cross-posted from: https://lemmy.world/post/37402366

This is the main reason I completely ditched Reddit, if you use the new Reddit interface instead of the old one (old.reddit.com), you’ll see a constant request being made to “https://www.reddit.com/svc/shreddit/events” (open your DevTools > Network tab, can’t see on Firefox idk why).

The problem is, if you add this to your Ublock Origin filters the website won’t load properly, that’s why uBO team didn’t block it already.

You’ll notice this request isn’t only being made from a interval but also when you do basically any action in the site, like pausing or resuming a video (send timestamps of when did you pause or resumed).

It sends other kind of data like what subjects you’re seeing when closed a tab or the related subjects of a post you click, this all can be used to trace a perfect profile of you and things you like.

You can avoid that using the old.reddit but it still has the same kind of tracker, even tho you can block it here without major issues.

By my analysis, old Reddit interface does the same but to a random URL path that always starts with “reddit.com/api/something”. Ex.: reddit.com/api/friends So you can block anything that starts with “www.reddit.com/api” in your custom filters (after all you’re using old.reddit.com), then you’re mostly free from Reddit trackers (more or less). Side effect is, you won’t be able to use the chat in the old interface.

  • knomie@feddit.org
    link
    fedilink
    arrow-up
    4
    ·
    11 天前

    That looks great.

    But aren’t more addons bad for fingerprinting? I often read the recommendation to use as few addons as possible.

    • PiraHxCx@lemmy.ml
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      10 天前

      I asked them exactly that hehe
      So, technically the sites you are redirecting from will never know you tried to access them and the addon is not interacting with any page, but the dev didn’t address/think of probing. I don’t have enough tech knowledge to confirm the addon won’t react to anything, thus making itself known. I don’t know which probing techniques there are and how all those resist-fingerprint and sandboxing settings from privacy-conscious browsers work against it… it does, however, sound like a sophisticated and resource-consuming method that I don’t think they would be using on regular internet unless they have specific targets, so if they have such probing techniques they are probably using it on IPs going through the TOR network (and you shouldn’t use any addon on Tor anyway).
      It’s all about your threat model, if you just want to avoid regular tracking and profiling the addon should be fine, now if you are afraid of some sophisticated and resourceful threat actors targeting you, don’t take your chances with any addon.