Hi all,
due to another discussion I start this thread in order to collect some user recommendation how to treat certain apps and what working definitions are. Please add your findings here.
At the moment I plan to update the second posting from time to time, in order to keep a certain structure / overview.
Please be my guest to comment / discuss / amend. As I am located in Vienna there are some Austrian apps as well 🙂
Best regards
w.
P.S. Planned structure per app:
Appname: APPNAME
Current recommendation: EXCEPTION / MOBILE BROWSER
Description:
Domains / IPs (in case of EXCEPTION):
| Appname | Recommendation | Description | Domains / IPs |
| Amazon | Mobile Browser**** | Amazon Shopping App | - |
| Der Spiegel | Mobile Browser* | App of newssite spiegel.de | - |
| Der Standard | Mobile Browser** | App of DerStandard, Austrian Newspaper | - |
| BlueCode | Exception | Payment app | app.bluecode.com arc-assets.bluecode.com mandat.bluecode.com sdd-api.bluecode.com sdk-api.bluecode.com vas-api.bluecode.com |
| Ecovacs Home | Exception | App for home vacuum robots | gl-at-api.ecovacs.com gl-at-openapi.ecovacs.com gl-us-pub.ecovacs.com portal-ww.ecouser.net portal.ecouser.net |
| FreeNow / MyTaxi | Exception | Taxi App | api.live.free-now.com api.mytaxi.com |
| Handysignatur | Exception | App for digital signatures and identification (Austria) | api.a-trust.at |
| Handyparken | Exception | App for digital parking ticketing (Austria) | api.parkbob.com asmp.a1.net |
| Landroid | Exception | Control app for mowing robot | api.worxlandroid.com |
| OneDrive | Exception | Login for OneDrive / Microsoft | logincdn.msauth.net |
| ProtonMail | Exception | ProtonMail app | api.protonmail.ch |
| ShareNow | Exception | Carsharing app | app-gateway.pricing.carsharedev.io app.prod.share-now.com driver.eu.share-now.com pmm.car2go.com www.car2go.com www.share-now.com |
| Shpock | Exception*** | Secondhand trading app | api.shpock.com m1.secondhandapp.at shubi.shpock.com |
| SoundTouch | Exception | Bose Soundtouch App | content.api.bose.io streaming.bose.com streamingoauth.bose.com worldwide.bose.com |
| Uber | Exception | Taxi app | cn-dc1.uber.com cn-geo1.uber.com |
Remarks:
*: even with enabling most of the catched domains of spiegel.de, some figures are not working - even more videos and podcasts are blocked. The mobile site of spiegel.de works almost flawless.
**: works flawless with mobile browser, podcast, videos not working in app
: mobile / desktop website barely working
*: even with the predefined exception the Amazon app throws a lot of errors. Without enabling certain domains like "adsystem*amazon" some sites are not accessible inside the app for me - therefore I switched to the mobile site.
@webwude Great work! THX very much for sharing!
I just wonder about the format to share and collaborate on this on the long term. eBlocker exports some JSON if I remember right but it might be to complicated to manually strip out and share just the apps. Hm. We‘ll discuss in the core team...
Anyhow, here are some of mine:
iOS booking.com: iphone-xml.booking.com, secure-iphone-xml.booking.com
iOS eBay (additional to existing trusted app): ebay.com, ir.ebaystatic.com, p.ebaystatic.com
iOS Lufthansa: app.lufthansa.com, www.lufthansa.com
iOS tripadvisor: api.tripadvisor.com, media-cdn.tripadvisor.com, osrm.maps.me, passport.maps.me, static.tacdn.com
No guarantee that everything still works. This is from early eBlocker days. Today I seriously changed my habits to not use apps, unless they are fully local and completely avoid online services if possible (like maps.me instead of googlemaps... etc.).
If there would be any sort of import / export feature, this would be very convenient. If there would be a definition one could write a wrapper 😉
I guess for now a table is sufficient. It depends on the team how to proceed.
But again: some crosscheck of the URLs with some blocking lists would be fine. I will explain by example later today.
Best regards
w
If there would be any sort of import / export feature, this would be very convenient. If there would be a definition one could write a wrapper 😉
Settings -> System -> Reset -> Save Settings will give you a file named eblocker-config.eblcfg, which is actually a ZIP file. Inside the zip, the file eblocker-config/appModules.json contains your app definitions.
Best regards,
Martin
Here is an example of a website with various trackers / ads (derstandard.at)
If I now define a trusted app (first www.derstandard.at) it will still not work (blank site inside the app). Manual recording shows me additional domains, e.g one domain (app.derstandard.at) which is defined as tracker - is this information is shown before granting, this would be very useful.
Manual recording shows me additional domains
Are you talking about https recording feature or about the screenshots you've posted (showing some trackers)?
With the screenshots taken you need to watch out, that the shown domains are not necessarily tracking domains. It only says that there were trackers blocked from those domains, but that could have been a specific URL that matched.
So if a match to gooddomain.com/badtracker.php is found that domain "gooddomain.com" will show up as "blocked tracker" in the controlbar even if just one URL gooddomain/badtracker.php is a tracker. This will be the case for all domains using "badtracker.php" - even if the domains are not blacklisted at all.
Issues with apps usually result from certificate pinning (as discussed earlier). And these domains will be shown under https connection failures if recording is on. So I'd take this as source rather than the lists in the controlbar.
At the end the decision and question to ask is yours: "Do I really need the app and am I willing to sacrifice privacy (by chance) for it". Or better "Is my need for convenience with service XYZ stronger than my need for privacy".
If you go for convenience, just add all domains you'll see in the https recording. Otherwise: Step away from the app and enjoy the website in privacy 😉 Or: Take enough time and research if the domain in question is a tracker you can live with or better without...
@all eBlocker users: if you have defined custom Trusted Apps, now it's the time to share them here.
@valentin will take all apps from this forum thread and translate them into a technical format to make them available for all users. Thanks very much for your help @valentin
Thanks to everyone for sharing!!
@valentin: thanks for taking care of this!
I've attached a set of definitions which could be enabled by default and another set that could be enabled on demand.
Best regards,
Martin
@mainzelM Thanks a lot for your contribution. I will add the entries.
I'm just wondering about two things:
1) I created a pull request with my last changes but nothing seems to happen with it since 7 days. Did I forget something?
2) The list for trusted apps is already quite big and I expect that it will grow further. Would it be possible to divide the definitions into several json files? I would also suggest more structure (like categories) in the user interface.
Best regards,
Valentin
@valentin add 1) You need to ping @bpr and he'll commit the change. Sorry, for not mentioning this 😊
add 2) Thanks to @mainzelM we are working on a mechanism to automatically add SSL errors to a specific "trusted app". This will hopefully avoid the need for static trusted app list in future.
So we might want to focus on finishing this feature for an alpha release first. Then we can decide whether we still want to maintain pre-defined apps and put more menpower into structure, files etc.
Personally, I'd rather like to eliminate the trusted apps and make it more simple for the less tech savvy users. Of course power users should keep full control over what's going on. @mainzelM will briefly introduce the concept in Tuesday's meeting, I guess
I am also starting my list in here 🙂
Just a quick one for now
Bethesda Game Launcher Client
- api.bethesda.net
- bethesda.net
- buildinfo.cdp.bethesda.net
- cdn.contentful.com
- store.bethesda.net
SkyGo App
- agg.oogway.sky.com
- analytics.faw.sky.com
- awk.epgsky.com
- config.ott.sky.com
- desktop.client.ott.sky.com
- init.sky.com
- p.sky.comsentry.prd.ottcds.com
SkyApp has already an entry, but does not work on pc.. Trying to gather all information
Regards Sven
Just returned from vacancy days this week, I created the pull request for all the new trusted apps. Will be in next released version.
Regards, Valentin
Hello
Since ist have installed eblocker i can't use the paypal App and DisneyplusApp on my Android Cellphone. Please help. Thank in advance.
Edit: typo
@jens123 Just enable paypal as "trusted": settings>https>trusted apps> "type paypal" and enable.
For disney+ there is no trusted app yet. Please follow the instructions how to record and add a trusted app individually (under https>"Manual Recording" ). You might want to share your results here so we can add it as default app in future.
THX!
@random Here we go....
Add the following urls to "trusted apps " and it works...
@jens123 Perfect, thanks very much.
Regarding the shared domains I would not add the following domains as they are known tracking domains and probably not necessary to make the apps work:
@jens123 Perfect, thanks very much. I assume everything is working OK now?
Regarding the shared domains I would not add the following domains as they are known tracking domains and probably not necessary to make the apps work:
aax-eu.amazon-adsystem.commads.amazon-adsystem.comsettings.crashlytics.comI'm also not sure about:static.siege-amazon.comglobal.edge.bamgrid.comsdk.iad-03.braze.comdisney.my.sentry.ioYou might want to try removing those to see if the apps still work. Usually not all recorded domains should be added as trusted app, as you might add trackers by chance. So "less is more".As a good example, I would recommend to start anew and add only those that are clearly from Disney (not third parties).Last: there is an amazon trusted app pre-defined and amazon video is working for me with just the standard app. I fear the above mentioned domains for amazon might not be necessary at all if you've enabled the pre-defined app. Have you tried this?If you have a revised list, please repost 😎THX!
Thanks for your response. I will try the pre-defined trusted app settings for amazon and try
if the app still work.
I have a problem when I want delete the false urls in my amazon app settings. I select the urls you mentioned above and when I save the settings, there are only two urls left...
I select the urls you mentioned above and when I save the settings, there are only two urls left...
I'm not sure what you mean. Might be a bug. Could you please share a screenshot to make this more clear?
In any case: I would recommend to delete all the newly defined apps and start all over. There is usually no need to SAVE an app initially but leave the switch "Apply rules temporarily" on. Then all changes to the recorded domains are instantly applied. So you can switch on the domains "one by one" until the app works - and then save changes to an app if you are sure that's the minimum set of domains necessary.
Sorry for the long explanation, but this feature was never meant to be released to the public. It's rather an internal tool to define trusted apps. We've made it public as today there is no employee sitting on the task to define trusted apps anymore. But we are still looking for volunteers taking over this task in future again... 😊
I select the urls you mentioned above and when I save the settings, there are only two urls left...
I'm not sure what you mean. Might be a bug. Could you please share a screenshot to make this more clear?
In any case: I would recommend to delete all the newly defined apps and start all over. There is usually no need to SAVE an app initially but leave the switch "Apply rules temporarily" on. Then all changes to the recorded domains are instantly applied. So you can switch on the domains "one by one" until the app works - and then save changes to an app if you are sure that's the minimum set of domains necessary.
Sorry for the long explanation, but this feature was never meant to be released to the public. It's rather an internal tool to define trusted apps. We've made it public as today there is no employee sitting on the task to define trusted apps anymore. But we are still looking for volunteers taking over this task in future again... 😊
I tried the pre-defind settings for amazon and the app still work.
For disney plus i have to save the following urls
Now I have understood what you wanted to explain to me with your detailed instructions.
I will try again to explain to you what is not working properly with me.
If I stop the manual monitoring and delete the urls that are unnecessary for me, more than the selected ones will be deleted. E.g. I select 4 urls and the message "5 of 4 urls have been deleted" appears.
I will try to take a snapshot on occasion.
Translated with www.DeepL.com/Translator (free version)
| Appname | Recommendation | Description | Domains / IPs |
| Exception | appservices.trafineo.com | ||
| Deutsche Glasfaser | Exception | Internet-Provider für Glasfaser-Anschlüsse, verweist seine Kunden u.a. auf Speedtest by Ookla | deutsche-glasfaser.de mapi.speedtest.net speedtest.net speedtestcustom.com |
| Exception | Earth Speakr is an artwork by Olafur Eliasson | api.mapbox.com | |
| Chefkoch | Exception | Chefkoch.de Android App | allrezepte.com api.chefkoch.de chefkoch.de img.chefkoch-cdn.de video.chefkoch-cdn.de |
| Exception | leo.org translator | leo.org | |
DM Drogerie | Exception | DM Drogerie Android App | assets.dm.de cdn02.dm-static.com con.mm.dm.de login.dm.de products.dm.de services.dm.de store-data-service.services.dmtech.com |
Deutsche Post Shop | Exception | Deutsche Post online shop | shop.deutschepost.de |
| Exception | LIDL Plus Android app | accounts.lidl.com appgateway.lidlplus.com | |
| Exception | eHomeLive smart home app (meross) | iot.meross.com mqtt-alter.meross.com mqtt-eu-alter.meross.com mqtt-eu.meross.com mqtt.meross.com | |
MercedesMe | Exception | MercedesMe Android app | 40.68.60.81 api.dvb.corpinter.net ldsso.i.daimler.com risingstars.daimler.com services.me.mercedes-benz.com |
Shell Recharge | Exception | ShellRecharge Android app | api.thenewmotion.com |
| Exception | NINA Warn Android app | bund.de itzbund.de | |
| Exception | BLAU.DE Android app | blau.de o2online.de static2-blau.o9.de | |
ErnstingsFamily | Exception | ErnstingsFamily Android app | images.ernstings-family.com www.ernstings-family.de |
| Exception | Groupon Android app | groupon.com groupon.de grouponcdn.com | |
| Exception | Keeper password manager | keepersecurity.com keepersecurity.eu | |
| Exception | linkedin.com media.licdn.com | ||
| Exception | ZooPlus Android app | dii2.zooplus.de login.zooplus.de media.zooplus.com mediazs.com shpp.ext.zooplus.io www.zooplus.de zooplus.net |
Hi,
thats all 🙂
*.ciscospark.com
*.walkme.com
*.wbx2.com
*.webex.com
in the Trusted Apps included 👍
20.10.2020 some more information
if you an firewall open the following port from internal to the internet:
TCP 5004
TCP 5061
UDP 5004
here you can test connectivity 🤩
result attached
regards
PIO78
Appname
GotoMeeting
Recommendation
exception
Description
Meeting/Webconference
Domains / IPs
apiglobal.gotomeeting.com
app.gotomeeting.com
authentication.logmeininc.com
global.gotomeeting.com
global.gotomeeting.com
join.gotomeeting.com
www.gotomeet.me
could someone test?
regards
PIO78
@pio78 Strange: I use gotomeeting quite often - as guest/presenter (w/o login) but not as admin/host - without adding any exceptions to eBlocker. 🤔
Maybe the discussed domains are needed for admins only? Or they are not needed at all?
Anyone with admin access who can test this?
@valentin There is a new app def for mailbox.org that is needed to login under 2.5.
Now, after following the further discussion in this forum, I'm not sure if we still have to add this app. Of course, this will be no problem for me. Please give me a short statement. Thks.
@valentin Yes, you are right. My request is outdated - and the issue was none 😉
Thanks very much!
I've installed on iOS 14.2 the app Financepilot version 20.19.5. This is an app for using services of German MLP Banking AG. But this app can not establish a connection with the bank when eBlocker is active. HTTPS certificate correctly is installed. If I via browser connect the website financepilot-pe.mlp.de everything works fine. So, what I have to do in order to use Financepilot.app on iPhone when within eBlockers realm?
What I have to do in order to make CWA on iOS working when within eBlockers realm? Obviously CWA can't connect RKIs server when eBlocker is active.
@facebita I‘ve joined your „app not working“ posts to this thread.
Please read up how to define a trusted apps and once your MLP, CWA and other apps are running well, post results of defines here.
THX!
Just had issues joining videoconference using bigbluebutton on “iserv.eu”. Iserv is supporting hundreds of schools all over Germany. See also https://eblocker.org/community/postid/3040/
Please add the domain “videoconference.iserv.eu“ to trusted website proposal list. Thx.
yes, thank you. See the linked Thread. I have put named domain as website and so it is working. 👍
Hello,
as I had problems using the F-Droid-App on my device, GrapheneOS Pixel 4, (see here) I've added the URL f-droid.org as Trusted App as shown here:
This works for me - thus I had not a chance to test it with a further device (e.g. a more common Android)
This work-around is needed for GrapheneOS only as far as evaluated now but not for other Android devices as at least a stock/original Samsung S10 will work with f-droid without the described Trusted App setting.
Hi Valentin,
could you add in the Trusted APP List "Signal Private Messenger"
signal.org
THX
Following https://help.miro.com/hc/en-us/articles/360017572694-Connection-Could-Not-Be-Established, I've added
If have two new (rather special interest) apps that must be defined even when ATA is enabled (ping to @mainzelM to let you know):
beatport LINK (for the streaming service of the DJ music portal)
api.beatport.com
storage.googleapis.com
and
Now I have added the new recommendations to the list and created a pull request
Appname
VyprVPN
Recommendation
exception
Description
VPN
Domains / IPs
@fisano If you are disabling eBlocker for VyprVPN with with this rule, you are disabling eBlocker protection for VPN.
You might rather want to add VyprVPN to eBlocker and use use all eBlocker advantages as well as VPN in conjunction… 🤔
THX!
Please add "Ledger" "Ledger app to access the ledger crypto hardware"
cdn.live.ledger.com
The epic trusted app also needs an update. To buy games these domains need to be whitelisted:
I'm not sure whether you have seen the post regarding a trusted app for filesharing service mega.nz?
Here is the solution to get it work and if would be great if you cloud add this to the standard for release with 2.8: https://eblocker.org/community/bugs-features/issues-with-mega-nz/#post-4342
Thanks very much 👍
As discussed my trusted domains. If in your opinion pages have been released that do not make sense to be released please give me feedback
Also otherwise I ask gladly for feedback:
Websites:
addons.cdn.mozilla.net
addons.mozilla.org
amazon.co.uk
amazon.com
amazon.de
auth.docker.io
registry-1.docker.io
cdn.jsdelivr.net
cdnjs.cloudflare.com
cdn.livechatinc.com
download.mozilla.org
de.aliexpress.com
assets.alicdn.com
dl.teamviewer.com
download.anydesk.com
drive.google.com
github.com
hcaptcha.com
invidious.namazso.eu
maps.google.de
norden.social
objects.githubusercontent.com
sourceforge.net
VOD / Streaming:
amazonvideo.com
static-cdn.jtvnw.net
static.twitchcdn.net
Discord:
discord.com
discord.gg
discord.net
discordapp.com
rotterdam3249.discord.media
rotterdam3850.discord.media
rotterdam4334.discord.media
rotterdam4779.discord.media
images-ext-1.discordapp.net
images-ext-2.discordapp.net
media.discordapp.net
Banking:
Atruvia.de (ehemals Fiducia / GAD)
Matrix (Chat):
synod.im
web.synod.im
Manjaro Paket Quellen + AUR Paket Quellen:
aur.archlinux.org
download.eclipse.org
registry.npmjs.org
registry.yarnpkg.com
repo.manjaro.org
ftp.gwdg.de
ftp.halifax.rwth-aachen.de
ftp.desolve.ru
buchen.github.io
manjaro.moson.eu
manjaro.moson.org
mirror.23m.com
mirror.alpix.eu
mirror.moson.org
mirror.netcologne.de
repo.maven.apache.org
BigBlueButton:
conf.ccc-ffm.de
meeting4.franken.de/b
serv009.bbb.zih.tu-dresden.de
bbb.cyber4edu.org/b
Jitsi:
meet.ffmuc.net
Could you add an exception for the "Epic Games Launcher"? Don''t know the URL
And for the banking App "Money Money" for Mac? It checks a lot of banking sites, that should be already allowed, but it still has a problem with the eblocker SSL-certificate.
Could you add an exception for the "Epic Games Launcher"?
There is an Epic Trusted App already integrated since a couple of month (as discussed above https://eblocker.org/community/main-forum/trusted-apps-community-user-recommendations/#post-4324 ). Just enable it.
And for the banking App "Money Money" for Mac?
You are invited to record the needed domains for „Money Money“ and share results here. It‘s not overly complicated. 👍
Otherwise you need to wait until another mac user using the same app and an eBlocker, who does it for you - which is not very likely, I fear. I‘m on Windows - for instance.
THX!
Could you add an exception for the "Epic Games Launcher"?
There is an Epic Trusted App already integrated since a couple of month (as discussed above https://eblocker.org/community/main-forum/trusted-apps-community-user-recommendations/#post-4324 ). Just enable it.
And for the banking App "Money Money" for Mac?
You are invited to record the needed domains for „Money Money“ and share results here. It‘s not overly complicated. 👍
Otherwise you need to wait until another mac user using the same app and an eBlocker, who does it for you - which is not very likely, I fear. I‘m on Windows - for instance.
THX!
The Epic App is enabled, and I can start the Epic Games Launcher, but its impossible to buy a game. With eblocker paused it works. (There ist a "Loading" text on the "buy" button, which stays forever).
I can start the Epic Games Launcher, but its impossible to buy a game
I can’t reproduce this. I just bought a game via epic launcher on win 10, with the epic Trusted App enabled: no problem.
@hellb Please open a new thread (this thread is to collect user defined Trusted Apps) and provide all infos requested in the README, so we can drill down on your particular case.
THX!
For discord : (Added more when i got disconnected again)