Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Long-term solution to tracking protection whitelist #1108
Currently hosts that are on the Tracking Protection list but cause some important functionality (like fb login) to break are added to this whitelist so they don't get blocked. My preferred long-term solution is to block by default but detect when a site is likely to break and pop up a dialog asking the user if they'd like to allow the domains to potentially track them.
referenced this issue
Sep 13, 2018
This came up in a recent Slack conversation (https://bravesoftware.slack.com/archives/C7VLGSR55/p1541483663510700) - I wanted to capture some notes about a different use-case
I believe it's being blocked because certain hostnames are not part of the inclusion list when 3rd party calls are being made (ex: to twitter.com from theverge.com). Per the original issue, we could prompt the user ("Allow twitter.com to show this embedded item?). Another option would be to intercept and obfuscate the request (hide cookies, etc)
This came up on hackernews today, although it's been flagged:
Maybe I'm missing something, but this is a pretty big issue for a browser that claims to be privacy focused. Can we not escalate this a little. We're whitelisting one of the most controversial companies at the minute. This can't be good for PR.