Vimeo iframe注入广告软件?
[英]Vimeo Iframe injecting adware?
问题描述
I have uBlock origin installed (basically adBlock) and started noticing some weird requests blocked on my console: 
我安装了uBlock原因(基本上是adBlock),并开始注意到我的控制台上阻止了一些奇怪的请求:
I checked up on what "scorecardresearch" was and turns out its a less than trustworthy source of adware/possibly malware. 我检查了什么是“scorecardresearch”,结果证明它不是一个值得信赖的广告软件/恶意软件来源。
Since I was getting isolated incidents on my website, I dove into my source code and noticed that it was being requested by the Vimeo video iframes (I confirmed this by removing them all and the requests stopped). 由于我在我的网站上收到了孤立的事件,因此我深入研究了我的源代码并注意到它是由Vimeo视频iframe请求的(我通过删除所有这些并且请求已停止确认了这一点)。
Unfortunately, these are an important part of our website. 不幸的是,这些是我们网站的重要组成部分。 Does anyone know why/how Vimeo iframes are causing this problem? 有谁知道为什么/如何Vimeo iframe引起这个问题?
2 个解决方案
解决方案1
3 已采纳 2015-10-29 00:00:41
scorecardresearch.com is a tracking service. scorecardresearch.com是一项跟踪服务。
The reason it is associated with malware is because it is owned by comScore, who also operate the MarketScore spyware (aka Netsetter, Relevant Knowledge, PremierOpinion, PermissionResearch, MySHCCommunity). 它与恶意软件相关的原因是因为它由comScore拥有,comScore也运营MarketScore间谍软件(又名Netsetter,相关知识,PremierOpinion,PermissionResearch,MySHCCommunity)。 In the past, MarketScore was stealthily bundled with third-party applications such as file-sharing apps, leading to it being considered unwanted and generally malicious. 过去,MarketScore与第三方应用程序(如文件共享应用程序)密切捆绑在一起,导致其被视为不受欢迎且通常是恶意的。
This particular tracking site is widespread on major sites and has not itself been seen to spread malware. 这个特定的跟踪站点在主要站点上很普遍,并且本身并未传播恶意软件。 Vimeo are unlikely to know or care about comScore's background in unsolicited commercial software. Vimeo不太可能知道或关心comScore在未经请求的商业软件中的背景。 (Let's face it, most of the major players in online advertising have some pretty shady stuff in their pasts.) (让我们面对现实吧,网络广告中的大多数主要参与者在他们的过去都有一些非常阴暗的东西。)
Generally if you want to have video on your site but don't want a third party tracking your users across sites, you'll have to host the video yourself. 通常,如果您希望在您的网站上拥有视频,但又不希望第三方在网站上跟踪您的用户,则您必须自己托管视频。
解决方案2
0 2017-05-24 11:46:44
Even though your original question only asks "Does this happen? Why/how does it happen?", I am taking the liberty of answering a follow-up question, namely: 即使你原来的问题只是问“这会发生吗?为什么/如何发生?”,我冒昧地回答了一个后续问题,即:
How can this be avoided? 如何避免这种情况?
If the code for your site renders Vimeo iframes for playing video, you can tell Vimeo to not use tracking beacons or cookies, by adding &dnt=1 to the iframe url. 如果您网站的代码呈现用于播放视频的Vimeo iframe,则可以通过向iframe网址添加&dnt=1来告知Vimeo不使用跟踪信标或Cookie。 Unfortunately, this is not possible using the Vimeo.Player constructor options, so you have to create the iframe manually – either in HTML or in JavaScript. 不幸的是,使用Vimeo.Player构造函数选项是不可能的,因此您必须手动创建iframe - 无论是HTML还是JavaScript。
/* This will not work: */
let player = new Vimeo.Player('player_div_id', {
id : '1234567',
dnt : true
});
/* Instead, create the iframe yourself: */
let iframe = document.createElement('iframe');
iframe.setAttribute('src', 'https://player.vimeo.com/video/1234567?dnt=1');
iframe.setAttribute('frameborder', '0');
// set other attributes...
parent_element.appendChild(iframe);
let player = new Vimeo.Player(iframe);
/* Or have the iframe in the server-generated HTML and just: */
let iframe = document.getElementById('playerframe');
iframe.setAttribute('src', 'https://player.vimeo.com/video/1234567?dnt=1');
let player = new Vimeo.Player(iframe);
If you are embedding Vimeo content that you have created yourself, this probably reduces the usefulness of the video statistics, but at least you will not expose your users to third-party tracking! 如果您要嵌入自己创建的Vimeo内容,这可能会降低视频统计信息的实用性,但至少您不会将用户暴露给第三方跟踪!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.