Fathom Tracking Hiding Behind Sub-domain CNAME

[GeQi]

Prerequisites

• This site DOES NOT contains sexually explicit material, otherwise use NSFW-specific form;
• Filters were updated before reproducing an issue;
• AdGuard product version is up-to-date;
• Browser version is up-to-date;
• If the site or app is broken, disabling AdGuard protection resolves an issue.

What product do you use?

Other ad blocker

AdGuard version

NA

What type of problem have you encountered?

Missed analytics or tracker

Which browser(s) do you use?

other(specify in comment below)

Which device do you use?

Desktop

Where is the problem encountered?

usefathom.com and more

What filters do you have enabled?

AdGuard Base filter

What Stealth Mode options do you have enabled?

No response

Add your comment and screenshots

Fathom routes their tracking script through Bunny CDN. The following example shows sites that CNAME their sub-domain to Fathom's Bunny proxies:

site	tracker domain	cname
usefathom.com	quick-esteemed.usefathom.com	now-thrilling.b-cdn.net
www.prefinery.com	glowing-van.prefinery.com	electric-eighten.b-cdn.net
www.steadybit.com	twine.steadybit.com	type-thirtyseven.b-cdn.net
meinsmartplan.de	better-word-wing.meinsmartplan.de	gorgeous-easy.b-cdn.net

Privacy

• I agree to follow this condition

[TPS]

More info @ https://usefathom.com/features/custom-domains.:

Our simple ad-blocker bypassing script is set up with a single DNS record addition (done through your domain registrar). By default, it bypasses ad-blockers by using a unique-to-you sub-domain (unique to every site).

A related discussion elseplace: StevenBlack/hosts#1346

Previous discussion here @ AdguardTeam/cname-trackers#41

Maybe the solution can't be DNS-based? Perhaps https://usefathom.com/docs/script/exclude-visits & https://usefathom.com/docs/script/exclude-pages is useful via content injection?

Also, something in https://github.com/derrickreimer/fathom-client might be useful?

[GeQi]

Maybe the solution can't be DNS-based? Perhaps https://usefathom.com/docs/script/exclude-visits & https://usefathom.com/docs/script/exclude-pages is useful via content injection?

I don't see it elegant to interact with tracking codes at all, and much prefer them blocked all together.
A simple way to do this could just be blocking the sub-domains, they seem not to serve any purpose on these sites otherwise.

A related discussion elseplace: StevenBlack/hosts#1346

That is exactly what I hate to see. I'm not interested in discussing what is a moral tracker and what is a bad one. I have rights to control my hardware and I don't want to connect to them.

[TPS]

Another way needs to be found, b/c the approach of blocking 1000*s of otherwise unrelated subdomains is impractical & easily bypassed. (I.E., all each site has to do is generate another b-cdn subdomain & back to square 1). So, a real solution is badly needed.

[TPS]

Is *.fathomdns.com the authoritative nameserver for all these proxied subdomains? If so, can dynamic blocking be done on that basis?

[GeQi]

Is *.fathomdns.com the authoritative nameserver for all these proxied subdomains? If so, can dynamic blocking be done on that basis?

No. It seems the sub-domains (reasonably) share the same name server with the sites themselves, while the proxies use the name server provided by Bunny.

Another way needs to be found, b/c the approach of blocking 1000*s of otherwise unrelated subdomains is impractical & easily bypassed. (I.E., all each site has to do is generate another b-cdn subdomain & back to square 1). So, a real solution is badly needed.

I always understood blocking as a cat and mouse game. With enough determination nothing can be effectively blocked. I can understand if one hopes to control the size of the block list but in this situation if there isn't a better way (I hope there is,) doing nothing about it will only encourage this sort of tracking. In fact I do see hosting trackers locally on each site becomes more and more popular, and the big boys are on the move.

[github-actions]

This issue has been automatically marked as stale because it has been open for 4 days with no activity.
Unfortunately, our resources are limited and we can not always take the time to respond to requests about websites that are not popular enough. The issue will be closed if no further activity occurs.
Please note, that AdGuard Filters is an open-source project that is used by different content blockers and we welcome contributions. If you have some technical knowledge about how websites work, you are welcome to create a pull request following these instructions.

[TPS]

This issue has been automatically marked as stale because it has been open for 4 days with no activity.

4 days?!

[TPS]

@ameshkov Is https://github.com/ameshkov/circumvention-monitor meant to be useful in cases like this?

[ameshkov]

@TPS nope, not really.

Also, I suppose it'd be better to track this issue in the cname-trackers repo: AdguardTeam/cname-trackers#41