.. | ||
.gitignore | ||
markdown7.min.css | ||
README.md |
Geoffrey Frogeye's block list of first-party trackers
What's a first-party tracker?
A tracker is a script put on many websites to gather informations about the visitor. They can be used for multiple reasons: statistics, risk management, marketing, ads serving… In any case, they are a threat to Internet users' privacy and many may want to block them.
Traditionnaly, trackers are served from a third-party.
For example, website1.com
and website2.com
both load their tracking script from https://trackercompany.com/trackerscript.js
.
In order to block those, one can simply block the hostname trackercompany.com
, which is what most ad blockers do.
However, to circumvent this block, tracker companies made the websites using them load trackers from somestring.website1.com
.
The latter is a DNS redirection to website1.trackercompany.com
, directly to an IP address belonging to the tracking company.
Those are called first-party trackers. On top of aforementionned privacy issues, they also cause some security issue, as websites are usually configured to trust first-party scripts. For more information, learn about Cross-Origin Resource Sharing.
In order to block those trackers, ad blockers would need to block every subdomain pointing to anything under trackercompany.com
or to their network.
Unfortunately, most don't support those blocking methods as they are not DNS-aware, e.g. they only see somestring.website1.com
.
This list is an inventory of every somestring.website1.com
found to allow non DNS-aware ad blocker to still block first-party trackers.
Learn more
- CNAME Cloaking, the dangerous disguise of third-party trackers
- Trackers first-party (french)
- uBlock Origin issue
List variants
First-party trackers (recommended)
- Hosts file: https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt
- Raw list: https://hostfiles.frogeye.fr/firstparty-trackers.txt
This list contains every hostname redirecting to a hand-picked list of first-party trackers. It should be safe from false-positives. Don't be afraid of the size of the list, as this is due to the nature of first-party trackers: a single tracker generates at least one hostname per client (typically two).
First-party only trackers
- Hosts file: https://hostfiles.frogeye.fr/firstparty-only-trackers-hosts.txt
- Raw list: https://hostfiles.frogeye.fr/firstparty-only-trackers.txt
This is the same list as above, albeit not containing the hostnames under the tracking company domains (e.g. website1.trackercompany.com
).
While those are technically third-party trackers, they cannot be blocked at once by some ad blockers (e.g. Pi-hole).
Use only with ad blocker able to import regular expressions and in conjuction with other block lists.
Multi-party trackers
- Hosts file: https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt
- Raw list: https://hostfiles.frogeye.fr/multiparty-trackers.txt
As first-party trackers usually evolve from third-party trackers, this list contains every hostname redirecting to trackers found in existing lists of third-party trackers (see next section). Since the latter were not designed with first-party trackers in mind, they are likely to contain false-positives. In the other hand, they might protect against first-party tracker that we're not aware of / have not yet confirmed.
Source of third-party trackers
(yes there's only one for now. A lot of existing ones cause a lot of false positives)
Multi-party only trackers
- Hosts file: https://hostfiles.frogeye.fr/multiparty-only-trackers-hosts.txt
- Raw list: https://hostfiles.frogeye.fr/multiparty-only-trackers.txt
This is the same list as above, albeit not containing the hostnames under the tracking company domains (e.g. website1.trackercompany.com
).
While those are technically third-party trackers, they cannot be blocked at once by some ad blockers (e.g. Pi-hole).
Use only with ad blocker able to import regular expressions and in conjuction with other block lists, especially the ones in the previous section.
Meta
In case of false positives/negatives, or any other question contact me the way you like: https://geoffrey.frogeye.fr
The software used to generate this list is available here: https://git.frogeye.fr/geoffrey/eulaurarien
Acknowledgements
Some of the first-party tracker included in this list have been found by:
- Aeris
- NextDNS and their blocklist's contributors
The list was generated using data from
- Rapid7 OpenData, who kindly provided a free account
- Cisco Umbrella Popularity List
- Public DNS Server List
- Yuki2718 from Wilders Security Forums (by the way I'd appreciate if someone from this forum could contact a moderator to get me confirmed!)