Privacybadger: www.spiegel.de is withholding contents even when whitelisted / PB disabled

Additionally: Even HTTPS everywhere is treated the same, but disabling helps in that case.

Sounds related to #1596.

www.spiegel.de, like www.washingtonpost.com (#1444), has consistently been a top-reported domain by Privacy Badger users.

I can reproduce the ad blocker message (screenshot from Chrome below), but disabling Privacy Badger on the page does work (in Chrome and Firefox); the message goes away while tracking/ads come back.

1. I can reproduce this problem with PB but HTTPS does not cause any problem on Chrome.

2. @ghostwords do you know why the message is still triggered if the site if manually whitelisted? I presumed that whitelisting would unblock all third parties and have the same effect as the 'Disable Privacy Badger For This Site' button, but @Spiegel-Leser is correct, one works and not the other.

3. We are contacting Spiegel about this problem and we'll see how they respond. The anti-adblock notice I received states if this message appears even though you are not running an adblocker, you should disable any similar extensions and the Do Not Track preference. This is a strange and incorrect idea. They are also blocking readers who are using a Firefox private window, presumably because that mode has Tracker Protection enabled.

I just tested, HTTPS is not causing problems on Spiegel.de in Firefox
either. They seem to have changed that. PB is still a problem. Didn't
test whitelisting, disabling helps.

Am 21.09.2017 um 03:42 schrieb alanton:
>

1.

I can reproduce this problem with PB but HTTPS does not cause any
problem on Chrome.

2.

@ghostwords <https://github.com/ghostwords> do you know why the
message is still triggered if the site if manually whitelisted? I
presumed that whitelisting would unblock all third parties and
have the same effect as the 'Disable Privacy Badger For This Site'
button, but @Spiegel-Leser <https://github.com/spiegel-leser> is
correct, one works and not the other.

3.

We are contacting Spiegel about this problem and we'll see how
they respond. The anti-adblock notice I received states if this
message appears even though you are not running an adblocker, you
should disable any similar extensions and the Do Not Track
preference. This is a strange and incorrect idea. They are also
blocking readers who are using a Firefox private window,
presumably because that mode has Tracker Protection enabled.

spiegel_anti_adblocker
https://user-images.githubusercontent.com/11096622/30674892-663a2c7e-9e7d-11e7-8bf5-26936b6f7409.png

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/EFForg/privacybadger/issues/1607#issuecomment-331027010,
or mute the thread
https://github.com/notifications/unsubscribe-auth/Ad89MajR-qtsbsi5V05bjgs57iwB41aFks5skb8jgaJpZM4PEbLB.

why the message is still triggered if the site if manually whitelisted

@alanton How did you manually whitelist the site? Post a screenshot if that's helpful.

I should have made this clear: The screenshot shows the whitelisting and
as a result the never-ending loading of the news page. If I don't
whitelist the message appears, if I disable PB everythings fine.

Am 21.09.2017 um 15:46 schrieb Alexei:

why the message is still triggered if the site if manually whitelisted
@alanton <https://github.com/alanton> How did you manually whitelist
the site? Post a screenshot if that's helpful.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/EFForg/privacybadger/issues/1607#issuecomment-331161126,
or mute the thread
https://github.com/notifications/unsubscribe-auth/Ad89MfLaQykjgQFu47WZiYSNKmcE7NaWks5skmirgaJpZM4PEbLB.

@ghostwords under the whitelisted domains in options:

@alanton Our whitelisting options page UI is confusing (and missing validation). If you put in www.spiegel.de, that should be the same as clicking "Disable Privacy Badger For This Site". You can see for yourself by clicking that button and then visiting the options page to see what entry got added.

@Spiegel-Leser I removed a duplicate comment.

whitelisting and as a result the never-ending loading of the news page

Oh, this sounds like another problem, something on top of the ad blocking message. What browser do you use? What is your browser version? What version of Privacy Badger do you have? What other add-ons do you have installed?

I think the issue I had with whitelisting the site manually was that I entered http://www.spiegel.de rather than just spiegel.de. when I enter the latter manually it works.

Doesn't matter with me. http://www.spiegel.de or www.spiegel.de or
spiegel.de all lead to the same problem.

Am 21.09.2017 um 23:54 schrieb alanton:

I think the issue I had with whitelisting the site manually was that I
entered http://www.spiegel.de rather than just spiegel.de.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/EFForg/privacybadger/issues/1607#issuecomment-331292725,
or mute the thread
https://github.com/notifications/unsubscribe-auth/Ad89MeaWwfLCl_mO9oLF6rWPFKBNj_QJks5sktsXgaJpZM4PEbLB.

--
Jochen Schüttler
Tölzer Str. 13
28215 Bremen

Tel 0421 20807078
Hdy 0176 48609072

If I use Bouncer to block specific third-parties I only get the "please deactivate your Adblocker" message" when imagesrv.adition.com is blocked. It would be interesting to see if PB is blocking this domain in some circumstances. There are no cookies in it when I look but maybe it triggers PB in some other way.

I don't see tracking from imagesrv.adition.com, but domains like ad8.adfarm1.adition.com and dsp.adfarm1.adition.com are picked up as cookie trackers (on sites like derstandard.at, brigitte.de and spiegel.de), which leads to adition.com, their base domain, getting blocked, which leads to imagesrv.adition.com getting blocked (thanks to having the same base domain).

The German Telemedia Act (Section 13) requires that the recipient of the service (site visitor) is told when their data is passed on to another service provider i.e third-party, and that the recipient of the service can terminate the use of the service at any time. The ability to block some or all third-parties must be an acceptable way to do that, especially as the site does not offer any other way. You could say the site is denying a legal right by completely blocking access if someone exercises their right.

On first visit to the home page:

Cookies & Third-Party Domains on http://www.spiegel.de/

There are 15 first-party probable UID cookies and 16 third-party probable UID cookies from 53 domains

First Party UID Cookies:
Domain: spiegel.de
Name: __gads expires after : 2 yrs
Name: spVcData2 expires after : 2 mnths
Name: _ga expires after : 2 yrs
Name: mx_nam_id expires after : 31 days
Name: _parsely_visitor expires after : 2 yrs
Domain: c.spiegel.de
Name: __gads expires after : 2 yrs
Name: spVcData2 expires after : 2 mnths
Name: _ga expires after : 2 yrs
Name: mx_nam_id expires after : 31 days
Name: _parsely_visitor expires after : 2 yrs
Domain: cdn2.spiegel.de
Name: __gads expires after : 2 yrs
Name: spVcData2 expires after : 2 mnths
Name: _ga expires after : 2 yrs
Name: mx_nam_id expires after : 31 days
Name: _parsely_visitor expires after : 2 yrs

Third Party UID Cookies:
Domain: dc73.s290.meetrics.net
Name: id expires after : 5 days
Domain: srv-2017-09-22-16.pixel.parsely.com
Name: pid expires after : 11 mnths
Domain: ad.yieldlab.net
Name: id expires after : 12 mnths
Domain: rtax.criteo.com
Name: uid expires after : 12 mnths
Name: eid expires after : 6 mnths
Name: zdi expires after : 6 mnths
Domain: ad8.adfarm1.adition.com
Name: fc9 expires after : 6 mnths
Name: UserID1 expires after : 6 mnths
Domain: de.ioam.de
Name: i00 expires after : 2 days
Domain: static.adfarm1.adition.com
Name: UserID1 expires after : 6 mnths
Domain: adfarm.mediaplex.com
Name: svid expires after : 51 mins
Name: rts expires after : 51 mins
Name: mojo3 expires after : 30 days
Domain: img-cdn.mediaplex.com
Name: svid expires after : 51 mins
Name: rts expires after : 51 mins
Name: mojo3 expires after : 30 days

First Party Domains:
spiegel.de
c.spiegel.de
cdn2.spiegel.de

Third Party Domains:
dc73.s290.meetrics.net
srv-2017-09-22-16.pixel.parsely.com
imagesrv.adition.com
ad.yieldlab.net
rtax.criteo.com
ad8.adfarm1.adition.com
de.ioam.de
static.adfarm1.adition.com
adfarm.mediaplex.com
c.t4ft.de
img-cdn.mediaplex.com
googletagservices.com
t4ft.de
wlresults.westlotto.com
securepubads.g.doubleclick.net
ad.doubleclick.net
pixel.adsafeprotected.com
ad4.adfarm1.adition.com
s0.2mdn.net
tpc.googlesyndication.com
static.parsely.com
s290.mxcdn.net
google-analytics.com
srv-2017-09-22-16.config.parsely.com
dc80.s290.meetrics.net
static.adsafeprotected.com
z.moatads.com
pagead2.googlesyndication.com
googleads4.g.doubleclick.net
dockhand.netflix.com
dt.adsafeprotected.com
a-ssl.ligatus.com
ad9.adfarm1.adition.com
ad.atdmt.com
dmp.theadex.com
portal.blau.de
geo.moatads.com
px.moatads.com
ssl.ligatus.com
fonts.googleapis.com
google.com
fonts.gstatic.com
googleads.g.doubleclick.net
gstatic.com
adx.ligadx.com
x.bidswitch.net
ads.yagiay.com
ade.googlesyndication.com
stats.g.doubleclick.net
google.co.uk

Cookie data collected by Baycloud Bouncer https://baycloud.com/bouncerDownload

I made it work by allowing ad.doubleclick.net.

Allowing ad.doubleclick.net also worked for me. imagesrv.adition.com seemed to work at the beginning, but the same problem appeard, as the site was completely loaded.

also remember to disable the firefox internal content blocking feature for spiegel.de it also kept me off the site.
To do so, click on the top left shield icon and then disable content blocking for this side.