[Override recipe suggestion] Allow embedded Instagram, reddit and Twitter posts [Noooooo don't do it]

[xfzv]

Didn't see this one in #1080 so I thought it might be useful for some users. Works great here.

Source

// Allow embedded Instagram, reddit and Twitter posts
// [TEST] https://www.pcgamer.com/amazing-halo-infinite-bugs-are-already-rolling-in/
// [TEST] https://www.ndtv.com/entertainment/bharti-singh-and-husband-haarsh-limbachiyaa-announce-pregnancy-see-trending-post-2646359
// [TEST] https://www.thelineofbestfit.com/news/latest-news/cher-and-saweetie-unite-for-new-mac-cosmetics-campaign
user_pref("urlclassifier.trackingSkipURLs", "*.reddit.com, *.twitter.com, *.twimg.com"); // hidden
user_pref("urlclassifier.features.socialtracking.skipURLs", "*.instagram.com, *.twitter.com, *.twimg.com"); // hidden

Note that 1601 set to 0 instead of 2 (default) is still required for Instagram posts:

/* 1601: control when to send a cross-origin referer
 * 0=always (default), 1=only if base domains match, 2=only if hosts match
 * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram
 * If "2" is too strict, then override to "0" and use Smart Referer (Strict mode + add exceptions) ***/
user_pref("network.http.referer.XOriginPolicy", 0);

[Thorin-Oakenpants]

how can someone override what is not in the user.js

edit: I also find this a terrible suggestion - whitelisting some of the biggest trackers on the internet. If referers are the issue, then solve the referer problem, not ETP settings/features/tracking protections - it would also prevent mozilla from updating the ref if yo did this

this is why we ask that users test in a new profile when they have an issue, i.e without shit like this

[xfzv]

edit: I also find this a terrible suggestion - whitelisting some of the biggest trackers on the internet. If referers are the issue, then solve the referer problem, not ETP settings/features/tracking protections - it would also prevent mozilla from updating the ref if yo did this

this is why we ask that users test in a new profile when they have an issue, i.e without shit like this

Is there a better way to fix the embedded Instagram / reddit / Twitter posts not loading then?

I'm using

user_pref("network.http.referer.XOriginPolicy", 0);

and Smart Referer in strict mode with the following exception:

Source: www.instagram.com   Destination: *.cdninstagram.com

But I still have to use these to get the embedded posts to load properly, at least I couldn't find another way:

user_pref("urlclassifier.trackingSkipURLs", "*.reddit.com, *.twitter.com, *.twimg.com");
user_pref("urlclassifier.features.socialtracking.skipURLs", "*.instagram.com, *.twitter.com, *.twimg.com");

Which part is problematic in that case?

Thanks.

[xfzv]

Just a thought, if you're going to allow possibly the biggest trackers on every site - isn't that huge violation of privacy?

In Twitter case, you can view tweet even if it is blocked globally in uBO. Plus you get a nice link under date to open it in twitter directly. With referers blocked you've prevented privacy exposure. Same for Instagram, Reddit. Why would you go from here to basically allow them on every site?

Edit - I get your point but one can already see twitter, ig or reddit content by just clicking on a link which leads to their respective sites.

Of course, I could open the posts and view them in the respective website (only true for reddit and Twitter though, Instagram requires to login to view the posts, although I could use Bibliogram), but this kind of ruins the web browsing experience in my opinion.

I'm well-aware I'm sacrificing privacy but I don't want to have to open every single embedded Instagram / reddit / Twitter post in new tabs, it's annoying. Especially on Android (I know it's unsupported but it works for me).

If there's another way to achieve that while minimizing the privacy exposure, I'd be curious to know about it.

[Thorin-Oakenpants]

don't edit the topic title, as I want to make sure users are aware of the pitfalls - of course they can do what they like

i'm going to unsubscribe from the noise (I just have too many things going on), but feel free to continue to discuss - yes, it's problematic when effectively what are monopolies essentially force tracking in order to see their embedded content

[xfzv]

In Android unless you're using Mull or have applied user.js file yourselves or you have changed prefs manually(highly unlikely), you can see embedded content. In Mull or in custom setup you can change pref and do things your way.

I do use arkenfox user.js on my rooted Android device, so I'm currently using the aforementioned prefs to get the embedded posts.

What I do - I use Privacy Redirect and when bookmarking any social media link, I don't replace them with open source alternatives. So twitter.com/trollfootball will stay this way and with Privacy Redirect, it will open into nitter.net. If an instance fails, I choose another one in its setting. Everything works fine. Same for Reddit and else. Of course Privacy Redirect will probably add some noise when it comes to FPing but that's the last thing I'm concerned about. This way links open much faster and are worth it.

Thanks for mentioning Privacy Redirect, I knew all the alternative front-ends but I never heard about this extension. While it doesn't directly help in regards to the embedded posts not loading, it sure is useful.

I've also added $3p,frame,redirect=click2load.html in my rules. So most youtube videos become click-to-load on that site. Of course you can copy link and open it on youtube instead which is what I do by copying only essential part of youtube link. It also has an option to open it in youtube instead but that method isn't ideal as extra trash part in link remains there. If you don't want to do it, just click on it and it will load on that site.

Could you please give more details about the $3p,frame,redirect=click2load.html rule? I'm using uBlock Origin in medium mode but I cannot get the rule to work on a specific website, i.e. getting the 'click-to-load' behavior. It's either completely blocked (without any rule) or loaded.

What I'm doing currently is allowing YouTube globally with

* youtube-nocookie.com * noop
* youtube.com * noop
* www.youtube.com * noop
* ytimg.com * noop
* i.ytimg.com * noop

and use a simple shell script which is mapped to a keybinding:

#! /usr/bin/env bash

xclip -selection c -o | xargs -I {} mpv {}

All I have to do is to copy the video URL to my clipboard and press the keybinding so that the URL is played with mpv in combination with yt-dlp. I can add more links to the playlist with SmartCopyPaste so that I only have one mpv window opened. This works just fine with any website supported by yt-dlp, not only YouTube links.

This way I don't have to open the YouTube website or any Invidious instance.

---

I'm going to stop using these prefs (and therefore ditch Smart Referer since 1601 will no longer be overridden)

user_pref("network.http.referer.XOriginPolicy", 0); // 1601
user_pref("urlclassifier.trackingSkipURLs", "*.reddit.com, *.twitter.com, *.twimg.com");
user_pref("urlclassifier.features.socialtracking.skipURLs", "*.instagram.com, *.twitter.com, *.twimg.com");

and use Privacy Redirect (too bad it's not available on Android) and see if I can live with it. Not getting the embedded posts doesn't feel right but if it's really worth it privacy wise, then why not. Privacy Redirect eases the process quite a bit.

[xfzv]

Here's the link to 3rd party frames or what I would call it 3rd party reduce privacy exposure rule - https://twitter.com/gorhill/status/1377613397710229506 I removed youtube.com from the beginning and so it works for every embedded player. In Youtube case bcoz of this rule I don't have to allow any google domain globally.

Thank you, that works even in medium mode. I can ditch some of my rules, including the global ones for YouTube.

Here's the link to add-on collection I use, thank a random gHacks reader - https://addons.mozilla.org/en-US/firefox/collections/16921559/Privacy-Add-ons/

Add this add-on collection and it works well on Android. Of course if you have Firefox account, create one yourself to have maximum control.

I would have to use Firefox for Android Nightly in order to do this, wouldn't I? Source

[silverwings15]

off topic:

@xfzv @githubuniqu Privacy Redirect hasn't been worked on in some time and there's already a fork of it over at https://github.com/libredirect/libredirect/. one of the contributors is alefvanoon, who hosts a public instance for many of the services

@githubuniqu have you used all three of these FF forks on Android? what are your thoughts?

[silverwings15]

thanks for the concise breakdown

[xfzv]

@xfzv @githubuniqu Privacy Redirect hasn't been worked on in some time and there's already a fork of it over at https://github.com/libredirect/libredirect/. one of the contributors is alefvanoon, who hosts a public instance for many of the services

Thanks for the heads up.

Iceraven is Firefox + add-ons + about:config - telemetry. Has DRM support and so this is my default browser for logins and streaming for rare cases when I'm using my mobile.

Fennec is Firefox + about:config with F-Droid FLOSS flavor. Mull is user.js applied on top.

Android is weird. You can't set multiple profiles, you need multiple browsers.

I'll give IceRaven a try, thank you.

[xfzv]

@githubuniqu

I'm trying to add an add-ons collection in IceRaven.

• In Customize > Set custom add-ons account - I set the account number (926754)
• In Customize > Set custom add-ons collection - I set the collection name (ghacks)

Then, when I go to Add-ons, I'm still seeing the default list. Killing the app and restarting it or even rebooting the device doesn't make any difference.

I tried with my own collection made with my Firefox account, same.

I can add both collections just fine in Firefox Nightly.

Any idea?

Edit: Looks like I'm not the only one having this issue

[ghost]

Unfortunately you're out of luck. I haven't tried add-on collection before in Iceraven because it already had many add-ons. Iceraven is maintained by one developer now(same like Arkenfox) and so issues solving and new features are rare. In terms of updates it is getting updated once every two major Firefox updates for last two times now. So I don't expect this to be solved.

Hence the other two forks - Fennec, Mull and Firefox Nightly.

In many ways it is all down to Mozilla not doing anything for well over one and half year now ever since version 78 came. Good old Mozilla.

Edit - Of course Arkenfox is getting timely updates and issues resolving even if Thorin Oakenpants is the only one maintaining it(and support by one or two other).