eulaurarien/dist/README.md

# Geoffrey Frogeye's block list of first-party trackers

## What's a first-party tracker?

A tracker is a script put on many websites to gather informations about the visitor.
They can be used for multiple reasons: statistics, risk management, marketing, ads serving…
In any case, they are a threat to Internet users' privacy and many may want to block them.

Traditionnaly, trackers are served from a third-party.
For example, `website1.com` and `website2.com` both load their tracking script from `https://trackercompany.com/trackerscript.js`.
In order to block those, one can simply block the hostname `trackercompany.com`, which is what most ad blockers do.

However, to circumvent this block, tracker companies made the websites using them load trackers from `somestring.website1.com`.
The latter is a DNS redirection to `website1.trackercompany.com`, directly to an IP address belonging to the tracking company.

Those are called first-party trackers.
On top of aforementionned privacy issues, they also cause some security issue, as websites are usually configured to trust first-party scripts.
For more information, learn about [Cross-Origin Resource Sharing](https://enable-cors.org/).

In order to block those trackers, ad blockers would need to block every subdomain pointing to anything under `trackercompany.com` or to their network.
Unfortunately, most don't support those blocking methods as they are not DNS-aware, e.g. they only see `somestring.website1.com`.

This list is an inventory of every `somestring.website1.com` found to allow non DNS-aware ad blocker to still block first-party trackers.

### Learn more

- [CNAME Cloaking, the dangerous disguise of third-party trackers](https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a)
- [Trackers first-party](https://blog.imirhil.fr/2019/11/13/first-party-tracker.html) (french)
- [uBlock Origin issue](https://github.com/uBlockOrigin/uBlock-issues/issues/780)

## List variants

### First-party trackers (recommended)

- Hosts file: <https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt>
- Raw list: <https://hostfiles.frogeye.fr/firstparty-trackers.txt>

This list contains every hostname redirecting to [a hand-picked list of first-party trackers](https://git.frogeye.fr/geoffrey/eulaurarien/src/branch/master/rules/first-party.list).
It should be safe from false-positives.
Don't be afraid of the size of the list, as this is due to the nature of first-party trackers: a single tracker generates at least one hostname per client (typically two).

### First-party only trackers

- Hosts file: <https://hostfiles.frogeye.fr/firstparty-only-trackers-hosts.txt>
- Raw list: <https://hostfiles.frogeye.fr/firstparty-only-trackers.txt>

This is the same list as above, albeit not containing the hostnames under the tracking company domains (e.g. `website1.trackercompany.com`).
While those are technically third-party trackers, they cannot be blocked at once by some ad blockers (e.g. Pi-hole).
Use only with ad blocker able to import regular expressions and in conjuction with other block lists.

### Multi-party trackers

- Hosts file: <https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt>
- Raw list: <https://hostfiles.frogeye.fr/multiparty-trackers.txt>

As first-party trackers usually evolve from third-party trackers, this list contains every hostname redirecting to trackers found in existing lists of third-party trackers (see next section).
Since the latter were not designed with first-party trackers in mind, they are likely to contain false-positives.
In the other hand, they might protect against first-party tracker that we're not aware of / have not yet confirmed.

#### Source of third-party trackers

- [EasyPrivacy](https://easylist.to/easylist/easyprivacy.txt)

(yes there's only one for now. A lot of existing ones cause a lot of false positives)

### Multi-party only trackers

- Hosts file: <https://hostfiles.frogeye.fr/multiparty-only-trackers-hosts.txt>
- Raw list: <https://hostfiles.frogeye.fr/multiparty-only-trackers.txt>

This is the same list as above, albeit not containing the hostnames under the tracking company domains (e.g. `website1.trackercompany.com`).
While those are technically third-party trackers, they cannot be blocked at once by some ad blockers (e.g. Pi-hole).
Use only with ad blocker able to import regular expressions and in conjuction with other block lists, especially the ones in the previous section.

## Meta

In case of false positives/negatives, or any other question contact me the way you like: <https://geoffrey.frogeye.fr>

The software used to generate this list is available here: <https://git.frogeye.fr/geoffrey/eulaurarien>

## Acknowledgements

Some of the first-party tracker included in this list have been found by:

- [Aeris](https://imirhil.fr/)
- NextDNS and [their blocklist](https://github.com/nextdns/cname-cloaking-blocklist)'s contributors

The list was generated using data from

- [Rapid7 OpenData](https://opendata.rapid7.com/sonar.fdns_v2/), who kindly provided a free account
- [Cisco Umbrella Popularity List](http://s3-us-west-1.amazonaws.com/umbrella-static/index.html)
- [Public DNS Server List](https://public-dns.info/)
- Yuki2718 from [Wilders Security Forums](https://www.wilderssecurity.com/threads/ublock-a-lean-and-fast-blocker.365273/page-168#post-2880361) (by the way I'd appreciate if someone from this forum could contact a moderator to get [me](https://www.wilderssecurity.com/members/geoffrey-frogeye.162660/) confirmed!)
Updated README Split in two actually (program and list). Closes #3 Also, Closes #1 Because I forgot to do it earlier. 2019-12-20 16:15:39 +00:00			`# Geoffrey Frogeye's block list of first-party trackers`

			`## What's a first-party tracker?`

			`A tracker is a script put on many websites to gather informations about the visitor.`
			`They can be used for multiple reasons: statistics, risk management, marketing, ads serving…`
			`In any case, they are a threat to Internet users' privacy and many may want to block them.`

			`Traditionnaly, trackers are served from a third-party.`
			For example, `website1.com` and `website2.com` both load their tracking script from `https://trackercompany.com/trackerscript.js`.
			In order to block those, one can simply block the hostname `trackercompany.com`, which is what most ad blockers do.

			However, to circumvent this block, tracker companies made the websites using them load trackers from `somestring.website1.com`.
			The latter is a DNS redirection to `website1.trackercompany.com`, directly to an IP address belonging to the tracking company.
Added information about CORS security issue 2019-12-20 16:58:53 +00:00
Updated README Split in two actually (program and list). Closes #3 Also, Closes #1 Because I forgot to do it earlier. 2019-12-20 16:15:39 +00:00			`Those are called first-party trackers.`
Added information about CORS security issue 2019-12-20 16:58:53 +00:00			`On top of aforementionned privacy issues, they also cause some security issue, as websites are usually configured to trust first-party scripts.`
			`For more information, learn about [Cross-Origin Resource Sharing](https://enable-cors.org/).`
Updated README Split in two actually (program and list). Closes #3 Also, Closes #1 Because I forgot to do it earlier. 2019-12-20 16:15:39 +00:00
			In order to block those trackers, ad blockers would need to block every subdomain pointing to anything under `trackercompany.com` or to their network.
			Unfortunately, most don't support those blocking methods as they are not DNS-aware, e.g. they only see `somestring.website1.com`.

			This list is an inventory of every `somestring.website1.com` found to allow non DNS-aware ad blocker to still block first-party trackers.

Added index webpage 2019-12-27 14:21:33 +00:00			`### Learn more`
Added some litterature Well not really litterature in the scientific term but still something to read 2019-12-20 17:22:15 +00:00
			`- [CNAME Cloaking, the dangerous disguise of third-party trackers](https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a)`
			`- [Trackers first-party](https://blog.imirhil.fr/2019/11/13/first-party-tracker.html) (french)`
			`- [uBlock Origin issue](https://github.com/uBlockOrigin/uBlock-issues/issues/780)`

Updated README Split in two actually (program and list). Closes #3 Also, Closes #1 Because I forgot to do it earlier. 2019-12-20 16:15:39 +00:00			`## List variants`

			`### First-party trackers (recommended)`

			`- Hosts file: <https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt>`
			`- Raw list: <https://hostfiles.frogeye.fr/firstparty-trackers.txt>`

			`This list contains every hostname redirecting to [a hand-picked list of first-party trackers](https://git.frogeye.fr/geoffrey/eulaurarien/src/branch/master/rules/first-party.list).`
			`It should be safe from false-positives.`
			`Don't be afraid of the size of the list, as this is due to the nature of first-party trackers: a single tracker generates at least one hostname per client (typically two).`

			`### First-party only trackers`

			`- Hosts file: <https://hostfiles.frogeye.fr/firstparty-only-trackers-hosts.txt>`
			`- Raw list: <https://hostfiles.frogeye.fr/firstparty-only-trackers.txt>`

Improved -only variants descriptions 2019-12-27 14:58:20 +00:00			This is the same list as above, albeit not containing the hostnames under the tracking company domains (e.g. `website1.trackercompany.com`).
			`While those are technically third-party trackers, they cannot be blocked at once by some ad blockers (e.g. Pi-hole).`
			`Use only with ad blocker able to import regular expressions and in conjuction with other block lists.`
Updated README Split in two actually (program and list). Closes #3 Also, Closes #1 Because I forgot to do it earlier. 2019-12-20 16:15:39 +00:00
			`### Multi-party trackers`

			`- Hosts file: <https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt>`
			`- Raw list: <https://hostfiles.frogeye.fr/multiparty-trackers.txt>`

			`As first-party trackers usually evolve from third-party trackers, this list contains every hostname redirecting to trackers found in existing lists of third-party trackers (see next section).`
			`Since the latter were not designed with first-party trackers in mind, they are likely to contain false-positives.`
			`In the other hand, they might protect against first-party tracker that we're not aware of / have not yet confirmed.`

			`#### Source of third-party trackers`

			`- [EasyPrivacy](https://easylist.to/easylist/easyprivacy.txt)`

			`(yes there's only one for now. A lot of existing ones cause a lot of false positives)`

			`### Multi-party only trackers`

			`- Hosts file: <https://hostfiles.frogeye.fr/multiparty-only-trackers-hosts.txt>`
			`- Raw list: <https://hostfiles.frogeye.fr/multiparty-only-trackers.txt>`

Improved -only variants descriptions 2019-12-27 14:58:20 +00:00			This is the same list as above, albeit not containing the hostnames under the tracking company domains (e.g. `website1.trackercompany.com`).
			`While those are technically third-party trackers, they cannot be blocked at once by some ad blockers (e.g. Pi-hole).`
Better list output 2019-12-27 20:46:57 +00:00			`Use only with ad blocker able to import regular expressions and in conjuction with other block lists, especially the ones in the previous section.`
Updated README Split in two actually (program and list). Closes #3 Also, Closes #1 Because I forgot to do it earlier. 2019-12-20 16:15:39 +00:00
			`## Meta`

			`In case of false positives/negatives, or any other question contact me the way you like: <https://geoffrey.frogeye.fr>`

			`The software used to generate this list is available here: <https://git.frogeye.fr/geoffrey/eulaurarien>`

Acknwoledgments Gesundheit 2019-12-20 16:46:24 +00:00			`## Acknowledgements`

Updated README Split in two actually (program and list). Closes #3 Also, Closes #1 Because I forgot to do it earlier. 2019-12-20 16:15:39 +00:00			`Some of the first-party tracker included in this list have been found by:`
Added index webpage 2019-12-27 14:21:33 +00:00
Updated README Split in two actually (program and list). Closes #3 Also, Closes #1 Because I forgot to do it earlier. 2019-12-20 16:15:39 +00:00			`- [Aeris](https://imirhil.fr/)`
			`- NextDNS and [their blocklist](https://github.com/nextdns/cname-cloaking-blocklist)'s contributors`
Acknwoledgments Gesundheit 2019-12-20 16:46:24 +00:00
			`The list was generated using data from`
Added index webpage 2019-12-27 14:21:33 +00:00
Improved -only variants descriptions 2019-12-27 14:58:20 +00:00			`- [Rapid7 OpenData](https://opendata.rapid7.com/sonar.fdns_v2/), who kindly provided a free account`
Acknwoledgments Gesundheit 2019-12-20 16:46:24 +00:00			`- [Cisco Umbrella Popularity List](http://s3-us-west-1.amazonaws.com/umbrella-static/index.html)`
			`- [Public DNS Server List](https://public-dns.info/)`
Added two japanese trackers 2020-01-03 21:09:16 +00:00			`- Yuki2718 from [Wilders Security Forums](https://www.wilderssecurity.com/threads/ublock-a-lean-and-fast-blocker.365273/page-168#post-2880361) (by the way I'd appreciate if someone from this forum could contact a moderator to get [me](https://www.wilderssecurity.com/members/geoffrey-frogeye.162660/) confirmed!)`