Open
Bug 1486665
Opened 6 years ago
Updated 2 years ago
Tracking Protection blocks Twitter animation previews in Slack.
Categories
(Core :: Privacy: Anti-Tracking, defect, P3)
Tracking
()
NEW
People
(Reporter: cpeterson, Unassigned)
References
(Blocks 3 open bugs, )
Details
(Whiteboard: [tp-social][tp-yellowlist-passive][tp-embedded-media])
User Story
twimg.com
Attachments
(2 files)
STR:
1. Open https://mozilla.slack.com/messages/C4D3JFF26/convo/C4D3JFF26-1535390718.000100/
2. Click to play the Bob Ross animation (from Slack's preview of https://twitter.com/firefox/status/1034121002748264454)
RESULT:
The animation preview is black.
Updated•6 years ago
|
Priority: -- → P3
Whiteboard: tp-needsrepro
Comment 1•6 years ago
|
||
The issue is reproducible and it is more likely related to `Images` breakage.
Images link: https://pbs.twimg.com/tweet_video_thumb/De8RIV7UEAEVjQQ.jpg
Video link: https://video.twimg.com/tweet_video/De8RIV7UEAEVjQQ.mp4
It is reproducible while Tracking Protection BASIC is enabled.
[Prerequisites:]
Slack account available and signed in.
[Environment:]
Browser / Version: Firefox Nightly 63.0a1 (2018-08-30)
Operating System: Windows 10 Pro
Looking at the devtools console, here are the blocked resources:
The resource at “https://pbs.twimg.com/tweet_video_thumb/De8RIV7UEAEVjQQ.jpg” was blocked because content blocking is enabled.
The resource at “https://video.twimg.com/tweet_video/De8RIV7UEAEVjQQ.mp4” was blocked because content blocking is enabled.
So below are the domains to test:
- pbs.twimg.com
- video.twimg.com
I opened the URL in a fresh browser profile (Firefox Nightly 63, uMatrix installed, normal mode) and loaded the page. An error is received and Slack is not loaded ("For some reason, Slack couldn't load").
I disabled the Spoof Referrer option in uMatrix and then WHITELISTED:
- slack-edge.com (including all related domains)
- slack-msgs.com
and Slack started and the animation was displayed and when played a black preview was shown.
I whitelisted:
- twimg.com (including all related domains)
and the animation previous was displayed and also plays when clicked.
So in conclusion:
- twimg.com is in Disconnect list = [tp-social]
User Story: (updated)
Component: Tracking Protection → Desktop
OS: Unspecified → Windows 10
Product: Firefox → Tech Evangelism
Hardware: Unspecified → x86_64
Whiteboard: tp-needsrepro → [tp-social]
Version: unspecified → Firefox 62
Comment 2•6 years ago
|
||
Added screenshot with broken animation preview
Comment 3•6 years ago
|
||
Added uMatrix results.
Comment 4•6 years ago
|
||
Also reproducible on https://tweetdeck.twitter.com/.
Updated•6 years ago
|
Assignee | ||
Updated•6 years ago
|
Product: Tech Evangelism → Web Compatibility
Updated•5 years ago
|
URL: 1101005
Component: Desktop → Protections UI
Product: Web Compatibility → Firefox
Version: Firefox 62 → 62 Branch
Updated•5 years ago
|
Component: Protections UI → Privacy: Anti-Tracking
Product: Firefox → Core
Comment 5•4 years ago
|
||
All we can really do is yellow-list image/video resources which are directly linked (as they appear to be in Slack). We could of course provide a placeholder letting the user opt-in, either Slack-wide or on an image-by-image basis if they'd like to limit their footprint.
As for Tweetdeck, it seems like we might want to relax blockage there, since it's a known Twitter sub-site.
Blocks: tp-yellowlist
Updated•4 years ago
|
Whiteboard: [tp-social] → [tp-social][yellowlist-passive][embedded-media]
Updated•4 years ago
|
Whiteboard: [tp-social][yellowlist-passive][embedded-media] → [tp-social][tp-yellowlist-passive][tp-embedded-media]
Updated•3 years ago
|
Blocks: tp-twitter
Updated•3 years ago
|
Webcompat Priority: --- → ?
Updated•2 years ago
|
Webcompat Priority: ? → ---
Updated•2 years ago
|
Severity: normal → S3
Updated•2 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•