Skip to content

Instantly share code, notes, and snippets.

@giggio

giggio/block_oauth_tracking.md

Last active November 20, 2025 13:42
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save giggio/7066cfe14a7ecf4f8d7cb8b82c6e9a5f to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save giggio/7066cfe14a7ecf4f8d7cb8b82c6e9a5f to your computer and use it in GitHub Desktop.
Download ZIP
Filters for uBlock origin that block OAuth requests that leak your private information to big techs
Raw
block_oauth_tracking.md

Custom filters to block OAuth third party tracking requests

Important: I don't use OAuth login with Google, Meta, Microsoft etc anywhere. If you do, don't use this.

How to use

  1. Go to uBlock Origin settings
  2. Go to "My filters"
  3. Select "Enable my custom filters"
  4. Paste the contents of ublock-origin-filters.txt on the big text area at the bottom of the page and apply changes
  5. Go to "My rules"
  6. Paste the contents of ublock-origin-rules.txt on the temporary rules on the right, save, then click Commit.

Notices

  1. This works on my machine, but it was developed with the help of an AI. It might break something. Use at your own peril.
  2. This is focused on LibreWolf, which already helps a lot with privacy, blocking third party cookies and isolating tabs. If you are on a less privacy oriented browser you might need to do other things. If you are on Brave, they may not be needed.
Raw
ublock-origin-filters.txt
! ===== BIG TECH TRACKER BLOCKLIST =====
! Google identity (disable account detection; keep embeds)
||accounts.google.com/gsi/$third-party,frame,xhr,script
||accounts.google.com/o/oauth2/$third-party
||ssl.gstatic.com/identity/$third-party
||gstatic.com/identity/$third-party
! Google analytics + ads
||google-analytics.com^
||googletagmanager.com^
||googleadservices.com^
||doubleclick.net^
||g.doubleclick.net^
||pagead2.googlesyndication.com^
||googlesyndication.com^
||ads.google.com^
! Meta identity + pixel (keep embeds)
||facebook.com/dialog/oauth$third-party
||facebook.com/login/status$third-party
||facebook.com/plugins/login_button.php$third-party
||facebook.net/en_US/fbevents.js
||facebook.com/tr$
||connect.facebook.net^
||graph.facebook.com^$third-party
! Microsoft identity
||login.microsoftonline.com/$third-party
||login.live.com/$third-party
||auth.microsoft.com/$third-party
||aadcdn.msauth.net/$third-party
||bat.bing.com^
! Apple identity
||appleid.apple.com/auth$third-party
||appleid.apple.com/signin$third-party
! Amazon identity + ads
||amazon.com/ap/^$third-party
||amazon-adsystem.com^
||aax.amazon-adsystem.com^
! LinkedIn identity + trackers
||linkedin.com/uas/oauth$third-party
||linkedin.com/li/track$third-party
||licdn.com/px/$third-party
||snap.licdn.com^
! Twitter/X identity (keep embeds)
||twitter.com/i/oauth$third-party
! TikTok tracking
||tiktok.com/pixel^
||analytics.tiktok.com^
||log.tiktokv.com^
! Cloudflare tracking
||cloudflareinsights.com^
||cloudflareperf.com^
||static.cloudflareinsights.com^
! Misc trackers (non-destructive)
||hotjar.com^$third-party
||mixpanel.com^
||segment.io^
||amplitude.com^
||nr-data.net^
||clarity.ms^
! Generic federated login (safe for you)
*/openid-connect/*$third-party
*/oauth2/*$third-party
*/saml/*$third-party
! Strip tracking parameters (URL-based)
*$removeparam=gclid
*$removeparam=fbclid
*$removeparam=msclkid
*$removeparam=yclid
*$removeparam=utm_source
*$removeparam=utm_medium
*$removeparam=utm_campaign
*$removeparam=utm_term
*$removeparam=utm_content
*$removeparam=ref_src
*$removeparam=ref_url
*$removeparam=mc_eid
*$removeparam=mc_cid
*$removeparam=_hsenc
*$removeparam=_hsmi
*$removeparam=vero_conv
*$removeparam=vero_id
*$removeparam=oly_anon_id
*$removeparam=oly_enc_id
! ===== END =====
Raw
ublock-origin-rules.txt
no-csp-reports: * true
no-large-media: behind-the-scene false
* * 3p-frame block
* * 3p-script block
* amazon-adsystem.com * block
* doubleclick.net * block
* facebook.com * block
* facebook.net * block
* connect.facebook.net * block
* google.com * block
* googleadservices.com * block
* googlesyndication.com * block
* gstatic.com * block
* licdn.com * block
* linkedin.com * block
* microsoftonline.com * block
* msedge.net * block
* tiktok.com * block
behind-the-scene * * noop
behind-the-scene * 1p-script noop
behind-the-scene * 3p noop
behind-the-scene * 3p-frame noop
behind-the-scene * 3p-script noop
behind-the-scene * image noop
behind-the-scene * inline-script noop
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment