Jump to content

False positive - s.ndemiccreations.com


Recommended Posts


you blocked s.ndemiccreations.com completely but:
- it is used for downloading user-created scenarios for Plague Inc. 
- it is also used for sharing social messages like this one for both Plague Inc. and Rebel Inc. twitter.com/Rousi001/status/1077191942830645248 (people are then blocked by uMatrix before redirecting to game page)
- we also use it for tracking anonymous events generated in the actual game (game only - we don't track anything from websites) this is things like game started, how long it has been running, what disease or operation name users used

we are NOT using it for:
- tracking personal data or visited websites (what Facebook button is doing)
- serving ads
- doing anything harmful

I wouldn't really care but I don't like that clicking on that twitter share gets blocked by default uMatrix installation. I can make a new subdomain for that would unnecessary complicate things.
Is there any specific reason why this got blocked?

Link to post
Share on other sites

  • 2 weeks later...

Actually I made a mistake while trying to explain it quickly.

This part is implemented mostly in t.ndemiccreations.com: "- we also use it for tracking anonymous events generated in the actual game (game only - we don't track anything from websites) this is things like game started, how long it has been running, what disease or operation name users used"
You can verify this with MITM proxy as we are not using certificate pinning unlike many corporation nowadays if you don''t believe.
Blocking s.ndemiccreations.com will make Custom Scenarios online functionality in the game, Scenario Creator and user accounts non-functional if they block it on OS-level like /etc/hosts / DNS or VPN (not sure how often they do that though) on the platform they play the game. And blocking it makes the shared social share links blocked by uMatrix as your list is default there. By blocking it, you limit a little bit of tracking (that the app was launched, random but constant userID, random identifier of running session, user language, device type and device version). This is not used for stats but to determine for example in which language to display a startup popup message or whether to display it at all. For example we used it to urge people to update if there was a critical bug in a version they've just started.
Blocking t.ndemiccreations.com won't break any game functionality but it will stop sending various game events - every actual game start, user-entered disease name, gene selection, disease type, game win, loss, duration and other game-related events used for aggregated stats and as an input for improving game (we have enough of that data anyway so we don't really need to have this data from everyone).
It is probably not really a big deal and I was not asked/discussed it by anyone else from Ndemic to resolve this but as an active uMatrix user I noticed it and people often don't want to change defaults. I am tired, spent enough time by explaining this already so I let you decide. I think it is unfair and t.ndemiccreations.com should be blocked instead but if sending language, device type and OS version is too much info you won't accept by your list rules then fine, we can always tell people to disable all blocking software first after reporting that "Custom Scenarios doesn't work". Or I can make a different (sub)-domain just for social share links but it's quite annoying because API for social share and all game clients would need to be updated and that's probably not worth the effort as I have more important work to do.
But I can still understand that you may want to achieve 100% no-data-tracking-and-sending domain list. But in that case, I have a bad news for you - more and more companies are using cert pinning and TLS or different protocols like encrypted RPC in their apps and it will be more and more difficult to separate "bad" domains from "good" domains for domains used by apps. Talking about apps primarily as webs are limited mostly to HTTP or Websocket which are both easily inspectable in the browser.
It's a pity I don't know which API and why made it to the list but s.ndemiccreations.com it is rarely used on the web (__only__ for social share links and similar share links with redirection to our homepage or game page). For example this one s.ndemiccreations.com/plague/i/4a59adc556658f2e which records +1 infection count for user 4a59adc556658f2e who shared this as a social share. It is less "risky" than a random link redirector or shortener including famous goo.gl.


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.