Consider blocking cookies for Disqus in default ETP config
Categories
(Core :: Privacy: Anti-Tracking, enhancement)
Tracking
()
People
(Reporter: John, Unassigned)
Details
Attachments
(1 file)
85.68 KB,
image/jpeg
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.4 Safari/605.1.15
Steps to reproduce:
This Twitter thread explores the explicit cross-site tracking bundled into the Disqus service: https://twitter.com/martingund/status/1207327648093003777?s=20 all under the term "Disqus data sharing", which according to the tweeter, is on by default. See screenshot from Disqus settings.
Disqus is exempt from ETP by default since it's part of the Content category of the block list.
Actual results:
Disqus is allowed to use cookies by default under ETP.
Expected results:
Disqus should not be able to use cookies by default under ETP since they offer cross-site tracking services.
Updated•5 years ago
|
Comment 1•5 years ago
|
||
I do think Disqus is properly classified as a Content tracker. If Disconnect were to move the domain from the Level 1 to the Level 2 list, it would lead to breakage when resource blocking is enabled.
As a concrete example, you can add a custom string pref in about:config
: urlclassifier.trackingTable.testEntries = disqus.com
. Then visit this page in a private window (where resource blocking is enabled): https://www.cnet.com/how-to/ask-alexa-these-funny-things-when-you-need-a-good-laugh/#comments.
I view this as a duplicate of enabling the entire Strict list in ETP, and further evidence of why that's a high priority.
Description
•