PB blocks avatars[0123].githubusercontent.com #1466
Comments
|
I'm not sure if it's related but another site I visit has a |
|
Hello, could you run the following in Badger's background page console? This should print the decisions your Badger reached for all "githubusercontent" domains, and the site domains Badger saw "githubusercontent" domains perform tracking on. (function () {
const STR = "githubusercontent";
console.log("**** ACTION_MAP for", STR);
_.each(badger.storage.getBadgerStorageObject('action_map').getItemClones(), (obj, domain) => {
if (domain.indexOf(STR) != -1) console.log(domain, JSON.stringify(obj, null, 2));
});
console.log("**** SNITCH_MAP for", STR);
_.each(badger.storage.getBadgerStorageObject('snitch_map').getItemClones(), (sites, domain) => {
if (domain.indexOf(STR) != -1) console.log(domain, JSON.stringify(sites, null, 2));
});
}());To get to the background page console in Chrome, visit In Firefox, visit |
|
CloudFront: Yes please! A new issue would be great. You should specify the website where the issue happened and include the debugging information I asked for above, replacing "githubusercontent" on the second line of the code with "cloudfront". |
|
I notice the debug output contains a small bit of my internet history. I'd rather not post that publicly, but I don't know what I can redact, if anything, without making the data useless to you. Can you narrow down what you're looking for? |
|
Could you send it just to me? |
|
I'd rather not send it out at all, sorry. I've tried to reproduce this myself by installing PB into a new Firefox profile and browsing around, but so far the |
|
I am looking for the decisions your Badger reached for all "githubusercontent" domains, and the site domains Badger saw "githubusercontent" domains perform tracking on. I am more interested in the site domains, the "snitch_map" stuff. |
|
@ghostwords All avatars on github.com are broken for me as well. Is this the information you require? |
|
Yes, thank you. Feel free to mark them as allowed to fix the issue for yourself. Something isn't right here ... Your Badger decided to block |
|
@ghostwords Will do and thank you for the quick reply. |
|
Thanks @adjagu . For what it's worth, my own I'm a little confused here actually. I'm not really sure how PB decides what to block. Is |
|
@jeremyn I'm not sure as to how PB chooses what it blocks either and usually don't notice when it does. This time however it was noticeable since pictures were being blocked. All I did to see avatars again was to move the sliders (of the blocked content) from red to yellow. As to the undefined bit after going through some of the issues here I did notice that I wasn't getting the same information back from PB that other people were and I ended up removing it and reinstalling it. Edit: |
|
@adjagu I agree the avatar images are blocked, that's what I'm getting and why I reported the problem. What I'm saying that is maybe PB is correct in deciding that the avatars should be blocked, by its own logic. In other words I want to understand whether the problem is
|
|
Uninstalling clears all of Privacy Badger's data, so it has to relearn what to block (which goes in |
|
@jeremyn Could you share the size of your yellowlist? Run the following in your Badger's background page console: console.log(Object.keys(badger.storage.getBadgerStorageObject('cookieblock_list')._store).length); |
|
Let us know if this comes up again. I think we know what caused this issue to happen, and will take steps to prevent it from happening again. |
|
@ghostwords Sorry for totally ignoring your last comment 😦 I'm not sure what you mean "let us know if this comes up again" though. Did you push a fix? |
|
Sorry, yes, let me explain. I think what happened was that for a period of time last week, people's Badgers were getting their "yellowlists" (a list of domains Badger should treat specially to avoid breaking sites) erroneously wiped out thanks to an |
|
I'm getting |
|
Also, and I'm sorry to just throw out criticism without a PR, but I don't like the design where PB makes regular calls to an eff.org site. I expect this would be an unpleasant surprise to many users who disapprove of any sort of phoning home for any reason. Also, it means things can break when there hasn't been an update or really any indication that anything has changed. Please consider rewriting the add-on so that the whitelist and anything similar is included in the add-on itself. |
|
I'm sorry our updating system is so buggy, but we are working on fixing it. Here are some related issues (I'm about to open a new one to fix what I see is still an open issue here): #1487, #1474, #1473. I don't think remotely fetching assets from the same organization that publishes the add-on should be considered "phoning home". If you trust the EFF to install the add-on, you should trust the EFF to serve add-on assets in a privacy-respectful manner. |
|
I appreciate your response and acknowledge that you feel bad about the breakages. However there is an endless list of software creators who want to build in quiet, uncontrollable update processes to their software. They always think they are justified. Users complain because they feel a loss of control over their system and because it causes unexpected breakage. This is no different. The EFF heavily criticized Microsoft for this sort of thing during the Windows 10 rollout. In HTTPS Everywhere, ruleset changes are bundled with the code, and the add-on is updated through the usual browser add-on update process and the add-on version can be checked in the browser. I can revert or block updates if I want. I can't do that with PB. |
|
#1487 is about shipping assets with the add-on. Perhaps in the future we could have a switch to disable asset updates altogether. I believe HTTPS Everywhere is moving to having rule sets become updateable outside of add-on upgrades. |
|
I haven't heard anything about HTTPS Everywhere rulesets being updateable outside of the regular add-on update process. There is talk of moving HTTPS Everywhere ruleset work into a separate repository from the code. Maybe that's what you're thinking of? |
|
Here is a WIP HTTPS Everywhere branch for updateable rulesets: https://github.com/EFForg/https-everywhere/compare/sign-rulesets |
|
Thanks @ghostwords . @Hainish Is there an issue/pull request against HTTPS Everywhere for the changes @ghostwords linked in their previous commit? |
|
This issue was closed but just to be clear, PB still blocks the |
|
Sorry, it's the disconnect between GitHub as a developer platform and GitHub as a support platform. We fixed it in development but haven't released the fix yet. There should be a release the coming Monday that fixes this and a bunch of other mis-blocked domains for everybody. |
|
This should now be fixed in production with Privacy Badger 2017.7.24. |
|
I opened a PR for an admin policy flag to disable remote asset updates: #2394 |
PB blocks
avatars[0123].githubusercontent.com(red slider). I just noticed this in the past couple days. The problem description is similar to fixed issue #443.The text was updated successfully, but these errors were encountered: