search

notracking / hosts-blocklists

Automatically updated, moderated and optimized lists for blocking ads, trackers, malware and other garbage
2.31k stars 148 forks source link

False Positives #406

Closed johnozbay closed 4 years ago

johnozbay commented 4 years ago

Hi there! 👋🏻

First off, thank you so much for all your efforts in making the internet a better place!

Looks like the hostnames.txt file has : s-usc1c-nss-223.firebaseio.com and s-usc1c-nss-249.firebaseio.com.

These domains are general domains used by all Firebase platform customers. Firebase dynamically moves platform customers between subdomains to handle scaling. Here's an official explanation from a Firebase staff member on their forums (source) :

Q:

... Would the service the clients connect to behind the scenes s-usc1c-nss-122.firebaseio.com be constant for a database "projectXYZ.firebaseio.com" or is this subject to change as well?

Staff Answer:

It is subject to change. You can be moved to a different server (the nss-### part of that URL) at any point and shouldn't rely on that for anything.

I believe my service/app Cryptee, an open-source on-device encrypted, privacy advocating, productivity tools service, which relies on Firebase (for things like websockets as a part of our real-time productivity tools, as well as fallback for censorship circumvention), got moved onto the s-usc1c-nss-249.firebaseio.com server to handle the load. And now users of these hosts lists are having issues accessing our platform.

Having this domain blocked also means, other Firebase clients are (or will be) impacted by this as well, some of which include : NYTimes Interactive, HackerNews API, occasionally Mozilla Firefox itself and companies like NPR News, Lyft, Shazam, and more according to some quick search on the internet.

I can at least speak on behalf of my platform, Cryptee, where we don't have any ads, tracking, or anything alike.

If possible, it would be great if you could remove s-usc1c-nss-223.firebaseio.com and s-usc1c-nss-249.firebaseio.com from the list as soon as possible. (and for future, if you have an editorial whitelist of domains, all domains following the same nss-### pattern would be a great pattern to add there)

Finally, if you know which specific service/company is using this domain for serving malicious content / ads, I'd be more than happy to take the lead and reach out to Firebase team to have it taken down altogether, so that others who use the cloud platform for good purposes can continue to do so.

Many thanks ✌🏻

In case if others stop by this issue in the future, we had this exact same issue here as well : https://github.com/StevenBlack/hosts/issues/1249 & https://github.com/StevenBlack/hosts/issues/1132

notracking commented 4 years ago

That is a very nice find! Those are real tricky to find because of how they behave, they originate from the Akamaru mobile list.

Items have been whitelisted (this is the first case that would actually require me to implement a more advanced syntax for the whitelist. I wrote that on my to-do list).

Thanks!

[edit] added a containment for dynamic whitelisting these, permanent solution is still to-do..

johnozbay commented 4 years ago

Thanks a million for this! Deeply appreciate all the help! 🙏🏻