open.spotify.com: ads / breakages

[boromirmonk]

Prerequisites

• [X] This is NOT a YouTube, Facebook or Twitch report. These sites MUST be reported by clicking their respective links.
• [X] I read and understand the policy about what is a valid filter issue.
• [X] I verified that this issue is not a duplicate. (Use this button to find out.)
• [X] I did not remove any of the default filter lists, or I have verified that the issue was not caused by removing any of the default lists.
• [X] I did not enable additional filter lists, or I have verified that the issue still occurs without enabling additional filter lists.
• [X] I do not have custom filters/rules, or I have verified that the issue still occurs without custom filters/rules.
• [X] I am not using uBlock Origin (uBO) along with other content blocker extensions.
• [X] I have verified that the web browser's built-in blocker or DNS blocking (standalone or through a VPN) is not causing the issue.
• [ ] I did not answer truthfully to ALL the above checkboxes.

URL address of the web page

https://open.spotify.com/

Category

ads

Description

Today, the site starting showing ads while having uBlock Origin activated.

Other extensions used

None.

Screenshot(s)

Screenshot(s)

Configuration

```yaml uBlock Origin: 1.55.0 Chromium: 121 filterset (summary): network: 118987 cosmetic: 51582 scriptlet: 20570 html: 0 listset (total-discarded, last-updated): default: user-filters: 0-0, never easylist: 79742-14, now easyprivacy: 43563-40, now plowe-0: 3783-1173, now spa-0: 3821-19, 16m spa-1: 5790-218, now ublock-badware: 7791-136, now ublock-filters: 36681-225, now ublock-privacy: 992-6, now ublock-quick-fixes: 128-5, now ublock-unbreak: 2192-34, now urlhaus-1: 8675-0, 16m filterset (user): [empty] trustedset: removed: chrome-scheme switchRuleset: added: [array of 2 redacted] userSettings: [none] hiddenSettings: [none] supportStats: allReadyAfter: 424 ms (selfie) maxAssetCacheWait: 202 ms cacheBackend: browser.storage.local popupPanel: blocked: 8 network: doubleclick.net: 3 sentry.io: 5 ```

[zaraford]

same

[dportvine]

It seems to works for me.

||creativeservice-production.scdn.co/mp3-ad/$media,redirect=noop-1s.mp4:10,from=open.spotify.com

Screen

  

```yaml uBlock Origin: 1.55.0 Chromium: 121 filterset (summary): network: 130377 cosmetic: 116430 scriptlet: 27288 html: 0 listset (total-discarded, last-updated): removed: urlhaus-1: null plowe-0: null added: https://easylist-downloads.adblockplus.org/bitblock.txt: 26081-19, 22h.22m https://easylist-downloads.adblockplus.org/cntblock.txt: 1698-26, 9h.24m https://www.awwwwesome.org/url-blocklist/url-blocklist.txt: 1656-0, 9h.24m adguard-cookies: 28457-246, 23m ublock-annoyances: 6585-44, 4h.3m Δ default: user-filters: 4-0, never ublock-filters: 36678-107, 4h.3m Δ ublock-badware: 7791-10, 4h.3m Δ ublock-privacy: 992-9, 4h.3m Δ ublock-unbreak: 2192-6, 4h.3m Δ ublock-quick-fixes: 128-6, 4h.3m Δ easylist: 79607-251, 4h.3m Δ easyprivacy: 43562-403, 4h.3m Δ RUS-0: 40155-277, 4h.23m Δ filterset (user): [array of 4 redacted] userSettings: advancedUserEnabled: true contextMenuEnabled: false showIconBadge: false hiddenSettings: cacheStorageAPI: indexedDB filterAuthorMode: true popupPanelHeightMode: 1 trustedListPrefixes: ublock- user- supportStats: allReadyAfter: 942 ms (selfie) maxAssetCacheWait: 568 ms cacheBackend: indexedDB popupPanel: blocked: 10 network: cookielaw.org: 1 doubleclick.net: 4 googleoptimize.com: 1 sentry.io: 4 extended: ##+js(remove-node-text, script, cookieUpdateConsentUrl) ##+js(remove-attr, jsaction, #islsp c-wiz a[href^="http"][data-v… ##+js(set-constant, rwt, noopFunc) ##+js(trusted-set-cookie, SOCS, CAESHAgBEhJnd3NfMjAyMzA2MTItMF9S… ```

[stephenhawk8054]

We had many issues opened for spotify: https://github.com/uBlockOrigin/uAssets/issues?q=is%3Aissue+open.spotify.com

Maybe we should put a megathread for this site?

[dportvine]

Maybe we should put a megathread for this site?

Also I see a lot of comments on reddit.com, so let's create one megathread.

[gettysburg]

I suggested a different approach to the Spotify Web Client ads taken from the desktop adblock "BlockTheSpot" linked here:

https://github.com/uBlockOrigin/uAssets/issues/22231

Essentially the desktop client is is a browser engine that downloads, executes and renders the same files from the same web-server as the web client runs on.

So, using their method, you can not only disable ad distribution completely, but also enable other features that usually only premium members get access to.

Unfortunately I was not aware of this issues existence.

[stephenhawk8054]

uBO blocking works by filters. Specific solutions for specific sites that need deeper modifications to the scripts require dedicated scripts for it, which can only be updated when the whole extension updates. It's better to leave those solutions to dedicated extensions.

[ItsProfessional]

but also enable other features that usually only premium members get access to.

FYI: That's out of scope, we don't fix paywalls to features. Only the ads will be blocked.

[gettysburg]

@ItsProfessional That's fine.

@stephenhawk8054 Yeah, but does uBO not have the ability to inject scripts?

If so, could you inject something that changes the default state of a JS boolean or change some site specific code?

Take a look at the issue I posted to see what I mean, they essentially just wait for the browser engine to read a certain file and then patch it up.

[stephenhawk8054]

@gettysburg Scripts injection works by using a set of pre-defined scriptlets: https://github.com/gorhill/uBlock/wiki/Resources-Library

We don't write arbitrary long scripts for specific sites. As I said, that can only be maintained and updated when the whole extension updates. It cannot be updated frequently like filters whenever the site changes something.

[ItsProfessional]

they essentially just wait for the browser engine to read a certain file and then patch it up.

We want to avoid code manipulation (i.e. patches) to the site's scripts whenever possible, as this is basically RCE.

[stephenhawk8054]

I see this request

I'll update

||2mdn.net^$media,redirect=noop-1s.mp4:10,domain=open.spotify.com

[stephenhawk8054]

Anyone knows if using *$media,redirect-rule=noop-1s.mp4:10,domain=open.spotify.com caused any issues in the past?

[dportvine]

I see this request

Screen


I'll update

||2mdn.net^$media,redirect=noop-1s.mp4:10,domain=open.spotify.com

I have the same as before.

Screen


[stephenhawk8054]

Yeah, the ads connections look quite random. Sometimes I got scdn.co, few times I saw 2mdn.net

[stephenhawk8054]

Can anyone test if this filter can stop any media ads from appearing?

open.spotify.com##+js(trusted-replace-fetch-response, /\,\{"metadata":\{"uri":"spotify:ad:.+?:"AD"\}/, , track-playback)

[Luminous-Journey]

As i mentioned in #22258, i didn't have any issues with visual adds showing up but the songs would start skipping, and whats really irritating is that it doesn't happen every time

[stephenhawk8054]

@Luminous-Journey Can you do these steps (follow strictly the step order, don't mix the steps orders, or skip any steps):

1. Click on uBO icon > ▤ "The logger" icon, it will open a logger window
2. Open new tab and reproduce the issue
3. Switch to the logger window that was opened in step 1
4. Copy the logger via 📋 export/copy button at the top right
5. Paste the logs to https://www.logpasta.com

[Luminous-Journey]

Unfortunately, while i was attempting to troubleshoot, the bug fixed itself and now i cant record it until it happens again, and who knows when that will be, but when it does i will do as recommended

and when i say fixed itself, i mean it stopped happening in that instance and this has been a recurring issue

[Luminous-Journey]

Also @stephenhawk8054 do you want the markdown or plaintext version?

[stephenhawk8054]

@Luminous-Journey Any is fine.

[Luminous-Journey]

Another bug that i ran into with the same config is when a song is playing like an ad where you cant skip forward and it says advertisment in the bottom right, managed to record this one

log: https://www.logpasta.com/paste/91b347d8-8925-4e30-9fc8-eb17e5db82f5

screenshot:

[stephenhawk8054]

Looks like you opened the logger after loading the page. The right steps are opening the logger first and reproducing the issue at the website later (step 1 -> step 2)

[Luminous-Journey]

some more stuff got logged after a min or so https://www.logpasta.com/paste/94e5ae94-6fd5-4a56-afd8-3366cc89b71c

[Luminous-Journey]

I've had the logger open since you suggested recording the issue in case i ran into another issue

[stephenhawk8054]

Step 2 -> step 3 means you need to switch from the spotify page to the logger. Don't load any other sites and switch from that site to the logger

[Luminous-Journey]

So the logger only logs when its in the foreground of the page attempting to be logged?

[stephenhawk8054]

The logger needs to be opened first to start capturing information. Then depending on which tab you are opening, it will show the information from that tab. You can switch the tab in the logger's drop down.

---

@Luminous-Journey But anyways, can you do these steps:

• Go to Settings tab in uBO settings
• Scroll down and enable I am an advanced user, and click on the gear icon at the end
• Find the line trustedListPrefixes at the bottom and change the value from ublock- to ublock- user- (keep the space exactly) -> Click on Apply changes

Then can you test these filters?

open.spotify.com##+js(trusted-replace-fetch-response, /\,\{"metadata":\{"uri":"spotify:ad:.+?:"AD"\}/, , track-playback)

Click on uBO icon > ⚙ Dashboard button > Add the filter(s) in "My filters" pane > ✓ Apply changes > Open new tab and test again.

Please also double-check again to see if the filters are marked as valid or invalid (it will show red line if invalid, otherwise it's good).

[Luminous-Journey]

The filter seems to be valid, I will post back here if something happens again. Tysm

[Luminous-Journey]

The logger needs to be opened first to start capturing information. Then depending on which tab you are opening, it will show the information from that tab. You can switch the tab in the logger's drop down.

Thats good, I had the dropdown set to the spotify tab, and had opened the logger before reloading that page

[dportvine]

Can anyone test if this filter can stop any media ads from appearing?

open.spotify.com##+js(trusted-replace-fetch-response, /\,\{"metadata":\{"uri":"spotify:ad:.+?:"AD"\}/, , track-playback)

This scriplet breaks the player on my side.

Screen

 

Video

https://github.com/uBlockOrigin/uAssets/assets/111344219/f125c8c0-88a7-40fa-b591-15e8344c870d

[stephenhawk8054]

@dportvine Keep the above filter, can you continue adding this?

open.spotify.com##+js(trusted-replace-fetch-response, "disallow_seeking":true, "disallow_seeking":false, track-playback)

[dportvine]

Didn't help.

[stephenhawk8054]

Hmm... I don't know how to resolve more. I can reproduce the issue, but cannot any more after adding that filter

[dportvine]

Nothing has changed for me.

Video

https://github.com/uBlockOrigin/uAssets/assets/111344219/d7b52094-a521-4438-8d25-0dc2eaf71b4d

[gettysburg]

We want to avoid code manipulation (i.e. patches) to the site's scripts whenever possible, as this is basically RCE.

RCE, aka remote code execution, is not the correct term here.

The dynamic library from "BlockTheSpot" is patching .css files for example as they are parsed by the browser, in order to achieve a clean UI without the "Explore Premium" button for example, and the same is done with .js files by replacing or changing a JavaScript variable or changing existing JavaScript code, no new code is added and executed, simply existing code with known ad-provider URL's (for example sentry.io) in them is modified, in this example sentry.io is replaced by localhost.

This does not qualify as RCE whatsoever, as all changes are done locally and in the users favor, there is no harm, and no code execution that wouldn't occur otherwise.

Regardless, this was just a suggestion, if this is currently not possible as explained by @stephenhawk8054, then it's okay and the current approach of just playing 1 second noop files is good enough I guess, I managed to find an installer with which BlockTheSpot works, so I don't have to use the web player anymore:

My original ticket on BPS and the solution I found there:

[Ticket Link](https://github.com/mrpond/BlockTheSpot/issues/513#issuecomment-1914062706) 

Thank you regardless @ItsProfessional and @stephenhawk8054 for your hard work, and for your replies :-)

[stephenhawk8054]

@gettysburg RCE will be determined by the extension store reviewers. You can argue whatever you want, but the final decision is by them. Any potential argument would be a potential issue of wasting time for back-and-forth questions/explanations and potential for delay/deny of future versions' publishing.

[gettysburg]

@stephenhawk8054 I have to admit that I did not take Mozilla's review team into consideration, and the way that these new filters allowing for file modification could be abused by (third party) filter-list maintainers.

Thank you for bringing that up, I totally have not thought of that.

[stephenhawk8054]

@dportvine This is a POC test, can you test if this skips the ads faster?

open.spotify.com##+js(trusted-replace-fetch-response, '/(\{"uri":"spotify:ad:.+?,"manifest"):.+?,"audio_id":/', '$1:{"file_urls_mp3":[{"bitrate":160000,"file_id":null,"file_url":"https://cdn.jsdelivr.net/gh/stephenhawk8054/external_resources@master/noop-0.1s.mp3","impression_urls":[""],"track_type":"AUDIO","format":null,"audio_quality":null,"hifi_status":null,"gain_db":null,"expires_at":null}]},"audio_id":', track-playback)

The idea is replacing their mp3 ads with an external mp3 file

[dportvine]

The player stopped. Реклама = Ads.

Screen


[stephenhawk8054]

@dportvine Can you check the logger to see which connections appear at that?

[dportvine]

logger

Screen


[dportvine]

@stephenhawk8054

This is a POC test, can you test if this skips the ads faster?

open.spotify.com##+js(trusted-replace-fetch-response, '/(\{"uri":"spotify:ad:.+?,"manifest"):.+?,"audio_id":/', '$1:{"file_urls_mp3":[{"bitrate":160000,"file_id":null,"file_url":"https://cdn.jsdelivr.net/gh/stephenhawk8054/external_resources@master/noop-0.1s.mp3","impression_urls":[""],"track_type":"AUDIO","format":null,"audio_quality":null,"hifi_status":null,"gain_db":null,"expires_at":null}]},"audio_id":', track-playback)

The idea is replacing their mp3 ads with an external mp3 file

I checked again. And now I don't see any problems.

Video

https://github.com/uBlockOrigin/uAssets/assets/111344219/9da20ef3-2f79-48e6-a9d3-9e6ac8b614ea

[Luminous-Journey]

As i mentioned in #22258, i didn't have any issues with visual adds showing up but the songs would start skipping, and whats really irritating is that it doesn't happen every time

I managed to get that one issue logged where the songs just skip instead of playing @stephenhawk8054 https://www.logpasta.com/paste/c7f016dd-bd30-4c9a-977f-56f8f0a2af69

[Luminous-Journey]

But now it's fixed itself again... I hate inconsistency when attempting to debug

[stephenhawk8054]

@Luminous-Journey Remove the custom filters I told you to test and check if your original issue is still there or not.

If I understand correctly, your original issue is the player was stuck and could not advance right?

[Luminous-Journey]

It would advance, but it would simply skip all the subsequent songs instead of playing them

[stephenhawk8054]

@Luminous-Journey That's strange. For now just remove the current custom filters and see if the issue is still there or not. Also check your other extensions if possible too.

[Luminous-Journey]

You mean this one? open.spotify.com##+js(trusted-replace-fetch-response, /\,\{"metadata":\{"uri":"spotify:ad:.+?:"AD"\}/, , track-playback)

or the lists?

[stephenhawk8054]

@Luminous-Journey Yeah, the ones I told you to add in My filters. I don't remember how many you are using now.

[Baysul]

The element is named ##.sponsor-container or something along those lines, according to uBlock Origin's element picker. Seems somewhat inconsistent; I found this one in my Discover Weekly playlist but not in other playlists.