Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add filters for session-replay scripts #839

Closed
cynddl opened this Issue Nov 15, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@cynddl
Copy link

cynddl commented Nov 15, 2017

URL(s) where the issue occurs

Describe the issue

Following the recent article on “Exfiltration of personal data by session-replay scripts” [1], multiple large tracking domains have been shown to exfiltrate emails, phone numbers, CC numbers, along with personal identifiers. These platforms are widely use online (at least on 482 of the Alexa top 50,000 sites).

[1] https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/

Proposed solution:

||www.fullstory.com/s/*$script,third-party
||rs.fullstory.com*http%$script,third-party

||cdn.userreplay.net*http%$script,third-party

||static.hotjar.com*http%$script,third-party

||mtproxy.yandex.net*http%$script,third-party

||rec.smartlook.com*http%$script,third-party

SessionCam seemed to be blocked (tracking script URL is //d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js)

Versions

  • Browser/version: N/A
  • uBlock Origin version: N/A
@okiehsch

This comment has been minimized.

Copy link
Contributor

okiehsch commented Nov 16, 2017

I am pretty sure they have all been added to EasyPrivacy by now.
The article mentions, that "EasyList and EasyPrivacy do not block FullStory, Smartlook, or UserReplay scripts."
I just checked and those three scripts are now part of EasyPrivacy.

@okiehsch okiehsch closed this Nov 16, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.