Hosts: Incorrect flag `rollbar.com`

Hello! Thank you for opening your first issue in this repo. It’s people like you who make these host files better!

Thanks Itay @itay-grudev.

@ScriptTiger Rollbar domains were added on May 18, 2018 in your commit 5550a01187b, which I merged. Care to comment?

Itay @itay-grudev crash reporting is a bit of a grey area. Some domains like crashlytics are just rude. Others not so much. I'm not familiar with Rollbar. Can you make the case for Rollbar? Point to a privacy statement, or reputation, or a track record?

Thanks in advance for clarification here.

Rollbar is an error reporting and analysis tool used internaly in our software.

If it's truly used "internally," I don't see what the problem is. Just keep using it internally, whitelist it, and everyone else can opt-out by having it in their blacklist. If we made a case to exempt this, we would have to exempt all of the other telemtry services, as well.

@StevenBlack, this service has popped on countless mobile apps and @itay-grudev does indeed give a fair description of it. Just like every other " error reporting and analysis tool," an "error" can be defined as any event the customer/developer wants it to be. And obviously "analysis" is even more broad. Blocking this service does not degrade the performance of any app's ability to run locally on any device or connect to other external online services in order to perform the task it was marketed to perform, it simply blocks it from connecting to the external online Rollbar services for extraneous "error reporting and analysis" that are completely unrelated to the task which the app was marketed to do and are solely for "internal" purposes, as @itay-grudev stated.

As we know, all of the data Cambridge Analytica held was initially gathered for "internal" purposes, as well, so this argument doesn't hold any water with me. We can write all the BS agreements, licenses, and contracts we want, but at the end of the day if developers are still breaking the law because it's worth the risk to make a pretty penny, I'd prefer to protect my data by more forcible means than simple goodwill and a handshake, or check in the box.

I didn't knew developers integrated with it directly from within their apps. In that case I understand. Have you then also blocked:

• sentry.io
• newrelic.com

There have been discussions with sentry and some for newrelic.
sentry.io: #881, #571, #568, #563, + #785
newrelic.com: #122 + #568

New Relic seems covered:

js-agent.newrelic.com
beacon-1.newrelic.com
beacon-3.newrelic.com

I don't know if it's necessary to block newrelic.com itself, but maybe someone can double-check this.

As for sentry.io, my personal views are that it should be blocked. It seems like the creator of sentry.io personally came here and made a big argument about why it shouldn't be considered ads and that it shouldn't be in a section of the hosts file labeled for ads, but I don't know why the PR removed it rather than simply moving it to a different section of the hosts file for analytics/telemtry. It seems to me he was just fighting for reputation that his product was not ads, and fairly so. So it should have been moved to a different section and not removed from the entire file.

@ScriptTiger that's inaccurate. I'm puzzled by your comment since our base list is about much more than ads. The Sentry discussion was never about ads.

Here is a summary of why Sentry is not blocked, here.

• I am, foremostly, a computer systems analyst, and software developer. Crash reporting back to source is a vital thing for me, and others.
• At the outset, we blocked several sentry.io subdomains.
• David Cramer @dcramer the CEO of Sentry came here, and politely asked why.
• Extended discussion ensues, wherein @dcramer addressed all our specific concerns. Moreover Sentry made changes to its website and privacy policies to reflect the concerns of some of our regular contributors, here.
• Somewhat coincidentally I began working, and today continue to work, in a niche offshoot of React Native called Expo. As it happens, Sentry and Expo are very well integrated together. My ecosystem works well with Sentry.
• After a period of time, @dcramer sent me a small box of swag (a t-shirt and socks, perfectly sized for my college-age daughter, and a few pens). This certainly did not hurt his case 😄

I am personally convinced that Sentry is a good company with a clean, profesional operation. The people at Sentry "get" it.

Since I am the ultimate decider here, this list doesn't block Sentry anymore.

I think this is the correct call. As always, I'm open to be convinced otherwise.

Itay @itay-grudev as I said earlier, I'm open to hearing the case for Rollbar. I don't know Rollbar.

I think we're all on the same page here. Obviously as a blanket statement telemetry and analytics, etc., are definitely blocked, but certain particular products that have been more deeply vetted on a case by case basis to be viewed as safe for the community are allowed. This would be in keeping with the goal of a highly curated list, so I don't see any problems with that. And I can definitely appreciate your input as a systems guy, as your particular expertise would definitely be more highly regarded than my own in these things as I am a network engineer and not so well intimately versed on the systems side of the house.

Both Rollbar & Sentry provide telemetry & analytics services. The corresponding company's reputation does not matter as ultimately the people who read the data are their customers - the owners of the apps that are being tracked.

If your objective is to prevent data from leaking from a specific machine in general - keep blocking Rollbar.

But if you are going to stick with your policy you should also block sentry.io. While I really like Sentry and it isn't ads, it is telemetry & analytics.

I rest my case.

newrelic.com

New Relic seems covered:

js-agent.newrelic.com
beacon-1.newrelic.com
beacon-3.newrelic.com

Hate to break it... but you're missing a few lines there https://gitlab.com/my-privacy-dns/matrix/matrix/issues/1391

Itay @itay-grudev when I need to enable a blocked domain, I use hostile from the terminal. It's quick and easy. This spares the whole whitelist and local build and deploy, which is much more hassle.

Closing.