2019-12-20 16:15:39 +00:00
# Geoffrey Frogeye's block list of first-party trackers
## What's a first-party tracker?
A tracker is a script put on many websites to gather informations about the visitor.
They can be used for multiple reasons: statistics, risk management, marketing, ads serving…
In any case, they are a threat to Internet users' privacy and many may want to block them.
Traditionnaly, trackers are served from a third-party.
For example, `website1.com` and `website2.com` both load their tracking script from `https://trackercompany.com/trackerscript.js` .
In order to block those, one can simply block the hostname `trackercompany.com` , which is what most ad blockers do.
However, to circumvent this block, tracker companies made the websites using them load trackers from `somestring.website1.com` .
The latter is a DNS redirection to `website1.trackercompany.com` , directly to an IP address belonging to the tracking company.
2019-12-20 16:58:53 +00:00
2019-12-20 16:15:39 +00:00
Those are called first-party trackers.
2019-12-20 16:58:53 +00:00
On top of aforementionned privacy issues, they also cause some security issue, as websites are usually configured to trust first-party scripts.
For more information, learn about [Cross-Origin Resource Sharing ](https://enable-cors.org/ ).
2019-12-20 16:15:39 +00:00
In order to block those trackers, ad blockers would need to block every subdomain pointing to anything under `trackercompany.com` or to their network.
Unfortunately, most don't support those blocking methods as they are not DNS-aware, e.g. they only see `somestring.website1.com` .
This list is an inventory of every `somestring.website1.com` found to allow non DNS-aware ad blocker to still block first-party trackers.
2019-12-27 14:21:33 +00:00
### Learn more
2019-12-20 17:22:15 +00:00
- [CNAME Cloaking, the dangerous disguise of third-party trackers ](https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a )
- [Trackers first-party ](https://blog.imirhil.fr/2019/11/13/first-party-tracker.html ) (french)
- [uBlock Origin issue ](https://github.com/uBlockOrigin/uBlock-issues/issues/780 )
2019-12-20 16:15:39 +00:00
## List variants
2020-01-11 10:26:54 +00:00
### First-party trackers
**Recommended for hostfiles-based ad blockers, such as [Pi-hole ](https://pi-hole.net/ ).**
**Recommended for Android ad blockers as applications, such ad [Blokada ](https://blokada.org/ ).**
2019-12-20 16:15:39 +00:00
- Hosts file: < https: // hostfiles . frogeye . fr / firstparty-trackers-hosts . txt >
- Raw list: < https: // hostfiles . frogeye . fr / firstparty-trackers . txt >
This list contains every hostname redirecting to [a hand-picked list of first-party trackers ](https://git.frogeye.fr/geoffrey/eulaurarien/src/branch/master/rules/first-party.list ).
It should be safe from false-positives.
2020-01-11 10:26:54 +00:00
It also contains all tracking hostnames under company domains (e.g. `website1.trackercompany.com` ),
useful for ad blockers that don't support mass regex blocking,
while still preventing fallback to third-party trackers.
2019-12-20 16:15:39 +00:00
Don't be afraid of the size of the list, as this is due to the nature of first-party trackers: a single tracker generates at least one hostname per client (typically two).
### First-party only trackers
2020-01-11 10:26:54 +00:00
**Recommended for ad blockers as web browser extensions, such as [uBlock Origin ](https://pi-hole.net/ ).**
2019-12-20 16:15:39 +00:00
- Hosts file: < https: // hostfiles . frogeye . fr / firstparty-only-trackers-hosts . txt >
- Raw list: < https: // hostfiles . frogeye . fr / firstparty-only-trackers . txt >
2019-12-27 14:58:20 +00:00
This is the same list as above, albeit not containing the hostnames under the tracking company domains (e.g. `website1.trackercompany.com` ).
2020-01-11 10:26:54 +00:00
This allows for reducing the size of the list for ad-blockers that already block those third-party trackers with their support of regex blocking.
Use in conjunction with other block lists used in regex-mode, such as [Peter Lowe's ](https://pgl.yoyo.org/adservers/ )
2019-12-20 16:15:39 +00:00
### Multi-party trackers
- Hosts file: < https: // hostfiles . frogeye . fr / multiparty-trackers-hosts . txt >
- Raw list: < https: // hostfiles . frogeye . fr / multiparty-trackers . txt >
As first-party trackers usually evolve from third-party trackers, this list contains every hostname redirecting to trackers found in existing lists of third-party trackers (see next section).
Since the latter were not designed with first-party trackers in mind, they are likely to contain false-positives.
2020-01-11 10:26:54 +00:00
On the other hand, they might protect against first-party tracker that we're not aware of / have not yet confirmed.
2019-12-20 16:15:39 +00:00
#### Source of third-party trackers
- [EasyPrivacy ](https://easylist.to/easylist/easyprivacy.txt )
(yes there's only one for now. A lot of existing ones cause a lot of false positives)
### Multi-party only trackers
- Hosts file: < https: // hostfiles . frogeye . fr / multiparty-only-trackers-hosts . txt >
- Raw list: < https: // hostfiles . frogeye . fr / multiparty-only-trackers . txt >
2019-12-27 14:58:20 +00:00
This is the same list as above, albeit not containing the hostnames under the tracking company domains (e.g. `website1.trackercompany.com` ).
2020-01-11 10:26:54 +00:00
This allows for reducing the size of the list for ad-blockers that already block those third-party trackers with their support of regex blocking.
Use in conjunction with other block lists used in regex-mode, such as the ones in the previous section.
2019-12-20 16:15:39 +00:00
## Meta
In case of false positives/negatives, or any other question contact me the way you like: < https: / / geoffrey . frogeye . fr >
The software used to generate this list is available here: < https: / / git . frogeye . fr / geoffrey / eulaurarien >
2019-12-20 16:46:24 +00:00
## Acknowledgements
2019-12-20 16:15:39 +00:00
Some of the first-party tracker included in this list have been found by:
2019-12-27 14:21:33 +00:00
2019-12-20 16:15:39 +00:00
- [Aeris ](https://imirhil.fr/ )
- NextDNS and [their blocklist ](https://github.com/nextdns/cname-cloaking-blocklist )'s contributors
2020-01-06 15:44:45 +00:00
- Yuki2718 from [Wilders Security Forums ](https://www.wilderssecurity.com/threads/ublock-a-lean-and-fast-blocker.365273/page-168#post-2880361 )
2019-12-20 16:46:24 +00:00
The list was generated using data from
2019-12-27 14:21:33 +00:00
2019-12-27 14:58:20 +00:00
- [Rapid7 OpenData ](https://opendata.rapid7.com/sonar.fdns_v2/ ), who kindly provided a free account
2019-12-20 16:46:24 +00:00
- [Cisco Umbrella Popularity List ](http://s3-us-west-1.amazonaws.com/umbrella-static/index.html )
- [Public DNS Server List ](https://public-dns.info/ )
2020-01-11 10:43:14 +00:00
Similar projects:
- [NextDNS blocklist ](https://github.com/nextdns/cname-cloaking-blocklist ): for DNS-aware ad blockers
- [Stefan Froberg's lists ](https://www.orwell1984.today/cname/ ): subset of those lists grouped by tracker