Closed Bug 1432644 Opened 8 years ago Closed 3 years ago

Can't manually add exceptions to tracking protection list

Categories

(Firefox :: Protections UI, defect, P3)

Product:
Firefox
Component:
Protections UI
Version:
58 Branch
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1785825

People

(Reporter: ro_nini, Unassigned)

References

Details

(Whiteboard: tp-product)

Attachments

(1 file)

Tracking protection exceptions available options
59.77 KB, image/png
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 Build ID: 20180118215408 Steps to reproduce: Go to menu > Options > Privacy and security > Tracking protection > Exceptions... Actual results: There is no way to manually add an exception, only to remove one or all exceptions. Expected results: I should be able to manually add a domain or pattern exception.
Component: Untriaged → Tracking Protection
Peter, do you think this should be a P3 or a P5?
Flags: needinfo?(pdolanjski)
Whiteboard: tp-product
(In reply to François Marier [:francois] from comment #1) > Peter, do you think this should be a P3 or a P5? P3 on the assumption that we'll likely need to get into better exception handling/UI in the future.
Flags: needinfo?(pdolanjski)
Priority: -- → P3
Reddit is one of those sites that are on the tracker list that Firefox uses. Now, if the user has Tracking Protection set to "Always" and a *WebExtension* tries to load Reddit RSS feed URL using XMLHttpRequest, Firefox refuses to load the URL saying in the background page console log: "The resource at "https://www.reddit.com/r/aww.rss" was blocked because tracking protection background.html is enabled.". The onError handler of XMLHttpRequest is triggered but the event doesn't provide information WHY the request failed. Hence it's not possible to signal to the user that "Hey, it failed because of your Tracking Protection settings". Hard-coding a list of sites that are blacklisted as trackers is not an option. It's like GNNN! because there's absolutely no way to whitelist Reddit or any other site either. We have received dozens of bug reports and lost probably hundreds of users because of this since Reddit is a very popular site that many people follow.
(In reply to voltron from comment #3) > Reddit is one of those sites that are on the tracker list that Firefox uses. > Now, if the user has Tracking Protection set to "Always" and a > *WebExtension* tries to load Reddit RSS feed URL using XMLHttpRequest, > Firefox refuses to load the URL saying in the background page console log: > "The resource at "https://www.reddit.com/r/aww.rss" was blocked because > tracking protection background.html is enabled.". That's also related to bug 1376611.
This is a really annoying bug! It makes it impossible to use certain websites, which embedd youtube or captcha's, weven if one sets all options to not block. Example: https://rocketbeans.tv/ is anyone able to see the youtube stream which is embedded ? Is there a way to add an exception in config files?

i can't access icloud.com with tracking protection enabled. commenting here to get notified when you will allow dynamic whitelisting by clicking the website icon menu

i do have the "turn off content blocking temporarily" for bugzilla.mozilla.org but not for icloud.com

https://i.imgur.com/u4EeRwP.png

Is there a way to hack the system to achieve this? Maybe accessing a sql db or a json file or something like that?

I cannot log in to playstation network when tracking protection is enabled (non strict block list).

For those still having issues i found a workaround.
You cant do it through the settings page but you can do it through the page thats blocked.

Using the site that i required, follow these steps:
Navigate to: https://home.nest.com
In the URL bar click the Shield next to the url.
There should be a toggle that says something like: "Enhanced Tracking Protection is ON for this Site"
Toggle it off.
Done

Workaround for sites that redirect: Go to about:config and set network.http.redirection-limit to 0. Visit the page. It will show an error message ("This site isn't redirecting properly"). Click the shield and switch the "Enhanced Tracking Protection is ON for this Site" toggle. Set back network.http.redirection-limit to its previous/default value.

It is simply inconceivable that this has still not been fixed... For anyone that is super desperate, you can add a site into this list of exceptions by editing the database located at '%APPDATA%\Mozilla\Firefox\Profiles[profile-id]\permissions.sqlite' (this is obviously for Windows.. but you can find the file on any platform by simply looking in your profile folder). You will need an app that can modify SQLite databases (I use the portable version of 'DB Browser for SQLite'). It is very simple to do as long as you know what values to provide. Just follow the simple steps below:

  • Close Firefox completely
  • Make a backup of 'permissions.sqlite'
  • Open 'permissions.sqlite' in your DB app
  • Open the 'moz_perms' table
  • Duplicate the last row in the table
  • Change 'origin' to the url you want to disable tracking protection for - ex: 'https://www.mozilla.com'
  • Change 'type' to 'trackingprotection'
  • Change 'permission' to '1'
  • Change 'expireType' to '0'
  • Change 'expireTime' to '0'
  • If you duplicated another row, you can just leave 'modificationTime' as-is, or if you want to change it, you can... it is a millisecond since epoch/timestamp value.. to change it to the current time, you can just copy/paste the value from a site such as currentmillis.com
  • Make sure your changes are written to disk and then close the database

Your site should now appear in the list of "Exceptions for Enhanced Tracking Protection" dialog. Seems like a textbox and button to add an exception would sure be a bit easier though...

Screenshot of example row: https://i.ibb.co/6FWSrk5/image.png

A friendly person on Reddit instructed that in order to whitelist a site from that tracking block list you simply need to open the website you want to whitelist in a normal browser tab. Then click the small "shield icon" next to the URL address field. Then use the slider toggle disable "Enhanced Tracking Protection is ON for this site".

Whitelisted sites will then show up under about:preferences#privacy - "Enhanced Tracking Protection" / "Manage Exceptions" where you can also remove these whitelisted sites.

That was the original problem, that third party blockers can't be whitelisted. So I would go to a site that would have some of its functionality broken when tracking protection was enabled, but it said "No trackers known to Firefox were detected on this page". I could only disable tracking protection for the entire site in order to make it work, but I only needed to whitelist the third party tracker/host.

On another note, is it also possible to support wildcards or regular expressions? Some websites are just obsessed with using tons of different sub-domains...

I just to NextDNS...you shoudl do the same.
you have all fine tuning that you want / blockers / privacy / security
anything it's free 3ooooo DNS querys
also multi platform and multi device fully supported by FireFox

There is now a bug in Google Drive + Firefox, wherein I am unable to download files when Firefox Enhanced Tracking Protection is enabled. It's easy to find examples of this by searching for "firefox can't download from google drive." The accepted solution in a few places is to disable tracking protection. Now, all I'm trying to do here is add a manual exception for *.google.com-- which is dicey enough, IMO. The reality is, a single file download transaction involves being redirected multiple times, and we could never actually go to those domains ahead of time to clear them.

It's with a literal tear in my eye that I am switching to a different browser until Firefox gets this sorted out.

(In reply to Charney Kaye from comment #32)

There is now a bug in Google Drive + Firefox, wherein I am unable to download files when Firefox Enhanced Tracking Protection is enabled. It's easy to find examples of this by searching for "firefox can't download from google drive." The accepted solution in a few places is to disable tracking protection. Now, all I'm trying to do here is add a manual exception for *.google.com-- which is dicey enough, IMO. The reality is, a single file download transaction involves being redirected multiple times, and we could never actually go to those domains ahead of time to clear them.

It's with a literal tear in my eye that I am switching to a different browser until Firefox gets this sorted out.

While I don't at all doubt what you're saying, I'm curious where you're seeing this behavior. I download MANY files from Google Drive on a daily basis using a host of different GDrive URL formats, and despite having Enhanced Tracking Protection enabled (and have not added an exception for Google/GDrive), I have not seen this specific issue myself. Can you provide an example URL where this occurs?

I am just as frustrated as anyone about this issue and have been a part of this ongoing thread for a long time. However, just in case you missed it, I thought I would point you towards the last post I made in this thread, giving instructions on how to manually add an exception to Firefox. Obviously it isn't as simple as it should be, but if it isn't something you think you will have to do often, it really only takes a couple of minutes to do. Personally, it would take a lot more frustration than this to force to move back to Chrome (tempted to ramble... but I won't). Anyways, here is the link:
https://bugzilla.mozilla.org/show_bug.cgi?id=1432644#c27

As of this morning using Firefox 79.0 (64-bit) on Windows 10 Pro, the built-in Enhanced Tracking Protection is blocking CSS files on ir.ebaystatic.com which is completely breaking the eBay website. There is no way to whitelist that domain, there is no way to whitelist only CSS files on that domain, there is no way to even set the protection to Standard only for eBay while leaving my default as Strict. My only options are to turn off all protections for all of eBay or just stop using eBay because it's essentially unusable without CSS. Unfortunately I'm at work and part of my job involves checking eBay several times throughout the day, so my only actual option is to disable all protections. How is this real?

Today eBay UK is working with Strict protection enabled as the CSS file is no longer being blocked, but it seems the entire ir.ebaystatic.com domain is now whitelisted including all the obfuscated JS files which might actually be tracking scripts ¯_(ツ)_/¯

This defect is a major deal-breaker for me.

(In reply to Frederick Zhang from comment #30)

On another note, is it also possible to support wildcards or regular expressions? Some websites are just obsessed with using tons of different sub-domains...

This is also really important to have, but it should probably go under another report?

I figured out what was the issue...
When a user selects "never remember history" Firefox will automatically always use "private browsing mode".
Even when private browsing mode is a seperate setting, we are forced to use privat browsing when selecting
never remember history. (Note: i remember old version of Firefox maybe 70.00 allowed us to never remember history without being forced to use private browsing mode.)

I tryed adding an tracking-exception by moving the shield setting within the adress-bar to the left.
This does not work while using private browsing mode...
Now i selected "delete history when firefox is closed" and i can finally add tracking exceptions.

I see three issues here...
1 - Why can't we never remember history without private browsing mode as before?
2 - Why can't we add "tracking exceptions" while using private browsing mode?
3 - Is it asked to much to add a button so we can manually add a tracking-exception?

Personally i dont trust the "private browsing mode" after i read that google is tracking users while they are using private browsing mode, and even firefox changed alot, it comes shipped with google as its default search engine instead of duckduckgo. duckduckgo stands for privacy, google is nothing but a spy.
Reason for firefox to come with google is money, how much did you make again?!...

Tracking protection exception:
https://i.postimg.cc/3xBp7YKw/shield-tracking-exception.png
History setings:
https://i.postimg.cc/28XJ8R2C/history2.png
history settings 2: Private Browsing and Never Remember History have been merged...
https://i.postimg.cc/43297PHk/history.png
tracking exception manual setting missing
https://i.postimg.cc/PJCWScZM/trackig-exception-manual-option-missing.png

By the way i allowed myself to make this issue public on two firefox releated websites:
https://support.mozilla.org/en-US/questions/1354699#answer-1452721
https://bugzilla.mozilla.org/show_bug.cgi

Sungguh tidak terbayangkan bahwa ini masih belum diperbaiki... Bagi siapa saja yang sangat putus asa, Anda dapat menambahkan situs ke dalam daftar pengecualian ini dengan mengedit database yang terletak di '%APPDATA%\Mozilla\Firefox\Profiles[profile- id]\permissions.sqlite' (ini jelas untuk Windows.. tetapi Anda dapat menemukan file di platform apa pun hanya dengan melihat di folder profil Anda). Anda memerlukan aplikasi yang dapat memodifikasi database SQLite (saya menggunakan versi portabel 'DB Browser for SQLite'). Ini sangat sederhana untuk dilakukan selama Anda tahu nilai apa yang harus diberikan. Cukup ikuti langkah-langkah sederhana di bawah ini:

Tutup Firefox sepenuhnya
Buat cadangan 'permissions.sqlite'
Buka 'permissions.sqlite' di aplikasi DB Anda
Buka tabel 'moz_perms'
Gandakan baris terakhir dalam tabel
Ubah 'Asal' ke url yang ingin Anda nonaktifkan perlindungan pelacakannya - mis: ' https://www.mozilla.com '
Ubah 'type' menjadi 'trackingprotection'
Ubah 'izin' menjadi '1'
Ubah 'expireType' menjadi '0'
Ubah 'expireTime' menjadi '0'
Jika Anda menggandakan baris lain, Anda dapat membiarkan 'modificationTime' apa adanya, atau jika Anda ingin mengubahnya, Anda dapat... itu adalah milidetik sejak nilai Epoch/timestamp.. untuk mengubahnya ke waktu saat ini, Anda hanya dapat menyalin/menempelkan nilai dari situs seperti currentmillis.com
Pastikan perubahan Anda ditulis ke disk dan kemudian tutup database
Situs Anda sekarang akan muncul dalam daftar dialog "Pengecualian untuk Perlindungan Pelacakan yang Disempurnakan". Sepertinya kotak teks dan tombol untuk menambahkan pengecualian pasti akan sedikit lebih mudah
informasi selengkapnya https://www.baraaksara.my.id/

Flags: needinfo?(sampemarikutu)
Severity: normal → S3

I think this ticket could be closed

Redirect a needinfo that is pending on an inactive user to the triage owner.
:pbz, since the bug has recent activity, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(sampemarikutu) → needinfo?(pbz)
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Duplicate of bug: 1785825
Flags: needinfo?(pbz)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: