Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

why can't ghostery simply work offline and only optionally connect online #561

Closed
ghost opened this issue Jun 2, 2020 · 1 comment
Closed
Assignees
Milestone

Comments

@ghost
Copy link

@ghost ghost commented Jun 2, 2020

Description

I am using last version of ghostery in chrome, and in firefox. Ghostery frequently to rarely contacts some of its servers to do something in the background. I verified this via Proxifier and via HTTP Debugger apps seperately. I opted out of all updates, tracking, sharing data etc. I also disabled enhanced ad blocking, enhanced anti tracking, and smart blocking, meaning all those 3 buttons or badges. I disabled auto update and as much features as possible, I only blocked all using those default lists (videos, ads, tracking, comments...).

Expected Behavior

I expected ghostery can work offline just like ublock and umatrix can because I don't see reason why it would not work offline. I expect ghostery to work completely offline and do not contact suspicious urls constantly without consent by user. I believe you are tracking (spying) us. I already read 2 reported similar issues here, although they reported less data and you did not give clear explanation. Can't you just update extension essential components as a whole extension? Can't users have a choice to disable any background online activity? Will something break if you wrongly change something on one of your servers or if user blacklists your domains or changes extension?

Actual Behavior

Instead, it frequently contacts the following servers:
collector-hpn.ghostery.net
cmp-cdn.ghostery.com
cdn.ghostery.net
api.ghostery.net
d.ghostery.com

some exact files which I recorded manually, sorry did not save exact url, although they may be more:
config
tracker_db_v2
category-pattern
abtestcheck
join

some urls i recorded via http debugger:

[User=Admin, App=chrome.exe *64, IP=127.0.0.1:3245]
GET /anti-tracking/config.json HTTP/1.1
Host: cdn.ghostery.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Accept: */*
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Accept-Language: en-US,en;q=0.9,bs;q=0.8
Accept-Encoding: gzip, deflate

	HTTP/1.1 200 OK
	Content-Type: application/json
	Connection: keep-alive
	Last-Modified: Tue, 03 Mar 2020 10:24:49 GMT
	Content-Encoding: gzip
	Accept-Ranges: bytes
	Server: AmazonS3
	Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
	Date: Tue, 24 Mar 2020 14:59:48 GMT
	ETag: "dce473520172785a88e1cadedb639e4e"
	Cache-Control: max-age=259200
	X-Cache: Hit from cloudfront
	Via: 1.1 a01b7aca64c6d4b437b814f64422d6c8.cloudfront.net (CloudFront)
	X-Amz-Cf-Pop: VIE50-C1
	X-Amz-Cf-Id: mnyULDN3oef-4afDnAUJcE_xq19nQu-vtM5YO7z4rBzzbaLzmiUhYw==
	Age: 13015
	Content-Length: 455

[User=Admin, App=chrome.exe *64, IP=127.0.0.1:3245]
GET /anti-tracking/tracker_db_v2.json HTTP/1.1
Host: cdn.ghostery.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Accept: */*
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Accept-Language: en-US,en;q=0.9,bs;q=0.8
Accept-Encoding: gzip, deflate

	HTTP/1.1 200 OK
	Content-Type: application/json
	Connection: keep-alive
	Last-Modified: Mon, 02 Mar 2020 22:02:43 GMT
	Content-Encoding: gzip
	Accept-Ranges: bytes
	Server: AmazonS3
	Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
	Date: Wed, 18 Mar 2020 06:23:23 GMT
	ETag: "2ef0b3dbbd7df9a84113657ac34e47ab"
	Cache-Control: public, max-age=604800, s-max-age=100800
	X-Cache: Hit from cloudfront
	Via: 1.1 a01b7aca64c6d4b437b814f64422d6c8.cloudfront.net (CloudFront)
	X-Amz-Cf-Pop: VIE50-C1
	X-Amz-Cf-Id: 8G-tE4o8_7Q9Upcp3F8O3Lgv2yWEP8C-x1PlYwskT16sU4wPH122Ow==
	Age: 562595
	Content-Length: 102664

[User=Admin, App=chrome.exe *64, IP=127.0.0.1:3245]
GET /offers/category/category-pattern.json HTTP/1.1
Host: cdn.ghostery.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Accept: */*
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Accept-Language: en-US,en;q=0.9,bs;q=0.8
Accept-Encoding: gzip, deflate

	HTTP/1.1 200 OK
	Content-Type: application/json
	Connection: keep-alive
	Last-Modified: Fri, 09 Nov 2018 08:48:10 GMT
	Server: AmazonS3
	Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
	Content-Encoding: gzip
	Date: Tue, 24 Mar 2020 13:35:45 GMT
	Vary: Accept-Encoding
	X-Cache: Hit from cloudfront
	Via: 1.1 a01b7aca64c6d4b437b814f64422d6c8.cloudfront.net (CloudFront)
	X-Amz-Cf-Pop: VIE50-C1
	X-Amz-Cf-Id: nwAXmfzWDrZXrESAOOvaXA66j9wYALfmTqT-Bzn464bNj2BJS4OBWQ==
	Age: 18337
	Content-Length: 656

[User=Admin, App=chrome.exe *64, IP=127.0.0.1:3401]
GET /config HTTP/1.1
Host: collector-hpn.ghostery.net
Connection: keep-alive
version: 1
Sec-Fetch-Dest: empty
Accept: */*
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Accept-Language: en-US,en;q=0.9,bs;q=0.8
Accept-Encoding: gzip, deflate

	HTTP/1.1 200 OK
	Date: Tue, 24 Mar 2020 18:39:59 GMT
	Content-Type: application/json; charset=utf-8
	Connection: keep-alive
	Cache-Control: public,max-age=30
	Expires: Tue, 24 Mar 2020 18:40:27 GMT
	Content-Encoding: gzip
	Content-Length: 2811

[User=Admin, App=chrome.exe *64, IP=127.0.0.1:3401]
POST /join HTTP/1.1
Host: collector-hpn.ghostery.net
Connection: keep-alive
Sec-Fetch-Dest: empty
version: 1
content-type: application/json
Accept: */*
Origin: chrome-extension://mlomiejdfkolichcflejclcbmpeaniij
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Accept-Language: en-US,en;q=0.9,bs;q=0.8
Accept-Encoding: gzip, deflate
Content-Length: 955

	HTTP/1.1 200 OK
	Date: Tue, 24 Mar 2020 18:40:00 GMT
	Content-Type: application/json; charset=utf-8
	Connection: keep-alive
	Content-Length: 451

[User=Admin, App=chrome.exe *64, IP=127.0.0.1:3398]
POST /join HTTP/1.1
Host: collector-hpn.ghostery.net
Connection: keep-alive
Sec-Fetch-Dest: empty
version: 1
content-type: application/json
Accept: */*
Origin: chrome-extension://mlomiejdfkolichcflejclcbmpeaniij
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Accept-Language: en-US,en;q=0.9,bs;q=0.8
Accept-Encoding: gzip, deflate
Content-Length: 955

	HTTP/1.1 200 OK
	Date: Tue, 24 Mar 2020 18:40:00 GMT
	Content-Type: application/json; charset=utf-8
	Connection: keep-alive
	Content-Length: 451

[User=Admin, App=chrome.exe *64, IP=127.0.0.1:3401]
POST /join HTTP/1.1
Host: collector-hpn.ghostery.net
Connection: keep-alive
Sec-Fetch-Dest: empty
version: 1
content-type: application/json
Accept: */*
Origin: chrome-extension://mlomiejdfkolichcflejclcbmpeaniij
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Accept-Language: en-US,en;q=0.9,bs;q=0.8
Accept-Encoding: gzip, deflate
Content-Length: 955

	HTTP/1.1 200 OK
	Date: Tue, 24 Mar 2020 18:40:01 GMT
	Content-Type: application/json; charset=utf-8
	Connection: keep-alive
	Content-Length: 451

[User=Admin, App=chrome.exe *64, IP=127.0.0.1:4285]
GET /api/v1/config HTTP/1.1
Host: api.ghostery.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Accept: */*
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Accept-Language: en-US,en;q=0.9,bs;q=0.8
Accept-Encoding: gzip, deflate

	HTTP/1.1 200 OK
	Cache-Control: no-cache, no-store, must-revalidate
	Content-Type: application/json; charset=utf-8
	Date: Tue, 24 Mar 2020 19:21:57 GMT
	Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
	Connection: keep-alive
	Content-Length: 609
	
[User=Admin, App=chrome.exe *64, IP=127.0.0.1:4258]
GET /abtestcheck?os=win&install_date=2020-03-24&ir=4&gv=8.4.7&si=0&ua=chrome&v=0&l=en HTTP/1.1
Host: cmp-cdn.ghostery.com
Connection: keep-alive
accept: application/json
Sec-Fetch-Dest: empty
content-type: application/json
Sec-Fetch-Site: none
Sec-Fetch-Mode: cors
Accept-Language: en-US,en;q=0.9,bs;q=0.8
Accept-Encoding: gzip, deflate

	HTTP/1.1 200 OK
	Cache-Control: private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
	Content-Type: application/json
	Date: Tue, 24 Mar 2020 19:18:39 GMT
	Last-Modified: Tuesday, 24-Mar-2020 19:18:39 GMT
	Server: nginx/1.14.0 (Ubuntu)
	Connection: keep-alive
	Content-Length: 53

Steps to Reproduce

just wait while using proxifier and http debugger until you some of these servers pop up in log of those apps

Versions

  • Browser: Chrome Version 83.0.4103.61 (Official Build) (64-bit)
  • OS: Windows 10 x64
  • Node: ?
  • NPM: ?
@ghost ghost changed the title can you please make ghostery work completely offline why can't ghostery simply work offline and only optionally connect online Jun 8, 2020
@christophertino christophertino self-assigned this Dec 11, 2020
@christophertino christophertino added this to the 8.5.5 milestone Jan 6, 2021
@christophertino
Copy link
Member

@christophertino christophertino commented Jan 6, 2021

These updates will be in the 8.5.5 release. Big thanks to the remaining Cliqz team for their work forking their code into ghostery/common.

We've made the following changes:

  • Add AB Test opt-out (under Settings > Opt Out)
  • Anti-tracking whitelist updates and AdBlock filter list updates now respect the Database Update user setting (under Settings > General)
  • Disable proxy checks when Human Web is disabled (under Settings > Opt Out)
  • Offers module has been removed

Users can already disable in-app messaging (under Settings > Notifications) and non-critical metrics (under Settings > Opt Out). Critical metrics like installs and uninstalls will remain enabled as they allow us to know how many users we have. You can see those metrics here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

1 participant