Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Request to unblock instant.page #4023

Closed
dieulot opened this issue Sep 14, 2019 · 11 comments

Comments

@dieulot
Copy link

commented Sep 14, 2019

Filter affected:

||instant.page^$third-party in easyprivacy/easyprivacy_trackingservers.txt, introduced in 6d8f54b by Fanboy (@ryanbr).

1st/3rd-party sites affected:

The 7000+ sites using instant.page to make their site faster. The script is delivered to 76 millions end users per month.

How is it broken?

Pages aren’t instant anymore, which makes for a noticeably poorer experience. instant.page is known to completely transform the experience of a site in some cases.

Description why it should be removed:

I don’t log IP addresses of users that fetch the script (it’s served through Cloudflare Workers, serverless, so I don’t have regular server logs), and even if I did because it’s put in cache for 30 days I couldn’t track which sites using instant.page a user visits.

Some see prefetching in itself as a privacy violation, because it informs the server of which pages the user is going to click next before they have clicked. But that’s 1) a very minor privacy violation, 2) not a common practice, to say the least, it’s in fact unheard of. A marketer has no incentive to make use of this potential data because they already have much more interesting data to look at that are much easier to retrieve (the actual links clicked and heatmaps from users that don’t have a content blocker).

instant.page is a great antidote to today’s slowness of the internet by cheating latency (the main factor in web slowness). It would be sad if it’s killed by content blockers because of a very minor and in fact theoretical privacy kerfuffle.

@ryanbr

This comment has been minimized.

Copy link
Member

commented Sep 15, 2019

The prefetching and the mouseover stuff is consider monitoring/tracking.

@dieulot

This comment has been minimized.

Copy link
Author

commented Sep 15, 2019

I know, I addressed that: it’s a theoretical minor violation of privacy, in return you get a much improved experience.

If there was a poll, the vast majority of privacy-oriented people would choose the improved experience over the theoretical privacy violation I’m pretty sure. It’s been popular on Hacker News and Reddit for instance and there’s been very very little complaints about the privacy aspect, it’s a fringe opinion.

@dieulot

This comment has been minimized.

Copy link
Author

commented Sep 15, 2019

I’m going to list the number of privacy complaints regarding instant.page versus the number of other comments on the privacy-minded Reddit and Hacker News.

@dieulot

This comment has been minimized.

Copy link
Author

commented Sep 15, 2019

408 comments, 4 complaining about privacy, or about 1%, on forums used by people who generally care about privacy. Please don’t ruin it for the other 99%.

Links below.

Hacker News - 337 comments total, 2 complaining about privacy:

https://news.ycombinator.com/item?id=19126768
https://news.ycombinator.com/item?id=19124857 (downvoted, you can see that it’s greyed if you click on “parent”)
https://news.ycombinator.com/item?id=19123552 (that’s regarding hosting on my CDN, not about prefetching/mouseover, so I won’t count that one)

Reddit:
1 4 comments, 0 complaining about privacy
2 4 comments, 0 complaining about privacy
3 7 comments, 0 complaining about privacy
4 8 comments, 0 complaining about privacy
5 48 comments, 2 complaining about privacy:
https://www.reddit.com/r/programming/comments/crmwpp/instantpage_20_preload_web_pages_when_the_user_is/ex6yua5/ (downvoted)
https://www.reddit.com/r/programming/comments/crmwpp/instantpage_20_preload_web_pages_when_the_user_is/ex88d0j/

You can verify this for yourself with Ctrl + F and “privacy”.

@dieulot

This comment has been minimized.

Copy link
Author

commented Sep 15, 2019

Note also that detecting pages that are hovered over wouldn’t work from a tracking perspective because on mobile prefetches are done even when the user is only just scrolling, if they started touching their display on a link.

Again, no one tracks people this way.

@ryanbr

This comment has been minimized.

Copy link
Member

commented Sep 15, 2019

Easyprivacy is a privacy-related list, but this filter isn't being removed. If you don't like it, just don't use this list.

@dieulot

This comment has been minimized.

Copy link
Author

commented Sep 15, 2019

I’m the author of instant.page, it makes the web faster. It’s not about my use of lists, it’s about 99% of people who use the list preferring to have the web faster than to be (non-)affected by a theoretical privacy risk.

@krystian3w

This comment has been minimized.

Copy link
Contributor

commented Sep 15, 2019

Create own list with:

!#if !ext_ublock

! for ABP / AdBlock / Maybe most AdGuard apps
@@||instant.page^$third-party

!#endif

! uBO / AdGuard if support
||instant.page^$third-party,badfilter
@dieulot

This comment has been minimized.

Copy link
Author

commented Sep 15, 2019

One question: do you consider prefetching in itself a privacy violation (I know uBlock Origin disables prefetching) or is it just when it’s coupled with mouseover or similar? Would a script that prefetches everything in the viewport be okay?

@gijo-varghese

This comment has been minimized.

Copy link

commented Sep 16, 2019

@ryanbr I agree to what @dieulot said. It's true that these scripts use mouseover and all. But it doesn't send these data to anywhere, nor store in cookies.

I don't think it can be included to the list of 'tracking scripts' just becuase it's tracing mouse or preloading

If the aim of this list is to reduce data/bandwidth usage, then I agree. Otherwise, blocking scripts like instant.page for privacy/ads is a bad idea

@krystian3w

This comment has been minimized.

Copy link
Contributor

commented Sep 16, 2019

So What problem detection mouseover with pur JS.

@ryanbr ryanbr closed this Sep 21, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.