Add solvemedia.com to yellowlist by ghostwords · Pull Request #1554 · EFForg/privacybadger

ghostwords · 2017-08-03T21:19:33Z

ghostwords · 2017-08-03T21:38:38Z

By the way, I see "database storage" being used by api.solvemedia.com but I have trouble getting Chrome dev tools to show me the contents.

cowlicks · 2017-08-04T18:37:34Z

@ghostwords I suspect that this is either indexedDB or web SQL. I looked into a way for clients to inspect local indexedDB data on an origin. Unfortunately the way to do this has been removed recently. I've followed up with chrome to get this restored.

It seems that the only way we can get this data is to monitor indexedDB access on clients and record database names.

cowlicks

I supposed we are cookie blocking solvemedia.com because api.solvemedia.com is setting cookies on it? I only saw api.solvemedia.com loaded in the linked domains.

This works because yellowlisting solvemedia.com also yellowlists api.solvemedia.com right? We should document that somewhere, but not in this PR.

ghostwords · 2017-08-22T15:13:01Z

Subdomains of yellowlisted domains should end up getting "cookieblocked".

Agreed, we should add tests for the various scenarios of adding domains to the yellowlist and what effect that has on their heuristicAction properties. That to me is what #1515 is about. [Update: 372c009 adds a basic test of a domain going from "block" to "cookieblock".]

I think we should be careful about the distinction between something being "yellowlisted" (added to our exception list of domains but not directly used by Privacy Badger's decisioning) and something being "cookieblocked" (a Privacy Badger decision state, distinct from blocked, not-yet-blocked, or non-tracking).

We do have a test for when you have a blocked subdomain and a cookieblocked parent domain:

privacybadger/src/tests/tests/storage.js

Lines 280 to 309 in 9ebc49c

    
           QUnit.test("cookieblocking overrules blocking", (assert) => { 
        
             // mark domain for cookieblocking 
        
             storage.setupHeuristicAction(DOMAIN, constants.COOKIEBLOCK); 
        
             // mark subdomain for blocking 
        
             storage.setupHeuristicAction(SUBDOMAIN, constants.BLOCK); 
        
             // check domain itself 
        
             assert.equal( 
        
               storage.getAction(DOMAIN), 
        
               constants.COOKIEBLOCK, 
        
               "domain is marked for cookieblocking directly" 
        
             ); 
        
             assert.equal( 
        
               storage.getBestAction(DOMAIN), 
        
               constants.COOKIEBLOCK, 
        
               "domain is marked for cookieblocking" 
        
             ); 
        
             // check that subdomain inherits cookieblocking 
        
             assert.equal( 
        
               storage.getAction(SUBDOMAIN), 
        
               constants.BLOCK, 
        
               "subdomain is marked for blocking directly" 
        
             ); 
        
             assert.equal( 
        
               storage.getBestAction(SUBDOMAIN), 
        
               constants.COOKIEBLOCK, 
        
               "subdomain is marked for cookieblocking (via parent domain)" 
        
             ); 
        
           });

ghostwords · 2017-08-22T15:15:34Z

@cowlicks Should we yellowlist solvemedia.com even though it sets database storage?

ghostwords · 2019-02-11T18:19:41Z

Opened a crbug re inability to inspect IndexedDB contents in Chrome settings/dev tools: https://bugs.chromium.org/p/chromium/issues/detail?id=930773

Add solvemedia.com to yellowlist.

f420247

ghostwords added the yellowlist Domains on this list are allowed but with restrictions: no referrer headers or cookies/localStorage label Aug 3, 2017

ghostwords requested a review from cowlicks August 3, 2017 21:19

ghostwords mentioned this pull request Aug 4, 2017

Privacy Badger allows tracking via indexedDB #1557

Open

cowlicks approved these changes Aug 21, 2017

View reviewed changes

ghostwords added the help wanted label Oct 16, 2017

ghostwords force-pushed the master branch from 152c129 to 107abdd Compare January 10, 2018 22:52

ghostwords force-pushed the master branch from de95135 to efdd168 Compare May 29, 2018 20:17

ghostwords force-pushed the master branch from 7504cc7 to 92c8d1c Compare June 7, 2018 20:41

ghostwords force-pushed the master branch from 5afce52 to 257be9c Compare September 18, 2018 15:19

ghostwords force-pushed the master branch from 13bfe52 to 554d04f Compare July 16, 2020 15:11

ghostwords force-pushed the master branch from ed896f1 to 728cde2 Compare December 21, 2021 19:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comments

Add solvemedia.com to yellowlist#1554

Add solvemedia.com to yellowlist#1554
ghostwords wants to merge 1 commit intomasterfrom
ylist-solvemedia

ghostwords commented Aug 3, 2017

Uh oh!

ghostwords commented Aug 3, 2017

Uh oh!

cowlicks commented Aug 4, 2017

Uh oh!

cowlicks left a comment

Uh oh!

ghostwords commented Aug 22, 2017 •

edited

Loading

Uh oh!

ghostwords commented Aug 22, 2017

Uh oh!

ghostwords commented Feb 11, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Comments

Conversation

ghostwords commented Aug 3, 2017

Uh oh!

ghostwords commented Aug 3, 2017

Uh oh!

cowlicks commented Aug 4, 2017

Uh oh!

cowlicks left a comment

Choose a reason for hiding this comment

Uh oh!

ghostwords commented Aug 22, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ghostwords commented Aug 22, 2017

Uh oh!

ghostwords commented Feb 11, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

ghostwords commented Aug 22, 2017 •

edited

Loading