ghostery-collector.ghostery.com

[Speciesx]

Why the heck Ghostery try every 5 min to connect to ghostery-collector.ghostery.com?

Firefox Nigthly
Ghostery 8.2.4
Windows 10

[philipp-classen]

ghostery-collector.ghostery.com is the endpoint for Human Web related communication.

If Human Web is enabled, Ghostery will poll the list of proxies (https://ghostery-collector.ghostery.com/v2/lookuptable). That explains the requests that you see. As the lists do not change often, we should increase the polling interval, which is currently set to five minutes.

Do you know which Pi-hole blocklist contains the rule? Contributing Human Web data is optional and if you disable it in the UI, you should no longer see those requests. That it ends up being blocked looks like a false-positive to me.

[Speciesx]

Do you know which Pi-hole blocklist contains the rule?

I've blocked ghostery-collector.ghostery.com, after i saw those requests.

Contributing Human Web data is optional and if you disable it in the UI, you should no longer see those requests. That it ends up being blocked looks like a false-positive to me.

Human Web is disabled, it was never enabled, but i still see those requests.

[philipp-classen]

@Speciesx Thank you, I'll try to reproduce.

[philipp-classen]

In the current release (8.2.4), we are polling for changes to the proxy list every 5 minutes. That is a GET request to https://ghostery-collector.ghostery.com/v2/lookuptable.

We are not sending data in these requests, but as the fetched content of rarely changes, 5 minutes is quite wasteful, especially if you are using in on a metered internet connection. In the upcoming release, it will now poll every 6 hours, which should reduce most of the overhead.

[Feranor]

Do you know which Pi-hole blocklist contains the rule? Contributing Human Web data is optional and if you disable it in the UI, you should no longer see those requests. That it ends up being blocked looks like a false-positive to me.

A bunch of public blocklists have added everything related to Cliqz and Ghostery as a result of Mozilla sneakily adding the Cliqz extension to some German Firefox installations. Especially communities like the Firefox subreddit seem to believe (rather zealously) that Ghostery is closed source and sells their users browser history to ad companies.

Some examples:

https://www.reddit.com/r/firefox/comments/7569ts/list_of_cliqz_domains_to_block_in_hosts_file_post/
AdGuard Spyware filter: https://filters.adtidy.org/extension/chromium/filters/3.txt
https://hosts-file.net/default.asp?s=ghostery

[Speciesx]

Human Web is disabled and will be never enabled, but still get a bunch of that spyware connections!

[christophertino]

@Speciesx v8.2.5 released today reduces those proxy checks to every 6 hours. To disable them completely, make sure to also turn off Anti-Tracking protection in Ghostery (blue shield icon), since that feature uses the Human Web proxies to obfuscate sender data when building our Safe Data Set. Check out the "Unsafe Data Removal" section of this blog post for more info.

@Feranor thanks for pointing out those links. Unfortunately, those threads are nothing new, but we are steadily combating them here with our commitment to being open and transparent with the software we build. Suffice to say, we are not closed source, nor are we selling any user data.

[mutrised]

Hi,
I ended up here looking for collector-hpn.privacy.ghostery.net and collector-hpn.ghostery.net domains.
I keep seeing today DNS requests every 4 or 5 minutes. More than 600 request is less than 12 hours.
I try to keeps my traffic as low as possible since I'm currently using a low quality 3G connection.
I'm on firefox, and Ghostery(v 8.3.4) is up to date (last updated on june 5th).

Is there a way to increase proxy checks ?

Thanks for your help ! =)

[philipp-classen]

Hi @mutrised

Normally, DNS requests only happen before a HTTPS request. As in terms of bandwidth use, the HTTPS requests are heavier than the relatively small DNS requests, looking at the actual requests could give more insights.

Note that the discussions in this thread refer to an older version of the extension. In the current system, there are no calls to get the proxy lists any more.

We still need to poll for configuration changes, which we currently do once every 1 to 4 hours (or on average once per 2.5 hours):
https://github.com/cliqz-oss/browser-core/blob/v7.37.7/modules/hpnv2/sources/config-loader.es#L25

If you look at your network traffic, these requests will should up as
GET https://collector-hpn.ghostery.net/config