Privacy Badger can break other extensions in Chrome and Edge

[ylluminate]

What is your browser and browser version?

• Ungoogled Chromium + Chromium Web Store

What is broken and where?

• Please see this issue: https://github.com/NeverDecaf/chromium-web-store/issues/152#issuecomment-2143294253

[ghostwords]

Hello and thanks for opening an issue! This may be a problem with extensions that block google.com using Declarative Net Request. I'll reply in the other thread too.

[ghostwords]

Relatedly, I added a Pinterest domain to the yellowlist (0972e2d3f27cc8ccba190fd257e53617b978f3e7) to unbreak the Pinterest extension earlier today. So it looks like the Manifest V3 DNR version of Privacy Badger for Chrome can now block (and modify) requests issued by other extensions, whereas I think it couldn't before as a Manifest V2 blockingWebRequest extension.

[ghostwords]

Having trouble finding the issue that documents DNR having greater scope than webRequest. I did find https://issues.chromium.org/issues/40277172, which seems like a specific example of extensions interfering with one another or even the browser itself through DNR.

[NeverDecaf]

I'll add a bit more context in case it helps:

• chromium-web-store's popup.html (chrome-extension://ocaahdebbfolfmndjeplogmgcagdmblk/popup.html) is initiating the blocked requests in this case. The request is always to the same domain and resembles this: https://clients2.google.com/service/update2/crx?response=updatecheck&acceptformat=crx2,crx3&prodversion=76.0.3809.100&x=id%3Dogfcmafjalglgifnmanfmnieipoejdcf%26uc&x=id%3Dgcbommkclmclpchllfjekcdonpmejbdp%26uc
• Opening the url in my browser works fine, so I assume it's because the extension is specifically making a cross-domain request that it is being considered a tracker and blocked.
• Adding clients2.google.com to Disabled sites doesn't allow the request, nor does adding chrome-extension, not that I would expect it to.
• The only way to allow the request that I could find is to allow google.com under Tracking Domains

I'm not sure if this is helpful but I personally use uMatrix which typically would block every third party request on all pages but it has an option to modify settings on chrome-extension-scheme and chrome-scheme pages, which I use to allow requests from extensions (I believe uMatrix is disabled on these "domains" by default). Of course, uMatrix is not updated for MV3 (or at all) but perhaps a similar feature would help in this case, if it is even possible with DNR.

Edit: It just occurred to me that the entire point of Privacy Badger is to block third-party trackers so half these bullets are redundant, sorry about that.

[ghostwords]

Hello! As a workaround, I'll add clients2.google.com to Privacy Badger's yellowlist tomorrow. Once that's done, Privacy Badger will let requests to clients2.google.com through but without access to cookies.

[kzar]

This is an issue with the declarativeNetRequest API at the moment. The Chromium issue is private, but FWIW it's this one: https://issues.chromium.org/issues/40896400. The workaround we went with in the DuckDuckGo Privacy Essentials extension was to not block requests that aren't associated with a tab, to do this we add an allowing session rule that matches tabId -1. See https://github.com/duckduckgo/duckduckgo-privacy-extension/blob/fe067dbf43942752088369963b30de0a530a8b6f/shared/js/background/dnr-service-worker-initiated.js. Hopefully the underlying issue will be resolved soon, I know it's on the extension team's radar.

[pixkk]

Same problem with extension https://chromewebstore.google.com/detail/chathub-gpt-4-gemini-clau/iaakpnchhognanibcahlpcplchdfmgma - Privacy Badger block request to domains gemini.google.com and copilot.microsoft.com and says, that "There is nothing to do on this page. Privacy Badger doesn't work on pages like this one. Try viewing other pages."

Whitelist not working on extensions page. I need only disable Privacy Badger fully.

Chrome 126.0.6478.62

[ghostwords]

Thanks @pixkk for the report! I just added these two domains to the workaround list. You should get the latest list automatically within the next 24 hours. To force an update in Chrome, visit chrome://extensions, enable "Developer mode", click the "service worker" link in Privacy Badger's listing, select the Console tab, and submit badger.updateYellowlist() into the console. Thanks again!

[ghostwords]

Looks we break logging into Line:

• https://g0v.social/@fankt/112640950947868007
• https://ckhung0-blogspot-com.translate.goog/2024/06/chrome-line-privacy-badger.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp

[pixkk]

badger.updateYellowlist()

Thank you! Problem resolved partially. Without Privacy Badger - "Request is trottled" (IT'S OKAY). With him - websocket closed with reason 1006 (wss://sydney.bing.com/)

[WaqasIbrahim]

Hello, I am having same issue with a soundcloud downloader extension. Requests to these urls are getting blocked:

https://soundcloud.com/discover
https://api-v2.soundcloud.com

[kzar]

@ghostwords I worked with some of the Google folks and got a fix for the underlying Chromium issue merged last night. Assuming that sticks, I hope it will be included with Chrome 128 - will keep you posted.