

If you're seeing ads on Wikipedia, your computer probably has malware - vgnet
http://blog.wikimedia.org/2012/05/14/ads-on-wikipedia-your-computer-infected-malware/

======
fennecfoxen
A commentor on that page notes that it might not be malware, just an evil ISP.
If that notion comforts you at all.

------
bicknergseng
Or you're using a Chrome extension that serves ads. I flipped out the other
day because I thought someone had hacked our application and decided all
they'd do is serve ads. Bad behavior on the part of Chrome extensions.

~~~
Zikes
I'd like to hear more about your experience. Was it a previously straight-
laced extension that, upon acquiring a decent user base, then decided to
update with ad injections? What function did the extension serve? If it did
start serving ads after an update, did the update also ask for additional
permissions, or did it zealously ask for more than it needed originally, if
its function did not legitimately call for that sort of access?

~~~
garyrichardson
I had installed a Safari extension that was designed to let me auto-reload a
tab on a sechedule. I never really used it. I can't think of the name.

One day it updated itself and started replacing IAB sized HTML containers with
ads. I only noticed because I was doing testing with Safari and the player I
expected to be loading was being replaced by an ad.

~~~
starwed
I'd be completely comfortable with calling that malware.

------
nutmeg
I noticed this same thing when viewing YouTube on my daughter's laptop. Oddly
spammy ads where there normally were no ads.

I guess the new model for adware/malware is to try to integrate so seamlessly
that a normal person doesn't even realize they are seeing someone else's ads.

~~~
pavel_lishin
Doesn't this sort of parallel real-world infections? Something too obviously
virulent in real life will kill the host before it gets to reproduce; so it
makes sense to be as innocuous as possible while still reproducing/bringing
profit.

------
kokey
The worst are the adds with a picture of some guy called Jimmy and another one
with long hair. Both asking for money. It takes up the whole top of the page.

~~~
sien
Would you prefer it if wikipedia just ran a line of ads all the time?

This is a serious question. It's open to others to.

~~~
twelvechairs
I think the real answer is it doesn't really matter. Especially for those of
us with adblock.

~~~
altrego99
I agree and hence if it means more profit for Wikimedia organization, from
people who do not use or do not know about adblock, then it is definitely a
better choice than the current donation model.

------
throwaway63-90
Read the NYTimes blog post.

"Revenue eXtraction Gateway" (RG)

They tried calling the RG helpdesk, and the RG people hung up.

Classic.

Encrypting all internet traffic would put a swift end to this problem.

------
encoderer
For what it's worth, I don't think it's strictly fair to call all plugins that
inject ads onto pages "malware."

If the app -- suppose it's a toolbar or something -- gives the user valuable
(to them) functionality, and it was installed legitimately, I think it's
perfectly acceptable to monetize that way.

So the measure of the malware should be based on the app itself, and how it
got onto the computer, and not the apps monetization.

While I can sympathize with site owners who could have their reputations
tarnished by users seeing ads and assuming they came from the website, I also
feel that if I, as a user, want an app and "pay" for it by accepting ads
injected into my browsing activity, that strikes me as something I should be
allowed to do.

~~~
JoshTriplett
> For what it's worth, I don't think it's strictly fair to call all plugins
> that inject ads onto pages "malware."

Quite a bit of malware runs with user "consent", and purports to provide some
value to the user. However, "malware" does often has the connotation of
something that exploited a security vulnerability to end up on the system,
hence terms like "adware" to cover software that introduces advertisements and
often gets installed along with some other software package the user actually
wanted. And given the extensive tracking associated with most advertising,
pretty much any adware will also qualify as spyware, though not to the same
degree as software like keyloggers and similar.

Some people have also introduced broader terms like "badware" to encompass
many different categories (<https://stopbadware.org/>), but that term hasn't
caught on nearly as much as "malware", "spyware", and "adware".

If a user truly did intentionally install a piece of software that explicitly
said it would add advertising to arbitrary websites, and the software
installed with the full knowledge and consent of the user, then by all means
let the user annoy themselves. But for every user somehow simultaneously
knowledgeable enough to figure that out and yet not knowledgeable enough to
avoid it, there exist several million users with unwanted adware, spyware, and
malware on their systems.

(And in many cases, such a "choice" affects more than just that one user; most
spam comes from infected systems, for instance, since that has a lot more
"value" than just spamming the user of the infected system.)

~~~
encoderer
> Quite a bit of malware runs with user "consent", and purports to provide
> some value to the user.

You're right, but merely injecting ads on a page doesn't malware make. Period.

~~~
jacquesm
Sure it does. Malware, from wikipedia: "Malware is a general term used to
describe any kind of software or code specifically designed to exploit a
computer, or the data it contains, without consent."

User consent is typically given to yield some kind of functionality _not_ to
inject ads on pages the functionality is just bait.

That's just misdirection, it's not even clever it is simply bad. And whether
we're talking about data in transit or stored on the computer is bickering
over details.

~~~
encoderer
By that definition, websites that advertise are themselves malware.

If I make a toolbar that, I dunno, provides human-edited translations of
Wikipedia articles that's active when you're on Wikipedia.com, and I monetize
that by putting ads on the page, and a user downloaded and installed the app
(as opposed to me paying to bundle it with another app) that is _not_ malware.

Look, to the generally-non-technical audience that the original Wikipedia
article had to write for, I think it's fair to cast a wide net and name all
offending apps malware.

But here, amongst professionals in this industry, it's absurd to me to not see
the nuance.

~~~
JoshTriplett
> If I make a toolbar that, I dunno, provides human-edited translations of
> Wikipedia articles that's active when you're on Wikipedia.com, and I
> monetize that by putting ads on the page, and a user downloaded and
> installed the app (as opposed to me paying to bundle it with another app)
> that is not malware.

I agree that in that particular case it wouldn't necessarily qualify as
malware, if you've made it clear to the user what you're doing. I would
certainly call it adware, though.

And as you suggest, if you snuck it in along with some other application where
the user didn't necessarily give clear and well-informed consent to install
it, then I would absolutely call _that_ malware.

