New Art of Trackers in the wild - via CNAME-Cloaking

The fight against privacy goes into the next round.

We have  just found the following information regarding a new development in tracker detection that ties in really well with our current releases of the Privacy Cookbook.

A new webext API `dns` is available on Firefox 60+ only.

The new API enables the 'uncloaking' of the real hostname being used in network requests.

Four advanced settings have been created to control the uncloaking of actual hostnames:

cnameAliasList: a space-separated list of hostnames.
Default value: unset => empty list.
Special value: * => all hostnames.
A space-separated list of hostnames => this tells uBO
to "uncloak" the hostnames in the list will.

cnameIgnoreList: a space-separated list of hostnames.
Default value: unset => empty list.
Special value: * => all hostnames.
A space-separated list of hostnames => this tells uBO
to NOT re-run the network request through uBO's
filtering engine with the CNAME hostname. This is
useful to exclude commonly used actual hostnames
from being re-run through uBO's filtering engine, so
as to avoid pointless overhead.

cnameIgnore1stParty: boolean.
Default value: true.
Whether uBO should ignore to re-run a network request through the filtering engine when the CNAME hostname is 1st-party to the alias hostname.

cnameMaxTTL: number of minutes.
Default value: 120.
This tells uBO to clear its CNAME cache after the specified time. For efficiency purpose, uBO will cache alias=>CNAME associations for reuse so as to reduce call to `browser.dns.resolve`. All the associations will be cleared after the specified time to ensure the map does not grow too large and too ensure uBO uses up to date CNAME information.

This facility is disabled by default at present but these instructions will allow advanced users to make immediate use of it.

With NextDNS you are protected but with the information and API from this article you're moving it up a level.

Base information derived from uBO's github post plus the following article:

https://medium.com/nextdns/cname-cloaking-the-dangerous-disguise-of-third-party-trackers-195205dc522a

............posted in the interests of the privacy loving public at large!