Privacy Badger blocks Matrix homeservers / Riot Web and related services

[Mikaela]

What is your browser and browser version?

Firefox 70.0b14 (64)

What is broken and where?

All Matrix protocol homeservers, personally I have experienced this on on matrix.org and chat.privacytools.io. I have accessed them using riot.im/app (and /staging and /develop), riot.privacytools.io and possibly also riot.t2host.io. This results to Riots telling me that there was an problem connecting the homeserver and asking if the homeserver is up.

As Matrix is a federated service that anyone can selfhost, I don't think this issue can be resolved by shipping lists of Matrix homeservers.

I have suggested Privacytools.io to adapt a DNT policy and the admin responded:

Notably we are neither of these things [online advertising / tracking company]. If Privacy Badger is blocking one of our domains that seems like a bug on their end.

I also asked this on Riot Web support room and I was told that privacy badger blocks domains when 3 different sites connect to it, which happenh can happen often with Riot/Matrix and that the FAQ entry cannot work (which I understand that Riot/Matrix cannot apply the DNT policy), because it would break session persistence.

I said here that I would be opening an issue asking what should be done in these cases?

What is the "culprit" domain?

Please follow the debug instructions to identify which domain breaks stuff when blocked:
https://github.com/EFForg/privacybadger/wiki/Find-out-why-Privacy-Badger-is-blocking-a-domain

Sorry, it's too late night for me to understand those instructions, I will try later. I have noticed #963 which I hope will make this easier.

What is your debug output for this domain?

To get the debug output, please see the instructions link above.

Paste debug output here.

[ghostwords]

Hello and thanks for the report!

and that the FAQ entry cannot work (which I understand that Riot/Matrix cannot apply the DNT policy), because it would break session persistence

I think there is a misunderstanding here somewhere ... I don't see how declaring that a particular domain doesn't track users would break session persistence.

[joepie91]

I don't see how declaring that a particular domain doesn't track users would break session persistence.

Wait, surely Privacy Badger doesn't blindly trust a DNT declaration if the behaviour of a site still looks tracker-y?

[ghostwords]

Please see the "What does the dnt-policy.txt promise mean?" EFF DNT policy FAQ entry.

A company wouldn't knowingly want to engage in this sort of behavior as it will put itself in legal jeopardy. Furthermore, if we see abuse of the EFF DNT policy, we'll deal it with it then.

If you don't want your Privacy Badger to act as a political tool, feel free to uncheck the two DNT checkboxes on Privacy Badger's options page.