qtsbsi5V05bjgs57iwB41aFks5skb8jgaJpZM4PEbLB.

ghostwords commented 7 years ago

why the message is still triggered if the site if manually whitelisted

@alanton How did you manually whitelist the site? Post a screenshot if that's helpful.

Spiegel-Leser commented 7 years ago

I should have made this clear: The screenshot shows the whitelisting and as a result the never-ending loading of the news page. If I don't whitelist the message appears, if I disable PB everythings fine.

Am 21.09.2017 um 15:46 schrieb Alexei:

why the message is still triggered if the site if manually whitelisted
@alanton <https://github.com/alanton> How did you manually whitelist
the site? Post a screenshot if that's helpful.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/EFForg/privacybadger/issues/1607#issuecomment-331161126, or mute the thread https://github.com/notifications/unsubscribe-auth/Ad89MfLaQykjgQFu47WZiYSNKmcE7NaWks5skmirgaJpZM4PEbLB.

alanton commented 7 years ago

@ghostwords under the whitelisted domains in options:

screen shot 2017-09-21 at 23 31 18
ghostwords commented 7 years ago

@alanton Our whitelisting options page UI is confusing (and missing validation). If you put in www.spiegel.de, that should be the same as clicking "Disable Privacy Badger For This Site". You can see for yourself by clicking that button and then visiting the options page to see what entry got added.

ghostwords commented 7 years ago

@Spiegel-Leser I removed a duplicate comment.

whitelisting and as a result the never-ending loading of the news page

Oh, this sounds like another problem, something on top of the ad blocking message. What browser do you use? What is your browser version? What version of Privacy Badger do you have? What other add-ons do you have installed?

alanton commented 7 years ago

I think the issue I had with whitelisting the site manually was that I entered http://www.spiegel.de rather than just spiegel.de. when I enter the latter manually it works.

Spiegel-Leser commented 7 years ago

Doesn't matter with me. http://www.spiegel.de or www.spiegel.de or spiegel.de all lead to the same problem.

Am 21.09.2017 um 23:54 schrieb alanton:

I think the issue I had with whitelisting the site manually was that I entered http://www.spiegel.de rather than just spiegel.de.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/EFForg/privacybadger/issues/1607#issuecomment-331292725, or mute the thread https://github.com/notifications/unsubscribe-auth/Ad89MeaWwfLCl_mO9oLF6rWPFKBNj_QJks5sktsXgaJpZM4PEbLB.

-- Jochen Schüttler Tölzer Str. 13 28215 Bremen

Tel 0421 20807078 Hdy 0176 48609072

michael-oneill commented 7 years ago

If I use Bouncer to block specific third-parties I only get the "please deactivate your Adblocker" message" when imagesrv.adition.com is blocked. It would be interesting to see if PB is blocking this domain in some circumstances. There are no cookies in it when I look but maybe it triggers PB in some other way.

abpspiegel

ghostwords commented 7 years ago

I don't see tracking from imagesrv.adition.com, but domains like ad8.adfarm1.adition.com and dsp.adfarm1.adition.com are picked up as cookie trackers (on sites like derstandard.at, brigitte.de and spiegel.de), which leads to adition.com, their base domain, getting blocked, which leads to imagesrv.adition.com getting blocked (thanks to having the same base domain).

michael-oneill commented 7 years ago

The German Telemedia Act (Section 13) requires that the recipient of the service (site visitor) is told when their data is passed on to another service provider i.e third-party, and that the recipient of the service can terminate the use of the service at any time. The ability to block some or all third-parties must be an acceptable way to do that, especially as the site does not offer any other way. You could say the site is denying a legal right by completely blocking access if someone exercises their right.

On first visit to the home page:

Cookies & Third-Party Domains on http://www.spiegel.de/

There are 15 first-party probable UID cookies and 16 third-party probable UID cookies from 53 domains

First Party UID Cookies: Domain: spiegel.de Name: gads expires after : 2 yrs Name: spVcData2 expires after : 2 mnths Name: _ga expires after : 2 yrs Name: mx_nam_id expires after : 31 days Name: _parsely_visitor expires after : 2 yrs Domain: c.spiegel.de Name: __gads expires after : 2 yrs Name: spVcData2 expires after : 2 mnths Name: _ga expires after : 2 yrs Name: mx_nam_id expires after : 31 days Name: _parsely_visitor expires after : 2 yrs Domain: cdn2.spiegel.de Name: gads expires after : 2 yrs Name: spVcData2 expires after : 2 mnths Name: _ga expires after : 2 yrs Name: mx_nam_id expires after : 31 days Name: _parsely_visitor expires after : 2 yrs

Third Party UID Cookies: Domain: dc73.s290.meetrics.net Name: id expires after : 5 days Domain: srv-2017-09-22-16.pixel.parsely.com Name: pid expires after : 11 mnths Domain: ad.yieldlab.net Name: id expires after : 12 mnths Domain: rtax.criteo.com Name: uid expires after : 12 mnths Name: eid expires after : 6 mnths Name: zdi expires after : 6 mnths Domain: ad8.adfarm1.adition.com Name: fc9 expires after : 6 mnths Name: UserID1 expires after : 6 mnths Domain: de.ioam.de Name: i00 expires after : 2 days Domain: static.adfarm1.adition.com Name: UserID1 expires after : 6 mnths Domain: adfarm.mediaplex.com Name: svid expires after : 51 mins Name: rts expires after : 51 mins Name: mojo3 expires after : 30 days Domain: img-cdn.mediaplex.com Name: svid expires after : 51 mins Name: rts expires after : 51 mins Name: mojo3 expires after : 30 days

First Party Domains: spiegel.de c.spiegel.de cdn2.spiegel.de

Third Party Domains: dc73.s290.meetrics.net srv-2017-09-22-16.pixel.parsely.com imagesrv.adition.com ad.yieldlab.net rtax.criteo.com ad8.adfarm1.adition.com de.ioam.de static.adfarm1.adition.com adfarm.mediaplex.com c.t4ft.de img-cdn.mediaplex.com googletagservices.com t4ft.de wlresults.westlotto.com securepubads.g.doubleclick.net ad.doubleclick.net pixel.adsafeprotected.com ad4.adfarm1.adition.com s0.2mdn.net tpc.googlesyndication.com static.parsely.com s290.mxcdn.net google-analytics.com srv-2017-09-22-16.config.parsely.com dc80.s290.meetrics.net static.adsafeprotected.com z.moatads.com pagead2.googlesyndication.com googleads4.g.doubleclick.net dockhand.netflix.com dt.adsafeprotected.com a-ssl.ligatus.com ad9.adfarm1.adition.com ad.atdmt.com dmp.theadex.com portal.blau.de geo.moatads.com px.moatads.com ssl.ligatus.com fonts.googleapis.com google.com fonts.gstatic.com googleads.g.doubleclick.net gstatic.com adx.ligadx.com x.bidswitch.net ads.yagiay.com ade.googlesyndication.com stats.g.doubleclick.net google.co.uk

Cookie data collected by Baycloud Bouncer https://baycloud.com/bouncerDownload

deisi commented 6 years ago

I made it work by allowing ad.doubleclick.net.

d2weber commented 6 years ago

Allowing ad.doubleclick.net also worked for me. imagesrv.adition.com seemed to work at the beginning, but the same problem appeard, as the site was completely loaded.

deisi commented 5 years ago

also remember to disable the firefox internal content blocking feature for spiegel.de it also kept me off the site. To do so, click on the top left shield icon and then disable content blocking for this side.