
Brave Privacy Browser Is Whitelisting Trackers of Facebook and Twitter - rvnx
https://github.com/brave/browser-laptop/blob/master/app/trackingProtection.js#L21
======
bbondy
Hi Im Brave's CTO.

There's a balance between breaking the web and being as strict as possible.
Saying we fully allow Facebook tracking isn't right [1], but we admittedly
need more strict-mode like settings for privacy conscious users.

We do block Facebook at least as good as uBlock origin with EasyPrivacy. The
referenced code is in a separate component which does the same as Disconnect
blocking.

We're taking this seriously internally and we'll iterate on where we are to
improve the situation. We're looking at if we can polyfill a local JS resource
instead for example as one option if it doesn't make further requests.

[1]: [https://github.com/brave/adblock-
lists/blob/f25b698aff4666bb...](https://github.com/brave/adblock-
lists/blob/f25b698aff4666bbd6a6038ec029855e971b57cc/brave-unbreak.txt#L41)

[https://github.com/brave/adblock-
lists/blob/f25b698aff4666bb...](https://github.com/brave/adblock-
lists/blob/f25b698aff4666bbd6a6038ec029855e971b57cc/brave-unbreak.txt#L42)

[https://github.com/brave/adblock-
lists/blob/f25b698aff4666bb...](https://github.com/brave/adblock-
lists/blob/f25b698aff4666bbd6a6038ec029855e971b57cc/brave-unbreak.txt#L43)

------
forgotmypw2
// Temporary whitelist until we find a better solution const whitelistHosts =
['connect.facebook.net', 'connect.facebook.com', 'staticxx.facebook.com',
'www.facebook.com', 'scontent.xx.fbcdn.net', 'pbs.twimg.com', 'scontent-
sjc2-1.xx.fbcdn.net', 'platform.twitter.com', 'syndication.twitter.com',
'cdn.syndication.twimg.com']

a better solution for what, i wonder

~~~
futureastronaut
That line is three years old, so how is this news now? And what's this "i
wonder," do we not know how to use git here?

[https://github.com/brave/browser-
laptop/commit/c4cd7c1dc41a0...](https://github.com/brave/browser-
laptop/commit/c4cd7c1dc41a04bd521813da95e892055b3c2a3f)

[https://github.com/brave/browser-
laptop/commit/6edf56775f256...](https://github.com/brave/browser-
laptop/commit/6edf56775f25681555fb9219b86a18e15acb73f1)

[https://github.com/brave/browser-
laptop/commit/4c30cd08af9dd...](https://github.com/brave/browser-
laptop/commit/4c30cd08af9dda75a0e3d6ef634abbbdc2a39c74)

[https://github.com/brave/browser-
laptop/commit/0652274db0aee...](https://github.com/brave/browser-
laptop/commit/0652274db0aeee79d22d4a48d1195d47ce3e42e8)

~~~
rvnx
I guess it's new that it was discovered, nobody seems to have noticed while
it's a major issue for a privacy tool.

------
regnerba
The related commits are years old. This isn't new. Last commit to that line
was 3 years ago with the comment "unblocking embedding of twitter timelines".

[https://github.com/brave/browser-
laptop/commit/c4cd7c1dc41a0...](https://github.com/brave/browser-
laptop/commit/c4cd7c1dc41a04bd521813da95e892055b3c2a3f)

Also I just realized that is an archived repo that isn't used any more.

I took a quick look through the newer repos and couldn't find any kind of hard
coded whitelist like that.

Am I missing something?

~~~
rvnx
As mentioned by phit_: [https://github.com/brave/brave-
core/blob/master/components/b...](https://github.com/brave/brave-
core/blob/master/components/brave_shields/browser/tracking_protection_service.cc#L33)

~~~
regnerba
Ah, they put an underscore in the var name this time. Thanks for the link.

------
groovecoder
Huh ... I thought that must be a sensationalist headline but sure enough - a
fresh download of Brave browser loads facebook.com on pinterest.com.

[https://imgur.com/a/M4B9kJ2](https://imgur.com/a/M4B9kJ2)

------
smt88
"until we find a better solution" to what? More context would help.

------
CDSlice
Is this still in the current version?

~~~
chopraaa
It is not.

~~~
kakarot
It's on the master branch... How did you determine it's not in the current
version or will not be in the next version?

~~~
rvnx
Brave has two versions, Muon (legacy) running mostly JS code, and the
Chromium-based (current), running mostly C++.

The whitelist is in both versions

------
lostmsu
Looks like their claim about privacy protection is bogus, eh?

It is still whitelisted in current.

------
bevacqua
Three years old in an archived repo, hmm…

------
kakarot
Way to ignore the comment directly before that line:

> // Temporary whitelist until we find a better solution

This post is sensationalist, flagged.

~~~
rvnx
It's temporary since 3 years, that's why ;)

~~~
kakarot
Then link to the new repo and provide context. Just highlighting a line with
absolutely no context is sensationalist. I'm sure there have been public
discussions about this.

~~~
microwavecamera
_I 'm sure there have been public discussions about this._

Can you substantiate this? Because that would be extremely relevant to the
conversation. Making statements _with absolutely no context_ just seems
sensationalistic.

~~~
kakarot
I'm not entirely sure how I can substantiate an assumption.

~~~
threatofrain
If you're sure that there's been public discussion about the matter, then
surely you won't have to spend too much time looking it up on Google? Backing
up assertions takes energy. Are you motivated enough to champion your own
assertions?

