Uassets: How to address 1st-party tracker blocking?
Helle here!
Since friday, we hit a case of 1st-party tracking that seems to be unblockable.
This occurs on https://www.liberation.fr/, embedding a 1st-party tracker f7ds.liberation.fr, which point to a ugly tracking provider Eulerian via the CNAME liberation.eulerian.net.
This provider clearly states it provide unblockable tracker
Seems Criteo starts to ask the same to their customer, with 1st-party tracking pointing to *.dnsdelegation.io subdomain.
In this case, it seems really difficult to block such tracker by tools like uBlock:
- subdomain is mostly random (
f7ds.example.org), even if we found someea.*pattern - detection can sometime be done with CNAME resolution (to
*.eulerian.netor*.dnsdelegation.io), but this is difficult to integrate to browser (those steps are internal to DNS client resolver)
- IP filtering is not efficient, tracker provider can easily change IP without notifying it customers. CNAME change is more complex, but provider can generate quite a bunch on random subdomain in advance and ask it customer to change the subdomain in case of too high blocking (or proactively trigger a rotation each X days).
Do you have any way to detect then block such content from the browser?
The only (not so) efficient way I have at the moment is using DNS tools like PiHole to blacklist range of IP and CNAME pattern resolution (with regex, hostfile not usable here). And even this way, it doesn't cover all the possible case… Even tools like µMatrix seems totally inefficient on such tracker…
aeris
All 9 comments
Maybe a scriptlet? Are there other sites on which this tracking is used?
llacb47
on 10 Nov 2019
With DNS analysis, we found at least those customers.
Acadomia, Attractiv World, Conforama, Carrefour, Center Parks, Celio, Corsair, Devialet, Leclerc, Easy Voyage, La Redoute, Futuroscope, Française des Jeux, FNAC, Look Voyage, Lafuma, Malakoff Médéric, Michelin, Monoprix, Numericable, Office Dépôt, Ooreka, Photobox, Petit Bateau, Pixmania, PMU, Tam Tam, Promofarma, Quiksilver, Skoda, Smartbox, Locasun, Vente Unique, Voyage Privé, Voyages SNCF, Virgin Mobile, and so more (700+ domains found).
It doesn't say it's currently on production, but DNS delegation and CNAME are ready to be deployed on 1st-party sites.
aeris
on 10 Nov 2019
At least one already in production on oui.sncf
aeris
on 10 Nov 2019
@aeris for uBo add:
liberation.fr,officedepot.fr,oui.sncf##+js(acis, document.createElement, /parseInt.+?3600000/)
However the domain names don't seem to change so they can probably be blocked in EasyPrivacy.
llacb47
on 10 Nov 2019
Do you have any way to detect then block such content from the browser?
We can disable the inline-script that triggers the 1st party scripts
I added
liberation.fr,officedepot.fr,oui.sncf##+js(acis, document.createElement, '.js')
to uBO-privacy.
okiehsch
on 10 Nov 2019
https://github.com/AdguardTeam/AdguardFilters/commit/a988faf5017b3369e3b58d1da239d6e91ac69df8
https://github.com/AdguardTeam/AdguardFilters/commit/00975df2cafa3a5492556cbbade4db91c9bf33eb
krystian3w
on 24 Nov 2019
This domain is owned by a https://uniregistry.com ... a registrar reseller.
The domain is for sale...
$ dig +short aeris.liberation.net
69.172.201.153
It is called a wildcard ...
*.liberation.net IN A 69.172.201.153
You made a typo and you have a lot of imagination, conspiracy theory ?
Eulerian is using f7ds.liberation.fr and nothing changed.
guillaumef
on 26 Nov 2019
Oh my god, I miss the domain :sob: Sorry… :fearful:
aeris
on 26 Nov 2019
https://trackingthetrackers.com/
Should help filterlist maintainers collecting/checking domains there before adding.
uBlock-user
on 28 Nov 2019
Related issues
macheteBadger
·
3Comments
BurungHantu1605
·
3Comments
krystian3w
·
3Comments
Htin
·
4Comments
ip012
·
3Comments
Most helpful comment
With DNS analysis, we found at least those customers.
Acadomia, Attractiv World, Conforama, Carrefour, Center Parks, Celio, Corsair, Devialet, Leclerc, Easy Voyage, La Redoute, Futuroscope, Française des Jeux, FNAC, Look Voyage, Lafuma, Malakoff Médéric, Michelin, Monoprix, Numericable, Office Dépôt, Ooreka, Photobox, Petit Bateau, Pixmania, PMU, Tam Tam, Promofarma, Quiksilver, Skoda, Smartbox, Locasun, Vente Unique, Voyage Privé, Voyages SNCF, Virgin Mobile, and so more (700+ domains found).
It doesn't say it's currently on production, but DNS delegation and CNAME are ready to be deployed on 1st-party sites.