Block OneTrust Privacy Annoyances

[riei2922jww]

Which domain(s) should be blocked?

my.onetrust.com
geolocation.onetrust.com
mobile-data.onetrust.io

Why should these domain(s) be blocked?

Please add the following domains to

the blocklist to prevent these annoying cookie pop-ups on 70% of applications.

[hagezi]

I can't block this for the masses in DNS lists.

In Europe, blocking at domain level means that many apps and websites do not work properly. Blocking should therefore be done via filter lists in browser content blockers. These can be used to decide what is blocked for which page and what is not. This is not possible in DNS, blocked is blocked, for every site and app.

#123
#1325
#815

[hagezi]

That is why they are not blocked in any known DNS list:

Domain:
 - mobile-data.onetrust.io OK

Malware/Phishing/Scam:

 - Threat?
   HaGeZi.TIF.RAW  NO
   DNS0.eu         NO
   DNS0.eu ZERO    NO
   Quad9           NO
   Umbrella        NO
   ThreatFox       NO
   URLhaus         NO
   ThreatView      NO
   CERT.PL         NO

 - Phishing?
   Phishing.Army   NO
   PT/OP/PH        NO

Top 1M:
 - Umbrella:       YES
 - Cloudflare:     NO
 - Tranco:         NO
 - Majestic:       NO
 - BuiltWith:      NO
 - Chrome:         NO

Secure DNS:
 - CleanBrowsing   OK
 - Cloudflare      OK
 - CONTROLD.TIF    OK
 - DNS0.eu         OK
 - DNS0.eu.ZERO    OK
 - NextDNS.TIF_AI  OK
 - NRD.DGA.IDN     OK
 - Quad9           OK
 - SafeDNS         OK
 - UltraDNS        OK
 - Umbrella        OK

Blocklists:
 - 1Hosts.Lite     OK
 - 1Hosts.Mini     OK
 - 1Hosts.Pro      OK
 - AdGuardDNS      OK
 - AhaDNS          OK
 - DevDansHosts    OK
 - EasyList        OK
 - GoodbyeAds      OK
 - HaGeZi.LIGHT    OK
 - HaGeZi.NORMAL   OK
 - HaGeZi.PRO      OK
 - HaGeZi.PRO.PLUS OK
 - HaGeZi.TIF      OK
 - HaGeZi.ULTIMATE OK
 - hBlock          OK
 - NextDNS         OK
 - OISD.Big        OK
 - OISD.Small      OK
 - QuidsUp.NOTRACK OK
 - StevenBlack     OK

[hagezi]

https://rethinkdns.com/search?q=mobile-data.onetrust.io
https://blocklist-tools.developerdan.com/entries/search?q=mobile-data.onetrust.io
https://dnswarden.com/search.html

[rowboatz]

[edited for clarity, accuracy and future reference]

In case you are not aware @hagezi, commenting here to highlight another good reason not to block cookie consent managers at the network level : when they are prevented from loading, websites may behave in a more hostile way.

For example, blocking cookiebot.com prevents the cookie consent popup from loading on hltv.org, but then hltv.org automatically calls many third party domains that it wouldn't otherwise (see uBlock Origin panel in the following screenshots). It seems as though hltv.org assumes the user's consent given that the consent manager is prevented from operating. As a result, it is also possible that additional first party tracking is enabled, which cannot be mitigated easily.

HLTV homepage, freshly loaded, nothing blocked:

HLTV homepage, freshly loaded, cookiebot.com blocked :

Note that the additional domains listed in the second screenshot would not be loaded in the first scenario after clicking on 'Use necessary cookies only'.

[hagezi]

@rowboatz Thanks for that, that's exactly what I can agree with. That's why I don't block CCM/CMP in the DNS lists, not even in Ultimate.