Interference with the Pointless Chrome Extension

[FelicianoTech]

I have a Chrome extension called Pointless (Chrome Store/GitHub) that adds features to GitHub.com (and soon BitBucket) that would help CircleCI users.

It looks like Privacy Badger is blocking the extension from working correctly. Any suggestions on what can be done on either end to get both extensions working together nicely?

[ghostwords]

I'm guessing Privacy Badger learns to block some (CircleCI?) domains (on GitHub pages) that are required for Pointless to function. Could you see if you can find any relevant domains under the Tracking Domains tab on Privacy Badger's options page? Does unblocking them fix the issues?

[drazisil]

Hi @ghostwords ,

It's actually the circleci.com domain itself.

What I believe is the issue, is the Chrome Extension reading data from the GitHub pages and then sending that info in an API call back to CircleCI with an auth token (which probably looks like a tracking id) that is upsetting Privacy Badger

ETA: Unblocking the domain fixes the issue.

[ghostwords]

OK, thanks for letting us know of a workaround!

I am not yet sure what Privacy Badger can do to avoid this sort of conflict (see also: https://github.com/EFForg/privacybadger/issues/1868#issuecomment-366046776 and broken app-labeled issues in general). We could perhaps reuse the yellowlist, or maintain a separate list of known extension-related domains.

[drazisil]

@ghostwords what would be required to move circleci.com from red to cookies-only as a default?

[ghostwords]

Does "cookieblocking" circleci.com permit Pointless to fully function?

Also, would CircleCI be open to posting the EFF Do Not Track policy on each of its API domains? If CircleCI is able and willing to abide by the policy's requirements on the affected domains, posting the policy on each domain will tell Privacy Badger to always allow loading of resources from the domain.

[drazisil]

@ghostwords It does not, I assumed incorrectly.

Regarding the DNT policy, I'm going to defer that to @felicianotech to investigate.

[FelicianoTech]

Also, would CircleCI be open to posting the EFF Do Not Track policy on each of its API domains?

I'm not sure what that means nor do I know if I'll be able to make that change myself if that's something that would need to be done within CircleCI's API codebase itself. Like a CircleCI customer, much of the work I end up doing is in implementing the API.

[ghostwords]

Yeah, this is a question for CircleCI staff.