ADBLK-24: Barclays Bank Login Page Hangs

Issue Information

Issue Type: Bug
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: Adblock Lists (ADBLK)
Resolution: Fixed (2021-05-26 17:36:14)

Created: 2020-12-05 08:54:25
Time Spent Working

Barclays, unfortunately, have quite a privacy (and arguably, security) hostile login page, as it runs a tracker.

However, it's not currently possible to enter details and login because they've not coded that tracker defensively.

When you hit the page will render, but if you try and click into a field to enter details (say, your last name), nothing will happen and keystrokes won't appear to register.

This is because in the background, javascript is repeatedly trying to send events to /ftb/img/clarisite/cls_rpt.gif:*u_L2F1dGhsb2dpbi9wYXJ0aWFscy9oZWFkZXIuaHRtbD92PTE2MDM3MTIwMDc2ODI%3D*uh_-6yzndd*d_33*s_5k~-~-~~kibg7oa5~22~-~Nm_GET*u_L2F1dGhsb2dpbi9wYXJ0aWFscy9mb290ZXIuaHRtbD92PTE2MDM3MTIwMDc2ODI%3D*uh_-z3wd3z*d_3f*s_5k~-~-~~kibg7p0e~22~-~Nm_GET*u_L2F1dGhsb2dpbi9wYXJ0aWFscy9pZGVudGlmaWNhdGlvbi5odG1sP3Y9MTYwMzcxMjAwNzY4Mg%3D%3D*uh_rtrxke*d_tk*s_5k~-~-~~kibg7pef~27~-~-~co.3_MTV3XzF3~-~~kibg7peh~29~-~N15w_1w~ft.0_0~-~~kibg7pf6~35~-~N1_kibg7nqj*2_0*4_kibg7nqm*5_kibg7nqv*7_kibg7nqv*8_kibg7nr5*10_kibg7nrg*13_kibg7nss*15_kibg7nt7*17_kibg7nvx*19_kibg7o71*20_kibg7o71*21_kibg7o75*nt_0*rc_0*bt_1jr~vn.2_U3RlcCAxOiBZb3VyIGRldGFpbHMgLSBMb2dpbiAtIG15QmFyY2xheXM%3D~-~~kibg7pfk~22~-~Nm_POST*u_L29sYi9hdXRobG9naW4vY29udGVudC9TUlBGb290ZXJDb250ZW50Lmpzb24%3D*uh_p5hej0*d_15l*s_5k~-~-~~kibg7pgk~22~-~Nm_GET*u_L2F1dGhsb2dpbi9wYXJ0aWFscy9lcnJvci1tZXNzYWdlcy1iYWNrZW5kLmh0bWw%2Fdj0xNjAzNzEyMDA3Njgy*uh_-nlyyfw*d_13c*s_5k~-~-~~kibg7po4~22~-~Nm_POST*u_L29sYi9hdXRobG9naW4vY29udGVudC9Mb2dpblN0ZXAxTm9TYXZlZE1lbWJlckRlY291cGxlZC5qc29u*uh_-xsx3eu*d_1au*s_5k~-~-~~kibg7poo~22~-~Nm_POST*u_L29sYi9hdXRobG9naW4vYnJvd3NlckRhdGEuanNvbg%3D%3D*uh_jufh1n*d_1bd*s_5k~-~-~~kibg7pov~34~-~NcGFnZU5hbWU%3D_b25sOmxvZ29uOkxvZ2luTG9naW46U3RlcDFZb3VyRGV0YWlsc0xvZ2luTXlCYXJjbGF5cw%3D%3D~-~-~~kibg7qi9~29~-~N15w_1w~ft.0_0~-&clsjsv=5.6.150B55&pid=dc60c4b5-c132-454e-becb-cc1ecd8203d7

However, this path is blocked in the EasyPrivacy List

The calls are triggered after calls to like the one below

Blocking this domain in it's entirety resolves the issue.

Based on the path name, and filenames, the underlying "solution" is probably Clarisite Analytics (well, Glassbox now - ) version 5.6.15.

Toggle State Changes


If you leave the page dormant in a tab for a while, and then go back, the JS gives up and you can enter details.

There's an event that fires, trying to report back to cls_rpt.gif whenever you bring any form element into focus.

Have added a domain block for along with an explicit path block for so that if this comes up again, it'll be easier to refer back to this issue.

With those blocked, the login page functions without issue.

Repo: adblocklists
Commit: 58c07008c4134f94c466a82843bba90737b8be2d
Author: B Tasker <github@<Domain Hidden>>

Date: Sat Dec 05 09:03:48 2020 +0000
Commit Message: ADBLK-24 Block Barclays analytics/metrics domains - it causes login page hangs

Modified (-)(+)

Webhook User-Agent


View Commit

A few months after this, MISC-45 was raised - it's possible that blocking clarisite didn't resolve things here, it was just that on the retry, their blocking behaviour had stopped.

Either way, Barclay's login page seems to be actively security and privacy hostile, there's a lot of reliance on third parties.
btasker changed status from 'Open' to 'Resolved'
btasker added 'Fixed' to resolution
btasker changed status from 'Resolved' to 'Closed'