ADBLK-24: Barclays Bank Login Page Hangs

Barclays, unfortunately, have quite a privacy (and arguably, security) hostile login page, as it runs a tracker.

However, it's not currently possible to enter details and login because they've not coded that tracker defensively.

When you hit https://bank.barclays.co.uk/olb/authlogin/loginAppContainer.do#/identification the page will render, but if you try and click into a field to enter details (say, your last name), nothing will happen and keystrokes won't appear to register.

This is because in the background, javascript is repeatedly trying to send events to /ftb/img/clarisite/cls_rpt.gif:

https://bank.barclays.co.uk/ftb/img/clarisite/cls_rpt.gif?v=2&sn=2&p=dc60c4b5-c132-454e-becb-cc1ecd8203d7&sp=%2Fidentification&e=kibg7o9s~22~-~Nm_GET*u_L2F1dGhsb2dpbi9wYXJ0aWFscy9oZWFkZXIuaHRtbD92PTE2MDM3MTIwMDc2ODI%3D*uh_-6yzndd*d_33*s_5k~-~-~~kibg7oa5~22~-~Nm_GET*u_L2F1dGhsb2dpbi9wYXJ0aWFscy9mb290ZXIuaHRtbD92PTE2MDM3MTIwMDc2ODI%3D*uh_-z3wd3z*d_3f*s_5k~-~-~~kibg7p0e~22~-~Nm_GET*u_L2F1dGhsb2dpbi9wYXJ0aWFscy9pZGVudGlmaWNhdGlvbi5odG1sP3Y9MTYwMzcxMjAwNzY4Mg%3D%3D*uh_rtrxke*d_tk*s_5k~-~-~~kibg7pef~27~-~-~co.3_MTV3XzF3~-~~kibg7peh~29~-~N15w_1w~ft.0_0~-~~kibg7pf6~35~-~N1_kibg7nqj*2_0*4_kibg7nqm*5_kibg7nqv*7_kibg7nqv*8_kibg7nr5*10_kibg7nrg*13_kibg7nss*15_kibg7nt7*17_kibg7nvx*19_kibg7o71*20_kibg7o71*21_kibg7o75*nt_0*rc_0*bt_1jr~vn.2_U3RlcCAxOiBZb3VyIGRldGFpbHMgLSBMb2dpbiAtIG15QmFyY2xheXM%3D~-~~kibg7pfk~22~-~Nm_POST*u_L29sYi9hdXRobG9naW4vY29udGVudC9TUlBGb290ZXJDb250ZW50Lmpzb24%3D*uh_p5hej0*d_15l*s_5k~-~-~~kibg7pgk~22~-~Nm_GET*u_L2F1dGhsb2dpbi9wYXJ0aWFscy9lcnJvci1tZXNzYWdlcy1iYWNrZW5kLmh0bWw%2Fdj0xNjAzNzEyMDA3Njgy*uh_-nlyyfw*d_13c*s_5k~-~-~~kibg7po4~22~-~Nm_POST*u_L29sYi9hdXRobG9naW4vY29udGVudC9Mb2dpblN0ZXAxTm9TYXZlZE1lbWJlckRlY291cGxlZC5qc29u*uh_-xsx3eu*d_1au*s_5k~-~-~~kibg7poo~22~-~Nm_POST*u_L29sYi9hdXRobG9naW4vYnJvd3NlckRhdGEuanNvbg%3D%3D*uh_jufh1n*d_1bd*s_5k~-~-~~kibg7pov~34~-~NcGFnZU5hbWU%3D_b25sOmxvZ29uOkxvZ2luTG9naW46U3RlcDFZb3VyRGV0YWlsc0xvZ2luTXlCYXJjbGF5cw%3D%3D~-~-~~kibg7qi9~29~-~N15w_1w~ft.0_0~-&clsjsv=5.6.150B55&pid=dc60c4b5-c132-454e-becb-cc1ecd8203d7

However, this path is blocked in the EasyPrivacy List

The calls are triggered after calls to smetrics.barclays.co.uk like the one below

https://smetrics.barclays.co.uk/b/ss/barukprod/1/H.25.1/s05467886217368?AQB=1&ndh=1&t=5%2F11%2F2020%208%3A42%3A17%206%200&ns=barclaysuk&cdp=3&g=https%3A%2F%2Fbank.barclays.co.uk%2Folb%2Fauthlogin%2FloginAppContainer.do%23%2Fidentification&cc=GBP&c16=%2Folb%2Fauth%2FLoginLink.action&c17=D%3Dc16&pe=lnk_o&pev2=Onl%3AStep1WhoAreYouLogInMyBarclays%3Alogon%3ALogin%3AmembershipNumber&s=1920x1080&c=24&j=1.6&v=N&k=Y&bw=1920&bh=852&p=Chromium%20PDF%20Plugin%3BChromium%20PDF%20Viewer%3B&AQE=1

Blocking this domain in it's entirety resolves the issue.

Based on the path name, and filenames, the underlying "solution" is probably Clarisite Analytics (well, Glassbox now - https://glassboxdigital.com/ ) version 5.6.15.