Consider blocking Flash-based tracking movies

RESOLVED FIXED

Status

Camino Graveyard
Annoyance Blocking
RESOLVED FIXED
9 years ago
8 years ago

People

(Reporter: philippe (part-time), Unassigned)

Tracking

Trunk
x86
Mac OS X

Details

Attachments

(1 attachment)

(Reporter)

Description

9 years ago
Created attachment 396136 [details]
sample html code

Those 1x1px sized movies distort the page layout when Flashblock is turned on (the flashblock overlay is 32x32px static, inflow content). With Flashblock turned off, they are invisible anyway, but keep collecting data on the user surfing patterns.

forum thread
http://forums.mozillazine.org/viewtopic.php?f=12&t=1399345

more info
http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862

sample sites:
wwww.newsweek.com
www.japantimes.co.jp (ind. articles only)

object[data*=".clearspring.com"]  { display:none !important }

and for Flashblock users (hides the overlay that gets set most of the time even with the object set to display: none)
div[title*=".clearspring.com"] {display:none !important }

I'm not convinced that only setting to the movie to display:none is enough to prevent the movie from 'playing' and collecting data.
A quick test shows that no data is stored on the user side, but this need more testing.
(in ~/Library/Preferences/Macromedia/FlashPlayer/#SharedObjects/... and ~/Library/Preferences/Macromedia/FlashPlayer/macromedia.com/.....)
(Reporter)

Comment 1

9 years ago
2 notes:
1. I've been in contact with 2 Flash developers, who told that Flash movies set to CSS display:none will no initialise and hence not set or retrieve data to/from the user's machine.

2. we probably also can dispose of the ebay tracking movie
embed with src="https://secureinclude.ebaystatic.com/aw/pics/flash/global/features/krb/dist/krb.swf"

embed[src*=secureinclude.ebaystatic.com"][src$="krb.swf"]
philippe, should we take some rules for known URLs here in the coming ad-blocking fix?
(Reporter)

Comment 3

8 years ago
(In reply to comment #2)

Yeah, except I can't find any example of the clearspring.com one in use atm (not on the sample sites listed above, not on other sites where I had seen them).
Possibly sites have become better at detecting Flashblock - I don't think so, though ?
Adobe.com and Arstechnica.com used to have a flash bug at the very bottom of the page, but I don't see it anymore either.

I've disabled all the rules that potentially block those things; I'll see if I can find other existing examples.

That said, the eBay flash bug still exist (comment 1) and can be added to ad-blocking.css
I've noticed weather.com printable views have something like this; not exactly sure what it does: http://www.weather.com/weather/print/USNC0279
(Reporter)

Comment 5

8 years ago
(In reply to comment #4)
> I've noticed weather.com printable views have something like this; not exactly
> sure what it does: http://www.weather.com/weather/print/USNC0279

an swf that goes by the name of flookies.swf is highly suspect :-)

----

Here is what I have so far:
(div[title*="foo"] is hiding the Flashblock placeholder)

object[data*=".clearspring.com"],
div[title*=".clearspring.com"],
embed[src*="secureinclude.ebaystatic.com"][src$="krb.swf"],
div[title$="krb.swf"],
object[data*="flookies07.swf"],
div[title*="flookies07.swf"]{display:none !important; }
Fixed by the checkin for bug 549250, http://hg.mozilla.org/camino/rev/1ee085041bf3
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.