Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block OneTrust Privacy Annoyances #1979

Closed
riei2922jww opened this issue Dec 26, 2023 · 5 comments
Closed

Block OneTrust Privacy Annoyances #1979

riei2922jww opened this issue Dec 26, 2023 · 5 comments
Assignees
@hagezi
Labels
deny Deny domain(s) wontfix This will not be worked on

Comments

@riei2922jww
Copy link

Which domain(s) should be blocked?

my.onetrust.com
geolocation.onetrust.com
mobile-data.onetrust.io

Why should these domain(s) be blocked?

Please add the following domains to
IMG_8877
the blocklist to prevent these annoying cookie pop-ups on 70% of applications.
@riei2922jww riei2922jww added the deny Deny domain(s) label Dec 26, 2023
@hagezi
Copy link
Owner

hagezi commented Dec 26, 2023
edited
Loading

I can't block this for the masses in DNS lists.

In Europe, blocking at domain level means that many apps and websites do not work properly. Blocking should therefore be done via filter lists in browser content blockers. These can be used to decide what is blocked for which page and what is not. This is not possible in DNS, blocked is blocked, for every site and app.

#123
#1325
#815

@hagezi hagezi closed this as not planned Won't fix, can't repro, duplicate, stale Dec 26, 2023
@hagezi hagezi added the wontfix This will not be worked on label Dec 26, 2023
@hagezi
Copy link
Owner

hagezi commented Dec 26, 2023

That is why they are not blocked in any known DNS list:

Domain:
 - mobile-data.onetrust.io OK

Malware/Phishing/Scam:

 - Threat?
   HaGeZi.TIF.RAW  NO
   DNS0.eu         NO
   DNS0.eu ZERO    NO
   Quad9           NO
   Umbrella        NO
   ThreatFox       NO
   URLhaus         NO
   ThreatView      NO
   CERT.PL         NO

 - Phishing?
   Phishing.Army   NO
   PT/OP/PH        NO

Top 1M:
 - Umbrella:       YES
 - Cloudflare:     NO
 - Tranco:         NO
 - Majestic:       NO
 - BuiltWith:      NO
 - Chrome:         NO

Secure DNS:
 - CleanBrowsing   OK
 - Cloudflare      OK
 - CONTROLD.TIF    OK
 - DNS0.eu         OK
 - DNS0.eu.ZERO    OK
 - NextDNS.TIF_AI  OK
 - NRD.DGA.IDN     OK
 - Quad9           OK
 - SafeDNS         OK
 - UltraDNS        OK
 - Umbrella        OK

Blocklists:
 - 1Hosts.Lite     OK
 - 1Hosts.Mini     OK
 - 1Hosts.Pro      OK
 - AdGuardDNS      OK
 - AhaDNS          OK
 - DevDansHosts    OK
 - EasyList        OK
 - GoodbyeAds      OK
 - HaGeZi.LIGHT    OK
 - HaGeZi.NORMAL   OK
 - HaGeZi.PRO      OK
 - HaGeZi.PRO.PLUS OK
 - HaGeZi.TIF      OK
 - HaGeZi.ULTIMATE OK
 - hBlock          OK
 - NextDNS         OK
 - OISD.Big        OK
 - OISD.Small      OK
 - QuidsUp.NOTRACK OK
 - StevenBlack     OK

@hagezi
Copy link
Owner

hagezi commented Dec 26, 2023
edited
Loading

https://rethinkdns.com/search?q=mobile-data.onetrust.io
https://blocklist-tools.developerdan.com/entries/search?q=mobile-data.onetrust.io
https://dnswarden.com/search.html

@rowboatz
Copy link

rowboatz commented Dec 27, 2023
edited
Loading

In case you are not aware @hagezi, commenting here to highlight another good reason not to block cookie consent managers at the network level: when they are prevented from loading, websites may behave in a more hostile way.

For example, blocking cookiebot.com prevents the cookie consent popup from loading on hltv.org, but then hltv.org automatically calls many third party domains that it wouldn't otherwise (see uBlock Origin panel in the following screenshots). It seems as though hltv.org assumes the user's consent given that the consent manager is prevented from operating. As a result, it is also possible that additional first party tracking is enabled, which cannot be mitigated easily.

First screenshot - HLTV homepage, freshly loaded, nothing blocked:

default

Second screenshot - HLTV homepage, freshly loaded, cookiebot.com blocked :

block

Note that the additional domains listed in the second screenshot would not be loaded in the first scenario after clicking on 'Use necessary cookies only'.

@hagezi
Copy link
Owner

hagezi commented Dec 27, 2023

@rowboatz Thanks for that, that's exactly what I can agree with. That's why I don't block CCM/CMP in the DNS lists, not even in Ultimate.

@rowboatz rowboatz mentioned this issue Feb 5, 2024
Closed
1 task
This was referenced Feb 6, 2024
Closed
Closed
@hagezi hagezi mentioned this issue Feb 27, 2024
Closed
@hagezi hagezi mentioned this issue Jul 5, 2024
Closed
4 tasks
@privacy-advo privacy-advo mentioned this issue Jul 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hagezi hagezi

Labels
deny Deny domain(s) wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rowboatz @hagezi @riei2922jww