Twitch bypass is circumvented, should now be removed to prevent repeated ads. #1789
Comments
|
Still works fine at |
|
Still work fine for me too. |
|
This was also tested on a logged in Twitch account. Anyone affected by it is currently getting more ads with UBlock, than without it. |
|
Or cohhcarnage |
|
We should just comment out the filter for now. |
|
Wouldn't it be better to wait until more people confirm this issue? |
|
Yes, but there has been many complaints recently about Twitch ads. |
|
Personally I am not getting ads at the suggested URLs, but I might not wait long enough, or it might be that I am not logged out. In any case, this is a filter issue, there is no need to remove the scriptlet if needed, just remove the filter making use of the scriptlet. |
|
Commented out for now... |
|
When I except the filter on my side, I now do get ads at I now also get ads at |
Yes, I experience the same thing, so I added the filter to my filters too so atleast I won't have to experience ads, lets see how users react to this change. |
ghost
mentioned this issue
|
It might be worth trying different regions. I'm EU. https://www.reddit.com/r/uBlockOrigin/comments/qbbxjq/comment/hh9mw95/?utm_source=share&utm_medium=web2x&context=3 I VPN'd to the US and the bypass works for me there. |
|
Tried them once that thread was posted, the problem there is some users still didn't bother to disable external twitch adblockers which could lead to issue you present here. |
|
It's just not external blockers which could interfere, people also need to be sure there is no leftover of old solutions in uBO, i.e. a lot of people were told to use |
|
Yeah that is a possibility for some users, personally I can say that I have disabled them all. Only using UBlock, no extra scripts installed and ads are showing. Just giving you a heads up, because the rate-limit problem is the issue here, so I'm guessing more users will report repeated ads after refreshing in the future. No need to remove it yet if you are not sure, but I am one of those users affected by it, when I use UBlock only. |
Filter has already been disabled. This change will reach all uBO users within 4 days. |
|
|
|
You mean - reported as working when filter was added back? Because https://www.reddit.com/r/uBlockOrigin/comments/pqmy4w/ublock_origin_138_announcement_thread/hiwt0o0/ |
Okay I didn't count that, so that makes it the above report the second report. |
|
Thought I would try this again, but I'm still getting ads (While logged in). Here is the token response from the GQL request. Removed my IP and user ID, notice server_ads = true (SureStream).
I then enabled UBlock in private tabs, tried again in a private tab and got a response with server_ads turned off (Good). Realized it might be because I was logged out. So I logged in with my usual Twitch ID in the private tab, refreshed the page and got an ad and server_ads was turned back on. I now get an ad after every refresh. They must be blocking the device ID bypass by user ID, maybe certain previous spade events or something add user ID's to a blacklist. I can literally log-in and log-out in the private tab and get ads off when I'm logged out and ads on when logged in. Didn't clear cookies or anything in the private tab while doing this and only had UBlock enabled in the private tab. Here is a logged out response (No ads) and server_ads is false:
I then created a new test Twitch account on the private tab, logged into it and still no ads. So it's somehow picking certain user ID's to fail on and can't be IP based. My normal Twitch ID must be blacklisted from using that 'twitch-web-wall-mason' device ID. I'm guessing that is also the reason for the other random cases too. Just no idea why and if it is timed based or they are detecting it somehow and slowly blacklisting ID's based on usage. If I remove the OAuth header from the GQL request for the access token, while logged in, I get a response with ads turned off. If I leave the OAuth header in, I get a response with ads turned on, so has to be user ID based. For example, I can remove the OAuth header using the script and I get the site ad-free while logged in with my usual ID. Maybe this is the answer? To remove the OAuth header. Removing the OAuth header, shouldn't have any negative affects and will fix the issues for the fringe cases. The only time it will have a negative affect is if they do block the twitch-web-wall-mason device ID, because then users will get ads on streams they are subbed to, but this could be addressed fairly quickly if it came to it. Hope this helps |
Does doing that results in |
|
Yeah server_ads is false every time when I remove the OAuth token. I added the following to the script:
|
|
Also if possible removing |
Do you mind testing this on |
|
I think the token/sig is made server-side and can't be edited as they won't match. That test channel still shows server_ads = true, but I think it's forced to? |
gql request is POST, so it should be possible ? |
|
|
Could be your location not having any fill, but generally server_ads = true, means SureStream(Embedded) ads is turned on. In the network tools console, if you look at the Twitch cookies, there is two device-id cookies, deleting them usually resets any rate-limits etc and sometimes forces an ad on the next refresh. Up to you if you want to test it that way though, especially if you are ad-free. |
|
I think you need to consider the rate-limit issue when using the bypass device ID, for users that it is no longer working for, it's not applying a rate-limit to the amount of ads shown. So for a non subbed stream, you would get an ad after every refresh of the page, or every stream switch (if there is fill). Normally a rate-limit would be applied once an ad has fully shown. I expect Twitch is getting the brunt of the support emails and Reddit posts about the amount of ads, because people don't realize it's due to the bypass device ID. The Brave browser seems to of applied the bypass script, but without the Auth header, which explains the Turbo issue. I can see that the filter is still enabled by default, do you have any plans to investigate it? |
|
@gorhill are you going to pull pixeltris/TwitchAdSolutions@aad8946 ? |
Yea, I have nothing in there and its set to unset |
Related commit: - pixeltris/TwitchAdSolutions@aad8946 Related discussion: - uBlockOrigin/uBlock-issues#1789 (comment)
|
@ImpalaPUA Are you on 1.38.6 and don't have any other Twitch ad blocking extensions enabled? And as follow-up; could you also tell me if you see ads in incognito (i.e. not logged into Twitch). |
|
Twitch Turbo issue fixed in gorhill/uBlock@ddd31f3 |
|
That isn't related to Turbo. That was a fix for sub-only VODs not working for subscribers #1789 (comment) |
|
Only issue/s reported on uBO subreddit was of Twitch Turbo which started after Authorisation was set to
and would get fixed with users disabling the twitch filter, so was related to Authorisation commit. |
|
Yes there's a good chance the If someone is on 1.38.6 and their Turbo is broken that is a very good indication that the bypass is no longer working (for some users). Which is also why I asked @ImpalaPUA for a follow-up for whether they see ads in incognito (no Turbo). It should be noted that pretty much single time Twitch breaks a bypass it comes in waves (either as explicit A/B testing, or just how they deploy stuff to their servers around the world). |
1.38.7b20 and umatrix and ads on incognito |
|
Great thanks. If you could do me one more favor and test 1.38.6 and let me know if you see ads there while logged in Turbo, that would be helpful. |
Disable uMatrix and all other extensions. |
With all addons off except ublock 1.38.6 and twitch.tv#@#+js(twitch-videoad) removed from my filters I still get ads with twitch turbo |
|
Actually when I went back to dev build and forgot to add twitch.tv#@#+js(twitch-videoad) back I got ads through twitch turbo again |
|
Thanks. To sum this up... Based on what @ImpalaPUA has observed it sounds like the there's a new check (introduced ~3 days ago) for the It should be noted that anyone who is impacted by this (Turbo or not) will see ads on every single stream on every page load. Normally you're given a ~10 minute cooldown after watching an ad (as mentioned by @saucettv). It's a worse experience having the ad blocking method enabled vs disabled. Yes, it's weird there are literally 0 reports of the method being broken to uAssets or *shrug* |
|
Wasn't it reported here https://www.reddit.com/r/Twitch/comments/qr1y1i/twitch_turbo_running_ads/ And isn't it repeatable by just adding and removing twitch.tv#@#+js(twitch-videoad) |
|
Twitch use the users normal Device ID to record ad impressions and to apply the rate-limit. They are not doing this with the 'twitch-web-wall-mason' device ID. So as it's not actually bypassing the ads anymore for some users, having it in the scriptlet is causing more ads than would normally be shown to users that it's affecting. It is affecting users and eventually they will block it for all users. The scriptlet needs to be removed before users start disabling UBlock to actually see less ads on Twitch. |
I'm seeing different behavior. With a 1.38.6 I do not see ads on a subbed channels. With 1.38.7b27 I do get ads on a subbed channel. So I think it is the Authorization change that is breaking it and should be removed. It likely is causing Twitch to be unable to authentication that my user has a sub or has turbo |
|
Do you see ads in incognito mode / logged out (both 1.38.6 and 1.38.7b27)? |
|
Yes, so in incognito mode I get preroll ads for both versions. I just double checked and it's definitely the case that the auth change is causing ads on my subbed channel. On 1.38.7b27 if I log in and watch a subbed channel, the This is also the same with the response from the GQL PlaybackAccessToken call. So the change in 1.38.7b27 is making it treat my user as logged out. |
|
One thing I didn't ask @ImpalaPUA is if they use Brave. It pulls in the script also and might be pulling in the latest version (which is why they might be observing 1.38.6 differently). The method is patched for you. And yes it sounds like I recommend removing |
|
At Brave we just pulled in the latest uBO twitch update, which will roll out in the next 24/48hrs. |
|
Thanks for the info @ryanbr unfortunately the latest update to the script wont change anything. The method is slowly being patched by Twitch. @gorhill I recommend the |
Related discussion: - uBlockOrigin/uBlock-issues#1789 (comment)
|
Small update, when I upgraded to the latest development build and removed twitch.tv#@#+js(twitch-videoad) from my filters I no longer see pre rolls with twitch turbo, so it seems to have fixed the issue |
https://www.reddit.com/r/uBlockOrigin/comments/qwr2oj/suddenly_on_twitch_im_getting_much_more_adds_why/ @gorhill https://www.reddit.com/r/Twitch/comments/qxu6ty/is_twitch_trying_to_kill_viewership_with_preroll/ |
Prerequisites
I tried to reproduce the issue when...
Description
The scriptlet that blocked Twitch ads is now circumvented by Twitch. The issue now is that because UBlock is using the same device ID when requesting the video access token, the Twitch ad rate limit is not being imposed on that whitelisted device ID. Each refresh of a page after an ad is now shown, will repeat an ad because it does not apply a rate limit on Twitch's side.
Without UBlock enabled, once an ad is shown, a refresh of a page will not show an ad for a specified time limit.
The device ID bypass should now be removed to prevent excess ads.
gorhill/uBlock@cc0008d
gorhill/uBlock@0d3a193
A specific URL where the issue occurs
twitch.tv
Steps to Reproduce
Expected behavior
The Twitch ad rate-limit should be applied, however it seems Twitch has now blocked the whitelisted device ID that was being used.
Actual behavior
Ad rate limit is not applied because of the set device ID being different to a normal user device ID. As the old whitelisted device ID is now no longer whitelisted, is should be removed.
uBlock Origin version
1.38.6
Browser name and version
Firefox (Latest Stable)
Operating System and version
Windows 10
The text was updated successfully, but these errors were encountered: