Cieper commented 4 months ago

Public Suffix List (PSL) Pull Request (PR) Template

Each PSL PR needs to have a description, rationale, indication of DNS validation and syntax checking, as well as a number of acknowledgements from the submitter. This template must be included with each PR, and the submitting party MUST provide responses to all of the elements in order to be considered.

Checklist of required steps

[x] Description of Organization
[x] Robust Reason for PSL Inclusion
[x] DNS verification via dig
[x] Run Syntax Checker (make test)
[x] Each domain listed in the PRIVATE section has and shall maintain at least two years remaining on registration, and we shall keep the _PSL txt record in place in the respective zone(s) in the affected section

Submitter affirms the following:

[x] We are listing any third-party limits that we seek to work around in our rationale such as those between IOS 14.5+ and Facebook (see Issue #1245 as a well-documented example)

[x] This request was not submitted with the objective of working around other third-party limits

[x] The Guidelines were carefully read and understood, and this request conforms
[x] The submission follows the guidelines on formatting and sorting

For Private section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

[x] Yes, I understand. I could break my organization's website cookies etc. and the rollback timing, etc is acceptable. Proceed.

Description of Organization

Hypernode B.V. provides managed hosting for e-commerce websites running popular open source software such as Magento, Shopware, and Woocommerce, on both dedicated and virtual machines. Customers receiving a hosting environment that is referenced and available via a subdomain of the hypernode.io domain, i.e. example.hypernode.io, and are able to create subdomains under that again (prod.example.hypernode.io, dev.example.hypernode.io, etc). This system allows them to access their application for testing purposes, before changing over their DNS records. I'm the Security Officer, and a former engineer, at Hypernode B.V.

Organization Website:

https://www.hypernode.com/

Reason for PSL Inclusion

The main reason for inclusion in the PSL is Cookie Security. Each subdomain of the hypernode.io is a separate customer running an e-commerce platform. While the subdomains, such as example.hypernode.io, are not meant to be used in production, misconfigurations may inadvertedly make them accessible. A secondary reason is that third party systems for SEO optimisation, advertisement, etc, have been known to display to a users of their system all data gathered from both their own subdomain, but also other subdomains not associated with this user. The most recent issue here was Google Tag Manager's "tagcoverage" overview showing links from one customer's subdomain to another customer.

We have been using this hypernode.io subdomain setup for approximately 10 years, and we have no intentions at all to change this system. The assumption of the hypernode.io subomain is integrated into our entire codebase, documentation, and is well known by our customer base of many years. The domain registration has been extended by 2 years.

Number of users this request is being made to serve:

We currently have 3400 active subdomains.

DNS Verification via dig

cipriano.groenendal/production-jumphost ~ # dig +short TXT _psl.hypernode.io
"https://github.com/publicsuffix/list/pull/1970"

Results of Syntax Checker (`make test`)

============================================================================
Testsuite summary for libpsl 0.21.5
============================================================================
# TOTAL: 3
# PASS:  3
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================


============================================================================
Testsuite summary for libpsl 0.21.5
============================================================================
# TOTAL: 5
# PASS:  5
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================```

yahesh commented 4 months ago

The new block for Hypernode B.V. is properly sorted below the existing block for HostyHosting.

simon-friedberger commented 3 months ago

[x] Expiration (Note: Must STAY >2y at all times)
- [x] hypernode.io expires 2027-02-11
[x] DNS _psl entries (Note: Must STAY in place)
[x] Tests pass
[x] Sorting (TY @yahesh!)
[x] Reasoning/Organization description

simon-friedberger commented 3 months ago

@Cieper For our bookkeeping, could you please list any third party services that partition or aggregate data based on public suffixes?

simon-friedberger commented 3 months ago

@Cieper Any updates?

Cieper commented 2 months ago

@Cieper Any updates?

Apologies for the delay. I think I've added all the information requested.

I've added the third party (Google Tag Manager's tagcoverage tool)
We've increased the registration period with another 2 years.