Closed omriiluz closed 4 years ago
Really? I understand that the nature of bot detection involves fingerprinting, but that is something that the EasyPrivacy list explicitly blocks. https://github.com/easylist/easylist/commit/6489947a49ea29002534a1c064c695e2fb0eee5f#commitcomment-35818463
PerimeterX is not a tracking service, we have strict privacy policy and these rules are causing issues to users on hundreds of web sites (as you identified on the thread on easyprivacy). The fingerprinting and other mechanisms rendered by easyprivacy as trackers are used solely to secure access to the site, and not correlating any data to PII. This isn't different from recaptcha that is whitelisted (and is tracking users), and the result of blocking the script will result in the site visitors forced to solve recaptchas.
Let us know what you recommend in order to resolve this, as currently this is negatively impacting the experience of uBlockOrigin users on many sites.
This isn't different from recaptcha
Sure, it is, reCaptcha is unavoidable and results in site breakage, yours does not.
as currently this is negatively impacting the experience of uBlockOrigin users on many sites.
and what about Adguard/ABP/Adblock/Ghostery users ? Why do you care about uBlock Origin users only ?
ABP no use default EasyPrivacy - if that list spoils pages.
AdBlock by β:fish: have only EasyList Lite where put block rules / exceptions (as if they were trying to overwrite something).
https://cdn.adblockcdn.com/filters/easylist_lite.txt
Default no use EasyPrivacy.
For AdGuard possible report anonymously: https://reports.adguard.com/en/new_issue.html, and recommend use AdGuard lists, default without EasyPrivacy or AdGuard Tracking Protection enabled.
We are working to resolve this issue on each extension using the EasyPrivacy list.
While PerimeterX uses fingerprinting technology to identify threats, the usage of this technology is not to track users and it's never used or available in order identify, target or track users.
There is a negative impact to users of uBlockOrigin as they will see more catpchas on hundreds of sites. The PerimeterX tool is not as unavoidable as reCaptcha, but it deployed on some of the largest and most popular sites on the internet today.
?
@ZaphodBeebblebrox You meant https://github.com/uBlockOrigin/uAssets/commit/ebec09871ec0accafbd37fe932a67c70dad6eb80 ?
https://github.com/uBlockOrigin/uAssets/commit/ebec09871ec0accafbd37fe932a67c70dad6eb80 will help unblock the user from solving captcha (which is great in itself), but it will not help with avoiding getting a captcha. The purpose of this thread was to unbreak the root cause, thus avoiding the user seeing any impact.
@ZaphodBeebblebrox, I'd appreciate reopening this issue.
We could add
@@||perimeterx.net/api/*/collector$xhr
What do you think @okiehsch @gorhill @gwarser
Refreshing the page works and captCha can be avoided like that once it occurs.
It seems that there is no agreement to address the problem, closing
Narrow to @@||*/captcha/PX*/captcha.js$script,1p
?
@@/captcha/PX*/captcha.js$script,1p
works identical?
Narrow to
@@||*/captcha/PX*/captcha.js$script,1p
?
The captcha is not broken on every site using that script, atleast on my end. For example
https://twentytwowords.com/kylie-jenner-and-travis-scott-are-planning-on-having-another-child-together/`
with the script blocked.
They started asking people to subscribe to this list on captcha page: https://abp.perimeterx.com/whitelist.txt
https://abp.perimeterx.com/whitelist.txt
We could badfilter them. 😁
Then these users wouldn't be able to use the site... That was the only option we could think of to resolve the issue.
@omriiluz seekingalpha
has been fixed
other sites with captcha broken ?
https://www.bloomberg.com/
@llacb47 https://github.com/uBlockOrigin/uAssets/issues/6819#issuecomment-573462497
again I have troubles with: https://www.bloomberg.com/europe
\|\|cedexis.net^$3p |
\|\|cedexis.net^$3p,badfilter |
layout is broken | layout looks fine |
@mapx- we are verifying one by one and will respond later today
@krystian3w is bloomberg
affected by perimeterX ?!
IDK but EasyPrivacy with CNAME uncloaking
complety breakage site.
https://portswigger.net/daily-swig/web-trackers-using-cname-cloaking-to-bypass-browsers-ad-blockers
Off-topic! I'm sure @omriiluz has better things to do than read about how CNAME uncloaking breaks Bloomberg.com.
@mapx- these are not showing the captcha element due to the block:
https://www.hotelscombined.com/?_pxhc=1
https://creativemarket.com/?_pxhc=1
fixed hotelscombined
, I get no captcha for creativemarket
Despite multiple issues to fix Bing Ads, there has been no response whatsoever and agitation from repo maintainers: So, referencing my issue here: https://github.com/uBlockOrigin/uAssets/issues/6887#issuecomment-578509029
Let's name and shame ublock origin until their ego issues get resolved.
@mapx- broken on bloomberg.com
Needing additional whitelisting @mapx-
@@||pxchk.net/api/v2/collector/ocaptcha$xhr
Due to ||pxchk.net^$third-party
in EasyPrivacy
Since I was blocking px-cdn.net
I needed to add @@||px-cdn.net/api/v2/collector/ocaptcha$xhr
as well.
Is this still issue in uBO on seekingalpha.com
?
I cannot reproduce the captcha thing
Also uses paywall - maybe JS conflit like "frozen" nodes/objects.
but they are probably checking if object is frozen, and if, then they not show captcha
I get a paywall on my side, "Read with Free Trial".
URL(s) where the issue occurs
Describe the issue
PerimeterX Bot Defender is a website security service used by hundreds of popular sites across the web. It is using Javascript to profile user behavior to identify malicious behavior. more details can be found at https://www.perimeterx.com. PerimeterX does not collect PII data or track the users. The information is only used to decide if to grant access to the site.
Some rules from the EasyPrivacy list are blocking our ability to run our code and causing normal users to be blocked.
Examples from the conversations with the EasyList team: https://github.com/easylist/easylist/pull/3723#issuecomment-508870872 https://github.com/easylist/easylist/commit/0f70a983eff105a88780f6fc6d3fbfac3478ae12 https://github.com/easylist/easylist/pull/3724
We are asking to create a filter override for the blocked
perimeterx.net
domain and for/api/v2/collector
Screenshot(s)
https://github.com/easylist/easylist/commit/6489947a49ea29002534a1c064c695e2fb0eee5f#commitcomment-35818636
Versions
Settings