search

EFForg / privacybadger

Privacy Badger is a browser extension that automatically learns to block invisible trackers.
https://privacybadger.org
Other
3.19k stars 386 forks source link

broken shops hosted by plentymarkets.eu #2129

Closed Kobajashi closed 5 years ago

Kobajashi commented 6 years ago

Hey,

it seems that the badger is blocking our content delivery network for our customers.

We offer three generic CDN URLs for our customers

These URLs are used in more than 3000 Online Shops to deliver images in a fast way. A short time ago we also started to deliver all static content through our cdn including css and javascript files so the problem getting bigger.

Here is an snitch for cdn02 as example

**** ACTION_MAP for cdn02.plentymarkets.com
VM255:5 cdn02.plentymarkets.com {
  "userAction": "",
  "dnt": false,
  "heuristicAction": "block",
  "nextUpdateTime": 1533825355154
}
VM255:7 **** SNITCH_MAP for cdn02.plentymarkets.com

Would it be possible to add the CDN of use to yellowlist?

This is a high priority issue for use cause we receive a lot of tickets regarding broken shops.

If you have further question so let me know. I'm one of the Architects for the CDN Project.

Regards Timo

ghostwords commented 6 years ago

Hello!

Why does Privacy Badger learn to block these CDN domains? I could see for myself if you provide a few examples of plentymarkets-powered shops.

If you don't track anyone using these CDN domains, they may be a good match for EFF's Do Not Track policy. If you are willing and able to abide by the policy's requirements on the affected domains, posting the policy on each domain will tell Privacy Badger to always allow loading of resources from the domain.

Kobajashi commented 6 years ago

Hey,

I've no idea why these things getting blocked.

These domains are only CNAMEs in front of an AWS CloduFront CDN Distribution. So I don't think is would be an easy job to implement the DNT policy cause I don't know how I should return different results depending on header tracking status here.

I looked into the yellow list and saw an entry for CloudFront, the only difference is the CNAME that we use in front of the generic CloudFront URL string.

Kobajashi commented 6 years ago

example shops:

These there shops make us of cdn02 distirbution for displaying the item images.

The shop https://rogwear.asus.com/ uses our new shop system Ceres. There also the other static content types like javascript and css will be delivered over those cdn urls.

ghostwords commented 6 years ago

I browsed around the three shops, but I haven't been able to get Privacy Badger to learn to block any plentymarkets.com domains yet. I don't see any user error reports where these domains were blocked either.

Could you provide the rest of the debugging output from your original post? I see that the Badger you took the output from decided that it should block cdn02.plentymarkets.com because it saw cdn02.plentymarkets.com perform tracking somewhere. But there should be more output that will say where the tracking occurred.

ghostwords commented 6 years ago

So I don't think is would be an easy job to implement the DNT policy cause I don't know how I should return different results depending on header tracking status here.

There is no need to return different results ... If the domain is compliant with EFF's DNT policy, you just post the verbatim policy text at the canonical path and you should be all set.

ghostwords commented 6 years ago

Regarding cloudfront.net being the yellowlist: Looks like it was added as part of the original "example" yellowlist (cfe3cf95e141f161071bfb0930692ca37e3fd32c). We may want to remove it at some point (#1593), although it's frequently reported as being "cookieblocked" in our error reports, which means some Badgers do see tracking from it.

ghostwords commented 5 years ago

I'm going to close this for now. Let me know if you have more information.