Alexei

Sure, you could start by changing the [default action for detected third-party tracking domains](https://github.com/EFForg/privacybadger/blob/4e8290670acd8c2a727e1b07101f52a80db9ded4/src/js/heuristicblocking.js#L204-L205). Then you'd want to look for all the places we check `constants.ALLOW` and possibly update them...

You'd probably want to update `userAction` properties only, which is what gets updated when you adjust sliders in the UI. (The `dnt` property is set when the domain declared itself...

For now, the best way to get on https://www.eff.org/files/effdntlist.txt for domains not on the [Tranco list](https://tranco-list.eu/) (for example, specific subdomains or less popular domains) is to contact us at `dnt-policy`...

I believe this is the relevant Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1267027.

Could you provide an example page where this happens?

Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1267027 Chrome bug: https://bugs.chromium.org/p/chromium/issues/detail?id=749236 uBlock Origin workaround: https://github.com/gorhill/uBlock/issues/2823#issuecomment-366261107 The Chrome bug and the uBlock workaround may both be regarding CSPs blocking request redirection to data URIs (rather than...

Both? Browser bug: extension scripts should not be bound by page CSPs. Privacy Badger bug: can we do something better until browsers fix the problem? (It seems like uBlock did.)

One lives in [fingerprinting.js](https://github.com/EFForg/privacybadger/blob/6c042773f398a5b86bd3e1a7cced16ebae4b1eba/src/js/contentscripts/dnt.js#L18-L36), the other in [dnt.js](https://github.com/EFForg/privacybadger/blob/6c042773f398a5b86bd3e1a7cced16ebae4b1eba/src/js/contentscripts/fingerprinting.js#L21-L300). We have [more content scripts](https://github.com/EFForg/privacybadger/tree/6c042773f398a5b86bd3e1a7cced16ebae4b1eba/src/js/contentscripts) though. You can hash the output of these source-generating functions. For example: ```javascript function getPageScript() { //...

Check out the code I pasted above. You can copy and paste the function that generates the script (`getPageScript()` is one), and execute it (in a JS console, does not...

Cool, yeah, I pasted a hex-encoded hash. If you want a base64 encoded hash in JS, you have to tweak your SHA-256 function to something like the following: ```javascript function...