Please check out the English help page (or the German Hilfe) first before posting.

Notifications
Clear all

[Sticky] Trusted Apps - Community / User recommendations  

  RSS

Eminent Member
Joined: 6 Monaten ago
Posts: 23
24/05/2020 8:53 am  

Hi all,

due to another discussion I start this thread in order to collect some user recommendation how to treat certain apps and what working definitions are. Please add your findings here.

At the moment I plan to update the second posting from time to time, in order to keep a certain structure / overview.

Please be my guest to comment / discuss / amend. As I am located in Vienna there are some Austrian apps as well 🙂

Best regards 

w.

P.S. Planned structure per app:

Appname: APPNAME

Current recommendation: EXCEPTION / MOBILE BROWSER

Description:

Domains / IPs (in case of EXCEPTION): 


Benne and Random liked
Quote
Eminent Member
Joined: 6 Monaten ago
Posts: 23
24/05/2020 8:57 am  

 

AppnameRecommendationDescriptionDomains / IPs
AmazonMobile Browser****Amazon Shopping App-
Der SpiegelMobile Browser*App of newssite spiegel.de-
Der StandardMobile Browser**App of DerStandard, Austrian Newspaper-
BlueCodeExceptionPayment app
app.bluecode.com
arc-assets.bluecode.com
mandat.bluecode.com
sdd-api.bluecode.com
sdk-api.bluecode.com
vas-api.bluecode.com
Ecovacs HomeExceptionApp for home vacuum robots
gl-at-api.ecovacs.com
gl-at-openapi.ecovacs.com
gl-us-pub.ecovacs.com
portal-ww.ecouser.net
portal.ecouser.net
FreeNow / MyTaxiExceptionTaxi App
api.live.free-now.com
api.mytaxi.com
HandysignaturExceptionApp for digital signatures and identification (Austria)
api.a-trust.at
HandyparkenExceptionApp for digital parking ticketing (Austria)
api.parkbob.com
asmp.a1.net
LandroidExceptionControl app for mowing robot
api.worxlandroid.com
OneDriveExceptionLogin for OneDrive / Microsoft
logincdn.msauth.net
ProtonMailExceptionProtonMail app
api.protonmail.ch
ShareNowExceptionCarsharing app
app-gateway.pricing.carsharedev.io
app.prod.share-now.com
driver.eu.share-now.com
pmm.car2go.com
www.car2go.com
www.share-now.com
ShpockException***Secondhand trading app
api.shpock.com
m1.secondhandapp.at
shubi.shpock.com
SoundTouchExceptionBose Soundtouch App
content.api.bose.io
streaming.bose.com
streamingoauth.bose.com
worldwide.bose.com
UberExceptionTaxi app
cn-dc1.uber.com
cn-geo1.uber.com

 

 

Remarks:

*: even with enabling most of the catched domains of spiegel.de, some figures are not working - even more videos and podcasts are blocked. The mobile site of spiegel.de works almost flawless.

**: works flawless with mobile browser, podcast, videos not working in app 

***: mobile / desktop website barely working

****: even with the predefined exception the Amazon app throws a lot of errors. Without enabling certain domains like "adsystem*amazon" some sites are not accessible inside the app for me - therefore I switched to the mobile site.


jens123 and Benne liked
ReplyQuote
Member
Joined: 12 Monaten ago
Posts: 598
24/05/2020 10:07 am  

@webwude Great work! THX very much for sharing!

I just wonder about the format to share and collaborate on this on the long term. eBlocker exports some JSON if I remember right but it might be to complicated to manually strip out and share just the apps. Hm. We‘ll discuss in the core team...

Anyhow, here are some of mine:

iOS booking.com: iphone-xml.booking.com, secure-iphone-xml.booking.com

iOS eBay (additional to existing trusted app): ebay.com, ir.ebaystatic.com, p.ebaystatic.com

iOS Lufthansa: app.lufthansa.com, www.lufthansa.com

iOS tripadvisor: api.tripadvisor.com, media-cdn.tripadvisor.com, osrm.maps.me, passport.maps.me, static.tacdn.com

No guarantee that everything still works. This is from early eBlocker days. Today I seriously changed my habits to not use apps, unless they are fully local and completely avoid online services if possible (like maps.me instead of googlemaps... etc.).


ReplyQuote
Eminent Member
Joined: 6 Monaten ago
Posts: 23
24/05/2020 10:21 am  

If there would be any sort of import / export feature, this would be very convenient. If there would be a definition one could write a wrapper 😉

I guess for now a table is sufficient. It depends on the team how to proceed. 

But again: some crosscheck of the URLs with some blocking lists would be fine. I will explain by example later today.

Best regards 

w


Random liked
ReplyQuote
Member
Joined: 8 Monaten ago
Posts: 45
24/05/2020 7:45 pm  
Posted by: @webwude

If there would be any sort of import / export feature, this would be very convenient. If there would be a definition one could write a wrapper 😉

Settings -> System -> Reset -> Save Settings will give you a file named eblocker-config.eblcfg, which is actually a ZIP file. Inside the zip, the file eblocker-config/appModules.json contains your app definitions.

Best regards,

Martin


Random liked
ReplyQuote
Eminent Member
Joined: 6 Monaten ago
Posts: 23
25/05/2020 3:36 pm  

Here is an example of a website with various trackers / ads (derstandard.at)

If I now define a trusted app (first www.derstandard.at) it will still not work (blank site inside the app). Manual recording shows me additional domains, e.g one domain (app.derstandard.at) which is defined as tracker - is this information is shown before granting, this would be very useful. 

 

ReplyQuote
Member
Joined: 12 Monaten ago
Posts: 598
25/05/2020 4:50 pm  
Posted by: @webwude

Manual recording shows me additional domains

Are you talking about https recording feature or about the screenshots you've posted (showing some trackers)?

With the screenshots taken you need to watch out, that the shown domains are not necessarily tracking domains. It only says that there were trackers blocked from those domains, but that could have been a specific URL that matched.

So if a match to gooddomain.com/badtracker.php is found that domain "gooddomain.com" will show up as "blocked tracker" in the controlbar even if just one URL gooddomain/badtracker.php is a tracker. This will be the case for all domains using "badtracker.php" - even if the domains are not blacklisted at all.

Issues with apps usually result from certificate pinning (as discussed earlier). And these domains will be shown under https connection failures if recording is on. So I'd take this as source rather than the lists in the controlbar.

At the end the decision and question to ask is yours: "Do I really need the app and am I willing to sacrifice privacy (by chance) for it". Or better "Is my need for convenience with service XYZ stronger than my need for privacy".

If you go for convenience, just add all domains you'll see in the https recording. Otherwise: Step away from the app and enjoy the website in privacy 😉 Or: Take enough time and research if the domain in question is a tracker you can live with or better without...


ReplyQuote
Famed Member
Joined: 11 Monaten ago
Posts: 373
15/07/2020 3:22 pm  

@all eBlocker users: if you have defined custom Trusted Apps, now it's the time to share them here.

@valentin will take all apps from this forum thread and translate them into a technical format to make them available for all users. Thanks very much for your help @valentin

Thanks to everyone for sharing!!


ReplyQuote
Member
Joined: 8 Monaten ago
Posts: 45
17/07/2020 8:52 am  

@valentin: thanks for taking care of this!

I've attached a set of definitions which could be enabled by default and another set that could be enabled on demand.

Best regards,

Martin 


Random liked
ReplyQuote
Member
Joined: 11 Monaten ago
Posts: 26
25/07/2020 9:41 am  

@mainzelM Thanks a lot for your contribution. I will add the entries.

I'm just wondering about two things:

1) I created a pull request with my last changes but nothing seems to happen with it since 7 days. Did I forget something?

2) The list for trusted apps is already quite big and I expect that it will grow further. Would it be possible to divide the definitions into several json files? I would also suggest more structure (like categories) in the user interface.

Best regards,

Valentin


ReplyQuote
Famed Member
Joined: 11 Monaten ago
Posts: 373
25/07/2020 10:55 am  

@valentin add 1) You need to ping @bpr and he'll commit the change. Sorry, for not mentioning this 😊 

add 2) Thanks to @mainzelM we are working on a mechanism to automatically add SSL errors to a specific "trusted app". This will hopefully avoid the need for static trusted app list in future. 

So we might want to focus on finishing this feature for an alpha release first. Then we can decide whether we still want to maintain pre-defined apps and put more menpower into structure, files etc.

Personally, I'd rather like to eliminate the trusted apps and make it more simple for the less tech savvy users. Of course power users should keep full control over what's going on. @mainzelM will briefly introduce the concept in Tuesday's meeting, I guess


ReplyQuote
Member
Joined: 12 Monaten ago
Posts: 64
27/07/2020 9:59 am  

@valentin

Thank your for your PR! I have merged it now.

I was not aware that I had to enable "Watch" manually on all of eBlocker's GitHub repositories. From now on I should be notified of new PRs automatically.

 


Random liked
ReplyQuote
Member
Joined: 11 Monaten ago
Posts: 224
17/08/2020 10:04 pm  

I am also starting my list in here 🙂

Just a quick one for now

Bethesda Game Launcher Client

  • api.bethesda.net
  • bethesda.net
  • buildinfo.cdp.bethesda.net
  • cdn.contentful.com
  • store.bethesda.net

SkyGo App

  • agg.oogway.sky.com
  • analytics.faw.sky.com
  • awk.epgsky.com
  • config.ott.sky.com
  • desktop.client.ott.sky.com
  • init.sky.com
  • p.sky.comsentry.prd.ottcds.com

SkyApp has already an entry, but does not work on pc.. Trying to gather all information

Regards Sven


ReplyQuote
Member
Joined: 11 Monaten ago
Posts: 26
10/09/2020 9:15 pm  

Just returned from vacancy days this week, I created the pull request for all the new trusted apps. Will be in next released version.

Regards, Valentin


Benne liked
ReplyQuote
Active Member
Joined: 2 Monaten ago
Posts: 12
05/10/2020 11:49 am  

 Hello

Since ist have installed eblocker i can't use the paypal App and DisneyplusApp on my Android Cellphone. Please help. Thank in advance. 

 

Edit:  typo


ReplyQuote
Member
Joined: 12 Monaten ago
Posts: 598
05/10/2020 12:08 pm  

@jens123 Just enable paypal as "trusted": settings>https>trusted apps> "type paypal" and enable.

For disney+ there is no trusted app yet. Please follow the instructions how to record and add a trusted app individually (under https>"Manual Recording" ). You might want to share your results here so we can add it as default app in future.

THX!


ReplyQuote
Active Member
Joined: 2 Monaten ago
Posts: 12
06/10/2020 5:58 pm  

@random Here we go....

Add the following urls to "trusted apps " and it works...

disney.my.sentry.io
appconfigs.disney-plus.net
bam-sdk-configs.bamgrid.com
global.edge.bamgrid.com
prod-ripcut-delivery.disney-plus.net
sdk.iad-03.braze.com
search-api-disney.svcs.dssott.com
 
For amazon prime video add
 
aax-eu.amazon-adsystem.com
amazon.de
api.eu-west-1.aiv-delivery.net
mads.amazon-adsystem.com
settings.crashlytics.com
static.siege-amazon.com

ReplyQuote
Member
Joined: 12 Monaten ago
Posts: 598
06/10/2020 6:54 pm  

@jens123 Perfect, thanks very much.

Regarding the shared domains I would not add the following domains as they are known tracking domains and probably not necessary to make the apps work:

aax-eu.amazon-adsystem.com
mads.amazon-adsystem.com
settings.crashlytics.com
 
I'm also not sure about:
static.siege-amazon.com
global.edge.bamgrid.com
sdk.iad-03.braze.com
disney.my.sentry.io
 
You might want to try removing those to see if the apps still work. Usually not all recorded domains should be added as trusted app, as you might add trackers by chance. So "less is more" 😉 
 
As an example, I would recommend to start anew and add only those that are clearly from Disney (not third parties) domain by domain - until it works. Otherwise you might be opening doors for others... harming your privacy...
 
Last: there is an amazon trusted app pre-defined and amazon video is working for me with just the standard app. I fear the above mentioned domains for amazon might not be necessary at all if you've enabled the pre-defined app. Have you tried this?
 
If you have a revised list, please repost 😎 
 
THX!
 

ReplyQuote
Active Member
Joined: 2 Monaten ago
Posts: 12
06/10/2020 7:16 pm  
Posted by: @random

@jens123 Perfect, thanks very much. I assume everything is working OK now?

Regarding the shared domains I would not add the following domains as they are known tracking domains and probably not necessary to make the apps work:

aax-eu.amazon-adsystem.com
mads.amazon-adsystem.com
settings.crashlytics.com
 
I'm also not sure about:
static.siege-amazon.com
global.edge.bamgrid.com
sdk.iad-03.braze.com
disney.my.sentry.io
 
You might want to try removing those to see if the apps still work. Usually not all recorded domains should be added as trusted app, as you might add trackers by chance. So "less is more".
 
As a good example, I would recommend to start anew and add only those that are clearly from Disney (not third parties).
 
Last: there is an amazon trusted app pre-defined and amazon video is working for me with just the standard app. I fear the above mentioned domains for amazon might not be necessary at all if you've enabled the pre-defined app. Have you tried this?
 
If you have a revised list, please repost 😎 
 
THX!
 

Thanks for your response. I will try the pre-defined trusted app settings for amazon and try 

if the app still work.

I have a problem when I want delete the false urls in my amazon app settings.  I select the urls you mentioned above and when I save the settings, there are only two urls left...


ReplyQuote
Member
Joined: 12 Monaten ago
Posts: 598
06/10/2020 7:43 pm  
Posted by: @jens123

I select the urls you mentioned above and when I save the settings, there are only two urls left...

I'm not sure what you mean. Might be a bug. Could you please share a screenshot to make this more clear?

In any case: I would recommend to delete all the newly defined apps and start all over. There is usually no need to SAVE an app initially but leave the switch "Apply rules temporarily" on. Then all changes to the recorded domains are instantly applied. So you can switch on the domains "one by one" until the app works - and then save changes to an app if you are sure that's the minimum set of domains necessary. 

Sorry for the long explanation, but this feature was never meant to be released to the public. It's rather an internal tool to define trusted apps. We've made it public as today there is no employee sitting on the task to define trusted apps anymore. But we are still looking for volunteers taking over this task in future again... 😊 


ReplyQuote
Active Member
Joined: 2 Monaten ago
Posts: 12
06/10/2020 7:55 pm  
Posted by: @random
Posted by: @jens123

I select the urls you mentioned above and when I save the settings, there are only two urls left...

I'm not sure what you mean. Might be a bug. Could you please share a screenshot to make this more clear?

In any case: I would recommend to delete all the newly defined apps and start all over. There is usually no need to SAVE an app initially but leave the switch "Apply rules temporarily" on. Then all changes to the recorded domains are instantly applied. So you can switch on the domains "one by one" until the app works - and then save changes to an app if you are sure that's the minimum set of domains necessary. 

Sorry for the long explanation, but this feature was never meant to be released to the public. It's rather an internal tool to define trusted apps. We've made it public as today there is no employee sitting on the task to define trusted apps anymore. But we are still looking for volunteers taking over this task in future again... 😊 

I tried the pre-defind settings for amazon and the app still work.

 

For disney plus i have to save the following urls

 
appconfigs.disney-plus.net
 
bam-sdk-configs.bamgrid.com
 
cws.conviva.com
 
global.edge.bamgrid.com
 
sanalytics.disneyplus.com
 
search-api-disney.svcs.dssott.com
 
Or the app dont start the movie.
 
 
To understand your long explanation i had to translate it to german. I dont understand exactly what your re talking about.
 
 

ReplyQuote
Active Member
Joined: 2 Monaten ago
Posts: 12
06/10/2020 8:21 pm  

@random

Now I have understood what you wanted to explain to me with your detailed instructions.

I will try again to explain to you what is not working properly with me.

If I stop the manual monitoring and delete the urls that are unnecessary for me, more than the selected ones will be deleted. E.g. I select 4 urls and the message "5 of 4 urls have been deleted" appears.

I will try to take a snapshot on occasion.

Translated with www.DeepL.com/Translator (free version)


ReplyQuote
Famed Member
Joined: 11 Monaten ago
Posts: 373
18/10/2020 12:23 pm  

@valentin There is a new app def for mailbox.org that is needed to login under 2.5.

See https://eblocker.org/community/bugs-features/login-problems-with-latest-updates-of-white-cube/#post-2216

Would be great if you find the time to add it to the standard list for general distribution.

Thanks much!

 


Pio78 liked
ReplyQuote
Active Member
Joined: 8 Monaten ago
Posts: 11
20/10/2020 3:25 pm  
AppnameRecommendationDescriptionDomains / IPs
Exception
appservices.trafineo.com
Deutsche GlasfaserExceptionInternet-Provider für Glasfaser-Anschlüsse, verweist seine Kunden u.a. auf Speedtest by Ookla
deutsche-glasfaser.de
mapi.speedtest.net
speedtest.net
speedtestcustom.com
ExceptionEarth Speakr is an artwork by Olafur Eliassonapi.mapbox.com
ChefkochExceptionChefkoch.de Android App
allrezepte.com
api.chefkoch.de
chefkoch.de
img.chefkoch-cdn.de
 
video.chefkoch-cdn.de
Exceptionleo.org translatorleo.org
DM Drogerie
ExceptionDM Drogerie Android App
assets.dm.de
cdn02.dm-static.com
con.mm.dm.de
login.dm.de
products.dm.de
services.dm.de
store-data-service.services.dmtech.com
Deutsche Post Shop
ExceptionDeutsche Post online shop
shop.deutschepost.de
 
ExceptionLIDL Plus Android app
accounts.lidl.com
appgateway.lidlplus.com
ExceptioneHomeLive smart home app (meross)
iot.meross.com
mqtt-alter.meross.com
mqtt-eu-alter.meross.com
mqtt-eu.meross.com
mqtt.meross.com
 
MercedesMe
ExceptionMercedesMe Android app
40.68.60.81
api.dvb.corpinter.net
ldsso.i.daimler.com
risingstars.daimler.com
services.me.mercedes-benz.com
 
Shell Recharge
ExceptionShellRecharge Android app
api.thenewmotion.com
 
ExceptionNINA Warn Android app
bund.de
itzbund.de
ExceptionBLAU.DE Android app
blau.de
o2online.de
static2-blau.o9.de
 
ErnstingsFamily
ExceptionErnstingsFamily Android app
images.ernstings-family.com
www.ernstings-family.de
 
ExceptionGroupon Android app
groupon.com
groupon.de
grouponcdn.com
 
ExceptionKeeper password manager
keepersecurity.com
keepersecurity.eu
ExceptionLinkedIn
linkedin.com
media.licdn.com
ExceptionZooPlus Android app
dii2.zooplus.de
login.zooplus.de
media.zooplus.com
mediazs.com
shpp.ext.zooplus.io
www.zooplus.de
zooplus.net

 


ReplyQuote
Member
Joined: 11 Monaten ago
Posts: 181
20/10/2020 5:50 pm  

Hi,

thats all 🙂 

*.ciscospark.com

*.walkme.com

*.wbx2.com

*.webex.com

in the Trusted Apps included 👍 

 

20.10.2020 some more information

if you an firewall open the following port from internal to the internet:

TCP 5004
TCP 5061

UDP 5004

 

here you can test connectivity 🤩 

https://mediatest.webex.com

result attached

 

regards

PIO78


ReplyQuote
Member
Joined: 11 Monaten ago
Posts: 181
20/10/2020 6:11 pm  

Appname
GotoMeeting

Recommendation
exception

Description
Meeting/Webconference

Domains / IPs
apiglobal.gotomeeting.com
app.gotomeeting.com
authentication.logmeininc.com
global.gotomeeting.com
global.gotomeeting.com
join.gotomeeting.com
www.gotomeet.me

 

could someone test?

 

regards

PIO78

 


ReplyQuote
Member
Joined: 12 Monaten ago
Posts: 598
20/10/2020 8:53 pm  

@pio78 Strange: I use gotomeeting quite often - as guest/presenter (w/o login) but not as admin/host - without adding any exceptions to eBlocker. 🤔 

Maybe the discussed domains are needed for admins only? Or they are not needed at all?

Anyone with admin access who can test this? 


Pio78 liked
ReplyQuote
Member
Joined: 11 Monaten ago
Posts: 181
21/10/2020 12:51 pm  

@random

Hi, you are right, we don't need it ... 🙂 


Random liked
ReplyQuote
Member
Joined: 11 Monaten ago
Posts: 26
24/10/2020 6:26 pm  
Posted by: @benne

@valentin There is a new app def for mailbox.org that is needed to login under 2.5.

See https://eblocker.org/community/bugs-features/login-problems-with-latest-updates-of-white-cube/#post-2216

Now, after following the further discussion in this forum, I'm not sure if we still have to add this app. Of course, this will be no problem for me. Please give me a short statement. Thks.


Random liked
ReplyQuote
Famed Member
Joined: 11 Monaten ago
Posts: 373
25/10/2020 10:48 am  

@valentin Yes, you are right. My request is outdated - and the issue was none 😉 

Thanks very much!


ReplyQuote
Active Member
Joined: 2 Wochen ago
Posts: 13
19/11/2020 8:20 pm  

I've installed on iOS 14.2 the app Financepilot version 20.19.5. This is an app for using services of German MLP Banking AG. But this app can not establish a connection with the bank when eBlocker is active. HTTPS certificate correctly is installed. If I via browser connect the website financepilot-pe.mlp.de everything works fine. So, what I have to do in order to use Financepilot.app on iPhone when within eBlockers realm?


ReplyQuote
Active Member
Joined: 2 Wochen ago
Posts: 13
19/11/2020 8:26 pm  

What I have to do in order to make CWA on iOS working when within eBlockers realm? Obviously CWA can't connect RKIs server when eBlocker is active.


ReplyQuote
Member
Joined: 12 Monaten ago
Posts: 598
19/11/2020 9:47 pm  

@facebita I‘ve joined your „app not working“ posts to this thread. 

Please read up how to define a trusted apps and once your MLP, CWA and other apps are running well, post results of defines here.

THX!


ReplyQuote
Scroll to Top