Third party is not detected (or not exposed to the user)

[ghost]

Prerequisites

• I verified that this is not a filter issue
  • Filter issues MUST be reported at filter issue tracker
• [x] This is not a support issue or a question
  • Support issues and questions are handled at /r/uBlockOrigin
• [x] I performed a cursory search of the issue tracker to avoid opening a duplicate issue
  • Your issue may already be reported.
• I tried to reproduce the issue when...
  • [x] uBlock Origin is the only extension
  • [x] uBlock Origin with default lists/settings
  • [x] using a new, unmodified browser profile
• [x] I am running the latest version of uBlock Origin
• [x] I checked the documentation to understand that the issue I report is not a normal behavior

Description

When visiting https://www.myvanillacard.com/ https://geoip-js.maxmind.com is one of the third parties on the site. It is, however, not shown as one of the connections made in the uBlock interface - not when clicking on the icon or when using the logger.

Others not being able to reproduce could try using Browserling. Visit https://www.browserling.com/browse/win/7/firefox/68/https%3A%2F%2Faddons.mozilla.org%2Fen-US%2Ffirefox%2Faddon%2Fublock-origin%2F Download uBlock and visit https://www.myvanillacard.com/

Surprisingly, https://geoip-js.maxmind.com is visible in uMatrix. Not only uMatrix sees the domain, https://www.ipvoid.com/http-requests/ also exposes the connection.

If you are not able to reproduce this on your system (uBlock sees and blocks the domain), please leave a comment and information about your environment.

(I put up this issue on Reddit, but deleted the issue until now, as I've observed it on more than just my own computer.)

A specific URL where the issue occurs

https://www.myvanillacard.com/

Steps to Reproduce

1. Visit https://www.myvanillacard.com/
2. Click uBlock icon
3. View the list of webpages in the sidebar

Expected behavior:

That https://geoip-js.maxmind.com is listed (and blocked.)

Actual behavior:

https://geoip-js.maxmind.com is not listed - not in sidebar or in the logger

Your environment

• uBlock Origin version: 1.29.2
• Browser Name and version: Firefox 80.0.1 (64-bit)
• Operating System and version: Windows 10

[uBlock-user]

Network pane of Devtools doesn't list it either.

[gorhill]

uMatrix reports differently than uBO, it must not be used as a reference for uBO.

[liamengland1]

Please fix your hyperlinks in markdown.

[ghost]

uMatrix reports differently than uBO, it must not be used as a reference for uBO.

https://www.ipvoid.com/http-requests/ displays the connection as well for instance.

Also, when the issue was on Reddit, one person stated that they could not reproduce the issue and posted a screenshot of their logger both seeing geoip-js.maxmind.com and blocking it.

[ghost]

Please fix your hyperlinks in markdown.

Done.

[gorhill]

Use the browser dev tools, if it's seen by the browser, it should be seen by uBO.

[gorhill]

geoip-js.maxmind.com does not appear in the popup panel because the page is reloaded, as seen in the following screenshot:

uBO's popup panel shows only what occurred in the current page load, while uMatrix remembers across page load -- both by design.

[ghost]

You are absolutely true - thanks for investigating! Already knew about the fact that uMatrix remembers across page loads, but didn't even consider it. Closing the issue.

[gorhill]

I prefer to keep it open, I want to investigate if something can be done about this -- in the current case the issue is that a document with the same exact URL is being reloaded within a fraction of second, so in that case it would make sense for uBO to carry over the seen hostnames for when a document was reloaded within a fraction of second with the same exact URL.

[ninjacatstorm]

this seems to happen on invidious. when hovering the mouse on the progress bar, noscript shows a connection to ytimg.com, but ublock shows nothing. example link: https://invidious.snopyta.org/watch?v=wjXIw6OjBo8

[gorhill]

this seems to happen on invidious

It's a different case than the underlying issue here. It's because ytimg.com is blocked by the site's own content security policy:

Content Security Policy: The page’s settings blocked the loading of a resource at https://i.ytimg.com/sb/wjXIw6OjBo8/storyboard3_L2/M1.jpg?sqp=-oaymwENSDfyq4qpAwVwAcABAaLzl_8DBgiM9538BQ%3D%3D&sigh=rs%24AOn4CLDX97KGHJ0B9DLRmiKUIFih6JGDPw (“img-src”).

No network requests to or script execution from ytimg.com occur and it's not uBO blocking it, it's the page's own CSP:

content-security-policy: default-src  'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src  'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src  'self'; media-src 'self' blob:

NoScript is reporting it probably because it listens to CSP violation events, but I am going to argue that NoScript is wrong to show that scripts from ytimg.com were blocked by NoScript since it's not true, and trying to "unblock" ytimg.com won't accomplish anything because it's the page's own CSP blocking it, and this will also be true after you trust ytimg.com with NoScript.

uBO's logger shows all the network requests which occurred on a page and ytimg.com is not there, while in the current issue the network requests show in the logger.

[ninjacatstorm]

so noscript is reporting things incorrectly then? i also tried on lbry.tv and noscript also shows a lot more connections, i tested by temp trusting everything, i tried on the first video listed: https://lbry.tv/@TheQuartering:1/big-changes-at-youtube-this-will-be-the:1

• noscript: https://i.ibb.co/0r1N5br/1.png
• ublock: https://i.ibb.co/X56sGWm/2.png

it also seems it matters whether or not all the filter lists are ticked, i tested on old.reddit.com

• default: https://i.ibb.co/LxdHvVg/3.png
• with all the filter lists: https://i.ibb.co/HFRs2ZT/4.png

I'm not sure whether this is all normal?

[gwarser]

i tested by temp trusting everything,

Did you also disabled filtering when you tested in uBO?

[gorhill]

@ninjacatstorm You trusted all in NoScript, which is equivelant to disable NoScript for the site, while you left uBO in its normal blocking state, you can't compare this way. Disable uBO if you want to compare with disabled NoScript. This is what I get once I disable uBO and reload the page with cache bypass (I didn't click the play button after the page loaded):

[ninjacatstorm]

ok, i'm a little confused. shouldn't ublock origin show all of that anyway, but just with the blocked connections being red instead of green? isn't that the point of the red/green thing? or am i misunderstanding how it's supposed to work?

[gwarser]

This works like a chain. One tracker loads another, then second one loads one more... If you block first one, other will never be loaded, so they will not be ever seen.

[uBlock-user]

Not just with trackers, everywhere else on the Internet too.

[gorhill]

shouldn't ublock origin show all of that anyway

I am baffled at why you would think so when NoScript behaves just the same way: you won't see the final long list of 3rd parties if you do not trust all in NoScript. Why would you expect differently in uBO?

Trust minimally:

Trust all:

It seems you have misunderstandings of how both NoScript and uBO works, and in such case it's support matter and to be handled at /r/uBlockOrigin, currently we just keep adding noise to the current issue which is fully understood and what you report is unrelated to it, as I already stated above.

[gwarser]

In hard mode tomshardware.com quickly redirects to "AD BLOCKER INTERFERENCE DETECTED" page, with only first party resources. This make more difficult to actually find that futurecdn.net must be noop-ed to prevent anti-adblock detection.

https://www.tomshardware.com/how-to/boot-raspberry-pi-4-usb

[uBlock-user]

In hard mode tomshardware.com quickly redirects to "AD BLOCKER INTERFERENCE DETECTED" page, with only first party resources. This make more difficult to actually find that futurecdn.net must be noop-ed to prevent anti-adblock detection.

This is still an issue.