odd blocking message from firefox

brent

At present, at getsol.us forum page (here), logged in, Firefox alerted me it blocked a Social Media Tracker. It was Twitter.
"Protections for discuss.getsol.us" is at the header of the warning.
This warning in the address bar does not stay open for screen shot. I am sorry.
I'm looking at recipes, nfl scores, solus and work mail.
Is it possible I was followed to solus from one of the big commerical sites I was at?
If that's true, why didn't I get a warning at the big commercial football site?

Curious. but not paranoid. I have no twitter account anyway and it feels like an anomaly. Or false positive from FF? Or twitter is here?

edit: forgot to say thank you

ryzee

brent Just letting you know that I saw this exact same message from Firefox about Twitter and I,
like you, don't have a Twitter account. I figured that since Firefox had been updated recently that it was just
a cute and annoying little stunt to let me know how improved and safe the browser is now so I just ignored
it (lucky me!) and moved on. I'm mentioning this to you because I have my tracking settings on standard
instead of strict and it still happened. I've just written it off as a one time nuisance from Firefox as I haven't
seen anything like it since.

sangheeta

FF70 has a new blocking feature for social media, it's in preference, standard and strict blocking.
I don't if it's that.

brent

sangheeta Yes, I've had this feature enabled as 'strict' for quite some time. Never got this message before ('social media blocking').
Harvey Oh yes, I have it enabled. As mentioned in my post, and not discussed yet, is that I got an alert and the contents of my message did not resemble yours. Mine drop down had an arrow that revealed a new drop down and identified the 'culprit.' A deeper look in settings confirms it is indeed my first social media block.
P.S.--tell me how you got the screenshot. I could not make it happen in the gui.

I am implying nothing sinister and even speculate this is a FF false positive, or an anomaly. Just asking about a browser alert I got.

Harvey

This? Its just a new tracking blocker included by default and as you can see, nothing is being detected. (I disabled ublock and noscript to make sure).

Harvey

brent
spectacle (screenshot utility in Plasma) has several capture modes. I used Area = Current Screen with a Delay of 5s. You then click take screenshot, open the alert and wait for the screenshot to be taken.

brent

Harvey thank you. using default budgie default screenshot.

Still. not fake news.

My initial reaction was that I was tabbing fast and maybe the message I got from a previous site followed me here, or at least preserved the current sit (here) in the dropdown header.
I come here to help others (poorly) and to praise, and to smile, but I have never lied here.

Harvey

brent

As you can see you will get a LOT of these blocks especially if you increase it to strict. Its like how you can get HTTPS warnings/alerts implying the page you're viewing isn't safe to login to, but on investigation its just because someone linked to a image on that page and that image isn't a HTTPS link... big who cares, but it sounds scary how they word it.

Its like the old regcleaner on windows. Sure in some cases removing old entries may improve things but 99% of the time its just a beat up to make you think damn I really need to pay for regcleaner pro I had 9999999 "errors" found.

The blocking system only deals with trackers and cryptominers so nothing it detects is ever malicious and Solus doesn't track anything or use cryptominers in fact they shutdown the old torrent because the host had a miner, so you can rest assured you're fine as far as that goes.

brent

Sensible reply, thank you, Harvey. Regcleaner analogy interesting. I know Solus has no tracking. But in the end you get it:
am I interpreting the data right?
In your first picture, with the solus header at top of drop down--that's what this post is about.
I had a warning. No text in the warning said "twitter tacking found on Solus." The warning was just an alert about a blocked social media site.

I believed the warning was telling me this happened at solus because 'protections at solus.us' was in the header of the warning.
I believed that was a reasonable assumption while acknowledging I may be interpreting this all wrong.

PS---FF works almost too good with the https warnings--I don't get to half the places I want to go🙂

Harvey

brent
I have not seen it nor can I reproduce it so I can not say exactly what happened. What I do know is any site that allows you to login via facebook / twitter etc or has a share to facebook / twitter link or an embedded post to a site that has a tracker or uses facebook for user comments on a page will trigger a block.

While I have not noticed this happen with Firefox's new feature, in the noscript plugin it has reported the wrong requests for that tab or not reported what it was blocking properly so I didn't understand why the site was broken in fact my first post here was just that: https://discuss.getsol.us/d/98-url-not-visable-in-post after refreshing a few times it showed it was blocking something and I could unblock it. Stands to reason if an extension can screw up reporting of what tab is doing what then so could the the built in blocker, but that is purely speculation 🤷‍♂️

EDIT: Come to think of it, Foxyproxy also screws up reporting its state with multiple tabs open. It is supposed to show a tag on the icon that changes based on your filtering and what site you visit. So it shows if something is going through the proxy or straight out to the internet. With several tabs open it will randomly switch between reporting different states although from testing it is obeying my filters, its reporting is just... screwy.

Duckduckgo should go through my proxy, ZNC login tab does not based on my filtering.

Wait a few seconds and...

brent

Harvey What you said about noscript and foxy is right on. I think the message was truncated if not kust false.
FF warning gave the name of Solus at the top, claimed it was blocking one social media tracker at this site, lured me to another dropdown with an arrow, and revealed it was Twitter.
Per your thoughts: very likely extension fubar in that instant.
PS--nice duckduck demo

nodq

Just use

First Party Isolation

and/or

Firefox Container/Multi Account Container/Temporary Container

Then this stuff doesn't happen. I never had any "tracking" stuff happen on Solus/Forum. But I use those tools, so there is that.

When I see screenshots with like 7000 trackers blocked since september 2018. I've 1,193 trackers blocked since September 8, 2019. Like not even 100 in the last 7 days. I also question myself, where do people surf around nowadays?

brent

nodq
Never been tracked at Solus until last night. But I believe I received the message in error. I could not screen capture the message with default gnome-screenshot because anytime I moved screenshot, the FF message crawled back up. (It would of been a good idea to cut and paste all those shortcut commands you see in screenshot threads, but I never did).

Like you said, I set it strict, and the extensions rarely alert me about anything.
As for "where do people surf around nowadays?"--I wonder too but don't really want to know...

kyrios

It could simply be a forum post that contains an embedded social media content like a youtube video, a reddit post, or in this case something that contains a twitter tracker.

brent

kyrios kyrios
Thanks for believing me, if that's what you are doing.
This is Occam's and the most likely.
Not fake as I could tell.
Solved.

JoshStrobl

We're not tracking you. And we can''t control whether people embed something like Youtube or a post from Facebook, Reddit, and whether or not those services insert tracking. Sure, Flarum could probably do something with making sure iframes are more heavily utilized for embedding and Youtube being used in private mode during embeds, but Firefox is still likely going to claim the tracking is on our Flarum.

brent

JoshStrobl I re-read all my words. I stayed on point. I never accused Solus of anything. Never accused Flarum of anything.
Just asking about a browser warning.

You have a brand to protect and I TOTALLY respect that, but I've never attacked it, past or present. I know you get your fiery cranks. But I'm not one of them.

I've had FF at a strict SM setting for quite a while. My first warning was here. Not a big deal: it was blocked.
It was interesting to observe, but I simply reported what I observed. I get that Solus has little to nothing to do with it. I got that from the beginning without even asking.
Nothing more, nothing less, nothing fake, nothing sinister.
c'est la vie., I regret reporting it now.
Maxing out the browser security settings has consequences. I never said anyone but the user (me) was involved.

JoshStrobl

brent I re-read all my words. I stayed on point. I never accused Solus of anything. Never accused Flarum of anything.

I never claimed you didn't stay on point or that you accused Solus of anything? Not sure why you're getting defensive.

brent

JoshStrobl To be completely honest Josh, I guess I'm defensive from the fake news tag I got when I was being clear about what happened to me. I don't have the technical prowess to retort to anything, so I acquiesce.
I joined an online club that tinkers with car engines and solus. "defensive" means a day of sore feelings if not a minute🙂
edit:typo

DataDrake

brent You have to understand that we need to treat these kinds of claims with extreme responses. It's not personal. We are humans to and make mistakes (I'll leave that unintentional typo in). What we can't have, though, is people thinking that we are doing things we aren't. Especially bad things. Fake News is a tag that specifically exists to quickly and concisely make it clear, before even opening the post, that what is being represented by the author is not true. We almost exclusively use it for security and privacy claims about Solus and its services that are false.