Uassets: Add DuckDuckGo's Tracker Radar

Not a good fit in my opinion

Surrogates can be interesting, but not included (categories and breakage data also missing). Rules are regexes (simple, but sometimes highly specific). Someone can create filter list basing on this, but this is not something that can be used directly.

Someone can create filter list basing on this

https://gitlab.com/michelt/ddg-tracker-radar-hostfile/-/raw/master/hostlist-full.txt

Not a good fit in my opinion

@llacb47 would you mind elaborating?

Not a good fit in my opinion

@llacb47 would you mind elaborating?

Sure, the list seems to make no distinction between CDNs and trackers, and blocking CDNs, especially with CNAME uncloaking in uBO, would have many false positives.

https://github.com/duckduckgo/tracker-radar/issues/2#issuecomment-595450185

Someone can create filter list basing on this

gitlab.com/michelt/ddg-tracker-radar-hostfile/-/raw/master/hostlist-full.txt

This is just stupid. Many of these domains are just normal web pages. Even blindly blocking them as 3p will break lot of stuff.

Filters should be created from "resources" -> "rule" Regular Expressions.

That's that they compiled, lots of domains who are not trackers or ad-servers are present.

If assumed that everything should be blocked, it can be converted to very inefficient Regular Expression filter by:

for F in *.json; do jq --raw-output '.resources[] | "/\(.rule)/$third-party"' "$F"; done

Only 2.5MB / 37k filters :)

Of course CDNs are blocked (CNAMEs!).

Here the the filter list the Vivaldi browser is using for its tracker blocking, based on Duckduckgo's Tracker Radar: https://downloads.vivaldi.com/ddg/tds-v2-current.json.

Surrogates can be interesting

They come from uBO, see https://twitter.com/gorhill/status/1273263811001290752. They might have some which are not from uBO, in which case it would been nice that they contribute them to uBO as a good gesture given that they use uBO's surrogates in their extension. Strike that, looking at the repo, they are all from uBO.

, they are all from uBO.

That means they violated GPL v3.

After I posted the above it occurred to me DDG Privacy Essentials (DDGPE) gets those surrogate scripts in a way that is forbidden by Mozilla, i.e. from a remote server.

I can't see any good reason for doing so -- these are packaged in uBO as web-accessible-resources, meaning they are injected safely (i.e. without triggering CSP violations) and with complying with Mozilla policy of no remote code.

It's as if DDG went out of its way to avoid committing the uBO code in their repo, and worst, Mozilla is making an exception with DDGPE (which is a _recommended_ extension) by allowing them to download these scripts from a remote server from within their extension.

After I posted the above it occurred to me DDG Privacy Essentials (DDGPE) gets those surrogate scripts in a way that is forbidden by Mozilla, i.e. from a remote server.

Reported: https://bugzilla.mozilla.org/show_bug.cgi?id=1653403 (locked for now)

https://github.com/duckduckgo/duckduckgo-privacy-extension/pull/469