EasyList Forum

Hey, ran into an issue with the vCenter console not loading for me and traced it back to the EasyPrivacy list.

According to the logs, there's an entry for "/clarity-*.js". Unfortunately, this is blocking the link below, and the entire console won't load with this rule active. VMware lists these libraries on their github page so you can see what I'm talking about.
Let me know if you have any questions!

EasyPrivacy is an optional subscription on most Ad Blockers.

Your options are:

A. Disable the filter list.

B. Add an exception rule:C. Ask VMware to use a different file name.

Since the resources are all internal it would be near impossible to add an exception for something like this.

Agreed. Not much can be changed to fix this

I am affected by this as well. I think it's an unnecessarily broad pattern -- are you sure it's not possible to make the pattern more specific to the resource it intends to block? What does it block in the first place?

Clarity isn't just for vCenter, it's an open source UI framework. It's like blocking Bootstrap or UIKit (although far less popular, but only because it's so new).

Easylist is blocking 'clarity-*.js', which is affecting, amongst other things, the VMware vCenter Console.

Clarity is an open source UI framework, and I can't find any history about WHY it was blocked in Easylist.

Searching the archives (clarity+js) provides only people saying that it IS blocked in error, but no history about people asking for it to be blocked. I can only assume that it was added in without realising the collateral damage 8-(

I don't think it's reasonable to expect an entire open source project to change its name

How do we go about getting this removed? (I don't have anything to do with vmware, btw, but I do run uBlock and use a lot of VMware, so this is really REALLY annoying for me.. sigh)

vmware is using the name of a popular java script tracker "Touchclarity".
Seen on;

I've opened a _ticket_ with the actual project, but I do feel it's unreasonable for them to change their project name just because someone has used its name for nefarious reasons.

I feel it sets an unpleasant precedent -- for example, what if someone creates a tracking script called 'jquery'?

If the clarity tracking script is always from pgmcdn.com, couldn't it be filtered when it originates from there?

VMware have given up, and are changing the name of their javascript package.

https://github.com/vmware/clarity/issue ... -299749727

Hi, this is Scott from the VMware Clarity team. A couple of questions...

1) If we were to change the name of our JS packages, what could we change them to that would avoid this issue in the future? Our concern is that we change the name, only to hit this same issue in the future. We can't keep changing the name of production files that applications depend on.

2) Why can't our specific files be whitelisted? I'm actually surprised that there haven't been ad devs that haven't figured out that they can name their files "bootstrap[something]" or "jquery[something]" to bypass this ad blocker. That seems like a low bar to me.

It's also a little silly that they have refused to whitelist our packages. We have three of them...

[mention]smathis[/mention] It's not that EasyList refused to whitelist your package, it's the fact that you can't whitelist something that runs on a local network with 1000s or millions of possibilities. So that leaves a removal as the only option which again is not something EasyList authors want to do. Please read the rest of this thread, I believe I've already given the technological reasons why what you're asking isn't possible.

If you want to change the name of your package I suggest you review the EasyList Github repo: https://github.com/easylist/easylist and make sure your new package would not hit any keywords on the list.

I'm not an EasyList author so I don't pretend to know what they want to do. So far they have chosen not to remove the filter.

smathis wrote: ↑Tue Oct 17, 2017 10:01 pm I'm actually surprised that there haven't been ad devs that haven't figured out that they can name their files "bootstrap[something]" or "jquery[something]" to bypass this ad blocker. That seems like a low bar to me.

Actually that will have the opposite effect which is how we got here in the first place.

Lanik wrote: ↑Tue Oct 17, 2017 11:27 pm

smathis wrote: ↑Tue Oct 17, 2017 10:01 pm I'm actually surprised that there haven't been ad devs that haven't figured out that they can name their files "bootstrap[something]" or "jquery[something]" to bypass this ad blocker. That seems like a low bar to me.

Actually that will have the opposite effect which is how we got here in the first place.

No, that's exactly what has happened. A malicious entity named their adware the same as a legitimate javascript app.

EasyList blocked the adware, and because of that, blocked the legitimate app.

Now, if an ad supplier was to be slightly more annoying, they'd call their file "jquery-1.11.3.js" or something like that. If EasyList did the same thing as they did to VMware, they'd block 'jquery-*.js' and break a significant chunk of the web.

xrobau wrote: ↑Wed Oct 18, 2017 5:00 am No, that's exactly what has happened. A malicious entity named their adware the same as a legitimate javascript app.

I'm almost certain that's what happen otherwise you wouldn't end up on the list.

I submitted a pull request to whitelist the two VMware Clarity JS libraries.

https://github.com/easylist/easylist/pull/683

Given that EasyList is _already_ whitelisting a domain blocked by "clarity-*", I see no harm in this addition. I restricted it to same server as well.