Violentmonkey: Twitter detects injection in the background and reports it along with the GUID of tampermonkey back to them...

Created on 8 Jan 2021  路  4Comments  路  Source: violentmonkey/violentmonkey

So a really nasty fingerprint...

See https://github.com/easylist/easylist/issues/6921

This is doable by any other given site too. I realize this is more a firefox issue, but I wonder if there's a way around this.

More or less an FYI as I'm not sure it can be helped.

external

Most helpful comment

Use uBlock Origin. ~_Why aren't you using it yet?_~
https://github.com/gorhill/uBlock/wiki/Dashboard:-Settings#block-csp-reports

All 4 comments

This is how CSP works so I don't see what we can do here. The only workaround is to remove the CSP header via browser.webRequest API (we can do it but it's really outside of the scope of the extension) or the users can disable something in about:config about reporting themselves like maybe set security.csp.reporting.script-sample.max-length to 1 or 0. Anyway, those who are concerned with the potential for fingerprinting should be already blocking all kinds of reporting in their browsers.

Use uBlock Origin. ~_Why aren't you using it yet?_~
https://github.com/gorhill/uBlock/wiki/Dashboard:-Settings#block-csp-reports

I am using uBlock Origin, and I have no-csp-reports set in the settings...this still happens unless I block it explicitly. Go try it.

Ok so now it's working properly...weird. Please close.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

rayman89 picture rayman89  路  4Comments

Riajyuu picture Riajyuu  路  5Comments

cyberrufus picture cyberrufus  路  6Comments

L-a-n-g-o-l-i-e-r-s picture L-a-n-g-o-l-i-e-r-s  路  6Comments

maszd picture maszd  路  3Comments