Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block facebook.com when its a subresource #3

Closed
TanviHacks opened this issue Mar 21, 2018 · 9 comments
Closed

Block facebook.com when its a subresource #3

TanviHacks opened this issue Mar 21, 2018 · 9 comments
Labels
enhancement New feature or request P3 nice to have

Comments

@TanviHacks
Copy link

If a webpage attempts to load facebook.com as a third party, intercept the request and block it. So if cnn.com tries to load an image or iframe to facebook.com, it will get blocked before a request is ever made.

Share buttons, likes, comments coming from facebook, signing in with facebook - will never work.

If this is too restrictive, we can consider having an option so that users can opt out of this restriction.
@TanviHacks
Copy link
Author

If this doesn't get into v1, we can do it as a followup.

@groovecoder
Copy link
Member

This will be quite a task. We will need to keep state of each tab's main frame's origin. I have a lot of code for this in blok code-base, but it's tricky port it over.

@TanviHacks TanviHacks mentioned this issue Mar 21, 2018
Closed
@TanviHacks
Copy link
Author

Would it be easier to block facebook cookies? I'll file another issue for this - #9

@jonathanKingston
Copy link
Contributor

This will be quite a task.

This should be less so if you can guarantee only Facebook can load in the facebook container.

@pauljt
Copy link

pauljt commented Mar 22, 2018

Why would we do this? In the facebook container, we need this so that facebook works, and outside the facebook container, then you aren't logged in so you aren't being tracked (except for facebook's tracking of logged out users of course).

So maybe i just answered my own question. If so, then might simpler approach to this just be to drop all the requests to known facebook domains, for all non "main_frame" requests which are NOT in the facebook container?

@pdolanjski pdolanjski added the P3 nice to have label Mar 22, 2018
@groovecoder
Copy link
Member

@TanviHacks it's actually easier to just block the connections completely. The hardest part is what @pauljt describes as "just drop all non "main_frame" requests to known facebook domains which are not in the facebook container" ...

But the logic for detecting and keeping track of all non-main_frame requests to facebook.com gets complicated ... We also have to consider that facebook.com SHOULD be able to make sub-resource requests to itself, and we need to track and detect all of these requests on a tab-by-tab basis.

Like I said, there's a significant amount of code in the blok add-on which did/does this. It would take a bit of work to port it.

@pdehaan
Copy link
Collaborator

pdehaan commented Mar 22, 2018

Would this cover the case where a user is on breitbart.com and the site loads Facebook Ads, a few tracker images, and loads some subdocument to facebook.com/connect/ping/?

@groovecoder groovecoder added the enhancement New feature or request label Mar 27, 2018
@groovecoder
Copy link
Member

Note: this issue has been revived as a potential feature for "Facebook Container 2.0".

@ShivangiKakkar will plan to explore this.

@maxxcrawford
Copy link
Collaborator

2.0 blocks all FB-domain resources on any website outside of the container!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request P3 nice to have
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@groovecoder @jonathanKingston @pdehaan @pauljt @maxxcrawford @TanviHacks @pdolanjski