All geek questions in one place

Vimeo Iframe Injection Adware?

I have a uBlock source installed (mostly adBlock) and started to notice some strange requests blocked on my console:

enter image description here

I checked what “scorecardresearch” is and it turns out to be its less reliable source of adware / possibly malware.

Since I received individual incidents on my website, I have entered Vimeo video clips in my source code and noticed that it was requested (I confirmed this by deleting them all and stopped requests).

Unfortunately, this is an important part of our site. Does anyone know why / how Vimeo iframe is causing this problem?

+5
source share
2 answers

scorecardresearch.com is a tracking service.

The reason this is related to malware is because it belongs to comScore, which also use MarketScore spyware (aka Netsetter, relevant knowledge, PremierOpinion, PermissionResearch, MySHCCommunity). MarketScore used to covertly ship with third-party apps, such as file-sharing apps, which made them undesirable and usually malicious.

This tracking site is widely distributed on major sites and in itself has not seen the spread of malware. Vimeo is unlikely to recognize or take care of comScore in unsolicited commercial software. (Let's face it, most of the major players in online advertising have pretty shady things in their past.)

As a rule, if you want to have a video on your site, but do not want a third party to track your users on different sites, you need to post the video yourself.

+3
source

Even if your initial question asks: “Is this happening? Why / how is this happening?”, I take the liberty of answering the following question, namely:

How can this be avoided?

If your site code displays Vimeo iframes for playing videos, you can tell Vimeo not to use tracking beacons or cookies by adding &dnt=1 to the iframe URL. Unfortunately, this is not possible with the Vimeo.Player constructors, so you need to create an iframe manually - either in HTML or in JavaScript.

 /* This will not work: */ let player = new Vimeo.Player('player_div_id', { id : '1234567', dnt : true }); /* Instead, create the iframe yourself: */ let iframe = document.createElement('iframe'); iframe.setAttribute('src', 'https://player.vimeo.com/video/1234567?dnt=1'); iframe.setAttribute('frameborder', '0'); // set other attributes... parent_element.appendChild(iframe); let player = new Vimeo.Player(iframe); /* Or have the iframe in the server-generated HTML and just: */ let iframe = document.getElementById('playerframe'); iframe.setAttribute('src', 'https://player.vimeo.com/video/1234567?dnt=1'); let player = new Vimeo.Player(iframe);

If you embed the Vimeo content that you yourself created, this probably reduces the usefulness of the video statistics, but at least you will not expose your users to third-party tracking!

0
source

Source: https://habr.com/ru/post/1234714/

More articles:


All Articles