Sites using subdomains to redirect to third party sites
Posted: Mon May 04, 2015 2:45 pm
There seems to be a growing trend (maybe I just started to notice it) of sites using subdomains to redirect requests on their pages to third party sites. For example, fnbodirect.com uses a subdomain of sanalytics.fnbodirect.com which really is: fnbodirect.com.102.112.2o7.net
So if I allow content from fnbodirect.com but block content from 2o7.net, noscript doesn't know so doesn't block the sanalytics.fnbodirect.com content. I am also assuming that the surrogate function of NS would be bypassed - unless I manually make another source in about:config for a specific resource.
I find this disturbing - it seems like sites are actively trying to fool their users into not knowing they are using 3rd party content, which I find disgusting. Especially when it is done by financial related sites like banks, brokerages, insurance, etc.
Some questions:
1) Is there a specific term for this type of redirect action? I tried to research this topic, but didn't have much luck - either because nobody cares, nobody notices, or because I don't know what to search on!
2) In the past, I would allow all subdomains of a site I trust to be trusted as well. I have stopped doing that, but getting sites I need to use to work is a much bigger task. Obviously, one solution is to simply stop using sites that do this - since if they are trying to fool me this way, why should I trust them at all!
3) I also use ABE to anonymize almost everything that I don't specifically allow or deny, which is probably complicating things. In the example above, ABE anonymizes fnbodirect.com's access to sanalytics.fnbodirect.com - as it should be doing the way I have things set up. I know how to make ABE allow access, but don't want to.
4) Am I being to paranoid? I don't like sites using 3rd party access, since you don't know what they are sharing or tracking, especially to mega companies like adobe (2o7.net, omiture,etc.) and especially google.
So is this a new trend, or is it something I just started noticing? What are other NS users doing about this?
So if I allow content from fnbodirect.com but block content from 2o7.net, noscript doesn't know so doesn't block the sanalytics.fnbodirect.com content. I am also assuming that the surrogate function of NS would be bypassed - unless I manually make another source in about:config for a specific resource.
I find this disturbing - it seems like sites are actively trying to fool their users into not knowing they are using 3rd party content, which I find disgusting. Especially when it is done by financial related sites like banks, brokerages, insurance, etc.
Some questions:
1) Is there a specific term for this type of redirect action? I tried to research this topic, but didn't have much luck - either because nobody cares, nobody notices, or because I don't know what to search on!
2) In the past, I would allow all subdomains of a site I trust to be trusted as well. I have stopped doing that, but getting sites I need to use to work is a much bigger task. Obviously, one solution is to simply stop using sites that do this - since if they are trying to fool me this way, why should I trust them at all!
3) I also use ABE to anonymize almost everything that I don't specifically allow or deny, which is probably complicating things. In the example above, ABE anonymizes fnbodirect.com's access to sanalytics.fnbodirect.com - as it should be doing the way I have things set up. I know how to make ABE allow access, but don't want to.
4) Am I being to paranoid? I don't like sites using 3rd party access, since you don't know what they are sharing or tracking, especially to mega companies like adobe (2o7.net, omiture,etc.) and especially google.
So is this a new trend, or is it something I just started noticing? What are other NS users doing about this?