[Privacy] Auto-connection to GitHub with user account info? #47
MasterInQuestion
started this conversation in
uBlock Origin
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
[[
[ MasterQuestionable @ CE 2025-03-25 22:38:44 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old
uBO seems to connect to GitHub (during filter update etc.):
With user identification info? (maybe login cookies outright?)
Note:
It appears fundamentally Firefox issues with Web Workers and tabs handling.
That observed through uBO.
(not really uBO issue)
[[
[ MasterQuestionable @ CE 2025-03-25 01:41:17 UTC:
https://www.reddit.com/message/messages/2nica82?embedded=true
What does the "
select#pageSelector" mean?https://github.com/gorhill/uBlock/wiki/The-logger#page-selector
.
Does each its options (besides "All", "Tabless", "Current tab"):
Indicates an actual tab open?
I somehow observed that non-existing (previously closed) tabs could exist in it..?
So might be Firefox bug? ]
----
[ gwarser @ CE 2025-03-25 07:15:17 UTC:
Correct and correct.
These old entries should be cleaned after few dozens seconds.
https://github.com/uBlockOrigin/uBlock-issues/issues/755 ]
]] ]
----
[ DrTomDice @ CE 2025-03-24 10:26:21 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjgfb2o
https://github.com/gorhill/uBlock/wiki/Privacy-policy ]
----
[ MasterQuestionable @ CE 2025-03-24 10:33:27 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjgg162
Thanks for the info.
The point is:
There shall be no point passing user identification info alike, during the connection.
(the data shall be accessible anonymously) ]
----
[ DrTomDice @ CE 2025-03-24 10:35:17 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjgg7vx
I don't understand the point you are trying to make.
uBO does not collect any data of any kind, including user information. ]
----
[ MasterQuestionable @ CE 2025-03-26 22:58:32 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjghj2b
I mean uBO may make network requests to GitHub with association to the logged-in GitHub account:
Preferably to be avoided.
----
[ - @ CE 2025-03-24 10:58:24 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjgiqly
Provide specific evidence that this is occurring. ]
.
I noted in uBO's own logger alike:
wss://alive.github.com/_sockets/u/81106051/ws?session=${Base64}--1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef&shared=true&p=35870942_1732034427.1
{"v":"V3","u":81106051,"s":1484210193,"c":2099369530,"t":1732034423}
{"v":"V3","u":81106051,"s":1484210193,"c":2461447214,"t":1739945012}
[ ^ Decoded ${Base64}. ]
.
https://github.com/assets-cdn/worker/socket-worker-eff89a71ae86.js
https://github.githubassets.com/assets/socket-worker-eff89a71ae86.js
Probably not exactly filter update.
But during I'm not accessing GitHub.
If not originated from uBO, then possibly browser itself? (I doubt so)
References:
https://github.com/Hacksore/github-websocket-api
https://github.com/orgs/community/discussions/106727#discussioncomment-10431242
https://www.google.com/search?hl=en&gl=ca&num=100&q=%22alive.github.com%22 ]
----
[ RraaLL @ CE 2025-03-24 11:10:44 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjgk47c
BTW, auto updates first try CDN: GitHub is always the last try in the cycle. ]
----
[ paintboth1234 @ CE 2025-03-24 12:24:33 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjgtkow
That's not the connection from uBO. ]
----
[ MasterQuestionable @ CE 2025-03-24 13:30:29 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjgz7ix
Then it would be Firefox itself..?
Would it be from the 3rd party libraries that uBO use? ]
----
[ gwarser @ CE 2025-03-24 13:32:21 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjh4575
It's likely GitHub's Service Worker. ]
----
[ MasterQuestionable @ CE 2025-03-26 22:50:35 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjh9hl1
Seems poorly documented at all.
And the occurrence seems to coin with filter auto-update.
----
[ - @ CE 2025-03-24 13:35:55 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjh4qxt
You are replying to yourself.
uBO is not sending user identification / information to GitHub.
You should contact Mozilla or a Firefox support forum. ]
.
Reddit has bad rendering for that too deeply nested.
So I try to reduce the nesting level when possible.
Perhaps.
The source would be either uBO or Firefox itself.
----
I had it with no GitHub pages open.
I doubt that should invoke it.
.
But I indeed have [ https://github.com/notifications ] in browser's History.
And probably opened History meanwhile.
(but that shouldn't load the page, supposedly) ]
----
[ gwarser @ CE 2025-03-24 14:04:03 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjh9vvx
I see this connection every time I open my notifications bookmark:
https://github.com/notifications?query=is:unread
GitHub seems to use WebSocket in Service Worker to update page content:
https://stackoverflow.com/questions/65885140/why-github-use-sharedworker-for-websocket ]
----
[ MasterQuestionable @ CE 2025-03-25 23:08:07 UTC:
An interesting thing I find is that after closing:
https://github.com/notifications
The WebSocket related entries remain active (non-void) in uBO logger:
https://github.com/gorhill/uBlock/wiki/The-logger#void-log-entries
.
Even the tab no more present in "
select#pageSelector".Alike reproducible with Reddit's Workers.
And not necessarily WebSocket specific: XHR too.
.
There are likely things seriously wrong with Firefox's Web Workers handling.
(probably in fact the Web Workers spec itself...) ]
----
[ gwarser @ CE 2025-03-24 13:36:25 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjgm8e8
GitHub update links use "raw.githubusercontent.com" (and "ublockorigin.github.io") domain.
And I don't see any cookies on this domain: probably because it works like a CDN.
Add-ons use different origins (the page/domain/source of connection).
So you can open uBO dashboard, access page config (【Ctrl】 + 【I】 on Firefox) and block cookies there.
[ ^ Bad idea - this broke uBO for me. Probably the whole storage is blocked. ] ]
----
[ MasterQuestionable @ CE 2025-03-24 12:56:05 UTC:
https://old.reddit.com/r/uBlockOrigin/comments/1jinb72?sort=old#mjgy94d
Unsure what's going on.
But for Firefox Fenix:
The Extensions page in Private Browsing would behave as if in normal browsing...
(invoked via "Extensions" UI menu; not "moz-extension://" direct navigation)
That means:
Clicking the links (e.g. GitHub Changelog) in uBO dashboard About, would be just like having it opened in a normal tab (with past cookies).
(fundamentally Firefox bug) ]
]]
Beta Was this translation helpful? Give feedback.
All reactions