User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.51 Safari/537.36

Steps to reproduce:

Go to this page in latest FF private window: http://matenadasdi.com/static/player-iframe-test.html to see an IBM Video Streaming player embed url in an iframe.

Actual results:

After the latest content-blocking release ibm.com and every subproduct of IBM are blocked by default in private windows. It's important to point out that ibm.com is a marketing page with some tracking so that can be true, but IBMs whole portfolio is segmented across the *.ibm.com domain and for example video.ibm.com/embed/* video streaming player embeds are clearly not tracking sites but it gets blocked out in private windows causing customers a real problem on their sites.

Expected results:

video.ibm.com product is just like Youtube embeds and it's working right now as you can see on the example site.

This problem causes hundreds of thousands of broadcasters and their users an unexpected behaviour since they are using the product on a daily basis, they are paying for it and it's clearly not a tracking site.

I think there are multiple solutions, please fix it somehow:

• content-blocking shouldn't apply for subdomains for example
• ibm.com or subdomains of ibm.com should be removed from the tracking site list since it's killing all IBM products for customers.
• for a start, video.ibm.com could be whitelisted and other IBM products could be added one-by-one in the future
• content-blocking shouldn't be implemented based on a static list, the browser could detect suspicious activity and disable frame based on the detection.

Steven, what do you think? Should we reach out to Disconnect about allowing video.ibm.com?

Thanks for the report Mate. I can confirm that the IBM video is completely blocked in PB mode. ibm.com is on the base/level1 tracking protection list. By comparison, youtube.com is on the content/level2 list, which is why it is not blocked in PB mode. If ibm.com is primarily used for serving user-visible content (like how I imagine the youtube.com domain is used), then it may make sense to move it to the content/level2 list.

We don't currently have the ability to whitelist specific subdomains of a blocked hostname. The approach we've taken is to ask for the tracking to be moved off the main domain to a subdomain and then only add the tracking subdomain to the blocklist. In this case, something like tracking.ibm.com. This is preferred because tracking cookies scoped to example.com are still attached to subdomain loads (e.g., foo.example.com).

Either way, requests for reclassification should be directed to Disconnect. You can file an issue on their repository, https://github.com/disconnectme/disconnect-tracking-protection/issues or email them at support@disconnect.me.

The videos are working on this test-case, but they are now hosted on YouTube. As such I tried https://developers.video.ibm.com/player-api/player-responsive-embed.html and it is also working in strict mode, so my guess is that IBM embedded videos are working fine now.

This issue is still open, and if you go to the original link http://matenadasdi.com/static/player-iframe-test.html only the youtube embed shows up, video.ibm.com is blocked and doesn't show up.

Please note that on the link there are two video embeds, one is from video.ibm.com and one is from youtube. I've used these next to each other to showcase the difference.

Steps to repro:
Use incognito window or set content restriction to "Strict" and open the page.

(In reply to Thomas Wisniewski [:twisniewski] from comment #3)

The videos are working on this test-case, but they are now hosted on YouTube. As such I tried https://developers.video.ibm.com/player-api/player-responsive-embed.html and it is also working in strict mode, so my guess is that IBM embedded videos are working fine now.

Check my post above please.

Thanks for re-opening the bug, Mate. It's quite bizarre that both of the videos seemed to be working for me when I tested last time, as now the Youtube one is "unavailable in my country" and the IBM one does not load at all. (I was not using a proxy at the time). I must have crossed wires and just had standard mode active or something along those lines.

At any rate, the IBM video works if I whitelist https://video.ibm.com/embed/1524, but their iframes don't seem to work with sandboxing as they try to access the document's cookie, so our options here seem to be:

• isolate the iframes into their own container/cookie-jar (which seems like it will work)
• provide a click-to-play UI with a generic placeholder, and allow the cookie access

Just found out this again in a campaign by hey.com
https://hey.science/dumpster-fire/clip/?id=128836977

The resource at “https://video.ibm.com/embed/recorded/128836977?volume=0&autoplay=true&showtitle=false” was blocked because content blocking is enabled.