• Stars
    star
    139
  • Rank 262,902 (Top 6 %)
  • Language
    Python
  • License
    Other
  • Created about 9 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Shavar/tracking protection lists used in prod

shavar-prod-lists

Build Status

This repo serves as a staging area for shavar / tracking protection lists prior to production deployment to Firefox. This repo gives Mozilla a chance to manually review all updates before they go live, a fail-safe to prevent accidental deployment of a list that could break Firefox.

Not all domains in this repository are blocked in all versions of Firefox. The master branch represents the base list blocked by Nightly. Beta, release, and past versions of Firefox all use versions of this list, accessible as branches of this repository. We may also unblock certain domains through our anti-tracking interventions temporarily when we discover site breakage. These temporary exceptions are tracked in Bug 1537702, and the policy governing their use is described below.

These lists are processed and transformed and sent to Firefox via Shavar.

Disconnect's Lists

Firefox's Enhanced Tracking Protection features rely on lists of trackers maintained by Disconnect. Mozilla does not maintain these lists. As such, we will close all issues and pull requests related to making changes to the list contents. These issues should be reported to Disconnect.

disconnect-blacklist.json

A version controlled copy of Disconnect's list of trackers. This blocklist is the core of tracking protection in Firefox.

A vestige of the list is the "Disconnect" category, which contains Facebook, Twitter, and Google domains. Domains from this category are remapped into the Social, Advertising, or Analytics categories as described here. This remapping occurs at the time of list creation, so the Social, Analytics, and Advertising lists consumed by Firefox will contain these domains.

Firefox consumes the list as follows:

  • Tracking: anything in the Advertising, Analytics, Social, Content, or Disconnect category. Firefox ships two versions of the tracking lists: the "Level 1" list, which excludes the "Content" category, and the "Level 2" list which includes the "Content" category.
  • Cryptomining: anything in the Cryptomining category
  • Fingerprinting: anything in the FingerprintingInvasive category. By default, ETP's fingerprinting blocking only blocks Tracking Fingerprinters, that is domains which appear in both the FingerprintingInvasive category and one of the Tracking categories. Firefox does not use the FingerprintingGeneral category at this time.

disconnect-entitylist.json

A version controlled copy of Disconnect's list of entities. ETP classifies a resource as a tracking resource when it is present on blocklist and loaded as a third-party. The Entity list is used to allow third-party subresources that are wholly owned by the same company that owns the top-level website that the user is visiting. For example, if abcd.com owns efgh.com and efgh.com is on the blocklist, it will not be blocked on abcd.com. Instead, efgh.com will be treated as first party on abcd.com, since the same company owns both. But since efgh.com is on the blocklist it will be blocked on other third-party domains that are not all owned by the same parent company.

Other lists

In addition, Mozilla maintains several lists for Firefox-specific features and experiments. The lists currently in active use are:

  • social-tracking-protection-blacklist.json: a subset of trackers from Disconnect's blocklist. This list is used to identify "social media" trackers within Firefox's UI. All of the origins on this list should also be included in Disconnect's disconnect-blacklist.json list.

List Versioning and Release Process

As of Firefox 72, all desktop releases use versioned blocklists, i.e., each version of Firefox uses a version of disconnect-blacklist.json and disconnect-entitylist.json specific to that version. These versions are tracked by branches of this repository. For the current cycle (Dec. 2019) this means there is a 73 list (Nightly), a 72 list (Beta), a 71 list (Release), and a 68 list (ESR).

Nightly uses a staging version of the blocklist; the staging blocklist pulls in changes from Disconnect as soon as they are available. When a new version of Firefox is released, we will also release a new version of the list that corresponds to the version of Firefox moving from Nightly (main branch) --> Beta (versioned branch). That version of the list will ride the trains along with its respective Firefox version. Releases older than Firefox 69 use the 69 version of the blocklist.

This means that all changes will be tested for at least the full beta cycle and part of the Nightly cycle. We may choose to shorten the testing cycle in the future.

There are three possible exceptions to this process:

  1. Fast-tracked changes which are deployed immediately to all channels
  2. Temporary exceptions which are deployed using Remote Settings
  3. List freezes for when weโ€™d like to test changes for a longer duration. These are tracked in Github issues on this repository.

Fast-tracked changes

We will fast track breakage-related updates or policy-related updates, both of which may only be done by Disconnect. Fast-tracked changes should have minimal, if any, risk of breakage.

Changes that may be fast-tracked include:

  • Deleting a domain from the blocklist and its respective domains from the entity list.
  • Adding new domains to the entity list.
  • Replacing a domain currently on the list with a new domain at the request of the company that owns the domain. These requests must go through Disconnect.
  • Moving a domain between list categories of the same feature.

As soon as Disconnect makes changes of this type we will merge them into each versioned list and deploy them across all channels.

Temporary exceptions

We may choose to grant a temporary domain-based exemption in response to website breakage as detailed in our anti-tracking policy.

List freezes

We may want to let certain changes bake in our pre-release browsers for a couple extra cycles. This provides more time for us to discover user-reported breakage or run breakage studies on the lists. In these cases we may hold back the changes from moving to a new release of Firefox. These freezes will either apply to the entire blocklist, or to specific categories of the blocklist (e.g., we shipped cookie blocking for the Level 1 list while we further tested the Level 2 list). We will not freeze specific domains or commits.

List update process

This repo is configured with Travis CI builds that run the scripts/json_verify.py script to verify all pull request changes to the list are valid.

This Travis CI status check must pass before any commit can be merged or pushed to master.

Making changes to the format

When making changes to the list formats, corresponding changes to the scripts/json_verify.py script must also be made.

To help validate the validator (such meta!), use the list fixtures in the tests directory. Run the script against a specific file like this:

./scripts/json_verify.py -f <filename>
  • tests/disconnect_blacklist_invalid.json - copy of disconnect-blacklist.json with an invalid "dnt" value
  • tests/disconnect_blacklist_valid.json - copy of disconnect-blacklist.json with all valid values
$ ./scripts/json_verify.py -f tests/disconnect_blacklist_valid.json

tests/disconnect_blacklist_valid.json : valid

$ ./scripts/json_verify.py -f tests/disconnect_blacklist_invalid.json

tests/disconnect_blacklist_invalid.json : invalid
Facebook has bad DNT value: bogus

License

Find more details about license here

More Repositories

1

heka

DEPRECATED: Data collection and processing made easy.
Go
3,408
star
2

syncserver

Run-Your-Own Firefox Sync Server
Python
1,794
star
3

syncstorage-rs

Sync Storage server in Rust
Rust
964
star
4

hindsight

Hindsight - light weight data processing skeleton
C
670
star
5

screenshots

Firefox Screenshots: the best way to take screenshots on the web.
FreeMarker
620
star
6

socorro

Socorro is the Mozilla crash ingestion pipeline. It accepts and processes Breakpad-style crash reports. It provides analysis tools.
Python
584
star
7

lua_sandbox

Generic Lua sandbox for dynamic data analysis
C
226
star
8

ios-sync-client

A standalone iOS client for Firefox Sync
C
219
star
9

autopush

Python Web Push Server used by Mozilla
Python
218
star
10

autopush-rs

Push Server in Rust
Rust
196
star
11

Dockerflow

Cloud Services Dockerflow specification
JavaScript
192
star
12

google-cloud-rust

Google Cloud Client Library for Rust
Rust
176
star
13

autograph

Mozilla's digital signature service
Go
141
star
14

GitHub-Audit

INACTIVE - Collection of Tools & Procedures for double checking GitHub configurations
Python
138
star
15

loads

SUPERSEDED BY https://github.com/loads
Go
107
star
16

powerhose

Runs workers via zmq to perform any kind of task
Python
98
star
17

server-syncstorage

The SyncServer server software, as used by Firefox Sync
Python
87
star
18

websec-check

web security checklist for Firefox Services
72
star
19

lua_sandbox_extensions

Extension packages (sandboxes and modules) for the lua_sandbox project
Lua
72
star
20

cliquet

CLIQUET IS NOW DEPRECATED use kinto.core instead
Python
65
star
21

loop-server

The mozilla loop server
JavaScript
61
star
22

tokenserver

The Mozilla Token Server
Python
61
star
23

iprepd

Centralized IP reputation daemon
Go
56
star
24

axe-selenium-python

aXe Selenium Integration python package
Python
56
star
25

android-sync

An outdated mirror of services and related code for Firefox for Android. See gecko-dev/mozilla-central.
Java
52
star
26

tokenlib

generic support library for signed-token-based auth schemes
Python
50
star
27

firefox-send-tab-to-device

OBSOLETE. A Firefox add-on that uses Sync to send tabs to remote devices.
JavaScript
46
star
28

mozilla-pipeline-schemas

Schemas for Mozilla's data ingestion pipeline and data lake outputs
Python
46
star
29

queuey

Mozilla Message Queue
Python
42
star
30

syncclient

Python client for Firefox Sync
Python
42
star
31

pyramid_multiauth

stacked authentication policies for pyramid
Python
41
star
32

guardian-vpn-windows-deprecated

Mozilla VPN for Windows
C#
41
star
33

userplex

Propagate users from Mozilla's Person API to third party systems.
Go
40
star
34

fernet-rs

Fernet implementation in Rust
Rust
40
star
35

go-cose

go library for CBOR Object Signing and Encryption (COSE)
Go
40
star
36

requests-hawk

Hawk authentication strategy for the requests python library.
Python
39
star
37

megaphone

Firefox Global Broadcast API
Rust
38
star
38

python-dockerflow

A Python package to implement tools and helpers for Mozilla Dockerflow
Python
38
star
39

metlog-py

Python library for Services metrics logging
Python
37
star
40

readinglist

Reading List Server
Python
34
star
41

konfig

Yet another configuration object
Python
34
star
42

mozservices

Various utilities for Pyramid-based Mozilla applications
Python
34
star
43

reaper

Reaper culls leftover AWS resources
Go
34
star
44

go-syncstorage

INACTIVE - SyncStorage Server with more golang and less indexes!
Go
32
star
45

merino

Web service for Firefox Suggest
Rust
31
star
46

tecken

Mozilla Symbol Server
Python
31
star
47

data-pipeline

Mozilla Services Data Pipeline
Lua
30
star
48

heka-build

Heka build environment
Python
29
star
49

heka-py

DEPRECATED - Heka Python Library - DEPRECATED
Python
29
star
50

heka-mozsvc-plugins

Set of heka plugins in use by Mozilla Services
Go
28
star
51

aws-signing-proxy

signs http requests using AWS V4 signer
Go
27
star
52

foxsec-pipeline

Log analysis pipeline utilizing Apache Beam
Java
25
star
53

services-central-legacy

Sync working branch. `master` in this repository is stable, and tracks https://hg.mozilla.org/services/services-central. Other branches are owned by developers, and are subject to change.
C++
24
star
54

minidump-stackwalk

Socorro breakpad minidump stackwalker
C++
21
star
55

telescope

A dumb auditing service
Python
21
star
56

antenna

Antenna is the collector for the Socorro crash ingestion pipeline
Python
20
star
57

shavar

Tracking Protection update service for Firefox based on Safe Browsing protocol
Python
20
star
58

zktools

Zookeeper Tools
Python
19
star
59

contile

This is the back-end server for the Mozilla Tile Service (MTS)
Rust
19
star
60

tuxedo

An improved version of Mozilla's download load balancer Bouncer, with a user interface written in Django/Python.
Python
18
star
61

shavar-plugin-blocklist

โŒ Firefox plugin blocklist
XSLT
18
star
62

demoapp

An empty app for the next-gen Services app
Python
17
star
63

marteau

client-server on the top of Funkload
Python
16
star
64

msisdn-gateway

An MSISDN based Authentication Server.
JavaScript
16
star
65

docs

Documentation for Mozilla Services Services
Makefile
16
star
66

tigerblood

Deprecated, use https://github.com/mozilla-services/iprepd
Go
15
star
67

readinglist-client

Readinglist client
JavaScript
14
star
68

ldappool

A Pool for python-ldap
14
star
69

buildhub

DEPRECATED: Mozilla Build Metadata Service
Python
13
star
70

skeleton

A Skeleton actix app
Rust
13
star
71

heka-node

DEPRECATED - This repository is no longer maintained. Please go over to : https://github.com/disqus/heka-node
JavaScript
13
star
72

deepspeech-server

Rust
13
star
73

go-bouncer

A Go version of the redirector portion of bouncer.
Go
13
star
74

zipalign

DEPRECATED - Golang implementation of Android's ZipAlign tool
Go
13
star
75

kinto-dist

Kinto Distribution for Mozilla Services
Python
12
star
76

server-full2

Experimental Run-Your-Own Sync2.0 Server
Python
12
star
77

shavar-list-creation

Script to transform the Disconnect block-list into Safebrowsing v2 format for Firefox Tracking Protection
Python
12
star
78

go-mozlogrus

DEPRECATED - A logging library which conforms to Mozilla's logging standard for logrus users.
Go
12
star
79

FindMyDevice

Find My Device - ๐Ÿšจ๐ŸšจThis server is obsolete and unsupported.๐Ÿšจ๐Ÿšจ
Go
11
star
80

hindsight_admin

Hindsight Administration User Interface
JavaScript
11
star
81

walint

script to validate web apps
Python
11
star
82

pyramid_ipauth

a pyramid authentication policy based on remote ip address
Python
11
star
83

push-service

Top-level repository for the Push Service
11
star
84

macauthlib

low-level library for implementing MAC Access Authentication
Python
11
star
85

pyramid_whoauth

a pyramid authentication policy using repoze.who
Python
10
star
86

merino-py

Web Service for Firefox Suggest
Python
9
star
87

go-mozlog

A logging library which conforms to Mozilla's logging standard.
Go
9
star
88

oidc-gateway

A Docker container and Kubernetes Helm chart to gate access to upstream services.
Lua
9
star
89

redbarrel

JavaScript
9
star
90

iprepd-nginx

Openresty nginx module for integrating with iprepd
Python
9
star
91

services-test

Tools and test scripts used by the Mozilla Cloud Services team
JavaScript
9
star
92

nginx_moz_ingest

HTTP Data Pipeline Ingestion
C
9
star
93

logstash-metlog

Extensions to logstash for metlog
Ruby
9
star
94

shavar-list-creation-config

contains config files needed to run the jenkins task that builds the shavar lists
9
star
95

crashstats-tools

Command line tools and library for interacting with Crash Stats (https://crash-stats.mozilla.org/)
Python
9
star
96

topsites-proxy

Proxy server to track Top Sites default tile campaign attribution
JavaScript
8
star
97

hoverpad

DEPRECATED - Playing around with an Addons to sync some informations.
Elm
8
star
98

absearch

Python
8
star
99

updatebot

Automation for updating third party libraries for Firefox
Python
8
star
100

hawkauthlib

INACTIVE - low-level library for implementing MAC Access Authentication
Python
8
star