eulaurarien/dist/README.md
Geoffrey Frogeye 3b6f7a58b3
Remove support for Rapid7
They changed their privacy / pricing model and as such I don't have
access to their massive DNS dataset anymore,
even after asking.

Since 2022-01-02, I put the list on freeze while looking for an alternative,
but couldn't find any.
To make the list update again with the remaining DNS sources I have,
I put the last version of the list generated with the Rapid7 dataset
as an input for subdomains, that will now get resolved with MassDNS.
2022-11-13 20:10:27 +01:00

7.3 KiB

Geoffrey Frogeye's block list of first-party trackers

What's a first-party tracker?

A tracker is a script put on many websites to gather informations about the visitor. They can be used for multiple reasons: statistics, risk management, marketing, ads serving… In any case, they are a threat to Internet users' privacy and many may want to block them.

Traditionnaly, trackers are served from a third-party. For example, website1.com and website2.com both load their tracking script from https://trackercompany.com/trackerscript.js. In order to block those, one can simply block the hostname trackercompany.com, which is what most ad blockers do.

However, to circumvent this block, tracker companies made the websites using them load trackers from somestring.website1.com. The latter is a DNS redirection to website1.trackercompany.com, directly to an IP address belonging to the tracking company.

Those are called first-party trackers. On top of aforementionned privacy issues, they also cause some security issue, as websites usually trust those scripts more. For more information, learn about Content Security Policy, same-origin policy and Cross-Origin Resource Sharing.

In order to block those trackers, ad blockers would need to block every subdomain pointing to anything under trackercompany.com or to their network. Unfortunately, most don't support those blocking methods as they are not DNS-aware, e.g. they only see somestring.website1.com.

This list is an inventory of every somestring.website1.com found to allow non DNS-aware ad blocker to still block first-party trackers.

Learn more

List variants

First-party trackers

Recommended for hostfiles-based ad blockers, such as Pi-hole (<v5.0, as it introduced CNAME blocking). Recommended for Android ad blockers as applications, such ad Blokada.

This list contains every hostname redirecting to a hand-picked list of first-party trackers. It should be safe from false-positives. It also contains all tracking hostnames under company domains (e.g. website1.trackercompany.com), useful for ad blockers that don't support mass regex blocking, while still preventing fallback to third-party trackers. Don't be afraid of the size of the list, as this is due to the nature of first-party trackers: a single tracker generates at least one hostname per client (typically two).

First-party only trackers

Recommended for ad blockers as web browser extensions, such as uBlock Origin (<v1.25.0 or for Chromium-based browsers, as it introduced CNAME uncloaking for Firefox).

This is the same list as above, albeit not containing the hostnames under the tracking company domains (e.g. website1.trackercompany.com). This allows for reducing the size of the list for ad-blockers that already block those third-party trackers with their support of regex blocking. Use in conjunction with other block lists used in regex-mode, such as Peter Lowe's

Multi-party trackers

As first-party trackers usually evolve from third-party trackers, this list contains every hostname redirecting to trackers found in existing lists of third-party trackers (see next section). Since the latter were not designed with first-party trackers in mind, they are likely to contain false-positives. On the other hand, they might protect against first-party tracker that we're not aware of / have not yet confirmed.

Source of third-party trackers

(yes there's only two for now. A lot of existing ones cause a lot of false positives)

Multi-party only trackers

This is the same list as above, albeit not containing the hostnames under the tracking company domains (e.g. website1.trackercompany.com). This allows for reducing the size of the list for ad-blockers that already block those third-party trackers with their support of regex blocking. Use in conjunction with other block lists used in regex-mode, such as the ones in the previous section.

Meta

In case of false positives/negatives, or any other question contact me the way you like: https://geoffrey.frogeye.fr

The software used to generate this list is available here: https://git.frogeye.fr/geoffrey/eulaurarien

Acknowledgements

Some of the first-party tracker included in this list have been found by:

The list was generated using data from

Similar projects: