Ghostery Browser Extension for Firefox, Chrome, Opera, Edge and Safari
License: Mozilla Public License 2.0
This repository is home to all Ghostery Browser Extensions for various platforms.
v8.x for Firefox: extension-manifest-v2v10.x for Chrome, Edge, Opera and Safari: extension-manifest-v3Ghostery relies on contributions from lots of talented people.
MPL-2.0 Copyright 2017 Ghostery GmbH. All rights reserved.
See LICENSE
###URL(s) where the issue occurs
https://e.mail.ru/messages/inbox/
##Describe the issue
Open https://e.mail.ru/messages/inbox/
Open any letter with external link.
Click on link in letter.
New window can't open.
###Versions
Browser/version: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 IP
Ghostery 8.2.3
When I try to click the link to install Ghostery, Firefox blocks the add-on. It sends me to this site for more information: https://support.mozilla.org/en-US/kb/add-on-signing-in-firefox?as=u&utm_source=inproduct
I got notification about extension error on google chrome. I went to extension page and I saw this error message (translated roughly from my native language):
Extension didn't redirect web call to https://domain.com/ads.html because other extension (HTTPS Everywhere) redirected it to https://www.domain.com/ads.html.
Here is the screen:
No errors.
As described above
I've been running ghostery with HTTPS Everywhere since few weeks and this error showed just now, so I'm not sure how to reproduce it. I don't get it (so far) on Chromium although I have synced it with the same account.
The v8.2.5 release on Firefox is prompting users to re-accept Ghostery's permissions via an upgrade dialog. This is triggered by #234, which allows Ghostery to catch trackers and ads served over WebSockets ("ws://*/*", "wss://*/*"). This is the only permission that was changed and it has not triggered a similar permission dialog in Chrome or Opera.
There's an open Bugzilla bug to address why Firefox is forcing users to acknowledge permissions again:
"Adding ftp/ws/wss permissions should not trigger extension permission warnings on extension upgrade"
See e5f9ef7.
Proper documentation is worth at least half of the quality of a codebase.
Erasing the Git history means arbitrarily ripping out half of the documentation.
How is anyone supposed to work upon that codebase if they can't figure out why it is the way it is?
It's a shame that this seems to have become the standard for "we're open sourcing this proprietary piece of software". If you don't want to hand out the full codebase then perhaps just keep this small rest of it to yourself as well.
Firefox 58.0.2 (64-bit)
Windows 10 Pro, build 1709 16299.125
Tried to install ghostery-firefox-v8.1.0.xpi from github.
First of all, thanks for making Ghostery open source.
I am considering maintaining Ghostery in the Debian distribution. For that, it would be a big help if you provided a PGP-signed source tarball. You cann add a signature file for the source tarball to the release on GitHub.
Thanks!
The pause button pauses Ghostery, across all pages. It would be nice to have the time-limited pause options for only one site/domain, or even better for only one browser tab.
I expect to be able to pause Ghostery in order to diagnose a problem, complete a purchase, etc on a webpage, without disabling it everywhere.
I pause Ghostery to complete a specific task in a specific browser tab, but I'm exposed to tracking on any browser page that loads/reloads. An alternative would be to use the Trust button, but then I lose the ability to time-limit the change, and risk forgetting to undo the Trust.
When using JSFiddle, my browser's console shows uncaught TypeErrors from the Ghostery extension script whenever I click after one of these characters (,),[,],},} (when it's the last character on the line) in the editor field.
NB: I've seen it in other situations/on other websites happening as well, but this is just an example.
Nothing / No errors in the console
The console shows this error: Uncaught TypeError: Cannot read property 'href' of null at u (content_script_bundle.js:1). It occurs at line 1, character 26556 (e.target.parentNode.href).
when visiting some sites, ghostery uses 100% CPU
chrome will report that ghostery has been killed. the web page being visited remains as-is.
use CPU for some time, then stop using it.
uses 100% CPU
using chrome visit:
wait for few seconds. the cpu will go up.
look up the PID of the process using most of this CPU (e.g. use top)
Kill the pid that is using the CPU
8.1.0, using Chrome under Linux.
The adverts on my Tab For A Cause homepage are blocked from appearing
For the ads to be shown on this page so that I can generate revenue for the company
No adverts appear on the page
Ghostery does not keep me logged-in
I would expect that once logged in to Ghostery on a PC That Ghostery stays logged-in between sessions, Is is not what happens. Every now and then I have to log-in again.
Last update today or yesterday broke a lot of links in my Chrome, either left or middle clic.
A message "pop-up blocked" appears in the url toolbar.
I have no other choice but to disable Ghostery for now 😢
It affects a lots of websites. Sometimes the link is working somehow.
Steps to reproduce I'm submitting always fail.
It works fine (as usual) when deactivating Ghostery.
Important note:
I'm using Chrome beta (but never had issue with ghostery before)
[pop-ups are blocked by default in Chrome]
Url is opened, either in current tab (left click) or another (middle click)
A message "pop-up blocked" appears in the url toolbar.
Other sample:
iframes do not load for certain url's
iframes should all load normally when all trackers are enabled
only when Ghostery is set to pause, all iframes are loaded. If Ghostery is active, the public gmail calenar of [email protected] will not load. The youtube video loads correctly.
I have a weird issue that when ghostery is enabled on chrome a CORS image request fails. I can repo it in our app (requires a paid subscription to get to issue) but I can't in an isolated repo or jsfiddle.
The headers for the response set on the server are
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Origin: https://www.shutterstock.com
Cache-Control: private,max-age=3600
Connection: keep-alive
Content-Disposition: attachment; filename=shutterstock_383564641.jpg
Content-Length: 3220700
Content-Type: image/jpeg
Date: Wed, 05 Dec 2018 18:28:59 GMT
Etag: "0ca4c428ed909bc4af0878b05d682b7a"
Expires: Wed, 05 Dec 2018 19:28:59 GMT
Server: nginx
Vary: Origin
X-Sstk-Trans-Id: 43ca4749-afd0-4e2b-b3fa-9539a29eaeb5
X-Stored-Location: shutterstock-media-photo-prod:15/25d/f22/80d4/3f59/383564641/huge.jpg
and I an requesting it with this setup
const img = new Image;
img.crossOrigin = "use-credentials";
img.src = imageURL;The error that appears in the console is
origin ‘null’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
I have no idea how the origin can go from https://www.shutterstock.com to null. I really wish I could repo it out side of our app but I can't seem to figure it out. I set up an express server to serve an image with the exact same headers but no luck.
a CORS download should work with ghostery on or off.
image throws error origin ‘null’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
😭
8.2.6
Ghostery blocks requests made to braintree through its client-side javascript SDK.
This prevents a user from completing the checkout flow with Ghostery enabled.
I expected that Ghostery would not block a request made to Braintree.
Ghostery blocked a request to braintree.
Failed to load https://api.braintreegateway.com/merchants/hgkc8vphzdyxjzsx/client_api/v1/configuration?tokenizationKey=production_wfvvry6v_hgkc8vphzdyxjzsx&_meta%5BmerchantAppId%5D=www.privateinternetaccess.com&_meta%5Bplatform%5D=web&_meta%5BsdkVersion%5D=3.21.0&_meta%5Bsource%5D=client&_meta%5Bintegration%5D=custom&_meta%5BintegrationType%5D=custom&_meta%5BsessionId%5D=42b1e22c-bd28-450f-9371-94c29433235e&braintreeLibraryVersion=braintree%2Fweb%2F3.21.0&configVersion=3: Response for preflight is invalid (redirect)
button.js.erb:61 Error creating client: BraintreeError: Cannot contact the gateway at this time.
Ghostery Blocks the content.js file from JSON Formatter (Chrome Extension)
A possibility to add scripts from other chrome extensions to a Whitelist.
The Json Formatter Extension is useless since all its functions are in that on content.js file which gets blocked. I think it must be blocked by one of the Entries in the Ad Categorie since those are the only ones I have set to block. Right now I don't have the time to check one by one which exactly it is.
Feature request. Pretend accepting ads to avoid rejection of content
Some websites tests for ad blockers and if detected they reject to display their content. By pretending to accept the ads while actually blocking them, such websites would display their content to the user.
Nothing to reproduce since it's a request of a new feature.
It looks like Ghostery is accessing or modifying headers that will not be available by default in Chrome 72 (currently on the dev channel). These include:
Request headers:
Response headers:
To access these headers you will need to add 'extraHeaders' in the extraInfoSpec of the relevant webRequest listeners.
See the post on the chromium-extensions Google Group for more info: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-extensions/vYIaeezZwfQ
While I run google maps pages, it gets very slow if I have ghostery enabled. I think this is because google maps keeps sending data constantly to multiple sources and ghostery is blocking it and google maps might be waiting for callback or something and it slows down. Problem gets fixed if I disable ghostery for google maps pages. My laptop starts warming up and fans start spinning loudly, this usually never happens when browsing web content or even watching videos 1080p or less.
This might be issue that may need to be fixed on google maps side. But I think the plugin could have some kinda notice that for example: "current page is taking long time to load, would you like to add it to the trusted sites so it loads faster. This might effect your privacy and so on.."
I think it would be wise to inform the user that it might be easier to view page without the plugin in some cases. Or have an option that disables just some of the content or some kinda profile filtering for this kinda of cases of websites.
Google maps pages to work fine. No fans spinning and no waiting long time to do any action.
Google maps getting slow, whole browser freezing up, taking long time to do any action. Waiting for zoom level to change or moving around the map. Laptop fans start spinning loudly, because laptop is warming up.
Hi,
When Ghostery plugin is activated under Firefox 59.0.x, the word "Explorer" is briefly displayed on online blank pages during refresh and also during javascript redirections.
I've noticed this bahavior on my WIP website, but also on random sites on the internet. (only online pages are affected. HTML page created on the desktop are not affected)
Note : when you refresh an empty web page with a dark background, there is also a white ghost that briefly appears at the top (probably caused by a lag with CSS).
[Description of the bug or feature]
When the user enabled anti-tracking on edge, the user can't open a ppt file online with O365
Open a ppt online file successful
Here is request header:
POST https://ppc-powerpoint.officeapps.live.com/pods/PowerPoint.ashx?openEarly=true HTTP/1.1
Origin: https://ppc-powerpoint.officeapps.live.com
Referer: https://ppc-powerpoint.officeapps.live.com/pods/ppt.aspx?wdPodsUrl=https%3A%2F%2Fppc-powerpoint.officeapps.live.com%2Fpods%2F&wdPopsUrl=https%3A%2F%2Fppc-powerpoint.officeapps.live.com%2F&fastBoot=true&sw=1260&sh=487&thPanel=540&ro=false&NoAuth=1&fileName=Presentation111.pptx&wdoverrides=devicepixelratio:1.25,RenderGifSlideShow:true&ui=en-US&rs=en-US&mscc=1&wdFR=1&wdOrigin=Other&postMessageToken=967F989E-20B1-0000-B051-5C7603223485&fs=68990&hid=967F989E-20B1-0000-B051-5C7603223485&fileGetUrlBool=true
Accept: /
Accept-Language: en-US,en;q=0.5
Content-Type: application/json; charset=utf-8
DevicePixelRatio: 1.25
Pid: ...84f98045-7a29-c39d-bcf9-61b4f3222887-.-.-.
PodSID: ...84f98045-7a29-c39d-bcf9-61b4f3222887-.-.-.
si:
SlideHeight: 683
SlideWidth: 1575
X-OfficeVersion: 16.0.11010.37552
X-PageUrl: https://ppc-powerpoint.officeapps.live.com/pods/ppt.aspx?wdPodsUrl=https%3A%2F%2Fppc-powerpoint.officeapps.live.com%2Fpods%2F&wdPopsUrl=https%3A%2F%2Fppc-powerpoint.officeapps.live.com%2F&fastBoot=true&sw=1260&sh=487&thPanel=540&ro=false&NoAuth=1&fileName=Presentation111.pptx&wdoverrides=devicepixelratio:1.25,RenderGifSlideShow:true&ui=en-US&rs=en-US&mscc=1&wdFR=1&wdOrigin=Other&postMessageToken=967F989E-20B1-0000-B051-5C7603223485&fs=68990&hid=967F989E-20B1-0000-B051-5C7603223485&fileGetUrlBool=true
X-UserSessionId: d7d13dee-3591-4988-b096-cfec30a125f8
X-UserType: WOPI
X-WacCluster: PP3
X-WacNoAuth: 1
X-xhr: 1
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763
Host: ppc-powerpoint.officeapps.live.com
Content-Length: 56
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: PP3-ARRAffinity=0899b86992e172fa8691f02b4ef0df1f186654f5622a62f597219c5e3c3bfb64; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000; DcLcid=ui=1033&data=1033; MSCC=63675171278
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 5439
Content-Type: application/json; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Set-Cookie:
X-CorrelationId: 99d4f1f6-3c90-40d8-b7b8-c75d85286bab
X-UserSessionId: d7d13dee-3591-4988-b096-cfec30a125f8
Strict-Transport-Security: max-age=31536000
Timing-Allow-Origin: *
X-OfficeFE: BY3PEPF00000BB1
X-OfficeVersion: 16.0.11010.37552
X-OfficeCluster: PP3
Access-Control-Allow-Origin: https://ppc-powerpoint.officeapps.live.com
Access-Control-Expose-Headers: si, esid, X-EndSession, X-CorrelationID, X-OfficeFE, X-NewKey, Pid, SlideWidth, SlideHeight
Content-Disposition: attachment
X-PodInstance: by3pepf00000bbe
X-BootTelemetry: {"documentFlushTime":1539574635648,"downloadStartMs":1539574634742,"downloadEndMs":1539574635336,"downloadSize":68990,"incDownload":false,"bootStartMs":1539574634742,"bootEndMs":1539574635633,"officeAppEndpoint":"PP3","officeServerVersion":"16.0.11010.37552","downloadCorrelation":"b21b7a3d-e98c-4745-9c15-cf8fbf86d87b"}
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-GetCellServerTelemetry: {"OpenEarlyServerReceivedTime":"1539574635148","OpenEarlyServerFoundBaseDocTime":"1539574635633","OpenEarlyServerEndTime":"1539574635648"}
X-OFFICEFD: BY3PEPF00000BA2
X-MSEdge-Ref: Ref A: 283D650C1AED4DA69181FE2CFF0EB1ED Ref B: TYO01EDGE1110 Ref C: 2018-10-15T03:37:15Z
Date: Mon, 15 Oct 2018 03:37:14 GMT
[What you expected to happen]
It remove many request header then open ppt file failed on edge.
Here is the request header after enable anti-tracking on edge:
POST http://chaxu-ws.fareast.corp.microsoft.com/pods/PowerPoint.ashx?openEarly=true HTTP/1.1
Origin: http://chaxu-ws.fareast.corp.microsoft.com
Referer: http://chaxu-ws.fareast.corp.microsoft.com/pods/ppt.aspx?wdPodsUrl=http%3A%2F%2Fchaxu-ws.fareast.corp.microsoft.com%2Fpods%2F&wdPopsUrl=http%3A%2F%2Fchaxu-ws.fareast.corp.microsoft.com%2F&fastBoot=true&sw=1260&sh=487&thPanel=540&ro=false&NoAuth=1&fileName=test_thumbnail.pptx&wdoverrides=devicepixelratio:1.25,RenderGifSlideShow:true&wdOrigin=BlueChicken&postMessageToken=852f0480-eb85-4e31-9b6e-6effeb4cc9b6&hid=852f0480-eb85-4e31-9b6e-6effeb4cc9b6&fileGetUrlBool=true
Accept: /
Accept-Language: en-US,en;q=0.5
Content-Type: application/json; charset=utf-8
DevicePixelRatio: 1.25
Pid: ...292b9fa5-3c56-dcbd-e98c-94786f4ae649-.-.-.
PodSID: ...292b9fa5-3c56-dcbd-e98c-94786f4ae649-.-.-.
si:
SlideHeight: 608
SlideWidth: 1575
X-OfficeVersion: 16.0.10928.30000
X-PageUrl: http://chaxu-ws.fareast.corp.microsoft.com/pods/ppt.aspx?wdPodsUrl=http%3A%2F%2Fchaxu-ws.fareast.corp.microsoft.com%2Fpods%2F&wdPopsUrl=http%3A%2F%2Fchaxu-ws.fareast.corp.microsoft.com%2F&fastBoot=true&sw=1260&sh=487&thPanel=540&ro=false&NoAuth=1&fileName=test_thumbnail.pptx&wdoverrides=devicepixelratio:1.25,RenderGifSlideShow:true&wdOrigin=BlueChicken&postMessageToken=852f0480-eb85-4e31-9b6e-6effeb4cc9b6&hid=852f0480-eb85-4e31-9b6e-6effeb4cc9b6&fileGetUrlBool=true
X-UserSessionId: bd9abeb6-9319-4c12-8af6-208fe01c752a
X-UserType: WOPI
X-WacCluster: DC2
X-WacNoAuth: 1
X-xhr: 1
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763
Content-Length: 56
Host: chaxu-ws.fareast.corp.microsoft.com
Connection: Keep-Alive
Pragma: no-cache
Cookie: MicrosoftApplicationsTelemetryDeviceId=346f445d-871b-4263-96fb-0432b14975e3; MicrosoftApplicationsTelemetryFirstLaunchTime=2018-10-15T09:31:38.759Z; PptRibbon.Home=1536138%7C-1%7C141; DC2-ARRAffinity=c5b6ce9dcaf9bcd1491290817f1869fc69ec1bd81727ba0b3c138a4e769f49ea; DcLcid=ui=1033&data=1033; path=anonymous; ODSIAuth=GN=R3Vlc3Q=&SN=MjY2Nzc4MDU=&IT=NTI0ODQzNzk0NTI1MzQyNjM5NQ==&PU=MjY2Nzc4MDU=&SR=YW5vbnltb3Vz&TZ=MTExOQ==&SA=RmFsc2U=&LE=RmFsc2U=&AG=VHJ1ZQ==&RH=1i8Wh7wpT8P8Y__2zpBL3nm73mXbGkqCE_auN_ZiVvs=; wachost=chaxu-ws.fareast.corp.microsoft.com; BIGipCookie=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 7467
Content-Type: application/json; charset=utf-8
Content-Encoding: gzip
Expires: -1
Server: Microsoft-IIS/10.0
P3P: CP="CAO DSP COR ADMa DEV CONi TELi CUR PSA PSD TAI IVDi OUR SAMi BUS DEM NAV STA UNI COM INT PHY ONL FIN PUR"
Set-Cookie:
X-CorrelationId: 9bdece0d-672b-428b-b4f6-1f398dc34270
X-UserSessionId: bd9abeb6-9319-4c12-8af6-208fe01c752a
Strict-Transport-Security: max-age=31536000
Timing-Allow-Origin: *
X-OfficeFE: CHAXU-WS
X-OfficeVersion: 16.0.10928.30000
X-OfficeCluster: DC2
Access-Control-Allow-Origin: http://chaxu-ws.fareast.corp.microsoft.com
Access-Control-Expose-Headers: si, esid, X-EndSession, X-CorrelationID, X-OfficeFE, X-NewKey, Pid, SlideWidth, SlideHeight
X-PodInstance: CHAXU-WS
X-Content-Type-Options: nosniff
X-Download-Options: noopen
Content-Disposition: attachment
X-LastPodRCLocation: CHAXU-WS
X-BootTelemetry: {"documentFlushTime":1539595936009,"downloadStartMs":1539595927286,"downloadEndMs":1539595927372,"downloadSize":717086,"incDownload":true,"bootStartMs":1539595927286,"bootEndMs":1539595935981,"officeAppEndpoint":"DC2","officeServerVersion":"16.0.10928.30000"}
X-GetCellServerTelemetry: {"OpenEarlyServerReceivedTime":"1539595928101","OpenEarlyServerFoundBaseDocTime":"1539595935981","OpenEarlyServerEndTime":"1539595936009"}
X-OFFICEFD: CHAXU-WS
Date: Mon, 15 Oct 2018 09:32:15 GMT
[What actually happened]
When I open a local file via file: protocol, and that file includes an iframe via https: protocol, Ghostery unexpectedly inserts a rule into the iframe that suppresses some content - specifically, any element with class "clickable".
Nothing. Ghostery says it only scans http and https pages; I wouldn't expect it to do anything in this case, let alone this.
Ghostery appears to insert <style type="text/css" id="cliqz-adblokcer-css-rules"> :root .clickable {display:none !important;}</style> to the <head> element of the iframe, causing some of its content to be suppressed.
file: protocol, while running Ghostery for Chrome 8.2.0Note that paragraph 2 inside the iframe is no longer visible. This appears to be due to Ghostery unexpectedly inserting a rule into the iframe page's <head> element.
This appears to happen only when the parent page is accessed via file:, and the child page via https: (or http:). No other combination, including visiting the child page directly, appears to cause Ghostery to insert this rule.
(I know it seems super unlikely that anyone would run into this in the wild - but I did, via work on a platform that involves third-party JavaScript and iframes. It was super confusing until I figured out Ghostery was messing with me, likely inadvertently.)
I'm trying to do some research which involves stateless crawling with Chrome on many distributed machines, and I'd like to have Ghostery running in each browser. I am having an issue because the first-run page always pops up. Is there a simple way to disable first run/update pages programmatically in the extension code somewhere?
Thanks!
This is not a bug or a feature request (so if you want to close it I won't mind :)
I would just like to mention I would very much like to see ghostery more "advertised" as a FOSS project. Maybe with a link to github as well.
I say this because, beside the blog post of opensourcing ghostery, I could not find anything else about it and I really believe it's worth mentioning that it is proudly open-source!
Why the heck Ghostery try every 5 min to connect to ghostery-collector.ghostery.com?
Firefox Nigthly
Ghostery 8.2.4
Windows 10
For a month I can't send data about a new tracker through the site ghostery.com. Tell me, how else can i send this data to the ghostery team?
Middle clicking a link to open it in a new tab triggers the chrome popup blocker and does not open the new tab.
Issue was concurrent with issue #310 and is behavior similar to if not exactly the same as #254 , which is a closed issue, so I'm opening a new one in hopes it gets someone's attention. Other users reporting the same problem in #254.
https://www.reddit.com/r/Ghostery/comments/aedrcs/ghostery_broke_full_screen_video_in_chrome/
https://www.reddit.com/r/chrome/comments/aeeirm/chrome_now_blocks_middle_clicking_to_a_new_tab_on/
https://bugs.chromium.org/p/chromium/issues/detail?id=918268
A new tab to open when a link is clicked using the middle mouse button.
Pop-up blocker catches the new tab and does not open it without user intervention/exception acceptance.
I noticed the following warning in my console:
loading pref showConsoleLogs before prefs were initialised, you will not get the correct result
This was emitted from the Ghostery extension content-bundle.js file. Upon closer examination that statement is emitted from here and is emitted because init() is not called before reading the prefs. I suspect then that it could be fixed by calling init on the created App instance here
Not to see a console statement on every page load.
I see a console statement.
Recently, I've been trying to love (and trust) Ghostery again. I've mainly only used it up to version 5 (around which time I felt it lost its way). Anyway, Ive now been using version 8, and it is nicely done. A part from the Enhanced Anti Tracking which doesn't seem to put anything in the detailed view it provides useful visibility on what it's doing. However, there is one thing that's bothering me and I'm wondering if it's a feature or a bug.
At browser start up I see Ghostery making an awful lot of connections to the internet:
cdn.ghostery.com
cmp-cdn.ghostery.com
api.ghostery.net
cdn.ghostery.net (3 times)
collector-hpn.ghostery.net
One of these fetches a very significant amount of data on every start. Doesn't matter if you close Firefox and immediately restart, down it all comes again. Uncheck the: Enable automatic updates from the Ghostery tracker library... and it still comes down each time. It feels either very inefficient, or like a bug.
I'd be interested to know what these many domains are for and whether there is any documentation on the various connections being made at start up?
Cheers.
Browser: Firefox
OS: Windows
Ghostery: 8.3.0
We actively work to deliver this functionality to Ghostery 10. Expect custom filter editor ready in June when Ghostery 10 will be launched to Chrome store.
Not sure how this would work, but i think it would be good to allow the inclusion of other Filters beside the traditional EasyList.
Same as #149
Ghostery for Chrome version 8.2.4
URL: https://api.braintreegateway.com/merchants/....
Returns 307 from Ghostery.
Non-Authoritative-Reason: Delegate
Not blocking payment forms
Payment form is blocked
This is not exactly a bug, but something i believe worth working on.
I understand that comparing addons is not exactly your intentions, but the fact is that users will do so even if you don't want them to.
I've been using ublock origin a few years already. After the switch to Ghostery i immediately noticed it slowed down my browser.
Now, the tech behind Ghostery is attractive (AI and so on), but ublock is also a great content blocker. In fact enough for most users.
My suggestion is compare Ghostery with other top blockers (ublock orgin, adblock plus, adblock edge, etc) and work on it so that it became at least as lite as the lightest competitor
With extension v8.2.4, I noticed today that it try to connect to 10.0.4.162 or 10.0.5.141, why ?
If this extension is disabled in my browser, there is no request to previous IPs anymore, so it seems to be triggered by ghostery !?
No request to internal network addresses.
TCP request sent to previous IPs.
Ghostery is blocking the input-file HTML preventing the user from selecting a file.
By desactivating completly the extension, it works.
You can see the bug here: https://streamable.com/rqxyz
Description
Ghostery ought to have a "Trust on all sites" button for each tracker to prevent blocking the tracker on any site.
Expected Behavior
When pressed on one site the tracker should not be restricted ot blocked on any other site. Say I want to trust the Facebook social Like button, I would like to do so on all sites no matter where, to make me able to like a site I come across.
Actual Behavior
In the list of trackers (detailed view) there is three buttons for each tracker to either "Trust on this site", "Restrict on this site" and "Block on all sites", but no "Trust on all sites".
Steps to Reproduce
When trying to log into Freecharge website with ghostery switched on, the website says something went wrong and does not allow a log in, but with Ghostery turned off, the log in is successful.
Log in should be successful with Ghostery turned on.
Log in unsuccessful.
Wordpress 'Select Files' dialog doesn't show up. After disabling Ghostery, everything works as expected.
The dialog should appear, allowing you to select a file.
Nothing - and no errors in JS console.
MediaAdd newSelect FilesWe've been adding video upload features to our open source citizens participation application. After quite a bit of debugging we've found that Ghostery blocks our direct uploads to Amazon S3 using pre signed URLs. The reason is that Ghostery rewrites the outgoing PUT query string parameter from "x-amz-acl: bucket-owner-full-control" to "x-amz-acl: ghostery" invalidating the signature on that URL.
Here is the relevant code from our side: https://github.com/CitizensFoundation/your-priorities-app/blob/master/client_app/src/yp-file-upload/yp-file-upload.html#L759
We expect Ghostery not to rewrite our x-amz-acl query parameter to ghostery and to be able to upload files directly to S3 without 403 errors.
Ghosty rewrites the query string parameter from "x-amz-acl: bucket-owner-full-control" to "x-amz-acl: ghostery" invalidating the signature on that URL.
I am not sure how often it resets exactly, sometimes it's within the minute, other times it could take up to a few hours, but when navigating on Youtube with Ghostery, the light theme keeps coming back even if I put the dark mode on. It no longer does it if I turn off the extension.
Keep my Dark Theme on Youtube.
Doesn't keep the dark theme, goes back to light theme.
I use Ghostery to detect and list installed trackers, not to block them. Thus it is configured to accept every tracker.
But I notice an error in the Google Chrome console saying "net::ERR_BLOCKED_BY_CLIENT" which is typical of a network request being blocked by an Ad blocker
The Ghostery panels says no tag were blocked. But this isn't what happens here
Don't block any tag when configured to accept all
At least AdWords remarketing hits are being blocked on https://www.resoneo.com/
with net::ERR_BLOCKED_BY_CLIENT
5. look at Ghostery panel : saying no tracker blocked
If you go to https://www.reddit.com/ you get way more trackers being blocked
Ghostery 8.1.0
This code doesn’t have Safari support. Old ghostery versions up to 5.4.11 supported Safari.
Do you have an pointers on how to re-introduce Safari support? Are you interested to get Safari support into this code base at all?
Clicking on Full Screen icon on Youtube and many other video sites is not working. It does not make the video full screen.
Clicking on the Full Screen icon should enable the video in full screen mode.
Nothing happens.
Enabling the extension causes this problem. If the extension is disabled, the problem goes away.
Ghostery for Chrome version 8.2.6
Browser:
Chrome - Version 71.0.3578.98 (Official Build) (64-bit)
OS:
Window 10
Node:
NPM:
Looks like Ghostery started to automatically replace http with https (note the s) in IMG element’s src attribute. This breaks external images located on HTTP sites that don’t have HTTPS version.
Tested with a new clean profile with Ghostery installed as the only extension. Disabling Ghostery as an extension via Firefox extension manager does help.
Ghostery should not touch regular (not related to trackers or advertisement) images, at least by default. Images should work by default. Such web-incompatible features should be opt-in.
Just replacing http with https does not magically make all sites working via HTTPS.
External (located on a host different from the host the page is located on) HTTP images on HTTPS sites do not load if the external site does not have an HTTPS version.
Image is displayed instead of the actual image.currentURL is not defined in content_script_bundle.js on line 13.
No console error.
Console error appears.
I've only noticed this on my website here, and it could be something to do with the Service Worker... Unfortunately I cannot get it to consistently occur, but I do know that it occurs on both my work computer and home computer (different computers, but same OS and browser).
When I was developing the service worker this error was happening often, but when only casually viewing the front-end it does not happen as often. If I can expectedly reproduce this I will certainly update this issue.
If I just load the site linked above and open the console and wait, it appears after a while (30-60s). I don't know if scrolling or clicking non-linked areas affect it.
Firefox 63.0a1 (2018-07-19) (64-bit) Ghostery blocks everything even things on your whitelist
Ghostery to only block trackers that you have selected
Ghostery is blocking all trackers even whitelisted
German translation issue:
The phrase "Navigate to another page and I promise I'll deliver the goods." cannot be directly translated to "Navigieren Sie zu einer anderen Seite und ich verspreche, dass ich liefern werde."
I don't speak English good enough to understand the meaning of "deliver the goods", so please ask somebody else for the correct translation.
[What actually happened]
IPFS Companion is a browser extension that enables users to detect content-addressed resources on websites and redirect them to a local IPFS2HTTP gateway (localhost or LAN).
It seems that when Ghostery is enabled and user loads a HTTPS website with content-addressed IPFS resources, Ghostery breaks the gateway redirect by forcing HTTPS even if user chose to use a localhost or LAN gateway exposed on HTTP.
More details: ipfs/ipfs-companion#466
Ghostery should detect and respect internal redirects (HTTP 307) made by other extensions.
Note that HTTPS Everywhere does not break the same website.
Ghostery always upgrades URL of HTTP 307 to HTTPS, breaking IPFS websites:
https:// instead of redirected http:// (like in this screenshot)Hi,
citing from your code of conduct:
In particular, we don't tolerate behavior that excludes people in socially marginalized groups.
Please consider children and adolescents a socially marginalised group. By hosting the code exclusively on GitHub, all contributors under the age of 13 years are excluded, and under most jurisdictions, people under the age of 18 have a major legal hassle contributing that can be reduced to a minimum.
Therefore, in accordance with your code of conduct, please do at least one of the following, in order of preference:
If you wonder why children should matter for your project: Obviously, children do use web browsers, and if you want to protect web users, you should also consider young users. In a free software world, all users are welcome contributors. In practice, we (at Teckids, the FOSS youth organisation) we regularly see contributing children, nad in a survey conducted among students between 10 and 15 years, more than two thirds stated they wish for being able to contribute to the software they use. You can find
For further details, you might want to have a look at the following two FOSDEM talks:
https://fosdem.org/2018/schedule/event/education_im/
https://fosdem.org/2018/schedule/event/too_young_to_rock_n_roll/
Thanks for taking this serious,
Nik, as head of Teckids e.V., the free software youth organisation
--
Dominik George (1. Vorstandsvorsitzender, pädagogischer Leiter)
Teckids e.V. - Erkunden, Entdecken, Erfinden.
https://www.teckids.org/
Ghostery shows a purple box when browsing.
Ghostery does not show a purple box when browsing.
Ghostery shows a purple box when browsing.
Please provide functionality to disable the purple box as it is obtrusive (covers web page content).
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.