[HN Gopher] The NSA and CIA use ad blockers
___________________________________________________________________
The NSA and CIA use ad blockers
Author : infodocket
Score : 405 points
Date : 2021-09-23 15:57 UTC (7 hours ago)
(HTM) web link (www.vice.com)
(TXT) w3m dump (www.vice.com)
| hcurtiss wrote:
| As a mid-sized US manufacturer that recently went through a
| ransomware scare, we contracted with FireEye for remediation and
| cybersecurity consultation. I was shocked that they recommended
| we install ad-blockers as a corporate policy. I remarked ads are
| sometimes useful and that many local companies rely upon them
| (e.g., the local newspaper). I use an adblocker just to make the
| internet more useable, but I was reluctant to make that a
| corporate policy. I couldn't imagine there was any meaningful
| threat from malware in ads as every company from the Journal to
| the Times to Nordstrom would be screwed without ads. But FireEye
| insisted and we now have adblocking installed with the usual
| image. Wild times. I have to believe this is truly disruptive to
| the internet as we know it. It seems to me the ad providers would
| have a huge incentive to counter this narrative and to make
| damned sure ads are safe. I have no idea why that's not
| happening.
| blacksmith_tb wrote:
| Plenty of organizations run local DNS servers, you'd think it
| wouldn't be a big stretch to start adblocking at that layer
| (though doing it on the client does allow for more fine
| tuning).
| Unklejoe wrote:
| I wonder how much longer DNS based ad blocking is even going
| to work with things moving to DNS over HTTPS.
| heavyset_go wrote:
| I've relied on DNS-based ad blocking for years and, as of
| late, some ads have got through, especially on phones and
| streaming devices.
| cpeterso wrote:
| Organizations can run their own DNS over HTTPS resolvers.
| munchbunny wrote:
| As someone who worked on/with the ad serving stack, I agree
| with FireEye's stance on this one.
|
| The problem is this: ads are basically browser-injection-as-a-
| service, as in injecting code into websites of your choice,
| targeting audiences of your choice. Browsers mitigate this
| problem somewhat by sandboxing cross-site stuff in the webpage,
| and ad networks theoretically scan the payloads for malware
| like miners, but those tests aren't hard to work around. So ads
| can basically run whatever they want within the little aperture
| of an iframe that they get.
|
| If there's a zero-day like the Internet Explorer JPEG renderer
| zero-day (https://www.kb.cert.org/vuls/id/965206), then the ad
| networks are basically broadly targeted zero-day-as-a-service.
|
| Ad blockers aren't a bad first line of defense for this.
| ahzhou wrote:
| I tried turning off my Adblocker in 2012 to better support
| newspapers and whatnot. One of the sites I visit regularly
| immediately loaded something that my antivirus quarantined.
|
| Never looked back.
| charwalker wrote:
| My Grandma has DNS level ad blocking enabled. Why? Because her
| ISP home page (her 20 year strong default as well as login for
| email/etc) used run ads when a page was left open for a while.
| She'd unlock her laptop to find full on porn ads running full
| screen with no way to click away without quitting the browser.
|
| So now she runs ad blockers galore and pihole across all
| devices. So far no porn ads in her email.
|
| And no I did not ask if any of her browsing behavior would lead
| to such ads. She's a tiny old blonde Christian lady that...wait
| also a church donation site gave her porn ads too. Maybe I
| should avoid checking her history.
|
| So yes, do enforce ad blocking on your network, if able. It
| will save a few calls and probably embarrassment as well.
| drdeadringer wrote:
| Wild times?
|
| That's what I call this: reading an advocation FOR ads. Ads
| being great and wonderful instead of -- at best -- a necessary
| evil.
| userbinator wrote:
| _I couldn 't imagine there was any meaningful threat from
| malware in ads as every company from the Journal to the Times
| to Nordstrom would be screwed without ads._
|
| It's almost always not the big sites that have malware in their
| ads, but the shadier parts of the Internet --- which people may
| inevitably need to visit at some point, even deliberately.
|
| I wouldn't be surprised if they started recommending you
| whitelist JS next. That would be _really_ "disruptive to the
| internet as we know it" --- and might actually make things
| better overall, as in returning to static text/image ads and
| pressuring sites that have no business being a SPA to go back
| to static content. Of course, I suspect the huge company whose
| name begins with G would not like that at all and will try its
| hardest to fight against it.
| beerandt wrote:
| I mean, it's always been a bit mind blowing to me that
| companies relied on client-side processing for their business
| models to work.
|
| It seems like server-side, dynamically generated static
| content would have at least been explored more than it
| seemingly has.
|
| I always assumed this was what Google was always trying to
| eventually get to with AMP.
| closeparen wrote:
| The people who control the backend servers have an obvious
| incentive to rip off the ad networks. Clients are more
| trustworthy in this context.
| bdamm wrote:
| Having client installed malware detection would be the step
| after blocking ads. Whitelisting JS would make 90% of the
| contemporary Internet, including essentials like Gmail and
| Office365, unusable.
| krisoft wrote:
| It wouldn't make Gmail and Office365 unusable because they
| would be whitelisted. Nothing on the top-20 list you can
| come up with would be affected because those things you can
| think of from the top of your head would be things IT would
| also think of from the top of their head and whitelist it.
| The long-tail of sites is where the real impact would be in
| my opinion.
| azalemeth wrote:
| I do this -- I use uMatrix and effectively whitelist js.
| The net result is that you realise how a) websites work,
| b) fecking annoying cloudfront and gCaptcha are z and c)
| Facebook is everywhere.
|
| No way in hell I'd recommend this to anyone who isn't
| tech aware though.
| srmatto wrote:
| The ad industry has known about their fraud problem for years,
| at least since 2015--and they did little to nothing about it. I
| don't have much sympathy for them.
| AniseAbyss wrote:
| Honestly I don't care if it's "old fashioned" websites need
| to start taking responsibility for the ads that they run on
| their sites.
|
| Yeah auctioning your ad space in milliseconds is cool and
| maximum profit. I don't care.
| david_shaw wrote:
| If the threat you're seeking to mitigate is malicious ads
| ("malvertisements,") then you could easily pass that burden
| to the ad networks themselves. I think it's extraordinarily
| rare for a website to sell "banner space" instead of just
| throwing in an AdSense snippet or similar.
| dsr_ wrote:
| Yes, if only we could trust advertising networks to work
| in the best interests of their viewers.
| dylan604 wrote:
| why would they? the viewers are not their customers.
| aborsy wrote:
| Curious, what other recommendations they made? I mean
| generally.
| JohnFen wrote:
| > I was shocked that they recommended we install ad-blockers as
| a corporate policy.
|
| It's solid policy. The problem with ads in this regard is
| really that they allow random strangers to run code on your
| machine. That's never a good security practice.
| BLKNSLVR wrote:
| Exactly. I'm actually surprised that it's not standard policy
| to block ads at most companies.
|
| Browsing sites at work is a frequent reminder of why I block
| ads at home.
| dylan604 wrote:
| You'd think they'd have a corporate version of a PiHole as
| well.
| kasey_junk wrote:
| That's true of any JavaScript though right?
| michaelt wrote:
| Imagine I only visit websites like the New York Times.
|
| If an evildoer with a browser 0-day wants to target me,
| without an ad blocker any of a thousand companies can pay a
| few cents to have their javascript served to me. If I run
| an adblocker, there are a lot fewer ways to get their code
| in front of me.
|
| A statistical argument, in other words - that being exposed
| to code from 10 vendors is safer than being exposed to code
| from 1000 vendors.
| JohnFen wrote:
| Yes, it is. Which is a pretty large problem, and is why I
| don't allow JS to execute by default. I do whitelist
| specific things if the need is great enough.
| mikestew wrote:
| Do you supposed it is possibly more true for ads? There's
| "well, technically, yes" and then there's "which is the
| more realistic threat, an ad network or the JavaScript that
| the NYT serves up?"
| ohazi wrote:
| > as every company from the Journal to the Times to Nordstrom
| would be screwed without ads.
|
| The ad industry had the opportunity and the ability to address
| this problem, but (for short-term reasons) they decided not to.
| This is the long-term result. They did this to themselves, and
| now they _deserve_ to suffer the consequences, up to and
| including a fiery death for the industry as a whole.
|
| Nordstrom, etc. don't need to suffer as a result of this, they
| can simply observe the online ad industry and make a decision
| about when to stop using it -- perhaps in favor of something
| new and different, or perhaps not. Print ads still work just
| fine.
|
| The Times, etc. charge for access, are happy to sign you up via
| web form, but then force you to call them if you want to
| cancel. As far as I'm concerned, they shouldn't be running
| online ads at all anymore. If ad blocking becoming prevalent
| hurts them, too fucking bad.
| munk-a wrote:
| Advertising is a gross inefficiency on the economy. To
| achieve market balance you need to make sure consumers are
| aware of your product - back in the day this was rather
| difficult since there was no central repository of all
| knowledge. Now that we've got the internet though... this is
| unnecessary to achieve a healthy level of company growth.
|
| However, if you want to cannibalize an industry's profit
| margins to squeeze in front of your competitors advertising
| in many forms will remain productive. I think we almost need
| a cartel-like system that says "Okay video card manufactures
| - enough with the advertising... nobody impulse buys video
| cards so each sale you gain through advertising is just
| coming from one of the other company's pockets (or your
| own)."
| Isthatablackgsd wrote:
| > The Times, etc. charge for access, are happy to sign you up
| via web form, but then force you to call them if you want to
| cancel.
|
| Check your state and local laws. It is illegal in California.
| If they have the means to provide signing up for service via
| online, they are required to provides the same way for
| cancellation under California law.
|
| Change your address to California and you should see a
| section to cancel your subscription.
| barkingcat wrote:
| Wasn't there some regular company who decided to delete all
| adsense/ad networks from their sites for a quarter and at the
| end of the quarter found no difference in ordering/sales,
| etc.
|
| Online ads is snakeoil
| drevil-v2 wrote:
| It was Uber in it's early days. I recall a blog post from
| their chief marketing officer(?) at the time.
|
| The gist of it was - they accidentally disabled digital
| advertising for a few months and found that disabling it
| had no effect on the metrics they were tracking.
| g_p wrote:
| Even better than this, large sites have found they actually
| made _more_ from non-targeted ads [1]. Same for the NYT -
| revenue continued growing after turning off ad exchanges
| for European visitors [2].
|
| There's also the question around whether the levels of
| fraud mean companies buying targeted ads are ever getting
| what they paid for [3] - Uber cut $120m of $150m ad spend
| without any impact on installs (which is what they were
| trying to drive)
|
| [1] https://www.theregister.com/2020/07/03/stop_tracking_in
| creas...
|
| [2] https://digiday.com/media/gumgumtest-new-york-times-
| gdpr-cut...
|
| [3] https://indica.medium.com/how-uber-discovered-
| that-80-of-its...
| skinkestek wrote:
| > Wasn't there some regular company who decided to delete
| all adsense/ad networks from their sites for a quarter and
| at the end of the quarter found no difference in
| ordering/sales, etc.
|
| > Online ads is snakeoil
|
| No doubt in my mind. I helped start a webshop in 2009 and
| got to see it first hand:
|
| We used a service called Kelkoo and according to their
| dashboard almost every customer we had came through them.
|
| We were suspicious so we cut them out for a couple of
| weeks.
|
| Turned out sales hardly dropped at all.
|
| We had good luck with Google ads back then but I don't for
| a second think Google doesn't happily fleece advertisers:
|
| As I've said a number of times before I have been targeted
| for scammy dating site ads for a decade, more specifically
| from around the time I started dating my wife and until our
| youngest was about a year old.
|
| Google knows fairly well I'm a conservative Christian who
| has had no problem getting a date the usual way, but has
| had no issues showing me these ads, probably because they
| pay most pr impression.
|
| This was back when I felt I owed site owners to not enable
| adblock all the time so I tried a number of times to report
| the ads as irrelevant. Problem is, when I reported Polish
| girls as irrelevant, the next ads was for Ukrainian girls,
| then Thai girls, Chinese girls, Taiwanese girls, Filipino
| girls and I don't know what else until it went full circle
| and started on Polish girls again.
|
| Not a bad word about people from those countries, but I was
| already married and Google know very well since I look for
| family holidays, toys and food ideas for families with
| kids.
|
| Point is it seems that relevancy doesn't count anything now
| that advertisers pay for impressions instead of clicks.
| dredmorbius wrote:
| Freakonomics two-parter on whether or not advertising works
| is worth listening to:
|
| https://freakonomics.com/podcast/advertising-part-1/
|
| https://freakonomics.com/podcast/advertising-part-2/
| maerF0x0 wrote:
| Why can't the site just show ads directly from their domain?
| It'd be hard to block ads without blocking content then.
|
| Many websites used to just run ads that were directly
| negotiated and paid for by the company. eg: Plenty of Fish used
| to do that and they sold for $575M .
| apexalpha wrote:
| I've never worked in an IT department that didn't have massive
| DNS based blocklists for everything. It's internet hygiene 101
| nowadays.
|
| Besides that it also makes for a more pleasant experience and
| saves resources too.
| AnimalMuppet wrote:
| > I have to believe this is truly disruptive to the internet as
| we know it.
|
| Maybe so. And maybe I'm all right with that. The ad-supported
| internet has turned into the ad-on-every-square-inch internet.
| We get lots of great content for free, but the amount of ads
| are overwhelming, distracting, annoying, and eventually
| disgusting. (Not necessarily the _content_ of the ads, just the
| _volume_.)
|
| Back to security: We have come to the place where really
| interesting content that asks you to turn off your ad blocker
| is now a phishing vector.
| einpoklum wrote:
| > I remarked ads are sometimes useful and that many local
| companies rely upon them (e.g., the local newspaper).
|
| If the local newspaper has a local ad in a local website, the
| ad blocker will probably not pick it up :-P
| fridif wrote:
| Conversely I have a work laptop where all browser extensions
| are blocked, including uBlock, because you guessed it, malware!
| tim333 wrote:
| >It seems to me the ad providers would have a huge incentive to
| counter this narrative and to make damned sure ads are safe. I
| have no idea why that's not happening.
|
| In the current model they have last second auctions with the ad
| going to the highest bidder. It's hard to reliably screen them
| in that kind of situation. I find it quite scary to have
| someone not very tech smart download software without an ad
| blocker - you get one proper download link and about 10 ads
| saying download here linking to malware.
| Syonyk wrote:
| > _I find it quite scary to have someone not very tech smart
| download software without an ad blocker - you get one proper
| download link and about 10 ads saying download here linking
| to malware._
|
| Non-tech smart users? It's hard enough on some sites that
| your average cybersecurity researcher with a decade of
| experience is going to have a hard time!
| kbenson wrote:
| And that's before you see the link is to sourceforge.net
| and it triggers an brain fault through recursive reasoning.
| fsckboy wrote:
| i would expect in a corporate environment, users aren't
| downloading and installing software
| thereddaikon wrote:
| In a perfect world yes and any good IT department will lock
| down systems appropriately. But every sufficiently sized
| org, and many small ones will have shadow IT. There is also
| the issue of much of the ware pushed through these channels
| actively tries to circumvent controls. Its not uncommon to
| find hapless users with adware on their system that managed
| to get around UAC and group policy. You can always lock
| down more but security has to be balanced with productivity
| and user education will always be an important part.
| fhood wrote:
| In my personal experience, you would be incorrect in that
| expectation.
| wernercd wrote:
| depends on the corporate environment and the users.
|
| As a developer in a corporate environment? I'm always
| downloading, installing, etc...
| indigochill wrote:
| I don't see why it's hard. You screen admission of an ad to
| the auction "floor". Shady javascript/links? You don't get to
| compete.
|
| Admittedly, this means you need an army of ad moderators, but
| that's not a hard problem. Social media giants already use an
| army of underpaid moderators for moderating their platforms,
| so seems like it's just table stakes for running a platform.
| Screening ads should be a cakewalk compared to moderating
| social media.
| nickff wrote:
| Google (and others) do screen ads; I think most of the
| insecure ads are served by smaller, less scrupulous ad
| networks.
| throwaway2048 wrote:
| Google serves ton of malware ads, they seem to consider
| it the responsibility of the users to report them.
| hapless wrote:
| If you want to make money on display advertising, you
| will grasp for whatever pennies you can get
|
| Google Adsense is not always the highest-paying option
| for a given impression
|
| There are entire companies that do nothing but figure out
| quietly, without the publisher's having to do anything,
| what will pay most at a given moment
| nickff wrote:
| I agree with what you're saying, but want to clarify that
| you're talking about 'AdSense' (the display
| advertisements), not 'AdWords' (the search ads).
| hapless wrote:
| Oops.
|
| I had already edited my post to change "DoubleClick" to
| "Google Adwords" and I got the product name wrong!
| yuliyp wrote:
| That's not how it works. It's hierarchical. Someone with an
| ad to show doesn't send the ad to the web site that wants
| to show the ad. Instead it just tells that web site "I'll
| pay $.005 if you show my ad", then if it wins it serves the
| ad it wants to show. There's no time at that realtime
| auction to do analysis. The ad doesn't even need to exist
| as a fixed thing. It can be dynamically generated tailored
| to the specific user (think of "Come back and shop with us"
| ads where they show you things you've looked at).
| tgsovlerkhgsel wrote:
| There is a lot more middlemen involved... and at any
| point they could make a rule that you can only use a
| certain set of HTML tags and image formats for your ads
| (none of which include scripts of course).
|
| That would prevent not only most exploits (especially
| once you re-encode the images), but also simple badly
| written ads that drive up CPU usage. But it's easier, and
| allows more middlemen, to simply allow the next party to
| hand you arbitrary code that may or may not be put into
| an iframe that may or may not be sandboxed.
| Supermancho wrote:
| > Someone with an ad to show doesn't send the ad to the
| web site that wants to show the ad
|
| In fact, they do. Creative review is part of most ad
| platforms. Contextual categorization isn't possible
| without knowing what the ad is about (and the content
| it's going to), to various degree.
| lupire wrote:
| They don't screen the actual code that ships at auction
| time.
| binkHN wrote:
| > It seems to me the ad providers would have a huge incentive
| to counter this narrative and to make damned sure ads are safe.
|
| Ad providers? You mean Google which provides the majority of
| the ads. I'm really surprised Google hasn't done more here when
| major security companies are recommending denying Google their
| primary source of revenue.
| nickff wrote:
| > _" I'm really surprised Google hasn't done more"_
|
| I have used Google Ads, and think the ads themselves are
| quite secure; I am less certain about the advertiser websites
| (though it seems Google does some sort of link-
| testing/screening). What are you suggesting Google has failed
| to do?
|
| I think the problems with ad security are on smaller
| platforms/networks which are willing to host less-secure ads,
| and I'm not sure what Google could do about them.
| binkHN wrote:
| They are the leaders in the industry. To my way of
| thinking, if the recommendation is to block the entire
| industry as a whole, they are simply not doing enough.
| fortuna86 wrote:
| Using the internet without an ad blocker is a security risk, I
| don't care who you are.
| hammyhavoc wrote:
| To describe Mozilla as a "rival browser maker" is to
| fundamentally misunderstand both Mozilla and Google. One, a non-
| profit, the other, one of the biggest corps on the planet.
| extheat wrote:
| If you want to browse safe, don't forget to disable JavaScript
| while you're at it.
| superkuh wrote:
| Yep. Somewhere a long the line running executables arbitrary
| third parties sent you became common practice instead of
| something you warn people not to do.
| vorticalbox wrote:
| I did do this with no script and just allow websites I trust
| but it is a massive chore to keep everything working that I've
| given up
| mountain_peak wrote:
| Definitely curious about the negative reaction to NoScript -
| I did some digging and there appears to have been (or still
| is?) some controversy around the NoScript author displaying
| 'dubious' ads? Not sure I've even seen a NoScript-injected
| ad, but I'd definitely be interested in why HN doesn't like
| recommend it anymore. One commenter on an older HN thread
| said that all script blockers eventually 'give in' to some
| form of monetary gain in exchange for ads - I wasn't aware
| that NoScript was in that category.
| mountain_peak wrote:
| About 10 years ago, I was in a meeting with our security czar
| and I asked him what he was 'fiddling' around with in his
| browser toolbar. He replied, "NoScript. Highly recommended."
| Ever since then, I've become adept at picking out the
| 'minimum' amount of JS required to enable as much website
| functionality as I require and don't think about it much
| anymore (unless I'm visiting a new site). Highly recommended!
| vorticalbox wrote:
| I might start using it again get over that learning curve
| so to speak
| sumtechguy wrote:
| I run in the mode of deny everything. And it is annoying.
| If I whitelisted it probably would be a lot easier. I think
| there are maybe 2 sites where I did that. I have gotten
| pretty good at picking out the bare min too. But every once
| and awhile you have to pull out the 'allow all' just to get
| a site to work. Usually it is some sort of redirect and the
| redirect is doing some weird bit of JS and by the time you
| get to it it has already failed and the GUI has no idea
| what to show you.
|
| My thinking of 'deny all' is something like facebook where
| everyone seems to like to embed little bits into their
| pages. But I used to also use facebook. So if I made it
| work for one I would accidently make it work when I did not
| want it to on external sites.
|
| I have been using it like this for so long I hardly even
| notice it anymore though. But that is just me. If I give
| this sort of solution to anyone I usually just give them an
| adblocker. That gets most of the silly things.
| Mikeb85 wrote:
| Nowadays half the web doesn't work without Javascript but sure.
| userbinator wrote:
| Half the web you don't really want to use... the majority of
| sites I come across in search results etc. are perfectly fine
| being static content, and if they somehow require JS to show
| that content, then I'm more likely to go find the same
| content somewhere else (i.e. the next search result.)
| zorr wrote:
| It seems to be getting a lot worse lately. I've been
| browsing with no-script for years both on mobile and
| desktop but I think I have caught a case of no-script
| fatigue.
|
| HN is one of my main news sources and due to its link
| submission nature I frequently visit sites I have never
| visited before. It seems like 90 percent of submissions
| need at least one round of whitelisting just to see the
| text content. And frequently a second or third round to get
| embedded code snippets or other relevant content to load.
|
| It's tiring and I noticed that I frequently just give up
| and copy paste the url into an alternative browser without
| blockers.
| sk00tmer1 wrote:
| I'm surprised they don't use DNS sinkholes
| rastafang wrote:
| Does that work with encrypted DNS?
| jedberg wrote:
| When I worked at reddit, I refused to run Adblock. I felt like it
| would be hypocritical to work for a company that made its money
| from ads, and then block them. Also I wanted to make sure that I
| had the same experience as the users.
|
| When I left reddit, for the longest time I still didn't run
| Adblock because as a shareholder it still felt hypocritical.
|
| But a few years ago I couldn't take it anymore -- the web go so
| awful with ads on it became unusable. And so I relented and went
| full Adblock. And life got a lot better.
|
| (I did however whitelist reddit and a few other sites that I like
| whose ads are bearable)
| edm0nd wrote:
| I really wish reddit would begin to pay small amounts to its
| moderators. I feel like it would be a basic income experiment
| and kinda neat since the mods do most of the content and user
| moderation for reddit and spend thousands upon thousands of
| hours there.
| NikolaeVarius wrote:
| This is such a dumb hill to die on.
| jedberg wrote:
| I agree, that's why I left the hill still alive. :)
| typon wrote:
| It's incredible how people are chastising you for having
| skin in the game
| unethical_ban wrote:
| When you view it through the lens of "journalism dies without
| money, and local journalism survives on ads", I can see some
| nobility in it.
| charwalker wrote:
| So subscribe and pay them directly. From all metrics I've
| seen direct payment is the most efficient vs merch, super
| chats, and views themselves. Pay for premium.
| AniseAbyss wrote:
| Subscriptions? Could be a local thing but in my country
| newspapers have always been paid with them. News has never
| been assumed "free" until the internet came around. In fact
| the first newspapers all the way back to the 17th century
| were intended for diplomats, nobility and merchants. Free
| news is usually shite anyway.
| unethical_ban wrote:
| >the internet came around
|
| Yes, it did.
|
| I have subscribed (and might still be subscribed) to
| several news magazines and papers, though not my local.
| It's kind a circular drain of "lower pay > lower quality
| > fewer subscribers > lower pay".
| jopsen wrote:
| You're probably better off sponsoring some journalism
| directly instead.
|
| The guardian has a supporter tier. Some local news stations
| where I live have memberships with minor benefits.
| dredmorbius wrote:
| In what way?
| kevin_thibedeau wrote:
| I once tried not running an ad blocker or noscript on a work
| computer. That lasted for a couple months until the day I got a
| redirected to a porn site from an innocuous search result.
| There are too many ways to weaponize a site to let your guard
| down. If the site operator can't or won't vet _all_ of the code
| they send you then you should feel no obligation to execute it.
| NelsonMinar wrote:
| I did the same when I worked on Google Ads; I felt it was
| important for me to have the full ad experience. It was easier
| back in the early 2000s though, before the Web ad ecosystem got
| so horrible.
|
| Now I block ads and trackers with great zeal. Google's most of
| all. Surveillance capitalism is bad for almost everyone.
| Advertising is a mind virus.
| space_fountain wrote:
| My experience of ads is that they're much better than they
| were in the early 2000s. Back then major websites would have
| literal scams advertised on their site. Things like you're
| the 1 millionth visitor click here to collect your prize. Now
| I rarely see that sort of thing.
| [deleted]
| robocat wrote:
| Perhaps scams have a high selection pressure to evolve to
| be less detectable (while we are also being trained to
| detect them better). You might be seeing plenty of scams,
| but they are just camouflaged far better?
| tEgJUbpL1H wrote:
| I use adblock, makes it so much easier as an experience also
| surprises me how many companies are tracking me on some of
| these webpages. But, I am sympathetic to the idea of businesses
| depending on ad revenue.
|
| I like how some websites e.g. news websites, put up a message
| that they depend on ad revenue and ask for adblockers to be
| disabled, I did it for some websites where I like the content,
| but then I also feel I am perhaps very unlikely to click on any
| of the ads (at some level I suppose my mind has learned how to
| focus on the content and ignore the ad space e.g. on google
| search I remember I had developed a habit of scrolling down and
| ignoring the first few ad results without actually consciously
| doing it). So, considering I am way less likely to click on an
| ad, perhaps I am not actually hurting the business, or maybe
| actually helping improve conversion if I can go that far :)..
| laurent92 wrote:
| Most clicks on ads are certainly misclicks. The business is
| to make store owners believe that they are getting exposure,
| not to actually give them sales.
|
| All of the little guys like me who tried to run a Goggle Ads
| and Microsoft Ads campaign know that we can spend a few
| thousands dollars without a single impact on sales.
|
| Then the salesman from Google calls you and tells you it's
| because you're doing it wrong. Try such and such keywords.
| Link to your payment button to see your ratios! Try to
| optimize for CTR and EWQ and ASDF (not the strange proximity
| between those ideas and random letters on a keyword). It must
| be you. It _must_ be YOU!
|
| The business is to make the business owner believe as long as
| possible that it will work.
| everdrive wrote:
| But the real question is, did you ever use the new interface
| instead of old.reddit.com?
| xxs wrote:
| >you ever "use"
|
| What do you meany "use". It's totally unusable even with full
| adblock
| drdeadringer wrote:
| > old.reddit.com
|
| This is what I use.
| [deleted]
| jedberg wrote:
| I tried for a week. When my CPU melted I switched back to
| old.reddit. But I use the mobile app (which is basically the
| new interface) for about 50% of my redditing, so I sort of
| use both. But always the old interface on the computer.
| halfmatthalfcat wrote:
| Apollo all day.
| vlowther wrote:
| I hated the Reddit app so much I bought BaconReader.
| lordnacho wrote:
| I've never had it explained to me what's wrong with hypocrisy.
| None of us live by our high ideals, do we? It's funny when a
| comedian points that out, but why should we do as we say?
| ianmcgowan wrote:
| Sounds like a quote from The Diamond Age:
| https://www.google.com/search?q=the+diamond+age+hypocrisy
| fouric wrote:
| Hypocrisy is usually dishonest ("I'm going to tell you a lie
| in hopes that you believe it; my behavior shows that I don't
| actually believe the lie") or unfair ("I'm going to try to
| convince you to play by a more restrictive set of rules than
| I do so I can get an advantage over you (or just avoid having
| the drawbacks of those rules myself)", both of which are bad
| things.
|
| Moreover, just because you're not capable of perfectly
| adhering to a set of principles doesn't mean that it's not
| worth trying. "Oh, I know that I'm not going to be able to
| uphold every single commitment I make, so I'm not going to
| worry about upholding any of them."
| lordnacho wrote:
| Yes it might be a hint that you don't believe what you say,
| but that shouldn't detract from you saying being
| potentially correct. After all the truth value isn't
| affected by who says something. I bet there were smokers
| who were part of discovering that smoking is unhealthy.
|
| The thing about pointing out hypocrisy is that you're
| actually lending authority to the person you criticize,
| you're saying that you believe in the side he's revealed to
| actually support.
| darkmarmot wrote:
| I once criticized one of Reddit's advertisers (AMC) in a
| sponsored comment post (they no longer allow comments on
| these).
|
| Reddit shadowbanned my account sitewide. That's enough reason
| for me to never, ever view Reddit without an adblock.
| CameronNemo wrote:
| I loved commenting on ads. What a shit show that was. They
| were smart to remove the feature, but I do miss it.
| ohashi wrote:
| I am pretty sure I still get comments on my ads. It's
| almost entirely spam and those comments you think are
| probably spam it's just a 'good job' response.
| heavyset_go wrote:
| Don't worry, Twitter allows commenting on ads.
| dunnevens wrote:
| FB allows commenting on ads. This does not go well for
| certain types of advertisers. Political and religious ads
| especially. Even the bland corporate advertisers have to
| spend some time cleaning up the inevitable mess.
|
| What's especially puzzling is that FB allows image uploads
| as an ad response unless the advertiser was smart enough to
| disable it.
| jfoutz wrote:
| I'm still confused by google's "Chromebook Megathread" ads.
| with comments disabled.
|
| It's vexing.
| fridif wrote:
| Me too, the Velveeta comments were the best
| rsync wrote:
| "(they no longer allow comments on these)"
|
| Is that the case ? We (rsync.net) used to advertise on reddit
| quite a bit and we would have sponsored posts that had a
| proper comment thread and Q&A, etc. - I thought it was
| fantastic.
|
| So this is not even an _option_ anymore ?
| kwonkicker wrote:
| This has to be the most misunderstood comment. Honestly eve tho
| I don't work for an and centric company I do feel what you went
| through. Because of how much YouTube helped me, I couldn't bear
| myself using an ad blocker. Then things like Patreon and
| sponsorship deals came along and I decided to treat myself a
| nice ad blocker. Still couldn't do the full thing, so I went
| with one called "fair ad blocker" that actually let's in some
| no -intrusive ones so it's a little light on my conscience.
| Still using it. It let's in some annoying pop ups too
| sometimes, but such is the price.
| tubby12345 wrote:
| this is the weirdest flagellation i have ever seen. do you also
| believe that alcohol producers must daily consume alcohol?
| candy manufacturers daily consume candy? how about pharma? the
| list goes on.
| jedberg wrote:
| I would find it hypocritical if someone who worked at an
| alcohol producer joined MADD, or someone who worked at a
| candy company joining a PAC that supports soda bans.
|
| But no, they don't need to consume the product daily.
| nkozyra wrote:
| > I would find it hypocritical if someone who worked at an
| alcohol producer joined MADD
|
| Really? Isn't there a pretty big gulf between "drinks
| alcohol" and "drinks alcohol and then gets behind the wheel
| of a car?"
| cochne wrote:
| Not really the same. The implied agreement when you visit an
| ad based site is that you get the ads. Otherwise if no one
| got them, the site could not exist. It's a form of payment
| for what the site provides to you, not the product itself.
| godshatter wrote:
| > The implied agreement when you visit an ad based site is
| that you get the ads.
|
| They are putting stuff out on a server for public
| consumption. The implied agreement is that I'm allowed to
| view it, or not view it, in whole or in part. Their
| business plan is their problem.
| Spooky23 wrote:
| There's no implied agreement - a product is offered at no
| cost, and I'm under no legal, ethical or moral obligation
| to look at anything. I'm a weirdo who still buys the paper
| newspaper. I throw out the Thursday auto advertisements and
| the Sunday ads.
|
| Content producers made a conscious decision to aggregate
| their screen real estate and outsource ad placement to
| unrelated third parties. The result is a cesspool of awful,
| low engagement content. Its so bad that they enter into
| awful agreements with aggregators to repackage their
| content for pennies. That's their problem, not mine.
|
| On the flip, I live in a state capital, and when the
| legislature is in session, interest groups spend 10x what
| they spend on useless online ad spots to buy full-page or
| panel ads in the printed newspaper. Presumably they aren't
| doing that in an effort to set money on fire.
| nickff wrote:
| > _" I'm under no legal, ethical or moral obligation to
| look at anything"_
|
| That would depend on you moral theory of choice; applying
| Kantian (deontological) moral theory, your behavior
| violates the principle of 'universalizability'.
|
| https://en.wikipedia.org/wiki/Kantian_ethics
| krisoft wrote:
| I'm not following you. In what way would it violate the
| principle of 'universalizability'?
| nickff wrote:
| From the Wikipedia on universalizability:
|
| > _" The precise meaning of universalizability is
| contentious, but the most common interpretation is that
| the categorical imperative asks whether the maxim of your
| action could become one that everyone could act upon in
| similar circumstances."_
|
| > _" For instance, one can determine whether a maxim of
| lying to secure a loan is moral by attempting to
| universalize it and applying reason to the results. If
| everyone lied to secure loans, the very practices of
| promising and lending would fall apart, and the maxim
| would then become impossible."_
|
| If everyone were to block ads, the publications that
| you're reading would not be able to pay for the content
| they publish. Note that 'universalizability' requires a
| somewhat static analysis, and usually doesn't look at how
| systems might adapt to changed circumstances, though this
| is not a big problem here, as you have voluntarily chosen
| to interact with ad-supported publishers under the
| current regime.
| krisoft wrote:
| > Note that 'universalizability' requires a somewhat
| static analysis
|
| Sounds very convenient. You are allowed to make one
| logical step (everyone blocks adds => publishing
| companies go bankrupt) but are not allowed to make the
| equally sound step of (everyone blocks adds => publishing
| companies will seek other revenue sources such as
| paywalls).
|
| But if you say i'm not allowed to argue the second one
| let's talk about the first kind.
|
| So universal add blocking puts those companies who keep
| clinging to add supported operation into bankruptcy.
| Goodridance. It is not like one must have free-as-in-beer
| services to have a coherent moral compass. They go
| bankrupt and we will manage without them. Totally
| consistent.
|
| Similarly you wouldn't say that the idea of punishing
| murderers lacks 'universability' just because it would
| shut down the Assasin's Guild.
| mindslight wrote:
| Content on the web was _much better_ before the scourge
| of advertising took over. I very much wish everybody
| would universally block ads. Appealing to the current
| situation in a static sense is a cop out that lets you
| condemn what would be a welcome reversion.
| Drew_ wrote:
| Much better for privileged geeks maybe not for anyone
| else.
| mindslight wrote:
| Say what you actually mean rather than just invoking a
| nebulous condemnation of "privilege".
|
| The information on the web used to be of much higher
| quality. Within the first page of search results you'd
| usually find a no-nonsense website full of painstakingly
| curated information. Who had the means to access that
| information is orthogonal to its quality.
| Drew_ wrote:
| There's nothing nebulous about affording access to
| information being a privilege.
| mindslight wrote:
| What's nebulous is that you're not making an argument.
|
| Sure, we can say that affording Internet access (gear) is
| a form of privilege. What bearing does that have on what
| I said?
| JohnFen wrote:
| > The implied agreement when you visit an ad based site is
| that you get the ads.
|
| That's not the agreement that ad companies think is being
| implied, though. The ad companies think the deal is
| "Looking at this website gives us permission to spy on you
| across the web".
| crvdgc wrote:
| The reasoning here is not the dissonance in behavior, but
| dissonance in belief.
|
| A person can believe alcohol is not harmful to humans health
| without consuming alcohol, therefore it's morally acceptable
| if an alcohol producer does not consume alcohol.
|
| But if they don't consume alcohol because they believe
| alcohol is harmful, while advertising (explicitly or
| implicitly by helping the alcohol company) that it is not
| harmful, then that is dishonesty. Because in this case, the
| person purposefully acts like they believe something for
| personal benefits, but actually they don't.
| [deleted]
| CameronNemo wrote:
| Yeah I think Phillip morris execs should be forced at
| gunpoint to smoke as many cigarettes a week as the global
| median. Might lead them to think twice before advertising
| poison.
| blitzar wrote:
| One should also try out the alternatives as well, regarding
| the GP, I personally believe there was an equal obligation to
| experience it without the ads to determine the impact.
|
| Likewise it would be nice for the alcohol producer to
| experience drinking every day, as well as being the only
| person at the party not drinking. Even being the allocated
| driver and seeing the consequences of their product up close.
| Perhaps they would gain some insight or perspective regarding
| their product.
| daniel-cussen wrote:
| Well, about pharma: I believe at least one person with veto
| power at FDA should try the pill personally. And the pharma
| company management should be able to take it. This would have
| helped with OxyContin, among others.
| fidesomnes wrote:
| well, he did choose, by choice, to work at reddit.
| MeinBlutIstBlau wrote:
| Crack dealers smoke their own crack to ensure they give out a
| good supply
| jagger27 wrote:
| Should companies eat their own dogfood? Uh, yeah.
| VWWHFSfQ wrote:
| I used to work on sports gambling apps and yet I never once
| gambled using the real production app. Because I saw the
| data. And behind those data points are real people having
| their lives ruined by some growth hackers and psychologist
| PMs trying to increase session length. I know how the
| sausage is made. I practically have the gambling addiction
| hotline number memorized because it was required to be on
| every screen.
| CameronNemo wrote:
| Maybe businesses like that have no business existing,
| then.
| asdff wrote:
| Pretty much everyone I know gambles on sports and for
| most of these guys its like a $50 bet, not a lot of
| money. No more than a few beers these days at a bar.
| People get addicted to anything, lets work on having
| people receive treatment if things become a problem
| rather than ban everything that most users are using
| responsibly. Might as well ban video games of you really
| want to get some people out of some deep holes.
| aaron-santos wrote:
| Surely you do not work at Purina.
| kerblang wrote:
| If I work for purina then my _dog's_ gonna eat that dog
| food, by golly. And maybe I'll at least give it a sniff.
|
| Speaking of the devil, I had to carry somebody's stray
| dog home (again) when I was on my jog this morning, and
| man that was a fat dog! Dunno what he eats, felt like
| krispy kreme and quarter pounders. Maybe I oughta start
| me a dog food company. Too many fat dogs in this danged
| town.
| [deleted]
| JumpCrisscross wrote:
| > _Surely you do not work at Purina_
|
| I happen to know a handful of people who started pet food
| companies, albeit boutique ones. (California.) They _all_
| taste their pet foods. I 've tried some of the treat
| biscuits, and they aren't half bad, though I wouldn't
| necessarily reach for them.
|
| I'm not an expert on cat or dog digestion. But I think
| anything they can eat, humans can, too. (Just not the
| other way.)
| paulryanrogers wrote:
| I heard it the other way around. Dogs in particular can
| eat things that might kill a human.
| jedberg wrote:
| Growing up in California, one thing we were taught as
| kids is that pet food is safe for human consumption, and
| can be used for food after an earthquake as emergency
| rations.
|
| It won't taste good, but it will prevent starvation!
| tubby12345 wrote:
| you're reiterating GP without addressing exactly the
| counter examples that i allude to.
| jagger27 wrote:
| Do alcohol makers try their own products _to ensure
| consistency day-to-day_? I would hope so. I would
| certainly hope candymakers do too. Those are particularly
| bad examples.
| tubby12345 wrote:
| ask yourself if you're willfully misconstruing what i'm
| saying in order to low brow dismiss my point.
|
| jedberg claims he consumed ads _every day_ in order to
| empathize with this customers. the obvious implication is
| that _everyone_ at such a company has the obligation to
| "try their own products".
| kordlessagain wrote:
| Jedberg, who I know for a fact ran Reddit's infra
| singlehandedly for a while, claimed he consumed ads as a
| matter of understanding the user while holding the job.
| Apparently he grew a brain and decided to block ads after
| that job, as smart and well informed users tend to do.
|
| I suggest turning off JavaScript for most sites, which
| keeps the ad blocking tasks to a minimum. Blocking
| trolling users is another matter entirely.
| jagger27 wrote:
| Your analogy is weak, so I pointed it out. Reddit created
| their experience a certain way; why would you go out of
| your way to avoid seeing your product the way your users
| do?
|
| You haven't presented a single argument as to WHY an
| employee of a software company shouldn't experience their
| product as their users do.
| pessimizer wrote:
| Talking about product testing is a deliberate red
| herring, though. Nobody was talking about some web
| designer using adblock _during the process_ of
| implementing ads on a site. That would be a very
| difficult hurdle to put in front of yourself.
| bostik wrote:
| Master distillers definitely do. Not necessarily every
| single day, but for every single run of the stills, yes.
|
| Distillery staff will also occasionally test that the
| caskets being matured are doing okay.
|
| Source: visited 5 out of 7 distilleries on Islay.
| jagger27 wrote:
| > visited 5 out of 7 distilleries on Islay.
|
| Oh that would be _wonderful_. Some day!
| PaulHoule wrote:
| Tobacco firms were notorious for expecting their employees to
| be tobacco users.
|
| My mom was a sales clerk for Macy's and one of her friends
| was a sales clerk there who later became a tobacco company
| rep who went to convenience stores to manage the marketing
| displays.
|
| She smoked like a chimney. After my dad died and her friend
| got divorced, her friend moved in a for a while with my mom
| and got my mom smoking again. My mom hid it from everybody
| and we found out only after she died from a cardiovascular
| event because we found a pack of cigarettes, one half-
| finished, in the cupboard.
| systemvoltage wrote:
| It's bizarre to me how you can be so loyal to a corporation.
| What a weird way to inflict self-suffering.
| jedberg wrote:
| It wasn't loyalty to the corporation, it was empathy with the
| users.
| systemvoltage wrote:
| I see. But then you continue to willfully see ads after you
| left Reddit. I presume you viewed ads everywhere not just
| on Reddit?
|
| Still strikes me as absolutely bizarre to do this. On one
| hand it's commendable that you'd like to empathize with
| users, but on the other hand you're working at Reddit who
| earns revenue by glueing people to their endless feed of
| ads. Expecting anything else is foolish.
| xxs wrote:
| A real empathy would be advocating for adblocks and
| installing on all your acquaintance that would not know
| better.
| munchbunny wrote:
| I used to be in ad tech, and I did the same thing. I didn't
| use an ad blocker so that I could understand what the users
| were seeing.
|
| A few years in though, it started to get bad enough that I
| enabled the ad blocker on my personal stuff and kept a
| browser session for work where the ad blocker was off.
| corobo wrote:
| As a user I have Adblock. Go for it
| halfmatthalfcat wrote:
| I work for a company and on the very team that serves billions
| of ad impressions a year.
|
| I use adblock every fucking day. The internet is simply
| unusable without one.
| jandrese wrote:
| Insert Michael and Webb "Are we the baddies?" sketch here.
| BLKNSLVR wrote:
| *Mitchell and Webb
|
| https://yewtu.be/watch?v=hn1VxaMEjRU
|
| And advertising is marching under the rat's anus banner.
| walrus01 wrote:
| I'd also be surprised if the nsa and CIA don't do things like
| public internet web browsing inside disposable thin client/remote
| desktop virtual machines.
| annoyingnoob wrote:
| They are big organizations with people at all levels of
| computer skills. They have to plan for the lowest common
| denominator.
| trutannus wrote:
| This is how you end up with three layers of VMs for browsing
| the internet. Some gov organizations go a little into the
| deep end of security in the security-usability continuum.
| walrus01 wrote:
| on disposable VM reached via thin client remote desktop
| software on an air gapped PC in a windowless room in the
| basement behind a locked door with a warning sign: beware
| of the leopard
| trutannus wrote:
| Somewhere deep under the ice of Antarctica.
| okl wrote:
| Separate room with separate PCs I'd guess, internet cafe style.
| Regarding VMs:
| https://en.wikipedia.org/wiki/Virtual_machine_escape
| ThrowBackwards wrote:
| I wonder what Tier of captcha's the NSA gets.
| harshreality wrote:
| "Which of the following statements did Merkel make to Putin in
| email or phone conversations last week?"
| wp381640 wrote:
| They had to change it from shots of drone footage because
| they kept failing click on the terrorists
| marcosdumay wrote:
| They just don't know what definition of "terrorist" to use.
| It's no different from people asking "does the end of the
| corner of a street light count?"
| formerly_proven wrote:
| If in doubt, just click on all squares in response to
| "Mark all enemies of state"
| blitzar wrote:
| _Select the innocent women and children_
|
| _Skip_
| kzrdude wrote:
| Then there's the innocent men, those are a definite skip
| (enemy combatants, the like of them)
| sterlind wrote:
| "Select pictures of field agents"
| ronsor wrote:
| "Select pictures containing excerpts of 0-day exploit code."
| cblconfederate wrote:
| but but , this means they 'll never learn about the malicious ads
| brianbreslin wrote:
| What's the best ad blocker these days? Should I be trying to
| block ads at my router level at home instead? I've seen some ad
| blockers render some sites almost unusable.
| LatteLazy wrote:
| Everyone thinks ads don't work on them. Everyone. Its like that
| meme about people on 40k worrying about taxes on billionairs. Ads
| are about the most dangerous thing you encounter on a daily
| basis. They make you eat badly and stress you out and damage your
| self worth.
| 2Gkashmiri wrote:
| now imagine watching ads with the guilty feeling of "supporting
| poor youtubers". shit
| blitzar wrote:
| Tour of my new _12 MILLION!!!!!_ dollar house.
| WarOnPrivacy wrote:
| I've been preaching safety thru adblocking for 15 years. I had
| locations that went from multiple infections per week to zero
| over 6 months - after implementing edge blocking (DNS & Squid).
| Macha wrote:
| Yeah, when I worked at a company in the internet ads space, one
| of the security engineers mentioned his team's regret they
| couldn't mandate ad blocking for optics reasons.
| [deleted]
| standyro wrote:
| I worked for a well funded adtech company, and even our CTO used
| AdBlock.
|
| I think that speaks volumes about the security of advertising
| online.
| andreygrehov wrote:
| I worked for an AdTech company and _everyone_ had an adblocker
| installed on their laptops.
| titzer wrote:
| I worked for Google for almost 10 years--nearly 7 on Chrome--
| and found the internet unusable without uBlock origin installed
| on my laptop. On my workstation I basically just didn't use the
| web unless it was obviously pertinent to the problem in front
| of me.
|
| Nowadays, I use Safari with Ghostery lite and Adblock Plus. I
| won't go back to web without a blocker.
| MattGaiser wrote:
| Is this inclusive of Google's (and other large legitimate tech
| companies) various ad programs? Can you send a virus through
| Google's ads?
| neallindsay wrote:
| I think there have been cases in the past, but that hardly
| matters. When you visit a site you run the risk that it has
| been exploited to spread malware. Would you want to also run
| the risk that one (or more likely a dozen) other sites running
| code on that page have been exploited as well?
| okl wrote:
| Wikipedia has something on past cases:
| https://en.wikipedia.org/wiki/Malvertising#History
| nkrisc wrote:
| I don't know if Google ad networks specifically have been
| compromised in the past, but it's certainly happened to
| networks used by major sites. nytimes.com is one such example.
| At a minimum, any ad served by a third party network on a site
| you're visiting should be considered a security threat. You
| gotta draw the line somewhere, but I think it's reasonable to
| at least consider only first-party content from the site you're
| visiting as reasonably safe. Perhaps blocking even JS unless it
| is absolutely necessary.
|
| Any site you visit could be compromised, but since the only
| 100% safe course of action is to completely disconnect from the
| web, blocking the most obvious vectors entirely seems
| appropriate. Of course, not only are ad networks vectors for
| malware, they don't even serve a useful purpose to you that
| might justify the risk.
| Spooky23 wrote:
| Google is better than some, but is vulnerable to certain
| types of malicious use. Locksmith scams aren't a solved
| problem, AKAIK.
| annoyingnoob wrote:
| I've instructed all of my users to never, ever, click on a
| Google ad when they've searched for something. Its been a
| couple of years now since someone has shown be a screen with a
| tech support scam on it.
|
| I had one user that was hitting tech support scams monthly. He
| would go to Google, search for Amazon, then click the first
| link on the page (which always had the little Ad word next to
| it).
| MattGaiser wrote:
| I would argue that has more knowledge threat than a technical
| threat though.
| annoyingnoob wrote:
| No matter, cannot trust Google ads in our organization.
| Macha wrote:
| Conceptually, yes. Big vendors in this space have teams to
| detect malicious activity in their advertising network, but any
| team that claims to detect 100% is merely detecting 100% of
| what they know of.
|
| Browsers have gotten better and updates have gotten much
| faster, so less of that is drive by virus infections by
| exploiting the browser, but there's still cases of "Pick some
| users that you think are (a) real users and (b) naive enough"
| and serve them a exe download that contains a virus.
| colonelxc wrote:
| This is part of the reason the Google Safe Browsing project was
| created. At the time there were a lot of malicious sites either
| trying to get high SEO or paying for ads. The goal was to make
| it safe(r) to go to google and search (and click!) on things.
|
| For a project that didn't directly make money (there are some
| 'cloud' offerings now), Safe Browsing probably was a very high
| return on investment.
| prox wrote:
| Imgur had a couple of periods were trojans were being delivered
| through ads. The ineptitude of that place was staggering as it
| happened multiple times from 2010-2015 at least.
|
| Not sure how todays safety is in that regard.
| HPsquared wrote:
| Why risk it, I suppose.
| okl wrote:
| Who'd want to (voluntarily) look at these stupid ads anyways
| :-/
| HPsquared wrote:
| It's not the decision of the individual user, but the
| organization.
| whalesalad wrote:
| I shove my entire home network's DNS thru pihole, cannot imagine
| life without it.
| fron wrote:
| Same. I even have wireguard set up on my phone so my phone's
| internet connection is pihole-enabled wherever I am
| fortuna86 wrote:
| Is there anyway to extend this to a chomecast so Youtube ads
| are blocked ?
| cmeacham98 wrote:
| YouTube ads cannot be blocked at the DNS level.
| fortuna86 wrote:
| Dang. Any way to do so via a chromecast ?
| mazamats wrote:
| You could pay for YouTube Premium
| StillBored wrote:
| My next firewall will have some kind of machine/port/etc
| filtering that allows me to whitelist where say my tv/etc can
| communicate. Even if I have to write it myself because i'm not
| aware of anything 1/2 as user friendly as the 3rd party
| "Windows X Firewall control" applet that works on a network
| level. Yes my current firewall can do this, but it requires me
| hand entering ip/port/etc combinations in a UI that is
| terrible.
|
| So, while I use an adblock list with my unbound caching DNS
| server, it only works with devices which honor the local
| network DNS settings, which are becoming fewer and fewer thanks
| to the efforts of the major players to _HELP_ everyone with
| DOH. A protocol without an easy way to MITM/filter the requests
| even when the user wants it.
| ignoramous wrote:
| > _So, while I use an adblock list with my unbound caching
| DNS server, it only works with devices which honor the local
| network DNS settings..._
|
| I co-develop a FOSS DNS + Firewall for Android that prevents
| apps from doing their own DNS over HTTPS / TLS / QUIC by
| blocking all connections to IPs that the DNS client (embed
| within the firewall) hasn't resolved itself or the TTL of
| whatever answer it once resolved has expired. Something
| similar to this could and should be implemented by other
| firewalls, too. The result of such a blanket setting is
| devastating though, as some apps (like Telegram) refuse to do
| plain-old DNS and hence refuse to connect at all (so, one may
| have to selectively allowlist certain IPs / apps). This also
| has a happy side-effect (or annoying side-effect, depending
| on how one looks at it) of breaking apps connecting to static
| IP endpoints (ex: Orbot connecting to Tor bridges).
| zaphar wrote:
| To be fair though, being able to MITM the DNS is kind of a
| massive security hole. One you are abusing in a productive
| way but one that many others abuse in very non-productive
| ways.
| gnu8 wrote:
| I don't think that is fair at all. It is architecturally
| appropriate for every site to run DNS resolvers and most of
| them do outside of the residential space. This isn't a man
| in the middle attack and selectively blocking queries
| according to local preferences doesn't make it one.
| zaphar wrote:
| When my ISP decides to replace DNS traffic I call it a
| MiTM. I happen to be technical enough to fix it. Many of
| my friends are not.
| annoyingnoob wrote:
| I did too until it broke all of my wife's online shopping.
| Happy wife, happy life.
| x3n0ph3n3 wrote:
| I recently transitioned to the phrase "happy spouse, happy
| house." We all deserve to be happy.
| trutannus wrote:
| You're not alone. I took out my partner's online calendar by
| mistake with a PiHole. I think I blocked _all_ her
| productivity SaaS tools too. Found out in under 5 minutes.
| metissec98 wrote:
| With recent piholes you can now ignore specific devices! This
| what I do for my partner.
| salzig wrote:
| Thanks for the hint.
| optymizer wrote:
| From a practical point of view, the only thing it broke was
| Ad sponsored results on Google, so I had to teach my wife to
| go for the normal results, or search directly on Amazon or
| Wayfair or wherever. What broke for your wife's online
| shopping?
| annoyingnoob wrote:
| Several sites shes uses load images from a CDN, she would
| get to a page that should be full of pictures and those
| pictures would be missing.
| charwalker wrote:
| My dad had an outdoorsy distribution list that shoved all
| links through an ad domain, like straight up as if it was
| clicked on a site. He was able to copy and paste the text
| just fine...
| urda wrote:
| This and I combo it with restricting DNS lookups to the actual
| LAN servers. No way to bypass the DNS at that point via the
| firewall.
| ignoramous wrote:
| > _This and I combo it with restricting DNS lookups to the
| actual LAN servers._
|
| This won't prevent OPs concern with apps doing DNS over
| HTTPS, would it?
|
| > _No way to bypass the DNS at that point via the firewall._
|
| Some apps do not even do DNS and connect to static IPv4s and
| IPv6s straight-away. Even if IPv4 is limited, plenty IPv6 to
| go around than an ip-table can handle.
| floren wrote:
| I already run my own DNS server; is there some way to fetch the
| pihole DNS blacklist so I can use it myself? A brief look at
| their github account didn't turn up anything that looked
| obviously like "this is the blacklist repo".
| rsync wrote:
| "I already run my own DNS server ..."
|
| I run my own resolver (unbound) that I point all of my
| networks/devices to.
|
| That resolver has, as its upstream, my nextdns.io account
| address. nextdns has the pihole/ublock lists built-in.
|
| So you get to run your own DNS server, you don't have to
| implement any of the blocking yourself, and you just point
| your upstream to the address you get when you sign up.
|
| I'm quite happy with this setup ...
| julianz wrote:
| It used to be easy to do this, I used to download the list to
| my Ubiquiti router and massage it slightly to work with
| dnsmasq. More recent releases of pihole include regular
| expressions as part of the list specification so you can't
| flatten the list easily any more.
| katbyte wrote:
| I go network -> bind -> root so I get pihole blocking and my
| local dns
| kube-system wrote:
| Pihole just includes some well known lists.. and what they've
| included by default has changed over time.
|
| I think it's currently this:
|
| https://raw.githubusercontent.com/StevenBlack/hosts/master/h.
| ..
| Trellmor wrote:
| If you are running bind you can use my python script to
| aggregate various block lists into a zone file:
| https://github.com/Trellmor/bind-adblock
| vorticalbox wrote:
| I found it enlightening with the amount of data an xbox sends
| home
| asdff wrote:
| My xbox turns itself on all the time entirely randomly. Most
| mornings its already turned on. I will be in the next room
| and hear the startup beep go off. I don't know if its a
| faulty switch or maybe I should put on a tinfoil hat.
| A4ET8a8uTh0 wrote:
| I think this is the biggest piece that gets overlooked by
| many. I still remember the first time I ran pihole and saw
| all the stuff attempted and blocked. It is one thing to know
| all those connections are made in theory. It is so
| radicalizing to see it first hand on your home network.
| vorticalbox wrote:
| Just check my pihole there and curry 44.7% of the requests
| were blocked.
|
| I've seen it as high as 73%.
| whalesalad wrote:
| It's enlightening when you see all the crap that all the
| devices on your network are doing. You can take things a step
| further and isolate IOT devices on isolated subnets, with
| additional firewall/security rules to create a choke point
| for all traffic.
|
| Only a matter of time before applications begin to roll their
| own encrypted forms of DNS in order to circumvent ad
| blockers.
| StillBored wrote:
| You mean like DOH? which is quickly becoming ubiquitous.
| JohnFen wrote:
| That's why I had to start MITMing all of my HTTPS
| connections.
| zo1 wrote:
| That's when the apps start embedding(pinning)
| certificates and completely ignoring any additional root
| certs you might want them to accept from the OS.
| blitzar wrote:
| I expect they mean bypass your networks DNS completely
| and use hard coded ip's or a hard coded DNS (with some
| way to obscure it).
|
| DNS filtering and blocking is a very powerful tool great
| for bypassing many features/pitfalls of the internet.
| whalesalad wrote:
| DOH is one way to do it. HTTPS is a secure channel.
| elliekelly wrote:
| Seeing how frequently the Xbox phoned home even when it was
| "off" prompted me to switch the settings from "instant on" to
| "power save" mode.
| userbinator wrote:
| DNS + MITM proxy is what I use. When I'm away from home I still
| VPN back in and go through the proxy. Besides adblocking, it
| also applies various page filters to make a few frequently-used
| sites more usable.
| _jal wrote:
| On the one hand, this isn't surprising. An plain description of
| how the ad market works demonstrates why - one way of looking at
| it is a mechanism to run your code on random peoples' machines.
|
| On the other, policing, controlling and maintaining healthy
| markets is a primary government function. When the cops are
| afraid to look at a market for fear it will interfere with their
| jobs, that strikes me as a government failure reinforcing a
| market failure rather than attempting to fix it.
| SllX wrote:
| > On the other, policing, controlling and maintaining healthy
| markets is a primary government function.
|
| The NSA and CIA are intelligence agencies, not cops. Their
| mandate is foreign, not domestic (despite not always acting
| like it).
| jaywalk wrote:
| CIA is foreign, NSA is foreign and domestic.
| SllX wrote:
| Ah, so it is. Thanks!
| [deleted]
| Animats wrote:
| Blocking ads works better than it used to. I've had third-party
| cookies blocked for everybody for a decade, and most ads blocked.
| Years ago, that broke some sites. Now, it doesn't break anything
| important. I hit the Admiral ad-blocker detector now and then,
| and go to some competing site that doesn't use Admiral.
|
| You definitely want to block Google Backdoor(tm), a/k/a Tag
| Manager, which allows ad vendors to inject Javascript onto the
| pages of others. This is a known attack vector.[1]
|
| [1] https://blog.group-ib.com/grelosgtm
| blitzar wrote:
| Yeah kinda sounds like they are using 'ad blockers' to prevent
| tracking of their, presumably quite large and trackable, userbase
| rather than blocking the banners on google search.
|
| Plus the fringe benefit of blocking malicious domains that may
| execute code in browsers of course. The real headline is probably
| - The NSA and CIA Blockers Chunks of the Internet Because the
| Internet is So Dangerous.
| twobitshifter wrote:
| The most dangerous thing about email is that it can send you to
| a malicious website. The troublesome thing is that you can't
| (in general) choose who sends you emails. Ads are similar, you
| may choose to visit a site that you trust, but you don't choose
| the ads that are served by that site to you and these ads can
| be malicious. The site owners that you trust may not even know
| the ads that are being served to their visitors.
| rsync wrote:
| "The most dangerous thing about email is that it can send you
| to a malicious website."
|
| (al)pine has never done this to me.
|
| 27 years and counting ...
| JohnFen wrote:
| Any reasonable email reader will allow you to turn off HTML,
| execution of Javascript, and any resolution of outside URLs.
| That render email pretty safe. It's how I've been doing email
| for decades.
| Qub3d wrote:
| Yes, plaintext email is awesome! Too bad most major
| providers hide the option (or straight-up don't have it).
|
| I'll just plug https://useplaintext.email as a great
| resource. The main recommendations are... opinionated (this
| site is run by Drew Devault, after all), but the
| instructions are very useful. I personally use thunderbird.
| carlosdp wrote:
| Why was the title changed to remove "because online advertising
| is so dangerous"? That's in the title of the article.
| godshatter wrote:
| I wish companies would go back to the old-fashioned process of
| selling advertising directly to other companies, skipping the
| middle-men and the need to aggregate user data at all, except
| maybe at the unique visitor level. There wouldn't be all the
| hoopla about making sure they weren't gaming the click-through
| system or whatever, so they wouldn't need javascript. Just an
| image. I wouldn't have to worry about being tracked, and I
| wouldn't have to worry about potentially dangerous javascript
| running on my machine. The ads could be served from the same
| machine that serves their other images, and I wouldn't feel the
| need to go out of my way to block them.
|
| I know that's incredibly naive, and simple wish fulfillment, but
| damn the ad industry has made the web into a nightmare. I'm tired
| of playing the game of trying to decide which domains I need to
| temporarily allow to see the content they put out there for free
| without being tracked across the web. I'd rather go back to the
| "Punch the Monkey" days of online advertising.
| Godel_unicode wrote:
| How the ads are sold is entirely unrelated to the need to do
| user tracking to defeat gaming the system. If you're paying for
| ads on the internet you have 2 choices; live with (possibly
| crazy amounts of) fraud or do user tracking with JavaScript.
|
| Edit: or 3, use a metric for campaign success which doesn't
| rely on knowing how many impressions your ad got
| warkdarrior wrote:
| The tracking is not just for measuring success of the
| campaign, but also for measuring the level of service
| provided by the ad network. Did they put your ad on 1'000'000
| websites like they promised? Or just 100?
| excalibur wrote:
| I wonder if three-letters are maintaining a private stash of
| patches to fix some of the vulnerabilities they're hoarding.
| ericholscher wrote:
| We've thought a lot about this issue. We have a page in our docs
| written up about it: https://www.ethicalads.io/surveillance-
| advertising/ -- there's definitely a small but growing movement
| of folks building a better advertising industry. It's a long road
| though..
| yeezyseezy wrote:
| I would love to see the tech support tickets filed at the less
| technologically inclined agencies after network level ad blocking
| is launched
| eh9 wrote:
| I'm so curious - what do they mean by wide scale blocking? Are
| there any papers on this?
|
| I run PiHole in a GCP container for my wife and I to WireGuard
| into... am I running "wide scale blocking" in my network?
| jl6 wrote:
| As far as I can tell there are two classes of ad blockers: 1)
| Those that sit outside the browser and provide a proxy that
| blocks requests to known-bad domains or similar filtering, and 2)
| Those that integrate with the browser and have full control over
| every page, in order to neutralize any HTML or JS or CSS that
| looks like an ad.
|
| It seems to me that the latter type open up a vast new attack
| surface. These addons have full access to every piece of data
| flowing through a logged-in webpage. All your Gmail, all your
| bank, all your Hacker News.
|
| How am I supposed to believe that these addons are themselves not
| sources of malware and vulnerability? They need to have the same
| standard of transparency and testing and supply chain security as
| the browser itself.
|
| I'm willing to believe that Mozilla and Google and Apple will not
| willingly introduce vulnerabilities into their browsers, but the
| vendor of BlockUrAdsPlus or whatever? No way.
| fouric wrote:
| Yes, ad-blockers get access to All The Things (except in
| Chrom(e/ium), where they've intentionally been neutered so
| Google can keep serving you ads), so you should treat them as
| any other piece of software, and get one you trust. The current
| gold standard is uBlock Origin, which is open source[1], highly
| performant, and whose author (gorhill) has a _stellar_
| reputation in the community.
|
| [1] https://github.com/gorhill/uBlock
| cmeacham98 wrote:
| I use uBlock Origin, which is a "Recommended" Firefox
| extension, which means that updates are vetted by Mozilla prior
| to release.
| [deleted]
| habeebtc wrote:
| I had a colleague using an adblocker.
|
| The adblocker publisher went rogue, and he started getting porn
| popups. I don't know if they got hacked, or if that was the
| plan all along.
| wernercd wrote:
| Don't block our ads! then get served ads... absolute classic
| story if you've never heard it.
|
| https://www.techdirt.com/articles/20160111/05574633295/forbe...
|
| Professionals use ad blockers for obvious reasons.
| Tommah wrote:
| When I bought a new laptop a few years ago, the first thing I did
| on it was install Firefox and browse Reddit. After about 20
| minutes, an ad (I'm guessing) tried to serve me a drive-by
| download. So yes, ad blockers are essential. If a malicious ad
| does damage to you, you have essentially zero recourse.
___________________________________________________________________
(page generated 2021-09-23 23:00 UTC)