Open Bug 1557363 Opened 4 months ago Updated 4 months ago

Tracking protection breaks embedded videos from ibm.com

Categories

(Firefox :: Tracking Protection, defect, P3)

67 Branch
defect

Tracking

()

People

(Reporter: nadasdi.mate, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.51 Safari/537.36

Steps to reproduce:

Go to this page in latest FF private window: http://matenadasdi.com/static/player-iframe-test.html to see an IBM Video Streaming player embed url in an iframe.

Actual results:

After the latest content-blocking release ibm.com and every subproduct of IBM are blocked by default in private windows. It's important to point out that ibm.com is a marketing page with some tracking so that can be true, but IBMs whole portfolio is segmented across the *.ibm.com domain and for example video.ibm.com/embed/* video streaming player embeds are clearly not tracking sites but it gets blocked out in private windows causing customers a real problem on their sites.

Expected results:

video.ibm.com product is just like Youtube embeds and it's working right now as you can see on the example site.

This problem causes hundreds of thousands of broadcasters and their users an unexpected behaviour since they are using the product on a daily basis, they are paying for it and it's clearly not a tracking site.

I think there are multiple solutions, please fix it somehow:

  • content-blocking shouldn't apply for subdomains for example
  • ibm.com or subdomains of ibm.com should be removed from the tracking site list since it's killing all IBM products for customers.
  • for a start, video.ibm.com could be whitelisted and other IBM products could be added one-by-one in the future
  • content-blocking shouldn't be implemented based on a static list, the browser could detect suspicious activity and disable frame based on the detection.
Summary: Content blocking is blocking ibm.com without thinking about subdomain for fully different products → Content blocking is blocking ibm.com without thinking about its subdomains for different IBM products
Component: Untriaged → Tracking Protection

Steven, what do you think? Should we reach out to Disconnect about allowing video.ibm.com?

Flags: needinfo?(senglehardt)

Thanks for the report Mate. I can confirm that the IBM video is completely blocked in PB mode. ibm.com is on the base/level1 tracking protection list. By comparison, youtube.com is on the content/level2 list, which is why it is not blocked in PB mode. If ibm.com is primarily used for serving user-visible content (like how I imagine the youtube.com domain is used), then it may make sense to move it to the content/level2 list.

We don't currently have the ability to whitelist specific subdomains of a blocked hostname. The approach we've taken is to ask for the tracking to be moved off the main domain to a subdomain and then only add the tracking subdomain to the blocklist. In this case, something like tracking.ibm.com. This is preferred because tracking cookies scoped to example.com are still attached to subdomain loads (e.g., foo.example.com).

Either way, requests for reclassification should be directed to Disconnect. You can file an issue on their repository, https://github.com/disconnectme/disconnect-tracking-protection/issues or email them at support@disconnect.me.

Blocks: tpvideo
Flags: needinfo?(senglehardt)
Summary: Content blocking is blocking ibm.com without thinking about its subdomains for different IBM products → Tracking protection breaks embedded videos from ibm.com
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.