Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

report-uri.com #3945

Closed
ScottHelme opened this issue Aug 30, 2019 · 13 comments

Comments

@ScottHelme
Copy link

commented Aug 30, 2019

List the website(s) you're having issues:

https://report-uri.com

What happens?

Our website is being blocked by a filter in this list.

List Subscriptions you're using:

PiHole default setup.

Your settings

This is my PiHole config:

Match found in https://v.firebog.net/hosts/AdguardDNS.txt:
   report-uri.com
  • OS/version: N/A
  • Browser/version: N/A
  • Adblock Extension/version: N/A

Other details:

Our service provides real-time security monitoring for website operators using built-in features of the browser. We are listed on the 'tracking servers' list but we in no way provide tracking of users. Details about our service can be found on our website: https://report-uri.com

Details about me (the founder) can be found on my Twitter https://twitter.com/Scott_Helme or my personal blog https://scotthelme.co.uk too. I work extensively in the online security and privacy space so was quite surprised to find our site on this list.

Our entry on the list can be found here:

||report-uri.com^$third-party

I'd like to request that it be removed which will restore access to our website. This issue was brought to my attention because customers were reporting that our website is broken and it turns out that DNS service providers are using this list for their filtering which broke our website.

@llacb47

This comment has been minimized.

Copy link

commented Aug 30, 2019

Hi Scott,

I believe that your service provides error monitoring/reporting and such services are blocked on EasyPrivacy.

For example:

||segment.io^$third-party

I believe the list maintainers will not be inclined to remove this rule due to the issue being caused by circumstances beyond their control, but we will have to see.

@ryanbr

This comment has been minimized.

Copy link
Member

commented Aug 31, 2019

There is fine line with monitoring and tracking, which websites will also use. Maybe they chould have it removed/whitelisted for your purposes?

@ScottHelme

This comment has been minimized.

Copy link
Author

commented Aug 31, 2019

I agree there is a fine line, and it's a line that we ensure we don't cross. We don't offer any kind of tracking of users nor do we store any identifying information about a user. We only store and process the JSON payload that is sent which contains diagnostic information about security/performance/other issues with the site they visited.

Alongside this, it's our entire domain that has been added to the block-list, even though our website (report-uri.com and www.report-uri.com) do not participate in anything to do with our service in terms of sending report data.

At an absolute minimum this filter should only impact *.report-uri.com which are the vanity subdomains our users choose to send reports to. Blocking our website is harming our user experience when people try to visit the site and provides no benefit to the privacy of anyone. You can confirm this by reading our documentation and looking at the DNS records we publish.

I'd kindly ask you to remove, or at least update, our entry in this list based on the above information.

@ryanbr

This comment has been minimized.

Copy link
Member

commented Sep 2, 2019

Tracking is tracking, even for "good" and/or minimal tracking. For the end user's privacy comes first and thats why people will chose to have Easyprivacy installed. The filter won't be removed.

@ryanbr ryanbr closed this Sep 2, 2019

@ScottHelme

This comment has been minimized.

Copy link
Author

commented Sep 2, 2019

Hi @ryanbr, as I mentioned in my comments, we don't provide any tracking. It's not a case of "good and/or minimal tracking", there is no tracking!

Could we at least have the filter updated based on my last comment? Our website report-uri.com doesn't take any part in the delivery of reports and is just there for people who wish to visit our site. Right now this is causing problems with people who want to use our website and providing no benefit to the privacy of anyone. Can the filter be changed to *.report-uri.com instead?

@ryanbr

This comment has been minimized.

Copy link
Member

commented Sep 2, 2019

This is working fine, its on our side. its a 3rd-party element. If it's an Adguard issue, take it up with them?

@ScottHelme

This comment has been minimized.

Copy link
Author

commented Sep 2, 2019

Hi @ryanbr, I'm not sure I understand the first part of your comment.

I have spoken with AdGuard and after investigating they agreed we are not a tracking service and have granted us an exception. They are not the only service that includes these lists though so the most efficient course of action is to go to the source, which is here.

Is there some evidence/information I can provide for the justification of having our entry updated to exclude our website?

@PaulMoore2018

This comment has been minimized.

Copy link

commented Sep 2, 2019

This seems like a crazy stance to take.

I can just about justify blocking subdomains (if your paranoia level is turned up to 11), but blocking the root site is ludicrous.

@ryanbr

This comment has been minimized.

Copy link
Member

commented Sep 2, 2019

I'd prefer to hear from @Alex-302 and the Adguard team on the reasons why its removed. Sending diagnostic information is still a privacy issue.

And its not "Crazy". its a third-party block like any other third-party block in the list. visiting the site report-uri.com directly will work without issues. The third-party block won't affect if visiting it the site directly, only external sites outside of "report-uri.com".

Also we have blocked report-uri.io since 2017 (possibly longer), and suddenly we block the .com we're now the bad guy?

@PaulMoore2018

This comment has been minimized.

Copy link

commented Sep 2, 2019

I think it's all-too easy to make that argument, but in reality, blocking services like this does more harm than good. Virtually every service is "leaky" from a privacy standpoint; it's more important to balance risk & associated benefits than to blindly block all 3rd-party services because "privacy".

@ScottHelme

This comment has been minimized.

Copy link
Author

commented Sep 2, 2019

I spoke with Adguard via DM on Twitter and I'd welcome them to share details of our discussion here. I'm not sure who I spoke to (didn't catch a name) but I'm sure Alex will have some kind of record on their side that they can share.

We've been using our .com for quite some time now and not the .io which is why this won't have been an issue until recently.

To clarify, no one is saying you're the 'bad guy' here, or at least, I'm not. I understand the value of privacy protecting services and myself use and advocate things like the PiHole[1]! As I said above I agree with the idea of blocking the reports being sent, my problem is that people who wish to visit our website are being negatively impacted. Blocking our website does not protect the privacy of a user and such detrimental side-effects are only going to encourage a user to disable or stop using these privacy enhancing features.

[1] https://scotthelme.co.uk/tag/pi-hole/

@ScottHelme

This comment has been minimized.

Copy link
Author

commented Sep 2, 2019

After some browsing through the lists I notice that similar services to ours are not blocked. Is this for a particular reason or is it just a case of them not being discovered yet?

@gargoyle

This comment has been minimized.

Copy link

commented Sep 2, 2019

Tracking is tracking, even for "good" and/or minimal tracking. For the end user's privacy comes first and thats why people will chose to have Easyprivacy installed. The filter won't be removed.

Tracking is tracking, eh? and end users privacy comes first, eh? Unless said tracking breaks enough sites that you just whitelist it (https://adblockplus.org/forum/viewtopic.php?f=10&t=11378) in order to stop your product looking naff?

The whole idea of a blacklist is that you block known bad actors and not to block large chunks of resources until they have proven themselves worthy (which is what a whitelist is for).

The whole idea of a list like this is that it is being curated in order for more technically aware people to produce a high quality list which can serve to protect the less informed.

The owner of the site (Scott) has come to you and clearly explained the situation. If you are not prepared to understand the details of what it is that report-uri.com is doing and take appropriate action (remove from the blacklist), then I ask you what exactly is it you are curating here?

@easylist easylist locked as too heated and limited conversation to collaborators Sep 2, 2019

gorhill added a commit to uBlockOrigin/uAssets that referenced this issue Sep 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
5 participants
You can’t perform that action at this time.