
A JavaScript browser library fails due to an adblocker blacklisting 'beacon.js' - vbrandl
https://github.com/ntzwrk/beacon/commit/17c20422b2912bed0c414093ebaaf672e1ea2a57
======
jakub_g
Another protip: don't name your images "banner.jpg"; "ads.js" and
"analytics.js" etc are also not exactly great names.

Another protip: Always make sure that critical flows in the app won't fail if
analytics event fails. You probably want to wrap calls to analytics provider
with your own function, and in that function check for existence of global
analytics object like "window.ga" which may fail to load due to adblockers and
similar tools. In other words, don't 'ga("send", ...)' all over your code.

I had airplane ticket booking fail mysteriously because "pay" button had a
analytics listener bound to it, and it would throw an exception when adblocker
was on. Without devtools, I would not understand what's going on.

~~~
Klathmon
This shit drives me up a goddamn wall.

I had a web app a few years ago that I was using webpack to build the JS with,
and the output filename was just a SHA hash of the contents.

After an update, I started getting reports that it wasn't working for some
people. Turns out they had adblockers that were blocking *ad.js and it just so
happened that the SHA hash of the file ended in ad.js

~~~
throwaway2016a
Wow. Thank you for this story. Word that this could happen should get out
there. I would have never thought to look for hashes that happen to end in
"ad"

------
vsund
Here's @vsund, author of this commit message. I understand that the title may
was a bit clickbaity and now the title got renamed to a more rational one
(which is totally ok).

Unfortunately the new title "A JavaScript browser library fails due to an
adblocker blacklisting 'beacon.js'" doesn't reflect the situation very well in
my opinion. The library didn't fail (mainly because there is no library yet),
what instead happened is that the adblocker blocked GitHub internal requests
which resulted in a unusable repository. The adblocker blocks requests that
simply has "beacon.js" anywhere in the URL.

I see this rather as an issue of adblockers blocking to much than bad naming
of projects :)

~~~
chillydawg
As one of an extremely large group of people who will never use that library
but DO get protected from some ads and tracking by blacklisting beacon.js, I
disagree that it's an issue with ad blockers.

The internet is a toxic place, to put it mildly, and if you're getting into
any kind of public facing service on it, you need to know exactly what you're
doing.

~~~
Ajedi32
Wait, you're saying that a false positive in an ad blocker is _not_ an issue
with the ad blocker? Of course it is! Blocking files based solely on their
names is a brittle and error-prone way of doing things, and this false
positive is a clear example of that.

~~~
chillydawg
For sure it's a false positive and I wish it didn't happen. But it does happen
and there's no way I'm ditching my ad blocker just because of some small
number of false positives.

------
keeperofdakeys
One time I came across a github user with a username that started with a
hyphen. I could browse their repos fine, but I couldn't view their github.io
site on Linux.

It turns out that Windows and OSX allow domain components to start with a
hyphen, but Linux does not. There is at least one DNS RFC that disallows this
though.

Relevant Ubuntu bug.
[https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/66...](https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/668926)

------
kevingadd
An interesting related anecdote on this is that at least in Chrome, adblockers
can also interfere with extensions' attempts to load scripts, load
stylesheets, or open windows. I maintain an extension with a smallish active
userbase (~20k people) and a couple different times I've encountered
mysterious failures that were the result of clumsy keyword blocklists in
ublock/adblock/etc - for example an extension asset (packed into the
extension, not on a web server!) containing the word 'popout' caused it to get
killed silently, and renaming it made it work.

Naturally you can troubleshoot a lot of this with 'does it work if you disable
adblock?' but it's a real pain to have to convince users that they can't use
your software along with their broken adblocker.

~~~
Doctor_Fegg
Yes. We seem to have moved from a position of "four different browsers with
differing behaviour" to "four consistent browsers with consistent behaviour,
each with hundreds of potential content-rewriting extensions that may
arbitrarily break your site in unexpected ways". I'm not convinced this is an
improvement.

~~~
makecheck
Well we also used to have mostly non-HTTPS, where wifi networks and ISPs could
_and did_ insert crap into pages. I much prefer now being able to _guarantee_
that what the user downloads is what the site provided. At least then the
"turn everything off and see if it works now" option should be viable.

------
aequitas
Had similar issues while debugging why the advertisement team had trouble
deploying their updates using our CI system. Took a really long time to
discover the xhr requests for their projects where blocked by the ad-blockers,
the irony :)

------
carrier_lost
This seems like a good case in favor of Privacy Badger's model, where content
blocking is based on the number of times a domain tries to track you across
websites, rather than a blacklist of URL patterns and file names.

~~~
Doxin
Privacy badger has a nasty habbit of breaking login for sites using a login
subdomain though. In my experience privacy badger has vastly more false
positives than ublock for instance.

------
WiseWeasel
In the same vein, I was recently working on a web app with a path at
/advertisers, and discovered that ad blockers were preventing any AJAX
requests to resources in that path. You might think twice before naming your
paths to something containing the word 'advert'.

~~~
always_good
A couple years ago I was bucketing hash filenames into subfolders by their
first byte, like "b328ab391bbeb686b5fc.jpg" into the "b3" folder.

Every once in a while, an image wouldn't load for some people on my website,
and I couldn't figure out why until I listed out the paths of the images that
had been reported over the last few days.

    
    
        /ad/ad67f2864a97aa80be22.jpg
        /ad/ad381cbc443a4fc56e7a.jpg
        /ad/adc225a332e69437a3b5.jpg

------
seretogis
Solution: remove the "e" from the filename... "bacon.js", everyone loves
bacon.

~~~
bshimmin
Already taken, of course:
[https://baconjs.github.io/](https://baconjs.github.io/) (and they have a
picture of Francis Bacon, just to be contrary!)

------
pastelsky
Happened to me as well when I published the source for a analytics browser
extension on github ([https://chrome.google.com/webstore/detail/google-
analytics-l...](https://chrome.google.com/webstore/detail/google-analytics-
logger/mnocefeloijpdenhbidaoildegppmkoi))

Anything to do with JavaScript on the page would fail. Thankfully, github's
support team was very helpful in pointing out that uBlock was the cause.

~~~
citrusui
Funny you mention that: I can’t access this page due to my adblocker :P

~~~
pastelsky
Which adblocker do you use?

------
cpeterso
I heard that Google's AdWords management portal ran into a similar problem
because their web pages had HTML and CSS using names containing the word "ad"
because that is related to the domain of ad management. AdWords customers
running ad blockers couldn't manage their own AdWords campaigns. :)

------
LarryMade2
Had a similar thing on my website, I put all my images (regular jpegs, pngs,
etc.) in a directory named ads (which contained more than ads) and the
adblocker was dutifully hiding them - took me a while to figure out the
culprit was the adblocker + folder name.

------
patd
Had the exact same issue so I've recently started working on
[http://blockedby.com](http://blockedby.com) to check regularly if my content
didn't get blocked.

It's still very early but any feedback is welcome

------
z3t4
its also common for antivirus to block arbitrary JS. not fun to debug or tell
users to disable AV on your site.

------
nashashmi
This extreme vetting made me disable all of those adblocking lists. Now I
manually go through web scripts and block the stuff I don't like. It turns out
that majority of ads on the web are served by just a handful of advertisers.
So my list of blocks include only 27 websites. And these site turn out to be
the notorious displays of junk on the internet. I don't see ads on the web
anymore. I also don't get called foul on by sites that block adblockers.

~~~
jdormit
Could you publish that list somewhere?

------
kowdermeister
Sites constantly break because their codebase rely on some tracking lib.
AirBnb currently fails to display the map because of uBlock.

------
catshirt
> So the moral of this commit message is: Yes, objectively bad names exist.

more like objectively bad content blocking algorithms...

i'm not going to pretend i have a better solution than hardcoding file names.
but i'm also not going to pretend it's not the responsibility of the ad
blocker to eliminate false positives.

------
seangrogg
Well, I guess between the rising popularity of ad-blockers and issues like
these I'll actually install one and make sure to test with it active. May as
well take note of the trends and adapt to them.

