New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

kimsufi.com payment page depends on ovh.com resources #636

Closed
geofft opened this Issue Oct 15, 2015 · 3 comments

Comments

Projects
None yet
5 participants
@geofft
Copy link

geofft commented Oct 15, 2015

I think you can reproduce this publicly without logging in (and without actually paying, of course):

Privacy Badger, for me, has a red slider for www.ovh.com, but it seems at least images from that site need to be loaded so I can click on the links. Kimsufi is a brand of OVH (same organization), so there's no loss to privacy in allowing cross-origin requests between kimsufi.com and ovh.com.

I'd imagine the same thing is true of soyoustart.com, which is also an OVH brand. They also have a payment page at the corresponding URL.

@michael-oneill

This comment has been minimized.

Copy link

michael-oneill commented Oct 15, 2015

This why there is a same-party property (array of domain names) in the DNT Tracking Status Resource. It allows a site to declare what embedded “third-parties” are in face managed by the same Data Controller as the first-party. Not that anyone implements it yet, but if PB supported that then they might start to.

@cooperq

This comment has been minimized.

Copy link
Contributor

cooperq commented Nov 3, 2015

@geofft moving the slider to yellow or green for the blocked domain should solve this issue.
@michael-oneill it seems like the same-party property could be pretty easily abused by advertising partners (requiring first parties to add them to the same party array, etc) What provisions are in place to stop this?

@theel0ja

This comment has been minimized.

Copy link
Contributor

theel0ja commented Jul 13, 2018

Kimsufi and SoYouStart are OVH's brands, so this should be in MDFP list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment