monitor.azure.com

[crssi]

Lists in use:

• [ ] mini
• [ ] Lite
• [x] Pro
• [ ] Xtra
  

Client: WIndow 11 (perhaps also Windows 10) over DNS blocking, that is NextDNS in this case.

Domains:

monitor.azure.com

Details: Quick Assist application does not work... loading indefinitely.

[crssi]

There are quite a lot of breakages lately on Pro.

[badmojr]

Origin: http://abpvn.com/android/abpvn.txt https://hostfiles.frogeye.fr/multiparty-trackers.txt https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt https://github.com/parseword/nolovia/raw/master/skel/hosts-nolovia.txt https://github.com/smed79/blacklist/raw/master/hosts.txt https://filters.adtidy.org/extension/chromium/filters/15.txt https://easylist.to/easylist/easyprivacy.txt https://secure.fanboy.co.nz/r/fanboy-ultimate.txt https://github.com/migueldemoura/ublock-umatrix-rulesets/raw/master/Hosts/ads-tracking https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Tracking

cc: @bigdargon, @lightswitch05, @parseword, @smed79, @migueldemoura, @ShadowWhisperer

[migueldemoura]

I don't have a Windows VM at hand to test this, can someone else double-check? There are a lot of lists with this one, might be a tricky one.

[ShadowWhisperer]

Remote Desktop is something I strip out of my custom installer. I am unable to test.

[badmojr]

@crssi , color me unconvinced! Some after and before screenshots perhaps?

[crssi]

Here is the video recorded proof... sorry, was cropped to avoid personal sensitive info: https://user-images.githubusercontent.com/17024151/166119716-89e8a336-984c-4766-a0b3-d9ecd4fb990e.mp4

I have started the Quick Assist app from pinned app... but its the same if you search for the app. See:

Note: When js.monitor.azure.com is successfully resolved the app will work, and then it doesn't help to flushdns to break the app... you need to wait for half to one hour... there must be some in-app caching (I haven't investigate further)... but the fact is until js.monitor.azure.com is successfully resolved, the app will not work.

If there is some more proof needed, just let me know.

Cheers

[badmojr]

A'ight! The most important question is, is it worth removing?

ref: https://js.monitor.azure.com/scripts/b/ai.2.min.js https://js.monitor.azure.com/extensions/applicationinsights-analytics-js/dist-esm/JavaScriptSDK/Telemetry/PageViewPerformanceManager.js https://publicwww.com/websites/%22monitor.azure.com%22/

[crssi]

1. When on MS support call someone cannot share screen, so no support can be done. Is it worth?
2. Do we know what exactly this script is used beside performance monitoring? Are there any evidences that it is used for fingerprinting/tracking /etc or it got listed just because of the name?

[badmojr]

Straight from the horse's mouth: https://docs.microsoft.com/en-us/azure/azure-monitor/app/javascript?tabs=snippet https://github.com/Microsoft/ApplicationInsights-JS

[ShadowWhisperer]

Why use RDP when you can use ShowMyPc, TeamViewer, RemotePC, LogMeIn, etc I use ShowMyPc daily, at work, to connect to customer's systems. Always works. Easy to get customers on.

https://www.zdnet.com/article/fbi-warns-companies-about-hackers-increasingly-abusing-rdp-connections https://www.trendmicro.com/vinfo/hk-en/security/news/vulnerabilities-and-exploits/infosec-guide-remote-desktop-protocol-rdp https://www.techrepublic.com/article/microsoft-rdp-vulnerability-makes-it-a-breeze-for-attackers-to-become-men-in-the-middle

[crssi]

@badmojr Exactly... the library is used for performance, see the very first paragraph of the first link you posted. And on the second link you have posted the library is used for CDN resilince... https://github.com/Microsoft/ApplicationInsights-JS#active-public-cdn-endpoints see:

@ShadowWhisperer You have completely missed the point,

[ShadowWhisperer]

@crssi I guess the point I was trying to get across is, I would highly discourage the use of RDP. I focus on security and privacy. If it breaks RDP, is inconsequential (for me).

[crssi]

@ShadowWhisperer don't get me wrong. I do value you input, but when someone make a call to MicroSoft support and their procedure is that that someone starts Quick Assist (and its only procedure), so they can take a look into problem... then debate of RDP in not very helpful and with that in mind we are going off-topic here. 😄

Cheers

[migueldemoura]

I've moved this off my main list and into the "breaking" one: https://github.com/migueldemoura/ublock-umatrix-rulesets/commit/717b9f25efdd2a5739439aa4c88db2f4a76b40ee.

[badmojr]

Ok! @crssi Let's make a compromise and remove it from Lite only. What say you?

[crssi]

Sure, but I do not see the reason for keeping it in Pro also... but on the end its yours lists and yours decision. 😉

Cheers

[badmojr]

Sure, but I do not see the reason for keeping it in Pro

Pro - Level 3: prioritizes safety & privacy (adblocking) over UX e.g blocks graph.facebook.com.

[crssi]

Please, take the following as a humble debate solely. I do not want to argue or make you force into any decisions you are no comfortable with.

I must not see something, since I can't see safety or privacy issues. In that case we would need to block everything that even remotely smells of Google, FB, CloudFlare, Amazon, Microsoft... etc.

I am thinking with myself or you made me think 😄 ... How many hits with high page rank, like https://publicwww.com/websites/"monitor.azure.com"/, would qualify for a privacy (tracking) concern? But I have not enough of metrics to make any decision.

Cheers ❤️

[badmojr]

When all is said & done, this is simply not a problem for me to fix as nothing major breaks on other sites where monitor.azure.com is used.

It just that MS did a botched up job on how they programmed their Quick Assist app. No app should break down just 'coz some 'telemetry'' is being denied to them.

[crssi]

Let's make a compromise and remove it from Lite only. What say you?

👍