Closed sonbua closed 8 months ago
bigdargon
commented
8 months ago @sonbua Thanks for this PR! Unfortunately I will have to decline this PR.
For finance/banking apps/websites, I usually don't block their own trackers (1st-party), so as not to break the app. Basically, when using their app/website, you have to trust them and let them collect data to improve the service.
sonbua
commented
8 months ago Agree, that could be a good general convention to follow.
There is scenario (for finance/banking services) where third-party trackers disguise themselves as first-party via CNAME records on subdomain (of the first-party). This type of tracking, unfortunately, becomes increasingly popular today. Would we only block the third-party domain? Or would we block both first-party subdomain and third-party domain?
With the first option, we have to rely on the DNS resolver to do two things
Reference https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a https://www.theregister.com/2021/02/24/dns_cname_tracking/ https://www.theregister.com/2019/11/21/ublock_origin_firefox_unblockable_tracker/
bigdargon
commented
8 months ago @sonbua Sorry for the delay!
2o7.net/omtrdc.net.Maybe, in the near future I will write instructions on how to contribute domain names so that people can easily contribute to the project. Thank you for your interest and contribution to the project!
Tracking behavior could be observed by opening MoMo app (Android)
There are two other requests to
checkip.momo.vnandcheckip.amazonaws.cominitialized by the app, but not sure if we should block these. Blocking them and running a quick test involving money transaction, the app still functions normally though.