Canonical repository for the Disconnect services file
License: Other
The Tracker Protection lists are licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. https://creativecommons.org/licenses/by-nc-sa/4.0/
Please email [email protected] if you’d like to license the lists for commercial use.
If you believe that we’ve missed a tracker, or categorized a domain incorrectly please fill out and submit the form found here.
Pull requests are not reviewed and will be closed.
Copyright (c) 2024 Disconnect, Inc.
Hello,
Inspired by this discussion: https://news.ycombinator.com/item?id=18890356 - looks like FireFox blocks ajax requests to fetch reddit posts (demo https://jsbin.com/fuyijan/2/edit?js,console)
Is there a way to enable https://www.reddit.com/r/ and keep everything else as is?
(Originally posted in Mozilla issue tracker)
It would be nice, if AddToAny service will be removed from Firefox blacklist. At the time social buttons of service block in Firefox (beginning at Firefox 63) by default.
If I need to make another actions, that AddToAny buttons works for Firefox users with Always value of Trackers key, please, tell me.
<!-- AddToAny BEGIN -->
<div class="a2a_kit a2a_kit_size_32 a2a_floating_style a2a_vertical_style" style="left:0px; top:150px;">
<a class="a2a_dd" href="https://www.addtoany.com/share"></a>
<a class="a2a_button_mastodon"></a>
<a class="a2a_button_diaspora"></a>
</div>
<script async src="https://static.addtoany.com/menu/page.js"></script>
<!-- AddToAny END -->If Only in private windows value of Trackers key:
Buttons are shown:
Else Always value of Trackers key:
No buttons:
Privacy Policy from official site:
Do Not Track (DNT):
+ When a supported browser's DNT header is enabled, we prevent tracking across sites where AddToAny is used.
+ For example, we disable Like & Tweet buttons to prevent Facebook & Twitter tracking when DNT is enabled.
+ See our full Do Not Track Compliance Policy.
Full Do Not Track Compliance Policy in AddToAny site.
As user, I use Privacy Badger of Electronic Frontier Foundation (EFF) for tracking preventing → Privacy Badger allow AddToAny:
Firefox support EFF blacklists.
a2a_config = a2a_config or {}
a2a_config.no_3p = true
a2a_config.track_links = falseThis code prevents any tracking:
Thanks.
This happens on the iOS Safari content blocker. Example: https://www.google.com/amp/abcnews.go.com/amp/Technology/wireStory/apple-slowing-iphones-cuts-battery-price-50-52034050
https://webbkoll.dataskydd.net/sv/ uses your database to classify third party requests.
So far the following seem to be missing:
Please block app.yieldify.com, used by Yieldify.
I see the Google tracking NID cookie being sent to https://adservice.google.ca/adsid/integrator.js?domain=tpc.googlesyndication.com, see:
The response headers for this URL includes the following which I found interesting:
Alt-Svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
I think there's a tracker slipping through from www.youtube-nocookie.com. Example: https://www.youtube.com/watch?v=V6mQYfrbuDQ.
See https://bugzilla.mozilla.org/show_bug.cgi?id=1432650 ...
yandex.ru appears in the "Advertising" section, which means all of its subdomains (like api-maps.yandex.ru) are blocked. But api-maps.yandex.ru is categorized as "Content".
Can we adjust the yandex entries in "Advertising" to use the fully-qualified domain names of the advertising Yandex domains, so that other non-advertising Yandex domains will be allowed?
Dada
I'm seeing trackers from youtubei.youtube.com. For example, you might see it here: https://www.youtube.com/watch?v=V6mQYfrbuDQ
I think that domain needs to be added to the json.
do-not-tracker.org
eviltracker.net
trackersimulator.org
These try to load code to actually test fingerprinting. By simply blocking the domains your just saying "Yay, we block those 3 harmless test domains" but the actual tracking techniques that they present would then remain undetected on every other domain on the web.
nbcnews.com is currently listed under Microsoft: https://github.com/disconnectme/disconnect-tracking-protection/blob/master/services.json#L7156
From https://en.wikipedia.org/wiki/NBCNews.com:
"On July 14, 2012, NBC officially announced that Microsoft had sold back its half share of msnbc.com for $300 million"
I'm happy to create a PR for this if you approve of removing it from the list of Microsoft properties.
Please block dwin1.com.
AKA Digital Window. Used by affiliate marketing company Awin.
bucksense.com tracks users and serves ads
Hello! Does Disconnect exclude sites that support https://www.eff.org/dnt-policy? This PR suggests that this may be the case: #4
Context: I am a former author of Privacy Badger Firefox and now a maintainer of Brave browser, which uses this list for tracking protection. If you are whitelisting sites that post EFF's DNT policy, Brave should be enabling DNT on those sites (we do not by default). I would suggest that this be documented somewhere for downstream users of this repo.
There is a form on this domain that becomes non-interactive when this domain is blocked.
Found on Firefox iOS and Focus iOS:
https://bugzilla.mozilla.org/show_bug.cgi?id=1499201
iOS-specific usage of this list is an ancillary use case of course, so I am filing mostly for future reference; I don't imagine there is a way to change this entry in the list without affecting non-iOS platforms.
http://sport.tvp.pl/mundial2018/37292850/mundial-2018-egipt-urugwaj-transmisja-mecz-live
FYI, akamaihd.net listed as a Facebook domain, and even though lots of Facebook traffic resolves there, it is an Akamai domain that is used by other clients as well.
In your Blocking List, you also block Google Tag Manager.
Since Google Tag Manager is not collecting any data, you should remove it from your list.
If someone opts out of tracking, you disable Google Analytics or other Trackers already. But Google Tag Manager can also be used for essential features without any tracking of users.
All Shareaholic CDN assets (images, fonts, CSS, JS) are loaded from apps.shareaholic.com which causes site functionality and site admin interfaces which are part of WordPress and Drupal Admin areas to break.
For example - WordPress:
http://jay.meattle.com/wp-admin/admin.php?page=shareaholic-settings
Blocking all resources loaded from shareaholic.com feels extreme as it breaks functionality across 200,000+ WordPress and Drupal site admin screens.
Possible solution:
Re-classifying shareaholic.com as Content seems more appropriate and it would at least stop breaking Admin interfaces in some cases. If someone has the "strict" list turned on in Firefox, then they at least have been given the heads up that site functionality can break.
Turn (now part of Amobee) is an ad tech company which has has used very user-hostile tracking techniques in the past. They're currently classified as "Content", and thus won't be blocked in Firefox Tracking Protection.
Belongs to Symphony Technological Group via Connexity, not Experian.
styria-digital.com serves ads and tracks users, please block it
All videos on CNET are being misidentified as trackers and will not play.
Privacy Pro on iPhone bypasses the VPN when connecting to disconnect.me.
disconnect-tracking-protection/services.json
Line 2238 in 40846f7
365dm.com is a domain used for serving images across Sky content sites. It is in no way affiliated to 365media.com as you can see from the WHOIS data below:
https://www.whois.com/whois/365dm.com
https://www.whois.com/whois/365media.com
A pull request has been opened to remove 365dm from the list:
#40
Please consider whitelistsing requests to Google domains that contain the &npa=1 URL parameter.
These requests are for non-personalized/non-tracking ads (usually contextual page-relevant ads) that don’t serve ads based on the user’s past browsing behavior, and don’t store information about the page/ad that requested the ad.
“Although these ads don’t use cookies for ad personalization, they do use cookies to allow for frequency capping, aggregated ad reporting, and to combat fraud and abuse.”
(These are the same exceptions as found in the GDPR.)
More information:
https://support.google.com/adsense/answer/7670312
Disconnect.me should whitelist these to encourage publishers to adopt non-tracking ads.
A disconnect.me user reported that submit form on www.virtkick.io doesn't work for him. I tried disconnect.me and I reproduced the problem. Why are you blocking legitimate JSONP requests to MailChimp?
Resource interpreted as Script but transferred with MIME type text/html: "about:blank". mailchimp ajax submit error: parsererror
I can confirm this is an issue, MailChimp email signups are blocked under Advertising, causing signups to fail silently on many sites.
disconnect-tracking-protection/services.json
Line 3879 in efbfeab
Has control of my settings
https://www.lulek.tv/gry/darmowe/kreatywna-kraina-234
No possibile play Flash game with Firefox tracking protection.
I see trackers slipping through from s.youtube.com. Example: https://www.youtube.com/watch?v=fd-VFBOOL5c
I think there's a tracker slipping through from clients1.google.com. Example: https://www.youtube.com/watch?v=iLoM3lGGJxk.
Heatmap tracking via static.hotjar.com is not blocked on normal or strict.
For reference: www.hotjar.com
Getting The resource at “https://cognito-idp.us-east-1.amazonaws.com/” was blocked because tracking protection is enabled. using "Disconnect.me strict protection" on FF Nightly.
Please consider whitelisting AWS Cognito. Without this it's impossible to login to any site that uses AWS Cognito for authentication.
This was observed with focus ad blocker, but may impact other disconnect based blockers.
See ampproject/amphtml#6163 for our investigation.
To reproduce:
In general, AMP does not do any tracking itself (documents and most resources are served from a cookieless domain). It can instrument traditional tracking services, so things should just work if you block those.
Intrusive profiling company, Lead Forensics, uses the following tracking domains (non-exhaustive list):
secure.leadforensics.com
lead-123.com
mon-com-01.com
infra-gtc.com
lansrv040.com
Appears to follow the form:
//www\.example\.com/js/[0-9]+\.js and noscript as //www\.example\.com/[0-9]+\.png
This issue is causing a breakage bug in Firefox right now, please see https://bugzilla.mozilla.org/show_bug.cgi?id=1518872.
The reason is that Firefox classifies live.com as a third-party tracker on sharepoint.com without realizing that both of these domains belong to the same entity (Microsoft). Having sharepoint.com classified on the Content category in addition to the other Micorosft domains there would allow Firefox to work around this bug by correctly recognizing the entity relationship between these two domains.
I would appreciate the help in adding this domain to the list. Thanks!
The following study has listed two offenders that are using 3rd party scripts to collect user behavioral tracking data from password managers.
These are the vendors called out in the piece:
audienceinsights.net
behavioralengine.com
Not sure whether it belongs under advertising or social, but the domain is owned by twitter.
Domain observed on NYTimes, for example.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.