I believe this would be good because it addresses a common, yet none-too-much discussed, problem of trackers using CNAME to disguise their tracker domains. To avoid repeating what is already on the site, and because paraphrasing wouldn’t be an effective method of explaining, you can check out the GitHub here:
I feel that adding this to the import list is a good use of filters to avoid tracking that otherwise goes unnoticed and unmitigated by 95% of the community.
By default, Firefox blocks the cookies that track your browsing activity across multiple websites. This includes cross-site tracking cookies set by ad, social media, and analytics companies. Other cookies, such as those that remember your login credentials or items in your shopping cart, are still permitted by default.
^ Above, you see that they do not address the CNAME-cloaked trackers.
Paste: https://github.com/AdguardTeam/cname-trackers/blob/855908ed4f388f91aabe271cf4dba05e04e72efa/data/combined_disguised_trackers_justdomains.txt into the box.
“For all browsers, uBlock Origin blocks CNAME cloaking-based tracking on around 70% of websites. Adblock and Adblock Plus provide insufficient protection abilities for all browsers.” — Source
This isn’t 100% effective. It works on maybe 80-90%, and, tbh, even Dan Pollock’s list doesn’t block all the things, e.g., the Clickspring variant PurityScan.
Maybe a/the uBO owner or developers can weigh in. What is the point of all these filter lists? Malware and trackers always seem to find a way. CNAME-cloaking is just one of those tricks. If we’re being honest, again, I have seen malware droppers on gaming (mobile) websites where they use copy/pasted scripts from the Shadow Broker dump. Those sites target older browsers on older machines, but guess who updates their software?
uBO on FF-based browsers and Brave’s built-in content blocker already do CNAME unclocking, so at least there adding this list is not needed.
Which leaves Chromium-based and Safari browsers. Some popular lists like EasyList already contain uncloaked addresses, but I do not have looked into all popular lists.
In the chart the red line (labelled “ublock origin (rc1)” is the version with the cname uncloaking feature in settings (which only works with Firefox). But you can see, even for browsers that don’t support that feature, uBO was still the most effective (~70%), probably because one of its default blocklists (easyprivacy) can detect about 70% of cloaked cnames.
I don’t have a lot of knowledge in this particular area, so I’d suggest having a look at the research paper (or this shorter article based on it) rather than taking my musings as authoritative. edit: also note, this is a research paper from 2020, things may have changed.
