2019-12-20 17:15:39 +01:00
# Geoffrey Frogeye's block list of first-party trackers
## What's a first-party tracker?
A tracker is a script put on many websites to gather informations about the visitor.
They can be used for multiple reasons: statistics, risk management, marketing, ads serving…
In any case, they are a threat to Internet users' privacy and many may want to block them.
Traditionnaly, trackers are served from a third-party.
For example, `website1.com` and `website2.com` both load their tracking script from `https://trackercompany.com/trackerscript.js` .
In order to block those, one can simply block the hostname `trackercompany.com` , which is what most ad blockers do.
However, to circumvent this block, tracker companies made the websites using them load trackers from `somestring.website1.com` .
The latter is a DNS redirection to `website1.trackercompany.com` , directly to an IP address belonging to the tracking company.
2019-12-20 17:58:53 +01:00
2019-12-20 17:15:39 +01:00
Those are called first-party trackers.
2019-12-20 17:58:53 +01:00
On top of aforementionned privacy issues, they also cause some security issue, as websites are usually configured to trust first-party scripts.
For more information, learn about [Cross-Origin Resource Sharing ](https://enable-cors.org/ ).
2019-12-20 17:15:39 +01:00
In order to block those trackers, ad blockers would need to block every subdomain pointing to anything under `trackercompany.com` or to their network.
Unfortunately, most don't support those blocking methods as they are not DNS-aware, e.g. they only see `somestring.website1.com` .
This list is an inventory of every `somestring.website1.com` found to allow non DNS-aware ad blocker to still block first-party trackers.
## List variants
### First-party trackers (recommended)
- Hosts file: < https: // hostfiles . frogeye . fr / firstparty-trackers-hosts . txt >
- Raw list: < https: // hostfiles . frogeye . fr / firstparty-trackers . txt >
This list contains every hostname redirecting to [a hand-picked list of first-party trackers ](https://git.frogeye.fr/geoffrey/eulaurarien/src/branch/master/rules/first-party.list ).
It should be safe from false-positives.
Don't be afraid of the size of the list, as this is due to the nature of first-party trackers: a single tracker generates at least one hostname per client (typically two).
### First-party only trackers
- Hosts file: < https: // hostfiles . frogeye . fr / firstparty-only-trackers-hosts . txt >
- Raw list: < https: // hostfiles . frogeye . fr / firstparty-only-trackers . txt >
This is the same list as above, albeit not containing the hostnames under the tracking company domains.
This reduces the size of the list, but it doesn't prevent from third-party tracking too.
Use in conjunction with other block lists.
### Multi-party trackers
- Hosts file: < https: // hostfiles . frogeye . fr / multiparty-trackers-hosts . txt >
- Raw list: < https: // hostfiles . frogeye . fr / multiparty-trackers . txt >
As first-party trackers usually evolve from third-party trackers, this list contains every hostname redirecting to trackers found in existing lists of third-party trackers (see next section).
Since the latter were not designed with first-party trackers in mind, they are likely to contain false-positives.
In the other hand, they might protect against first-party tracker that we're not aware of / have not yet confirmed.
#### Source of third-party trackers
- [EasyPrivacy ](https://easylist.to/easylist/easyprivacy.txt )
(yes there's only one for now. A lot of existing ones cause a lot of false positives)
### Multi-party only trackers
- Hosts file: < https: // hostfiles . frogeye . fr / multiparty-only-trackers-hosts . txt >
- Raw list: < https: // hostfiles . frogeye . fr / multiparty-only-trackers . txt >
This is the same list as above, albeit not containing the hostnames under the tracking company domains.
This reduces the size of the list, but it doesn't prevent from third-party tracking too.
Use in conjunction with other block lists, especially the ones used to generate this list in the previous section.
## Meta
In case of false positives/negatives, or any other question contact me the way you like: < https: / / geoffrey . frogeye . fr >
The software used to generate this list is available here: < https: / / git . frogeye . fr / geoffrey / eulaurarien >
2019-12-20 17:46:24 +01:00
## Acknowledgements
2019-12-20 17:15:39 +01:00
Some of the first-party tracker included in this list have been found by:
- [Aeris ](https://imirhil.fr/ )
- NextDNS and [their blocklist ](https://github.com/nextdns/cname-cloaking-blocklist )'s contributors
2019-12-20 17:46:24 +01:00
The list was generated using data from
- [Rapid7 OpenData ](https://opendata.rapid7.com/sonar.fdns_v2/ )
- [Cisco Umbrella Popularity List ](http://s3-us-west-1.amazonaws.com/umbrella-static/index.html )
- [Public DNS Server List ](https://public-dns.info/ )