Uassets: uBlock Origin blocking styles & scripts from *.piwik.pro subdomains

https://github.com/easylist/easylist/commit/c3a6ed2

@Marcin-PiwkPRO specific url ?

Example domains: clearcode.cc
Please remember that all *.piwik.pro subdomains are being blocked. Not only the specific ones.
Please exclude all *.piwik.pro subdomains.

mmhmm, @ryanbr clearcode.cc too and other see above ?

https://github.com/uBlockOrigin/uAssets/issues/7613

From here, why suddenly drawing on assets from a knowingly blocked item @Marcin-PiwkPRO ? Not a recent filter either https://github.com/easylist/easylist/commit/7679662180fb5c056b70080349a5057531ccb61a

@ryanbr
We’re using .piwik.pro subdomain to load assets. It is used both by our website (assets.piwik.pro) as well as our product ([clientname].piwik.pro). To answer your questions:

• we cannot and should not use a different domain for assets, because it will be regarded as a third-party domain when visiting piwik.pro website.

• clients use a dedicated subdomain in .piwik.pro - blocking it, not only prevents them from logging in to the UI, but also using the product in any way

CC also whitelisted: https://github.com/easylist/easylist/commit/4e45994207878872400c271d705c17219c1cb19d

My mind also 🤯 when I tried understood how was used piwik on clearcode as CDN* for CSS/JS?

* - or this is glitch in JS when page see blocked requests.

@krystian3w

• Both companies used a shared CDN in the past, and since then, that has been corrected. Each (piwik.pro, clearcode) use their own subdomain for assets.

• But this is only part of the impact, additionally the filter blocks actual login screens & UI of the products used by clients in [clientname].piwik.pro domains.

Well, I only see an option to convert to regex or 4 simple network filters:

/^https?\:\/\/(www\.)?piwik\.pro/$script,image,xmlhttprequest,subdocument,third-party

|http://piwik.pro^$third-party
|http://www.piwik.pro^$third-party
|https//piwik.pro^$third-party
|https://www.piwik.pro^$third-party

when remove filter generate lack of privacy.

clearcode.cc has been exempted in EP, so closing.

@krystian3w

• Our main problem is that our product can't be used when uBlock Origin is active. This feature request was about piwik.pro domain & *.piwik.pro subdomains, clearcode.cc website was only an example.

• The suggested regexps by krystian3w will work partially, could you consider allowing script,image for subdomains as well? (so that we can load e.g. images for blog posts from assets.piwik.pro as well as the assets for [clientname].piwik.pro loads correctly?)

@ryanbr

@Marcin-PiwkPRO you should tell us what really is needed to unbreak the functionalities on your side (obviously not including stuff regarding the privacy like ppms.js script for example => otherwise nobody would unlock your stuff anymore) .

Maybe he needed add exception into:

https://github.com/easylist/easylist/blob/6216cbb7cdd1ba8d89f030cb6c78479abd61aca4/easyprivacy/easyprivacy_general.txt#L5149

but maybe faster is no use the clearcode.cc as "CDN" for Polish domain?

clearcode.pl
|
| --- piwik.clearcode.cc

@mapx- @krystian3w
We’d like you to whitelist the subdomains of *.piwik.pro, specifically to allow loading JS, CSS & image assets to unbreak UI of the product. We have complaints about these filters - it’s about using the product, not tracking users.

There are several other rules that block the tracking (see the rules on the attached image below) which completely block collecting any data by our product about users who installed the list.

@mapx- @ryanbr @krystian3w so what do you think? can it be done?

Can you confirm 100% if easyprivacy removes the general filter ||piwik.pro^$third-party
and add:
||piwik.pro/ppms

all the tracking will still be blocked ?

This has to be available for the future too, otherwise I guess the general block will return very fast

Yes, I can confirm that and we are aware of the consequences. Big thanks for this! <3

Let's see if @ryanbr is ok with this proposal

||piwik.pro/ppms won't cover many domains. From what I see piwik.pro (still) is sharing resources on its own sites and then using the same domain to serve up tracking. If piwik.pro can't separate this, it should remain blocked.

Samples:

https://www.bang-olufsen.com/en
https://bang-olufsen.containers.piwik.pro/ad2e80e2-6747-4919-8ab0-7135801dab21.js

https://www.waca.associates/en/
https://waca.containers.piwik.pro/0d480677-be5b-4887-90b1-c9f2fd013614.sync.js
https://waca.containers.piwik.pro/0d480677-be5b-4887-90b1-c9f2fd013614.js

https://www.academiccourses.com/
https://keystone.containers.piwik.pro/a1fa26b2-9906-42a3-bd3c-9bc3c73be271.js?data_layer_name=piwikDataLayer

https://boell.org/
https://boell.piwik.pro/piwik.js

https://www.zim.com/
https://zta.containers.piwik.pro/923228e7-d119-45eb-a025-e4d1b1af6e1b.js

https://www.artscyclery.com/
https://smartetailing.piwik.pro/ppms.js

Thanks for your feedback. The files loaded from containers and ppms.js (or older version piwik.js) are not going to track user, because the tracking requests invoked by them are going to be blocked by rule suggested by @mapx- above:

||piwik.pro/ppms

You may consider why loading them in the first place, if they are invoking the tracking request, but the containers load also content (e.g. we provide functionality to serve dynamic content on the sites) as well as scripts that are configured by the customer (but these will be blocked according to other rules, e.g. when Google Analytics is added it will not be loaded due to other rules).

We suggest that you could extend the rule to block ppms.js/piwik.js in the following way:

||piwik.pro/ppms
||piwik.pro/piwik

But not block the containers & assets this way.

@mapx- @ryanbr @krystian3w what do you think?

And now there's another thing.
Since filters in uBlock Origin have been updated to the newest version, we see all our assets on piwik.pro website are blocked again (they were unblocked in this ticket: #7613).

https://github.com/easylist/easylist/commit/bdec5660d6912db9eec5a9121cdeaa53e8741d94

@ryanbr so what do you think about proposition from here?
https://github.com/uBlockOrigin/uAssets/issues/8260#issuecomment-734823797

I'm happy to leave this. We've fixed what we needed too.