storage.googleapis.com (again)

[terrorist96]

http://gtspirit.com/2017/09/08/japans-aspark-owl-electric-supercar-debut-frankfurt-0-100-2s/

storage.googleapis.com blocks image slideshow.
Wasn't this supposed to have been fixed in #1409/#1459?

**** ACTION_MAP for storage.googleapis.com
VM192:5 commondatastorage.googleapis.com {
  "dnt": false,
  "heuristicAction": "allow",
  "nextUpdateTime": 1494908234705,
  "userAction": ""
}
VM192:5 gadasource.storage.googleapis.com {
  "dnt": false,
  "heuristicAction": "cookieblock",
  "nextUpdateTime": 1496333782742,
  "userAction": ""
}
VM192:5 gweb-earth.storage.googleapis.com {
  "dnt": false,
  "heuristicAction": "",
  "nextUpdateTime": 1493062100772,
  "userAction": ""
}
VM192:5 patentimages.storage.googleapis.com {
  "dnt": false,
  "heuristicAction": "",
  "nextUpdateTime": 1493798564927,
  "userAction": ""
}
VM192:5 static.panoramio.com.storage.googleapis.com {
  "dnt": false,
  "heuristicAction": "",
  "nextUpdateTime": 1493373149603,
  "userAction": ""
}
VM192:5 storage.googleapis.com {
  "dnt": false,
  "heuristicAction": "block",
  "nextUpdateTime": 1506348574189,
  "userAction": ""
}
VM192:7 **** SNITCH_MAP for storage.googleapis.com
VM192:9 commondatastorage.googleapis.com [
  "google.com"
]
VM192:9 storage.googleapis.com [
  "google.com",
  "chromium.org",
  "annualreviews.org",
  "bostonglobe.com"
]

[ghostwords]

Looks like we should add commondatastorage.googleapis.com to the MDFP list for Google.

[ghostwords]

If your Badger saw tracking from storage.googleapis.com on Google domains before 7679a1f went out with 2017.7.24, I guess you would still have those Google domains in your snitch_map entry for storage.googleapis.com.

[ghostwords]

Hmm, we might want to add chromium.org to the MDFP list of Google domains.

[ghostwords]

I see canvas fingerprinting from http://gadasource.storage.googleapis.com/aam.js on http://www.bostonglobe.com/. We should probably be more specific when it comes to non-cookie-based tracking blocking: #1527.

[terrorist96]

Hmm, we might want to add chromium.org to the MDFP list of Google domains.

Would we need to add everything google owns? Cuz that's a very long list.

[terrorist96]

https://web.archive.org/web/20170615200243/https://en.wikipedia.org/wiki/List_of_Google_domains
https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Alphabet

[ghostwords]

We should handle all the different country codes via #1253, but even if we didn't, I think that's OK, it's not too many.

More on the Google MDFP list: Here are all the .googleapis.com domains (googleapis.com is a Public Suffix, which means fonts.googleapis.com is a domain, not a subdomain) we've seen so far (as blocked) in error reports:

+-------+-------------------------------------------+
| count | blocked_fqdn                              |
+-------+-------------------------------------------+
|  1246 | fonts.googleapis.com                      |
|   361 | maps.googleapis.com                       |
|   223 | ajax.googleapis.com                       |
|    85 | imasdk.googleapis.com                     |
|    77 | www.googleapis.com                        |
|    58 | storage.googleapis.com                    |
|    46 | mts0.googleapis.com                       |
|    43 | mts1.googleapis.com                       |
|    18 | mt1.googleapis.com                        |
|    17 | mt0.googleapis.com                        |
|    14 | chart.googleapis.com                      |
|    11 | translate.googleapis.com                  |
|    10 | content.googleapis.com                    |
|     9 | khms0.googleapis.com                      |
|     8 | khms1.googleapis.com                      |
|     3 | mt.googleapis.com                         |
|     2 | khm1.googleapis.com                       |
|     1 | material-design.storage.googleapis.com    |
|     1 | marvelapp-live.storage.googleapis.com     |
|     1 | onepiece-storage.storage.googleapis.com   |
|     1 | nuroa.storage.googleapis.com              |
|     1 | nuroa-es.storage.googleapis.com           |
|     1 | leanplum-wordpress.storage.googleapis.com |
|     1 | clientmetrics-pa.googleapis.com           |
|     1 | commondatastorage.googleapis.com          |
|     1 | khm0.googleapis.com                       |
|     1 | khms.googleapis.com                       |
+-------+-------------------------------------------+

[terrorist96]

Why not just do *.googleapis.com and call it a day?

[ghostwords]

Can't, because it's a Public Suffix like I said above. Without us making logic changes somewhere, MDFP entries have to be base domains (fonts.googleapis.com) and not TLDs/Public Suffixes (com, googleapis.com). This came up in the past (7679a1f, #1550 (review)), but we now have a test (#1591) to prevent it from happening again.

[ghostwords]

So the MDFP stuff will take care of us ignoring Google domains on Google domains, but we still have the problem of fingerprinting scripts being served from storage.googleapis.com (#1683 (comment)).

Should also clean people's snitch_map and action_map entries to remove first-party interactions (we should probably run this upon any release that includes MDFP updates).

[ghostwords]

we still have the problem of fingerprinting scripts being served from storage.googleapis.com

Tracked in #1527.

Should also clean people's snitch_map and action_map entries to remove first-party interactions

Done in 58b31a1.