User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0

Steps to reproduce:

I went to https://www.forbes.fr/finance/que-savons-nous-de-satoshi-nakamoto-linventeur-du-bitcoin/

Actual results:

The following message is (occasionally?) shown by the website
Your browser is blocking some features of this website. Please follow the instructions at http://support.heateor.com/browser-blocking-social-features/ to unblock these.

This URL is archived at: https://web.archive.org/web/20190430022245/http://support.heateor.com/browser-blocking-social-features/

This page contains:

Your browser might be blocking Social Features of the webpage you are facing issues with, related to loading social content.

If you are using Mozilla Firefox browser and it has Tracking Protection feature enabled, you may have issues in getting content loaded from Social Media websites, such as – Facebook, Twitter etc. These features include Social Share Counts, Social Avatars, Social Comments and Social Login.

To get the social content unblocked, you need to disable Tracking Protection of Firefox by following the steps mentioned below:

1. Open a new tab and type about:config in the Firefox Location bar. Press Enter.
2. The about:config “This might void your warranty!” warning page may appear. Click I accept the risk  button to continue to the about:config page.
3. Search for trackingprotection
4. Double-click privacy.trackingprotection.enabled to set its value to false
5. Refresh the webpage in another tab where social features are blocked. If these are still blocked, double-click privacy.trackingprotection.pbmode.enabled in Config tab to set its value to false. Refresh the problematic webpage again.

Similarly, other browsers may also block any of social features mentioned above, due to some add-on/extension which you might have installed to block ads. You would like to try disabling any such add-on/extension to unblock social features.

Expected results:

This looks like a social engineering-based attack to defeat the tracking protection feature built in to Firefox.

I would expect Firefox to protect its users by fighting back this kind of shady practice. It should not be so easy for a website to make users disable protections provided by Firefox.

Here are some ideas:

• Maybe warn users when they try to set the setting in about:config, or in the preferences page to false.
• Maybe make them enter a sentence like the one that appears in the Javascript console when pasting something when they try to set this kind of settings or access the about:config page.
• Maybe show a warning when people access http://support.heateor.com/ because these instructions are obviously not for the user's best interest.
• Maybe blacklist the guilty script in the tracking protection feature (it seems to come from the super-socializer WordPress plugin - https://wordpress.org/plugins/super-socializer/).

This is pretty horrible but I don't think there's anything we can/will do about it for now.