Paypal 2FA does not work (caused by the NextDNS and ControlD block page)

Question

Paypal 2FA does not work (caused by the NextDNS and ControlD block page)

skariko opened this issue 10 months ago · 13 comments

skariko commented 10 months ago

Which AdBlocker/DNS cloud service do you use?

NextDNS

Other

No response

NextDNS users only

IMPORTANT - I have disabled the block page in NextDNS and confirm that the problem still occurs!

With which block list(s) does the problem occur?

Multi PRO++

Which domain(s) should be unblocked?

*.browser-intake-datadoghq.com
*.qualtrics.com

Why should the domain(s) be unblocked?

The PayPal app on Android will not allow you to enter the 2FA if these two domains are locked. If unlocked, however, everything works correctly.

Answer 1 · 2024-03-13T09:07:02.000Z

@xRuffKez Can you please check under Android whether and which domains exactly lead to this behaviour? Thank you!

I can't reproduce the problem on iOS.

browser-intake-datadoghq.com is widely blocked:

Blocklists:
 - 1Hosts.Lite     BLOCKED
 - 1Hosts.Mini     OK
 - 1Hosts.Pro      BLOCKED
 - AdGuardDNS      BLOCKED
 - AhaDNS          OK
 - CONTROLD.AT     BLOCKED
 - DevDansHosts    BLOCKED
 - EasyList        BLOCKED
 - GoodbyeAds      BLOCKED
 - HaGeZi.LIGHT    BLOCKED
 - HaGeZi.NORMAL   BLOCKED
 - HaGeZi.PRO      BLOCKED
 - HaGeZi.PRO.PLUS BLOCKED
 - HaGeZi.TIF      OK
 - HaGeZi.ULTIMATE BLOCKED
 - hBlock          BLOCKED
 - NextDNS.AT      OK
 - OISD.Big        BLOCKED
 - OISD.Small      BLOCKED
 - QuidsUp.NOTRACK BLOCKED
 - StevenBlack     OK

Blocked Qualtrics domains in Pro++:

*.aptmetrics.qualtrics.com
*.siteintercept.qualtrics.com

PayPal related:

*-paypalxm.siteintercept.qualtrics.com

6zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com
zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com
zn2rjw8v8ecfgyigt-paypalxm.siteintercept.qualtrics.com
zn5jpiwcvswgilgu9-paypalxm.siteintercept.qualtrics.com
zn6x1kz7ll5vk5v5q-paypalxm.siteintercept.qualtrics.com
zn824xgjyopuf0rcx-paypalxm.siteintercept.qualtrics.com

siteintercept.qualtrics.com blocked in:

Blocklists:
 - 1Hosts.Lite     BLOCKED
 - 1Hosts.Mini     OK
 - 1Hosts.Pro      BLOCKED
 - AdGuardDNS      OK
 - AhaDNS          OK
 - CONTROLD.AT     BLOCKED
 - DevDansHosts    BLOCKED
 - EasyList        OK
 - GoodbyeAds      BLOCKED
 - HaGeZi.LIGHT    OK
 - HaGeZi.NORMAL   OK
 - HaGeZi.PRO      OK
 - HaGeZi.PRO.PLUS BLOCKED
 - HaGeZi.TIF      OK
 - HaGeZi.ULTIMATE BLOCKED
 - hBlock          BLOCKED
 - NextDNS.AT      BLOCKED
 - OISD.Big        OK
 - OISD.Small      OK
 - QuidsUp.NOTRACK OK
 - StevenBlack     BLOCKED

Answer 2 · 2024-03-13T13:05:39.000Z

@skariko Can you please test whether it works with unblocking *.siteintercept.qualtrics.com alone.

Please make sure beforehand that the problem occurs without unblocking.

It is important that you clear the DNS cache of the smartphone after unblocking and before the test. To do this switch flight mode on and off.
Even if you have ticked the box, make sure that the block page in NextDNS is not activated.

Answer 3 · 2024-03-13T13:29:11.000Z

@skariko Can you please test whether it works with unblocking *.siteintercept.qualtrics.com alone.

Please make sure beforehand that the problem occurs without unblocking.

It is important that you clear the DNS cache of the smartphone after unblocking and before the test. To do this switch flight mode on and off. Even if you have ticked the box, make sure that the block page in NextDNS is not activated.

I just checked again and I was looking in the wrong profile, actually in this profile NextDNS "block page" is enabled, sorry.
By removing the flag it works even without unlocking those domains it works even without unlocking anything.

If it is of interest though, I tried it with the flag "block page" enabled and putting only *.siteintercept.qualtrics.com in the allowlist seems to work.

Answer 4 · 2024-03-13T13:32:20.000Z

And once again caused by the NextDNS block page. I am tired ...

@yokoffing @rs @romaincointepas

Answer 5 · 2024-03-13T17:00:50.000Z

Would you be able to provide some actual URLs on those domains that causes problem with the blockpage so we can investigate?

Answer 6 · 2024-03-13T17:17:15.000Z

Thanks @rs, of course this case if siteintercept.qualtrics.com is blocked and @yokoffing has also collected some here:
https://github.com/yokoffing/NextDNS-Config#block-page

I also had a case recently, I'll have to see if I can reproduce it again.

Answer 7 · 2024-03-13T18:14:34.000Z

@rs

block fundingchoicesmessages.google.com
activate the block page
go to https://stadt-bremerhaven.de/ in the mobile browser
an AdBlock detection banner is displayed at the bottom of the page
deactivate the block page
delete the DNS cache of the mobile device
call up the page again
The adblock detection banner is no longer displayed and the page can be used normally with the blocked domain fundingchoicesmessages.google.com

Answer 8 · 2024-03-13T21:03:34.000Z

Can you please check under Android whether and which domains exactly lead to this behaviour? Thank you!

Cannot reproduce on several Android Devices.

Answer 9 · 2024-03-13T21:15:51.000Z

Cannot reproduce on several Android Devices.

Thanks, it's the NextDNS block page ...

Answer 10 · 2024-04-09T05:21:55.000Z

The same problems also occur in ControlD if the block response is set to Custom or Branded.

@yokoffing

Answer 11 · 2024-04-15T17:07:31.000Z

What browser is this you're using here?

Answer 12 · 2024-04-15T17:09:27.000Z

DuckDuckGo Private Browser

Answer 13 · 2024-04-30T08:25:56.000Z

FYI:

Furthermore, there is a problem with PayPal 2FA under iOS with Safari if you have activated the extended tracking protection (Settings > Safari > Advanced > Extended Tracking and Identification Protection)