-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Filter out Dialog Insight trackers from URLs #22082
Labels
OS/Android
Fixes related to Android browser functionality
OS/Desktop
privacy/query-filter
privacy
QA Pass - Android ARM
QA Pass-macOS
QA/Test-Plan-Specified
QA/Yes
release-notes/include
Milestone
Comments
fmarier
added
privacy
OS/Android
Fixes related to Android browser functionality
OS/Desktop
privacy/query-filter
labels
Apr 4, 2022
fmarier
added a commit
to brave/brave-core
that referenced
this issue
Apr 5, 2022
25 tasks
Verified
|
Brave | 1.39.51 Chromium: 100.0.4896.88 (Official Build) nightly (x86_64) |
---|---|
Revision | 4450653bfa91182e85723d8f1dee64dd6ce40ed4-refs/branch-heads/4896@{#1086} |
OS | macOS Version 11.6.5 (Build 20G527) |
Steps:
- installed
1.39.51
- launched Brave
- loaded
https://brave.com/?oft_id=946&oft_k=1Enu&oft_lk=kea&oft_d=637
Ensured that the four (4) tracking parameters were dropped via an internal (Brave) redirect, ending up just https://brave.com/
Verification PASSED on
STR/Cases used as per brave/brave-core#12893 (comment):
Ensured that the four (4) tracking parameters were dropped via an internal (Brave) redirect, ending up just |
avinassh
pushed a commit
to avinassh/brave-browser-hardening
that referenced
this issue
May 29, 2022
- Added Solana support for account creation, sending SOL and sending SPL tokens with Brave Wallet. ([#22348](brave/brave-browser#22348)) - Added the ability to buy with Ramp using Brave Wallet. ([#21639](brave/brave-browser#21639)) - Added JSONSanitizer to API helper requests for Brave Wallet. ([#21831](brave/brave-browser#21831)) - Added Dapp UI for requesting a public key and for decrypting ciphers using Brave Wallet. ([#21177](brave/brave-browser#21177)) - Added web3_clientVersion support for Brave Wallet. ([#19278](brave/brave-browser#19278)) - Added the ability to allow users to search sites for RSS feeds for Brave News. ([#21768](brave/brave-browser#21768)) - Added support for blob partitioning. ([#21746](brave/brave-browser#21746)) - Added minimum macOS version for Sparkle update process. ([#22918](brave/brave-browser#22918)) - [Security] Blocked "window.ethereum" completely in third party iframes. ([#22686](brave/brave-browser#22686)) - [Security] Updated Brave Wallet panel to prominently display eTLD+1 as reported on HackerOne by renekroka. ([#21787](brave/brave-browser#21787)) - [Security] Fixed incorrect origin being displayed in Brave Wallet when a spend approval is pending. ([#19557](brave/brave-browser#19557)) - Implemented eth_getEncryptionPublicKey for Brave Wallet. ([#19276](brave/brave-browser#19276)) - Implemented account discovery when restoring Brave Wallet. ([#18104](brave/brave-browser#18104)) - Updated Omaha installer version for Windows to v1.3.36.113. ([#22060](brave/brave-browser#22060)) - Updated default IPFS configuration values. ([#22068](brave/brave-browser#22068)) - Updated Gas Limit validation and error messaging for unapproved transactions with Brave Wallet. ([#21714](brave/brave-browser#21714)) - Updated Brave Wallet to automatically add swap taker asset to the visible asset list. ([#21428](brave/brave-browser#21428)) - Updated Brave Wallet portfolio network filter for multichain support. ([#20780](brave/brave-browser#20780)) - Reduced adblock filter memory usage by optimizing unused regex rules. ([#21970](brave/brave-browser#21970)) - Removed known Dialog Insight user tracking parameters from URLs. ([#22082](brave/brave-browser#22082)) - Removed ability to swap ERC721 tokens with Brave Wallet. ([#21550](brave/brave-browser#21550)) - Fixed crash which occurred when opening Brave Shields while using Google Meet. ([#22814](brave/brave-browser#22814)) - Fixed inability to rename Solana account in Brave Wallet after it has been created. ([#22958](brave/brave-browser#22958)) - Fixed incorrectly computed insufficient funds errors in Brave Wallet. ([#22877](brave/brave-browser#22877)) - Fixed ERC20 and ERC721 transfers being incorrectly displayed as ETH transfers in the Brave Wallet transactions panel. ([#22044](brave/brave-browser#22044)) - Fixed text alignment issues under the Brave Wallet "Recent transactions" panel when using long account names. ([#21216](brave/brave-browser#21216)) - Fixed breakage in webpack build caused by OpenSSL 3.0. ([#22305](brave/brave-browser#22305)) - Fixed two windows being opened on launch when the browser was installed without administrator privileges on Windows. ([#22179](brave/brave-browser#22179)) - Upgraded Chromium to 102.0.5005.61. ([#22923](brave/brave-browser#22923)) ([Changelog for 102.0.5005.61](https://chromium.googlesource.com/chromium/src/+log/101.0.4951.67..102.0.5005.61?pretty=fuller&n=1000))
avinassh
pushed a commit
to avinassh/brave-browser-hardening
that referenced
this issue
May 29, 2022
- Added Brave Firewall + VPN. ([#12197](brave/brave-browser#12197)) - Added support for blob partitioning. ([#21746](brave/brave-browser#21746)) - Implemented eth_getEncryptionPublicKey for Brave Wallet. ([#19276](brave/brave-browser#19276)) - Reduced adblock filter memory usage by optimizing unused regex rules. ([#21970](brave/brave-browser#21970)) - Removed known Dialog Insight user tracking parameters from URLs. ([#22082](brave/brave-browser#22082)) - Fixed breakage in webpack build caused by OpenSSL 3.0. ([#22305](brave/brave-browser#22305)) - Fixed pending bell icon under Brave Wallet not being displayed when new unapproved requests are created. ([#21654](brave/brave-browser#21654)) - Fixed expand icon under Brave Shields using incorrect color when the Privacy Hub has been enabled. ([#22049](brave/brave-browser#22049)) - Upgraded Chromium to 102.0.5005.61. ([#22923](brave/brave-browser#22923)) ([Changelog for 102.0.5005.61](https://chromium.googlesource.com/chromium/src/+log/101.0.4951.67..102.0.5005.61?pretty=fuller&n=1000))
lyubomyr-shaydariv
added a commit
to lyubomyr-shaydariv/uu-webext
that referenced
this issue
Jun 15, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
OS/Android
Fixes related to Android browser functionality
OS/Desktop
privacy/query-filter
privacy
QA Pass - Android ARM
QA Pass-macOS
QA/Test-Plan-Specified
QA/Yes
release-notes/include
I found this in a Qtrade email:
It's a CNAME to
ofsys.com
:and sure enough the final link ends up being decorated with extra query string parameters:
oft_id
,oft_k
,oft_lk
andoft_d
. The unsubscribe link doesn't use any of these query parameters but bothoft_id
andoft_k
are present in the path, the same ones used in the image tracker.There are lots of examples in the wild. My best guess is that these parameters are useful in conversion tracking on external e-commerce platforms.
I found a landing page in a GitHub repo but it doesn't seem to have any real JS code running (other than an animation).
For user journey tracking:
there is a Dialog Insight script to add the scripts looks like this one, as found on this website. The script is already in EasyPrivacy.
The full unminified source code was accidentally left online and so this is the full list of parameters they use:
It seems like they can identify individual visitors based on any of the parameters, except for
oft_campaign
:This links to another tracker though I didn't find anything interesting there.
The text was updated successfully, but these errors were encountered: