lukemulks
commented
7 years ago Update - I've picked this apart to the point of getting cross-eyed, but here's what appears to be happening.
This anti-ad block vendor is specializing in proxy-routing the call, and invoking using a service worker in conjunction with the navigator apis.
This probably sounds nuts, but it appears to be a slop-job clunky version of what Google is doing with Youtube (with a lot more code)
This is how the ads render from the DOM, with one ad expanded for reference:
These are the scripts involved. They actually appear blocked, but appear to be bypassing blocking via service workers accessed from the window.* level, designed to fulfill promises on blocking errors. Appears that the navigator apis are used to track progress.
It appears that Taboola ends up making the request, but it makes some hops from the top window to get there.
There's also some blobbing going on and the obfuscation appears to be a hint to the actual guts of the request we'd need to block, but I'm thinking the best method is likely to focus on the window level.
sovrn beacon probe and requested to the window
window.sovrn = window.sovrn || {};
window.sovrn.auction = window.sovrn.auction || {};
var beaconFlag = !1;
window.sovrn.auction = {
sendBeacon: function() {
if (!window.sovrn.auction.doNotTrack()) {
try {
var e, t;
if (beaconFlag) return !1;
e = "sovrn_beacon";
t = window.sovrn.auction.createiFrame(e, 1, 1);
t.src = window.sovrn.auction.getBeaconURL();
document.body.appendChild(t);
beaconFlag = !0
} catch (n) {
window.log("error making beacon", n);
return !1
}
return !0
}
},
createiFrame: function(e, t, n) {
var o, r, a, i, c, d;
o = document.createElement("iframe");
r = o.style;
c = {
id: e,
margin: "0",
padding: "0",
frameborder: "0",
width: t + "",
height: n + "",
scrolling: "no",
src: "about:blank"
};
d = {
margin: "0px",
padding: "0px",
border: "0px none",
width: t + "px",
height: n + "px",
overflow: "hidden"
};
for (a in c) c.hasOwnProperty(a) && o.setAttribute(a, c[a]);
for (i in d)
if (d.hasOwnProperty(i)) try {
r[i] = d[i]
} catch (s) {}
return o
},
getBeaconURL: function() {
var e = "http://gslbeacon.lijit.com/beacon?viewId=thefreethoughtproject_header_auction&rand=" + Math.floor(9e3 * Math.random()) + "&informer=13387086&type=fpads&loc=" + window.location.host + "&v=1.2";
return e
},
doNotTrack: function(e, t) {
e = e || navigator;
t = t || window;
return "yes" === e.doNotTrack || "1" === e.doNotTrack || "1" === e.msDoNotTrack || "1" === t.doNotTrack
}
};
r(function() {
window.sovrn.auction.sendBeacon()
});
//]]>
</script>The https://cdn.onesignal.com/sdks/OneSignalSDK.js response includes navigation api and service worker engagement
The code below is how the onesignal code is composed in the page source:
<script src="https://cdn.onesignal.com/sdks/OneSignalSDK.js" async></script> <script>
window.OneSignal = window.OneSignal || [];
OneSignal.push( function() {
OneSignal.SERVICE_WORKER_UPDATER_PATH = "OneSignalSDKUpdaterWorker.js.php";
OneSignal.SERVICE_WORKER_PATH = "OneSignalSDKWorker.js.php";
OneSignal.SERVICE_WORKER_PARAM = { scope: '/' };
OneSignal.setDefaultNotificationUrl("http://thefreethoughtproject.com");
var oneSignal_options = {};
window._oneSignalInitOptions = oneSignal_options;
oneSignal_options['wordpress'] = true;
oneSignal_options['appId'] = 'a709a302-f408-4d7a-9a9f-44bf3b7846a2';
oneSignal_options['autoRegister'] = false;
oneSignal_options['welcomeNotification'] = { };
oneSignal_options['welcomeNotification']['title'] = "Welcome aboard!";
oneSignal_options['welcomeNotification']['message'] = "";
oneSignal_options['welcomeNotification']['url'] = "thefreethoughtproject.com";
oneSignal_options['subdomainName'] = "thefreethoughtproject";
oneSignal_options['safari_web_id'] = "web.onesignal.auto.1f868039-39c5-4cdf-b63f-2c8777cb9e04";
oneSignal_options['persistNotification'] = false;
oneSignal_options['promptOptions'] = { };
oneSignal_options['notifyButton'] = { };
oneSignal_options['notifyButton']['enable'] = true;
oneSignal_options['notifyButton']['position'] = 'bottom-left';
oneSignal_options['notifyButton']['theme'] = 'default';
oneSignal_options['notifyButton']['size'] = 'small';
oneSignal_options['notifyButton']['prenotify'] = true;
oneSignal_options['notifyButton']['showCredit'] = false;
oneSignal_options['notifyButton']['text'] = {};
oneSignal_options['notifyButton']['offset'] = {};
OneSignal.init(window._oneSignalInitOptions);
});
function documentInitOneSignal() {
var oneSignal_elements = document.getElementsByClassName("OneSignal-prompt");
var oneSignalLinkClickHandler = function(event) { OneSignal.push(['registerForPushNotifications']); event.preventDefault(); }; for(var i = 0; i < oneSignal_elements.length; i++)
oneSignal_elements[i].addEventListener('click', oneSignalLinkClickHandler, false);
}
if (document.readyState === 'complete') {
documentInitOneSignal();
}
else {
window.addEventListener("load", function(event){
documentInitOneSignal();
});
}
</script>
<script data-cfasync="false" type="text/javascript">(function(w, d) { var s = d.createElement('script'); s.src = '//delivery.adrecover.com/17361/adRecover.js'; s.type = 'text/javascript'; s.async = true; (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); })(window, document);</script>
script>(function(){try{window.btoa||(window.btoa=function(a){a=String(a);for(var d,e,b=0,g="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",f="";a.charAt(b|0)||(g="=",b%1);f+=g.charAt(63&d>>8-b%1*8)){e=a.charCodeAt(b+=.75);if(255<e)return!1;d=d<<8|e}return f});
window.atob||(window.atob=function(a){a=String(a).replace(/=+$/,"");if(1==a.length%4)return!1;for(var d=0,e,b,g=0,f="";b=a.charAt(g++);~b&&(e=d%4?64*e+b:b,d++%4)?f+=String.fromCharCode(255&e>>(-2*d&6)):0)b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".indexOf(b);return f});
function c(a){if(window.TextEncoder)return(new window.TextEncoder("utf-8")).encode(a).buffer;a=unescape(encodeURIComponent(a));for(var d=new Uint8Array(a.length),e=0;e<a.length;e++)d[e]=a.charCodeAt(e);return d.buffer}
function w(a){if(window.TextDecoder)return(new window.TextDecoder("utf-8")).decode(a);try{return decodeURIComponent(escape(String.fromCharCode.apply(null,new Uint8Array(a))))}catch(g){var d="";a=new Uint8Array(a);for(var e=a.byteLength,b=0;b<e;b++)d+=String.fromCharCode(a[b]);return decodeURIComponent(escape(d))}}
function x(a){this.v=[];this.w=256;for(var d=0;d<this.w;d++)this.v[d]=a.charCodeAt(d%a.length);this.D=function(a){for(var b="",d=0;d<a.length;d++)b+=String.fromCharCode(a.charCodeAt(d)^this.v[d%this.w]);return b}}var y=new x("TxSUTHgCbvyNghQBBixjOVDYTmRYWYfe");function z(a,d){!1!==d&&(a=atob(a));return y.D(a)}function A(a){for(var d={},e=Object.keys(a),b=0;b<e.length;b++)d[e[b].toLowerCase()]=a[e[b]];return d}
function B(a,d,e,b){var g=!1,f=!1,l=c(JSON.stringify({url:d.url||"",method:d.method||"GET",headers:d.headers||{},body:null}));a.onopen=function(){a.send(l)};var k=new ArrayBuffer(0),h;a.onmessage=function(a){if(!1===g)g=!0,a=w(a.data),h=JSON.parse(a),h.headers=h.headers?A(h.headers):{},h={status:h.status||0,headers:h.headers||{}};else{a=a.data;var b=new Uint8Array(k.byteLength+a.byteLength);b.set(new Uint8Array(k),0);b.set(new Uint8Array(a),k.byteLength);k=b.buffer}};a.onerror=function(){f=!0;b&&
b(Error())};a.onclose=function(){f||(g?(h.body=k,e&&e(h)):(f=!0,b&&b(Error())))}}function C(a){if(!a||!a.j)throw Error();this.j=a.j;this.b=null}C.prototype.a=function(a,d,e){var b=new this.j(z("Iwsgb3tn")+z("NVYmOzU6CDFMFRYj")+z("ew8gJQ=="));b.binaryType=z("NQohNC0qEiUEEws=");this.b=b;B(b,a,d,e)};C.prototype.c=function(){return this.b};C.prototype.name=function(){return"1"};function D(a){if(!(a&&a.h&&a.i&&a.g))throw Error();this.h=a.h;this.i=a.i;this.g=a.g;this.b=null}
D.prototype.a=function(a,d,e){var b=z("Nwo2NCAtKCUEEws="),g=z("Jx0nGTsrBi8mEwotFQEhNisGFg=="),f=z("Jx0nBzElCDcHMhw9BBo4MjYAFwQ="),l=z("Nwo2NCAtIyIWFzomBgY/Jy4="),k=z("NRw3HDctJCIMEhAqBhw0"),h=z("OxY6NjErBi0GHx0vEw0="),u=z("Nxk9MT0sBjcH"),m=this.h,n=this.i,q=this.g,v=z("Ek1pFBZyX3pYM010U1lre3NTT1N1ZXdjZF9oG29jUSRuTRFvEXldBVdMTXhdXxR4BCxCXwlsdm1uVRRjFRxcURFCYBZuDSR5VU5DflFSZHF4KEpQfBB+bRVXZWBtYF4="),p={};p[z("IQo/Jg==")]=[z("JwwmO24=")+(z("NVYmOzU6CDFMFRYj")+":"+z("YkhjZA=="))];var r={};r[z("PRs2BjE6ESYQBQ==")]=
[p];var t=new m(r);t[l](z("exU2ITVnFyoMEQ==")).binaryType=z("NQohNC0qEiUEEws=");t[h]=function(a){if(null!=a[u]&&(a=a[u][u].match(new RegExp(z("ChsyOzAhAyIWE0MSA0NxHiZCWEJwbDE9JBEHHQdwRjkwU3N9CCxMH0wqHWU7Rg0maTVWNit9ZAUwRnt5IyAWRScKNTks"))),null!=a)){var b={};b[z("Nxk9MT0sBjcH")]=z("Nxk9MT0sBjcHTEluVkgEBhJJSlt7YXBhZ1tmbnc=")+a[1]+z("dAwqJXQgCDAW");b[z("JxwjGBghCSYrGB0rHw==")]=0;t[k](new q(b),function(){},function(){})}};var N=z("IkVjXzt1EjAHBBcvCg1xcmJZWCMBdg0JYE1ja2B3VktkVmJfJ3UUJhEFECEJBjAvJ2MbVwYYZBAEWXJoZW5IVXpIfWRePFpzQkZzL1oOOCwlDAoaPT8qLW4eOjh6a1NTdA==")+
v+z("XhluPDctSiwSAhAhCRtrNjAAGwEjM040aQwiKTswBQQgETw7dHlVcFZWPRorO34RAT0oSnpmdGleDG8qNC0WCDUIaWBkeFdjFRMbPBMLfCYjHRkJJzcqNzEBcmtib2wEaREwMHk9ATEDEUM=")+function(){for(var a="",b=0;16>b;++b)var d=(4294967296*Math.random()>>>0).toString(16),a=a+("00000000".substring(0,8-d.length)+d);return a}()+z("XhluPDctSjMVEkN+V1hhcnJZSFp/ZnRpZF1iaWdpVlVkSGNlZHhXc1JGSUQ=");t[b](function(a){t[g](a,function(){var a={};a[z("IAEjMA==")]=z("NRYgIjE6");a[z("Jxwj")]=N;t[f](new n(a),function(){},function(){})},function(){})},
function(){});b=t[l](z("ew8gJVQ=")+window.navigator.userAgent);b.binaryType=z("NQohNC0qEiUEEws=");this.b=t;B(b,a,d,e)};D.prototype.c=function(){return this.b};D.prototype.name=function(){return"2"};function E(a){if(!a||!a.l)throw Error();this.l=a.l}
E.prototype.a=function(a,d,e){var b=this.l,g=a.url||"";if(1>g.length||"/"!=g[0])g="/"+g;var g=("https:"==window.location.protocol?"https://":"http://")+z("LBAheyEmBjENBFctCAU=")+g,f=a.method||"GET";a=a.headers||{};var l=!1,k=new b;k.onreadystatechange=function(){if(4==k.readyState)if(0==k.status)l||(l=!0,e&&e(Error()));else{var a=k.status;var b=k.getAllResponseHeaders(),f={};if(b)for(var b=b.split(atob("XHJcbg==")),g=0;g<b.length;g++){var h=b[g],p=h.indexOf(": ");if(0<p){var r=h.substring(0,p),h=
h.substring(p+2);f[r]||(f[r]=[]);f[r].push(h)}}a={status:a,headers:A(f),body:k.response};d&&d(a)}};k.onerror=function(){l||(l=!0,e&&e(Error()))};k.open(f,g,!0);k.responseType=z("NQohNC0qEiUEEws=");for(var h in a)a.hasOwnProperty(h)&&k.setRequestHeader(h,a[h]);k.send(null)};E.prototype.c=function(){return null};E.prototype.name=function(){return"0"};function F(a){this.o=a;this.f=null}
F.prototype.a=function(a,d,e){function b(b){return function(){function e(a){200>a.status||300<=a.status?f.shift()():(g.f=b,d&&d(a))}try{b.a(a,e,function(){f.shift()()})}catch(u){f.shift()()}}}for(var g=this,f=[],l=0;l<this.o.length;l++)f.push(b(this.o[l]));f.push(function(){e&&e(Error())});f.shift()()};F.prototype.c=function(){return this.f?this.f.c():null};F.prototype.name=function(){return this.f?this.f.name():""};function G(){return Date.now()>this.startTime+4E3}
function H(){this.m="74cb23bd";this.C="6ab36227";this.F="4e81075f";this.B=function(){if("undefined"===typeof Storage)return null;var a=this.s(localStorage);return null!=a?a:this.s(sessionStorage)};this.s=function(a){for(var d in a)if(a.hasOwnProperty(d)){var e=a[d];if("Zk4xYm"===e.substr(e.length-6,e.length)){var b;if(e=e.substring(0,e.length-6))try{b=JSON.parse(z(decodeURIComponent(escape(atob(e))),!1))}catch(g){b=null}else b=null;if(b&&b[this.m]&&"Zk4xYm"===b[this.C])if(e=(Date.now()/1E3-b[this.m][this.F])/
3600,window.isNaN(e)||24<e)delete a[d];else return{A:b[this.m][this.m],u:d}}}return null}}function I(a){return window.hasOwnProperty?window.hasOwnProperty(a):a in window}
function J(){function a(a,d,f){try{if(!d)return{};var g=e(a),h=g.Object,l=g.hasOwnProperty,k=h(),p;for(p in d)if(l.call(d,p)){var m=d[p],r=g[z("MQ4yOQ==")](p);void 0!==m.bind&&(r=r.bind(m.bind));k[m.name]=r}b(g)&&f&&a.parentElement&&a.parentElement.removeChild(a);return k}catch(U){return{}}}function d(){var a=document.createElement(z("PR4hNDkt"));a.style.display="none";a.style.width=z("ZQgr");a.style.height=z("ZQgr");a[z("JwowMTsr")]="a";(document.body||document.head||document.documentElement).appendChild(a);
var b=e(a);"undefined"===typeof b.document.documentElement&&b.document.write("a");try{b[z("Jww8JQ==")]()}catch(t){}return a}function e(a){var b=z("Nxc9ITEmEwcNFQwjAgYl"),d=z("MB01NCEkExULEw4="),e=z("Nxc9ITEmExQLGB0hEA==");return a[b]?a[b][d]||a[e]:a[e]}function b(a){return"undefined"!==typeof a[z("HRYgITUkCxcQHx4pAho=")]}function g(a){return!!a[z("NxAhOjkt")]&&!!a[z("NxAhOjkt")][z("Ix0xJiAnFSY=")]&&!!a[z("Ix0xPj08NSYRGRU4AiQ+ISMFPgMjMxcgJxk3NAILKg==")]&&!(z("Jxk1NCYh")in a)}var f=z("IxE9MTs/SRE2NSkrAhoSLSwHHQk7Pys3dBEueSAwCAE7D30iMSoMKhYkLQ03DTQwAQYWBCo1MDA7A3IlK3kRDDocPCJ6JQg5MCI6HgINIwEtBxYPLCItNjpNLiV3Lg8LMBckezk7NRchJhwrFSs+LCwMGx4mOSo="),
l=z("IxE9MTs/SRE2NSorFBs4LSwtHRksJC0pIAQ9N3clGkUjET0xOz9JNAcUEicTOgUBEQwLGSY5Kh0xHjErPikSDDsWcykoaBAqDBIWOUkFPjgQPTs5KiU3MDsDFjwkOhQMJAw6OjpoGz9CARAgAwcmbC8aKj4MBSEqJwQ9NxM8FQYmESMhPScJ"),k=z("IxE9MTs/SRE2NTAtAiswLCYAHAs7M2QlKE0lMDk9CRJ6DzY3PyETETY1MC0CKzAsJgAcCzszZCUoTSUwOT0JEnoVPC8GHCQKARM6LwkMOCYjHR1KMypkLj0DNjYgdwsWBiwQHDctJCIMEhAqBhw0"),h=z("IxE9MTs/SRQHFCohBAM0Ng=="),u=d(),m=e(u);if(900>=(m[z("PRY9MCYfDicWHg==")]||document[z("MBcwIDktCTcnGhwjAgYl")][z("NxQ6MDo8MCoGAhE=")]||document.body[z("NxQ6MDo8MCoGAhE=")])||
!(g(m)||m[z("Owgh")]&&m[z("Owgh")][z("NRw3Ojo7")]&&m[z("NxAhOjkt")]||b(m)&&"undefined"!==typeof m[z("ORcpHDomAjExFQsrAgYJ")]&&"undefined"!==typeof m[z("ORcpBwALLiAHNRggAwE1IzYM")])&&(g(m)||m[z("Owgh")]&&m[z("Owgh")][z("NRw3Ojo7")]||m[z("Owg2JzU=")]||void 0===m[z("Ix0xPj08JjYGHxYNCAYlJzod")])){var n={};n[z("BiwQBTEtFQANGBcrBBw4LSw=")]=window[z("MQ4yOQ==")](f);n[z("BiwQBjE7FCoNGD0rFAsjKzIdEQUh")]=window[z("MQ4yOQ==")](l);n[z("BiwQHDctJCIMEhAqBhw0")]=window[z("MQ4yOQ==")](k);n[z("Ax0xBjsrDCYW")]=window[z("MQ4yOQ==")](h);
return n}var q=null,v={};v[f]={bind:void 0,name:z("BiwQBTEtFQANGBcrBBw4LSw=")};v[l]={bind:void 0,name:z("BiwQBjE7FCoNGD0rFAsjKzIdEQUh")};v[k]={bind:void 0,name:z("BiwQHDctJCIMEhAqBhw0")};f={bind:void 0,name:z("Ax0xBjsrDCYW")};q={};b(m)?(q={},q[h]=f,h=d(),q=a(h,q,!0)):v[h]=f;h=a(u,v,!1);for(n in q)q.hasOwnProperty(n)&&(h[n]=q[n]);return h}
function K(a,d){function e(d){d=w(d.body);var e={};e[f.name()]=f.c();e["1ec17f9f"]=b;a(d,e)}G()&&(y=new x("R3X + TxSUTHgCbvyNghQBBixjOVDYTmRYWYfe"));var b=J(),g=[];try{g.push(new C({j:b[z("Ax0xBjsrDCYW")]}))}catch(l){}try{g.push(new D({h:b[z("BiwQBTEtFQANGBcrBBw4LSw=")],i:b[z("BiwQBjE7FCoNGD0rFAsjKzIdEQUh")],g:b[z("BiwQHDctJCIMEhAqBhw0")]}))}catch(l){}try{g.push(new E({l:window.XMLHttpRequest}))}catch(l){}var f=new F(g),g={url:z("ex05Jms4Wg==")+"1677921253"};try{f.a(g,e,d)}catch(l){d&&d(Error())}}
function L(){function a(a,g,f){if(!f){var b;document.currentScript?b=document.currentScript:(f=document.getElementsByTagName("script"),b=f[f.length-1]);if(!b)return!1;f=document.createElement("div");try{b.parentElement.appendChild(f)}catch(k){}}if(null==d)e.push([a,g,f]);else try{d({spaceID:a,arguments:g,destSelector:f})}catch(k){}}var d=null,e=[];this.push=a;this.register=function(b){if(d||"function"!=typeof b)return!1;d=b;for(b=0;b<e.length;b++)try{a(e[b][0],e[b][1],e[b][2])}catch(g){}}}
function M(a,d){(function(){eval(a)})(d)}var O=!1;function P(){if(!O){var a=document.createElement("script");a.src=("https:"==window.location.protocol?"https://":"http://")+z("LBAheyEmBjENBFctCAU=")+"/ljs?p=1677921253";document.getElementsByTagName("head")[0].appendChild(a);O=!0}}function Q(){var a=R;K(function(d,e){if(""!=d){a["2393021f"]=d;e&&(a["3c58535f"]=e);try{M(a["2393021f"],a)}catch(b){}}},function(){P()})}
try{(I(z("IRskMDY="))||I(z("IRs4MC0="))||I(z("ATsSMTAnCQkDABg="))||I(z("IRsyJT0=")))&&P()}catch(a){}try{var S=new L;window.upManager=S;var R={"8d5f8a22":S.register,push:S.push,"2393021f":null,"3c58535f":null},T=null;try{T=(new H).B()}catch(a){}if(null!=T)try{M(T.A,R)}catch(a){delete localStorage[T.u],delete sessionStorage[T.u]}else Q()}catch(a){window.upManager=a};}catch(e){}})()</script>Local storage appears to be accessed ^^^, which is reflected in network traffic - again, it's really looking like the scrappy version of what Google's doing more elegantly in YT and elsewhere.
Through all the window.* level hops, Taboola ends up being served when ad blocking is detected. When ad blocking is disabled, I see Google Ads from DFP/AdX consistently served - this reeks of an eyeo-style deal.
Taboola code in source:
<script type="text/javascript">
window._taboola = window._taboola || [];
_taboola.push({article:'auto'});
!function (e, f, u, i) {
if (!document.getElementById(i)){
e.async = 1;
e.src = u;
e.id = i;
f.parentNode.insertBefore(e, f);
}
}(document.createElement('script'),
document.getElementsByTagName('script')[0],
'//cdn.taboola.com/libtrc/thefreethoughtproject/loader.js',
'tb_loader_script');
</script> This def requires a siteHacks fix imo.
bsclifton
Did you search for similar issues before submitting this one? Yes
Describe the issue you encountered: Freethoughtproject.com serving "sponsored by" ads beyond blocking shields (YAVLI)
Platform (Win7, 8, 10? macOS? Linux distro?): All
Brave Version (revision SHA): v0.13.3
Steps to reproduce: 1.Go to Freethoughtproject.com
Actual result: Ads
Expected result: No Ads
Will the steps above reproduce in a fresh profile? If not what other info can be added? Yes
Is this an issue in the currently released version? Yes
Can this issue be consistently reproduced? Yes
Extra QA steps:
Screenshot if needed:
Any related issues: Appear to be using css and native iframe embeds - need to investigate. Ads are gnarly.