Closed Bug 1593185 Opened 4 years ago Closed 4 years ago

Embedded Facebook content from friends2follow.com missing on http://www.therepublic.com

Categories

(Core :: Privacy: Anti-Tracking, defect)

defect
Not set
normal

Tracking

()

RESOLVED WONTFIX
Tracking Status
firefox70 --- affected
firefox71 --- affected
firefox72 --- affected

People

(Reporter: cgeorgiu, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

Attached image ad-facebook.png

Affected versions

  • latest Nightly 72.0a1
  • latest Beta 71.0b6
  • dot-Release 70.0.1

Affected platforms

  • Windows 10 x64
  • macOS 10.13
  • Ubuntu 18.04 x64

Steps to reproduce

  1. Go to about:preferences#privacy and from Custom section, un-check all items expect for "Fingerprinters".
  2. Access http://www.therepublic.com/.

Expected result

  • The embedded Facebook content from the right side of the page is displayed in the ad.

Actual result

  • The embedded Facebook content is NOT displayed in the ad.

Regression range

  • Not a regression.

Additional notes

  • It looks that the blocked domain in Privacy panel is "therepublic.friends2follow.com".
  • Please observe the attached screenshot.
Attached image ad-facebook2.png

I can observe this issue on https://www.herald-dispatch.com/ website as well, where the Facebook content is missing from the page. The blocked domain in this case is heralddispatch.friends2follow.com

I've verified that blocking therepublic.friends2follow.com is causing this breakage. Specifically, we block “https://therepublic.friends2follow.com/f2f/widget/async/socialstack/72/0/8/140/1/2/1/5?click=&cache= from loading in an embedded frame (which subsequently loads other resources from this origin and Facebook origins).

The breakage on https://www.herald-dispatch.com/ does indeed have the same cause. Specifically blocking: https://heralddispatch.friends2follow.com/f2f/widget/html/socialstack/72/0/12/140/1/1/1/10

Summary: Embedded Facebook content missing on http://www.therepublic.com → Embedded Facebook content from friends2follow.com missing on http://www.therepublic.com

It looks like the fingerprinting script is served from a CDN (see: https://github.com/disconnectme/disconnect-tracking-protection/blob/master/descriptions.md#Friends2Follow). The computed fingerprint is sent back to friends2follow.com (e.g., https://therepublic.friends2follow.com/f2fi.php?wi=72&it=...&ha=...&fi=...).

We've decided to accept this breakage.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.