
uBlock Origin: Address first-party tracker blocking - hokkos
https://github.com/uBlockOrigin/uBlock-issues/issues/780
======
newscracker
So Chrome doesn’t support the API that uBlock Origin could use to block such
ads whereas Firefox does (with the user’s permission). [1] One more reason why
Chrome will soon be seen as mostly useless for users of ad blocking
extensions. Hope Firefox keeps alive the things that make uBlock Origin a
necessity for a decent browsing experience.

[1]: [https://github.com/uBlockOrigin/uBlock-
issues/issues/780#iss...](https://github.com/uBlockOrigin/uBlock-
issues/issues/780#issuecomment-552477648)

~~~
tnorthcutt
I switched to Firefox recently, partly because of this issue. I used it for
2-3 months, but eventually went back to Chrome because of poor performance;
Firefox frequently lagged on typing input, hung, etc. in situations where
Chrome does not. I hope things improve.

Caveat: I was using Firefox Developer Edition... I wonder if "normal" FF would
be better.

~~~
Fiveplus
The stable release of Firefox hasn't lagged or given me any troubles. Neither
on my work PC nor on my personal 5 year old laptop with mere 4 Gigs of RAM and
no SSD.

Disclaimer : I use about 6 privacy focused addons in total.

~~~
idonotknowwhy
Which addons? I'm currently using Vimium-FF and Ublock Origin.

~~~
sk5t
Not OP but EFF's Privacy Badger is pretty great.

~~~
newscracker
Privacy Possum is a better fork of Privacy Badger.

------
Santosh83
This was always coming. Next we will have unblockable ads delivered through
first party and using obfuscated techniques like canvas or webassembly. The
endgame will be all/most websites embedding 1st party ads and tracking and the
only way to not see them would be to not use the WWW at all. At that point we
will have lost.

~~~
aequitas
That will be the time we switch from ad-blockers to content-allowers. It can
already be seen with distraction free modes.

Maybe there is a market for a proxy that converts any page you visit to bare
and functional HTML with just content and navigation. No ad's, distractions,
disfunctional scrolling, etc.

~~~
kodablah
There is definitely a market for this and has been an idea I've been toying
with for some time. Instead of a proxy per se, it'd be an API on top of a
headless browser scraper then a simple web UI that uses that API. It'll have
easy-to-update content extraction/interaction scripts for popular sites.
Essentially you'll have "craigslist-ified" much of the popular web into an
almost AOL like portal. Users will be encouraged to run client side (this
won't be hosted, too many legal issues) and while this won't prevent tracking
per se (headless browser still tracks), it is an easily exposed web server
from your desktop. So you could even expose via Tor (time lost is made up for
lack of content) and if you wanted to share, you could. Caching/storage and
eager ahead of time loading/scraping of common sites, and it'll perform even
better. Anyone can use the API for whatever they want.

Wrap it up with an easy to install bow and easy self updating to keep up with
sites (and easy fallback to original sites/links), and I'll never browse the
mainstream sites again. There are a couple of things that do this, but none as
well as I'd like to see.

~~~
megous
There are certain kinds of websites that usually have
category->list->individual image/video that are otherwise obnoxious to use,
but all follow this structure, where this is the only way to get reasonable
UI. Fetch data and make a simple UI yourself.

Fetching data from such websites is the only thing so far where I've found ES
async generators very very useful.

You don't even need a browser. Most of the time simple HTTP requests from node
work just fine, and makes tor use safer and more effective since you're not
running any foregin JS code, just parsing data. Other thing that improves
privacy is that you're downloading everything, so it's hard to see from the
service's side what you're actually consuming.

Actually many usual services follow this pattern. List of accounts->list of
transactions->transaction details. List of categories->list of
articles->article detail. List of product categories->list of
products->product detail.

Simple abstraction can get you very far, even with a fairly simple DB schema.

~~~
aequitas
Speaking of browsability, Google Images by far outshines the majority of
webshops in search relevancy, SNR ratio, results per page and speed.

------
nkrisc
If these first party ads are just _showing me some sponsored message_ , then
I'm totally ok with that. It's the tracking and arbitrary execution of third
party code that drives me to block ads. And if a site has a truly awful first
party ad experience and I can't block it? I'll probably stop using it, because
I don't use sites that frustrate me if I don't have to.

~~~
dangus
Let me know if I’m not understanding this right, but why does the origin of
the ad software (scripts) matter to their undesirability?

Before:

Ad providers tell you to throw an external element in your page to display an
ad.

After:

Ad providers tell you to add a library to your code directly that pulls down
ads and serves them front the same place your site comes from.

This doesn’t magically make the website selling advertisement space aware of
what code they’re running on your browser via those ads.

~~~
nkrisc
No, it doesn't make it magically better, there is no magic. But it does make
the site accountable for the content they're serving me, instead of saying,
"Oh, that's not our fault you got malware, it was the third-party ad network
we use." It may not protect me much more than I am now, but it shifts the
accountability to the first party I am dealing with instead of allowing them
to pass the buck, because I can block all third party requests if I want to.

Would this change any legal basis? I do not know, I'm not a lawyer, but I sure
hope we find out.

------
protomyth
From the thread: _This would require uBO to send browsing history information
to a remote server, this is anti-uBO._

This is why I love UBlockOrigin, that basic principled approach is a great
thing.

~~~
hnarn
Well, it could be opt-in and disabled by default.

~~~
bertil
This does sound like “the user decide” indeed. The issue is: allowing that
will likely be popular among people who should know better (like me) and it
puts uBO into a position to be able to do some shady things that are hard to
prove.

They’ve been in that situation before, with the original uBlock, and they’ve
learned not to trust their own team.

~~~
hnarn
Tech savvy developers could opt in to send their data and only do so from a
controlled environment. If they notice a site misbehaving, open up an
incognito window, go into "call home" mode and start collecting useful info.
Sure, it's not for "regular people" but this type of reporting never will be
if you also want to respect the integrity of your users.

------
founderling
1st party ads are not unblockable. They only lack one aspect that helps
identify them (the 3rd party hostname). But they still can be dealt with.

One way browsers try to take away that freedom is by limting what extensions
can do. If that continues, at one point we would need a new browser to
accomplish it.

My favorite vision of the future would be if Debian would provide a version of
Chrome or Firefox that: a) is stripped of all tracking and b) gives extensions
full access to everything.

~~~
ekianjo
So what is the strategy to deal with legitimate 1st party subdomains and
tracking/ads subdomains if they use random strings as identifiers? (I am
guessing this is where we will need a combination of crawlers and machine
learning algorithms)

~~~
bscphil
Couldn't you blacklist all subdomains of the 1st party and whitelist the few
that are actually real?

Or, assuming they have a small list of subdomains that redirect to ad servers,
you could generate a list with a script that checks all their subdomains and
creates a block list based on that. For example, the site discussed in the OP
has all their subdomains listed here:
[https://crt.sh/?q=%25.liberation.fr](https://crt.sh/?q=%25.liberation.fr)

Edit: looking at the OP case, it seems like they only have one ad domain. I'm
not sure I see this as a serious issue until multiple sites start rolling out
thousands of subdomains, some pointing to back to the real server, others
pointing to the ad server. Maybe that will happen but it's a pretty big
barrier to entry, and just short of proxying everything through the 1st party.

~~~
uxp
> whitelist the few that are actually real

I'm speculating that the balance is in the reverse favor. Last night I was
looking at some file on GitHub which was redirecting to what looked like an S3
bucket subdomain named with a pattern like "github-production-f7e281a2", which
I simply presumed to be cache-busting via subdomain instead of appending the
hash to the filename. If my assumptions were correct, every time GitHub
deploys a new build, you would have to whitelist that subdomain.

------
ComodoHacker
As gorhill mentioned in the comments, this isn't really a 1st-party tracking,
it's "3rd-party disguised as 1st-party". Tracking URL is on a subdomain of
1st-party domain, but it resolves to 3rd-party IP ang request goes to 3rd-
party infrastructure.

~~~
jimktrains2
That doesn't need to be true at all. You could imagine a service that acts as
a can and proxy for the 1st party that injects ads into the HTML directly and
handles certain urls on the main domain.

Also, 3rd party infrastructure could be something like aws. Are you really
going to block all ec2 address ranges?

~~~
M2Ys4U
Forcing people who want to include adware on their sites to run and maintain a
proxy is an additional overhead that many won't want to do.

This reduces the attractiveness of adverts, which means they won't be as
prevalent, which means tracking concerns are lessened.

That's a win, no?

~~~
jrockway
I doubt we will win anything from this. Some advertising provider will provide
an easily-runnable proxy and say "we give you double CPM if you give us the
logged-in user's email address". Now you have even less privacy.

Third-party requests with cookies made it easy to start tracking people across
sites... but there are other ways if that is made to stop working. Given how
much money flows through the advertising industry, I am sure someone will pay
for the week or so of engineering to make advertising more invasive.

~~~
NullPrefix
Doesn't this increase the risk of costly GDPR non compliance?

~~~
jrockway
Just georestrict your website to not allow visitors from Europe. What I
learned from the whole Blizzard fiasco is that the future is selling products
to China. China doesn't really care about the GDPR.

~~~
ryanisnan
You can hardly call Blizzard a malware peddler...

~~~
NullPrefix
I was referring to the websites, which block access to Europe, because they
don't comply with GDPR.

~~~
ryanisnan
Ah, my mistake.

------
tyingq
A good example of why taking away the blocking feature of chrome.webRequest
cripples full featured ad blockers. Gorhill shows both a DOM based rule and a
CNAME uncloak that kills this tracker. Neither will work post manifest V3.

~~~
sheeshkebab
Chrome is not the only browser out there, and anyone who cares about privacy
shouldn’t be using it.

------
taf2
I mean this is nothing compared to what you can accomplish with a multi origin
cdn or how about a scriptable edge cdn... fastly, cloudflare or cloud front
with edge lambda... then you can effectively proxy everything on the same
origin with zero ip or domain difference... only content analysis could be
effective and even then it’ll become a real arms race

~~~
minitech
You can do that with any web server, just by serving trackers the same way as
all other content.

~~~
taf2
That’s right but small business owner doesn’t know how - this is about ease of
deployment

------
alibert
Someone made a script that generate a list of first party domain to block. It
seems to crawl websites and extract all requests and compare domains with
regex of known first party tracker.

[https://git.frogeye.fr/geoffrey/eulaurarien](https://git.frogeye.fr/geoffrey/eulaurarien)
(for running your own script)

[https://hostfiles.frogeye.fr/firstparty-only-trackers-
hosts....](https://hostfiles.frogeye.fr/firstparty-only-trackers-hosts.txt)
(to be imported in your adblocker)

~~~
713233eb
I'd love to run this in Docker without manually setting the dependencies up

------
01acheru
I've done something like that some years ago to ensure that the tracking we
were using on our website worked even if a user had an AdBlock. (it wasn't a
tracker as in ad tracker, but a tracker nontheless)

It was fairly trivial: instead of asking for the tracking script directly I
put a small service of ours in front of it, so our website asked for
foo.mycompany.com/stats.js that fetched the correct script and changed all
URLs inside of it from mycomp.mytrack.com to foo.mycompany.com. Our service
than acted as a proxy to mycomp.mytrack.com.

A simple solution that worked out for a while, lost by now, in a server,
somewhere in Ireland...

~~~
kingartur44
In this way, you are opening a lot of things of your site to the advertizer.
They can grab your users session cookies or even intercept everything they
send to you

~~~
01acheru
Just to clarify, as I said it was not an ad tracker, all data was ours and
ours only. It was 1st party tracking using a 3rd party service that was
blocked by ad blockers. Anyway we don't use cookies for *.mycompany.com, and
it was a session-less website.

------
danielrpa
I can see a future where safe browsing of the web will only be possible
through some sort of whitelisting. Search engines or crowdsourced lists will
exist to tell you which places you should or shouldn't go in the web based on
Ads or tracking features, just like you can find out the relatively few places
that serve Vegan or Kosher food.

This isn't exactly a great future but we need to accept that nowadays most
people don't care about tracking or ads. This might change one day, but it's
the status quo.

I think that anti-ads and anti-tracking, if trying to work alongside the full
feature set of the Internet, is fighting a honorable but eventually losing
war. Even if someone sorts out this particular issue, you are still tracked by
1) Your ISP and 2) other subtle client fingerprinting technologies. You can
use Tor/VPN/disable JS but all of these have downsides.

All we can do is to fight with our time and wallets by not visiting places
that don't support our values. This is possible and not different from the
world we live in already.

~~~
capdeck
Next step in ad blocking is using local trained AI to figure out what is an ad
and what is not based on the content that it shows (regardless of origin).

May be more of a challenge with trackers as they don't to show ads per se, but
may be the same technique can be used with "randomly" generated URLs - train
an AI to dynamically make a guess whether the sub-domain (even first party) is
a tracker or not. There may not be a clear marker, but there is always a
pattern...

~~~
sails
Interesting idea, I like the sound of that. Currently I use uBlock Origin's
"Block Element" function to block "non-ad" components of websites that bother
me (HN orange top bar for example). Something similar that was "trained" based
on my/crowd input would be an interesting start.

------
cm2187
I don't really have a problem with first party tracking, unless it can
correlate my identity across websites. But otherwise I have no problem with
website X knowing that I browse website X.

Can first party tracking do this sort of correlation other than through
browser fingerprinting?

~~~
cyborgx7
If I'm understanding this correctly, it's only first party tracking in that it
comes from a subdomain of the domain of the website you are browsing. But that
subdomain points at a third party tracking provider. So this still seems like
a single tracking provider on multiple website being able to correlate your
browsing.

~~~
wongarsu
You still get full cookie separation because each website has a different
subdomain and thus a different cookie. The analytics provider can track you
across the internet, but they have to invest work and resources instead of
getting it basically free.

~~~
cm2187
But how would the provider track you across the internet with cookie
separation (other than through fingerprinting)?

~~~
kasey_junk
The provider a) is the other parts of the internet (think big cdn) and b) they
communicate with other data brokers via a side channel instead of via cookie
syncing.

This is already happening with large web publishers.

~~~
cm2187
But even if they do that, how can they tell it is the same user on two
different domains?

------
danShumway
One takeaway from this[0]:

> Can't this be "emulated" in Chromium by resolving the hostnames using DNS
> over HTTPS in JSON format?

> \- This would require uBO to send browsing history information to a remote
> server, this is anti-uBO.

> \- Chromium does not support non-blocking webRequest.onBeforeRequest
> listeners, so this can't work reliably when the result depends on an
> asynchronous operation such as a DNS lookup.

> \- Chromium's webRequest.onBeforeRequest blocking ability is being
> deprecated with Manifest V3, so even without the above issues, this would be
> wasted development efforts.

I suspect (and suspected) that Ublock Origin may eventually be deprecated for
Chrome after the V3 changes shipped the same way it was deprecated for Safari,
although to the best of my knowledge Gorhill hasn't made any kind of official
announcement about that -- so I want to be clear that it's purely conjecture
on my end.

This thread reinforces that suspicion. I don't know if Gorhill has explicit
_plans_ to do anything with Chrome, but I suspect that in the future it will
become more and more annoying to support the browser.

I also previously made a prediction[1] that within 2 years, Firefox would have
clearly better tracker-blocking extensions than Chrome (65% likelyhood). This
is roughly in line with what I would expect to see with that prediction -- a
few rare fringe-case scenarios that creators can quickly address in Firefox,
but that require more extensive work and conversations around Chrome. If this
kind of issue becomes more common in the future, then I'll feel more confident
about that prediction.

[0]: [https://github.com/uBlockOrigin/uBlock-
issues/issues/780#iss...](https://github.com/uBlockOrigin/uBlock-
issues/issues/780#issuecomment-555954450)

[1]:
[https://news.ycombinator.com/item?id=21506330](https://news.ycombinator.com/item?id=21506330)

~~~
jzl
One possibly good outcome would be if Chrome's embrace of V3 is the catalyst
that causes Firefox usage to shoot up again. By most measures, around 40% of
users use ad blockers.

------
cobbzilla
Can’t an ad blocker do the CNAME resolution and then not load the URL if it
resolves to a 3rd-party hostname?

Using an A/AAAA record would be harder, you’d need to have an IP blacklist,
and the trackers would probably be constantly shifting IPs, using a low TTL on
the record.

This might require giving your tracker programmatic access to your DNS, not
sure if many first parties are ready to go there.

~~~
saagarjha
I have CNAME record for my website that points at GitHub. Would your
suggestion block this?

~~~
cobbzilla
Not likely — only if “github.com” was classified as an ad-tracker by the ad
blocker.

------
SeanMacConMara
im happy to just block/not visit those entire domains

there comes a point when the content is just not worth it

doesnt scale obviously

we're headed back to the "golden age" of TV advertising except via http
instead of radio waves/cable

~~~
zerocrates
Web advertising is, and long has been, far worse and more intrusive than TV
ads.

~~~
SeanMacConMara
i was referring to the "golden age" of captive eyeballs ie eveyone watched
lots of TV and mostly could not avoid seeing most of the ads.

at least we've had ad blockser on browsers that work well up to now

the tracking of web ads obviously vastly overshadows what happened with TV.

they obviously want the best of both worlds "avoidable ads" and "extreme
tracking"

------
floatingatoll
WebKit Intelligent Tracking Protection 2.0 and later seem to treat all
subdomain as equal for tracking purposes.

Does Safari recognize these trackers?

[https://webkit.org/blog/8311/intelligent-tracking-
prevention...](https://webkit.org/blog/8311/intelligent-tracking-
prevention-2-0/)

> _Does ITP differentiate between my subdomains?

No. ITP captures statistics and applies its rules for the effective top-level
domain plus one, or eTLD+1. An eTLD is .com or .co.uk so an example of an
eTLD+1 would be social.co.uk but not sub.social.co.uk (eTLD+2) or just co.uk
(eTLD)._

[https://webkit.org/blog/9521/intelligent-tracking-
prevention...](https://webkit.org/blog/9521/intelligent-tracking-
prevention-2-3/)

 _ITP 2.3 counteracts this by downgrading document.referrer to the referrer’s
eTLD+1 if the referrer has link decoration and the user was navigated from a
classified domain. Say the user is navigated from social.example to
website.example and the referrer
is[https://sub.social.example/some/path/?clickID=0123456789](https://sub.social.example/some/path/?clickID=0123456789).
When social.example’s script on website.example reads document.referrer to
retrieve and store the click ID, ITP will make sure only
[https://social.example](https://social.example) is returned._

------
scoutt
I am glad to see that websites are struggling to ruthlessly track users for
showing ads. It means that the efforts so far are working. They have our
attention.

Now it's time for _standards creators_ to be responsible and to do something
in favor of their users: the user should have the final decision about being
tracked/shown ads.

But when the most used web browser is in the hands of the biggest ad vendor,
then there is little hope...

I guess we can only expect for web pages to turn into a sort of dynamically-
generated JPEG that cannot be parsed/analyzed.

------
JakaJancar
I don't see the problem.

If the publisher develops an analytics, user profile or whatever solution
themselves, then it's 1st party - OK.

But outsource the development or hosting to someone, and suddenly it's a
problem? How is this different to using AWS?

Now if the data from their different clients is merged to build a unified view
of what you do on the web, that's different, but the place to prevent that is
in the browser using cookie partitioning, not by caring about the tracker
developer/hosting provider.

~~~
sigwinch28
> If the publisher develops an analytics, user profile or whatever solution
> themselves, then it's 1st party - OK.

How have you reached the conclusion that this is okay?

------
iramiller
So what we need is a DNS service that takes in all of the DNS record updates
per normal DNS replication and flags these CNAME record entries into an easily
consumable blocklist.

~~~
EvanAnderson
DNS-based filtering will be useless once DNS-over-HTTPS and pinned
certificates are the norm. That will come to embedded devices first, but it'll
come to consumer OS's too.

~~~
iramiller
Right. But it is still possible to run a DNS resolver and dump those domains
in a address based blacklist at the firewall.

------
novaRom
If me as a human can identify ads easily, Machine Learning and Computer Vision
could be used instead of black-listing domains like in this case.

------
SaturateDK
At what point does spamming the tracking endpoint with crap data become the
next tool?

~~~
rahidz
Similar to what AdNauseam does:
[https://news.ycombinator.com/item?id=20048216](https://news.ycombinator.com/item?id=20048216)

------
cookie_monsta
Maybe it's just the circles I move in, but I feel like there are enough users
who don't want to be tracked and enough websites that don't want to track that
maybe some sort of code of ethics would work.

Sign up, promise not to track your users and be open to lawsuits if you're
found to be lying.

Granted, it would just be another whack in the game of whack a mole, but we
have to keep whacking.

~~~
hombre_fatal
People will care about that as much as they care about ceasing to use websites
that are hostile towards them: pretty much not at all.

The entire ad-blocking concept shows that people will do anything to continue
visiting a website they are desperate to consume no matter how user-hostile it
might be.

Also, this "No-Tracking" pledge seems like a thought experiment that only
considers the rare website with more or less drop-in alternatives. So, maybe
just general news and some brochure info sites?

~~~
cookie_monsta
I guess it's possible at any moment in history to say that nothing will change
because nobody cares. There will always be some truth to that.

But I feel like we're reaching some sort of tipping point. 200k+ people just
signed up to a new social network whose only real usp is no tracking.

I don't know what a drop in alternative is so I can't answer your question,
but if your assertion is that generally speaking sites need to allow their
users to be tracked I would disagree.

------
6gvONxR4sf7o
For what it's worth, I hardly see ads anymore because I use a browser
extension that disables javascript on a site by site basis. You can have
javascript be opt-in or opt-out. With opt-in, you get such a better web
browsing experience on 95% of sites, and for the others, you just click a
little button next to the address bar to make it work.

No pop ups, fewer paywalls, less tracking, no videos (except the video site I
whitelisted, like youtube). What should be static content actually stays
static content. The web is a much better place when you disable javascript
where there doesn't need to be javascript.

Combine it with cookie auto-delete and whitelisting, and disabled third party
everything, and the web is mostly nice again.

------
cogidub
From
[https://en.wikipedia.org/wiki/Lib%C3%A9ration](https://en.wikipedia.org/wiki/Lib%C3%A9ration)

> Libération (French: [li.be.ʁa.sjɔ̃]), popularly known as Libé ([li.be]), is
> a daily newspaper in France, founded in Paris by Jean-Paul Sartre and Serge
> July in 1973 in the wake of the protest movements of May 1968.

> For its first six or seven years it was a uniquely vibrant and pluralist
> publication and hugely influential. This > was mainly due to its refusal to
> take paid advertising which meant there was no direct or indirect pressure
> from advertisers.

Seems they're now helping to push boundaries of pushing advertising since
their founding.

------
mehdix
If a webpage does not render correctly in Firefox, I close the tab and support
an alternative. It doesn't work for every case, but nevertheless it makes a
difference. I also use and support Firefox everywhere, at home, at work, and
on mobile.

------
Pxtl
It occurs to me - doesn't this mean that the ad company will have access to
the users' session cookies? That seems like a terrifying security risk.

~~~
hombre_fatal
By default, cookies are limited to [subdomain.]example.com not *.example.com.

~~~
Pxtl
Still, sharing cookies across subdomains is a pretty common workflow.

------
rmsaksida
uBlock Origin aside, it feels like browsers should have built-in support for
dealing with this technique (I'm thinking of Safari content blockers and
Chrome declarative net requests). Otherwise it's all too easy for trackers to
get around browser protections, rendering content blocking APIs almost
useless. You should be able to block the resolved domain for a CNAME, not just
the source domain...

~~~
account42
CNAME is a red herring - it would not take that much more effort to delegate
the subdomain to a name server controlled by the tracking service or just
dynamically update the A/AAAA records yourself.

------
tilolebo
Naive question: if media.liberation.fr is a CNAME to a 3rd party ad tracker,
why not simply add liberation.fr to the uBO list?

~~~
lpellis
liberation.fr is the site you want to access, blocking it will kinda defeat
the purpose. Blocking *.liberation.fr also is not really an option as it
contains some legitimate subdomains. You would have to look up the CNAME for
every subdomain and block those on the fly (it seems to randomly rotate)

------
neilv
I mentioned non-same-origin subdomain problems a while ago, while suggesting a
feature that would help with my particular approach:

[https://github.com/uBlockOrigin/uBlock-
issues/issues/44](https://github.com/uBlockOrigin/uBlock-issues/issues/44)

------
polskibus
Does anyone know if pihole could help here? If not now, does pihole work on
blocking 1st party trackers?

~~~
gowthamgts12
A possible solution proposed for this problem is to do DNS checks, which is
already done by PiHole. So, yes if you have the 3rd party in your filter, it
will be blocked.

------
manigandham
What exactly is the problem with first-party ads? This is what the general
consensus was - to move towards ads that were delivered directly by the
publisher that you had a connection to instead of 3rd-party networks.

At some point, you have to admit that you just want the content for free.

~~~
disintegore
> What exactly is the problem with first-party ads?

The problem is that they're ads.

> At some point, you have to admit that you just want the content for free.

I understand it's a bit of an ethical conundrum. Quality content and/or
service requires compensation. At the same time, advertisement is a form of
harassment and intellectual terrorism and they make content undemocratic by
nature. Altering your own software in order to see NO ads of any kind under
any circumstances is perfectly justifiable.

With that said, I don't buy the myth of the struggling internet entrepreneur
being unable to make ends meet because of the selfish adblock users. I think
that's as ridiculous a notion as the idea that Napster could kill independent
musicians. Fact of the matter is that ads are _a_ form of revenue and there
are healthy alternatives out there.

For instance, instead of giving away an infinitesimal fraction of our mental
health to every single internet business, we can instead enter a social
contract in which everything is free, and consumers are expected to pay into
the channels and services that they like best. This is, for instance, how many
Podcasts and non-advertiser-friendly Youtube channels work.

~~~
manigandham
"Intellectual terrorism"? This makes no sense. Using this kind of extremist
language doesn't help.

> _" healthy alternatives out there"_

That's the real myth. You either pay for content up front (by going to work,
getting paid in cash, and using that cash) or you see some ads (which convert
your attention to payments in real-time on demand for exactly what you're
consuming). For billions of people, ads are faster, easier, more passive and
more fair.

Donations are not a scalable business. Podcasts are in an advertiser boom and
are making record amounts of money from ads so I'm not sure why you used that
example. Very few (if any) channels of size are completely user-supported.

~~~
disintegore
"Intellectual terrorism" is indeed pretty extreme, and the term only applies
to some segments of the industry. However that's exactly how I would describe
the effect that fashion & beauty advertising have on women and men to a lesser
extent.

None of the podcasts I listen to contain any kind of advertisement of any
kind. This is not difficult to explain; prudent businesses typically do not
stray very far outside the Overton window. This form of media exists -
flourishes - because of listener patronage.

> Donations are not a scalable business.

True, but it's a _viable_ business model. If you want something that scales as
high as your entrepreneurial ambitions, consider that 100 million people pay
Spotify in order to not have to listen to ads.

~~~
manigandham
The vast majority of content is not free and is either directly paid for or
subsidized by ads. Content which is given away freely or supported by user
patronage is a tiny fraction.

Spotify has made a profit a total of 2 quarters out of 10 years, and that's an
example of direct payment as I described, which nobody has a problem with.
Donations as you're talking about are completely different. There is no free
and pay what you want with spotify.

~~~
disintegore
It's not the most popular way to generate revenue given that it's fairly young
and offers a poor guarantee. That doesn't change the fact that it's a
demonstrably viable way to have generate revenue without relying on visual and
auditory poison. Given time it may supplant ads just as ads supplanted
commercial licenses. I don't know either way and I'm not in the business of
making predictions.

The fact of the matter is that I have control over what my browser renders. If
you provide it for free "with ads" then I am going to access it for free
without ads; you are putting it out there free of charge and hoping to get
kickbacks. If you escalate the ad-blocker arms race, I am going to lose
interest in whatever crap you are peddling. You do _not_ automatically enter a
mutual agreement with me upon publishing it and you will not succeed in guilt
tripping me into watching vapid and manipulative corporate material.

If you want any of my money, use one of the crowdfunding platforms out there,
or sell it upfront.

~~~
manigandham
That's an extremist perspective against advertising (and seemingly only online
ads) while ignoring the economics behind it. Call it what you want, but you
_know and understand_ the implicit agreement is ads in exchange for content.
Clearly you're getting plenty of value otherwise you wouldn't be accessing the
content in the first place.

But sure, some will have this position and it's relatively minor across the
population, but you're starting to see more things behind subscriptions and
paywalls as a result.

~~~
disintegore
This is going to sound like a contrived argument but abolitionism was an
extremist stance against slavery. The word "extremist" is not synonym with
"excessive" or "bad".

I don't see which part of this thread implies that I'm only against online
ads.

> Call it what you want, but you know and understand the implicit agreement is
> ads in exchange for content.

You don't seem to get it. There are no terms other than what's on the table,
which is to say the content and the ads, and both are optional. We are not
legally or ethically bound by any "implicit agreement".

> but you're starting to see more things behind subscriptions and paywalls as
> a result.

Subscriptions and paywalls are markedly better than advertisements, for the
consumer at least.

~~~
manigandham
> " _Subscriptions and paywalls are markedly better than advertisements, for
> the consumer at least._ "

Except the ones that don't or can't pay for it. People want more options for
access, not less. The extremist position is saying all advertising is bad
while ignoring the economic impact and the fact that almost all businesses
grow because of it.

------
drawkbox
Hosting ads server side rather than served from client side javascript
networks has always been around though.

Originally ad networks were something you rendered out on server side hitting
their APIs from the server, and in some cases dns via subdomain. Content hosts
were more careful of the content of the ads because it hits their main host
ranking.

First party / server side ads are actually preferred if you have to choose as
you can limit the ads server side and rogue ads can be dealt with.

Ad networks from the late 90s to early 2000s were this way. Once popup ads
took off they started making ad networks client side to not impact rendering
on the server and ads could show progressively when inlined into the
layout/script.

Today the ads/trackers are almost all client side as it is easier to integrate
as more of a widget and less resources used on the server. The ad networks and
trackers of today want to own all the data and not share it with content
providers, plus being client-side it makes it easy to link data without the
need for integration in each endpoint backend just the third party endpoints.
Additionally third party ad networks may not trust that page views are organic
with the api calls being implemented first-party server side, so they went
client-side where they can validate actual page renders and lots of other
time/click based metrics.

Ultimately sponsor ads that show up on sites/blogs/portals are usually first
party server-side ads still. So as long as there aren't rogue ad networks on
the server side or via DNS/subdomain then it may improve ads overall. Since
first party ads are server side, unless routed via DNS to the ad network, at
least the content provider incurs some cost from hosting it at least in
bandwidth. If it is a subdomain that goes to an ad network that is full of
dark patterns, that is not so great but it will still impact the host
reputation in ranking.

Right now ads are a mess for a few reasons: so much tracking, taking up screen
real estate and the marketing team pushing people to subscribe making the free
content experience painful. Email/subscribe and ad popups are more prevalent
than the behind the browser popups in the early days, very bad experiences.

I sometimes think the days of server side/first party ads and popups from the
early internet are preferable to today's inline ads with videos that follow
you down and autoplay nightmares all over the page with dozens of trackers and
networks all in one. At least first party server side ads that are served up
from a backend API hit to a third party or sponsors doesn't cause excessive
connections, it also puts an upper limit on the amount of ads that can be
shown before it hits costs of hosting and rogue ad networks impact the url
reputation so the content hoster may be more of a curating check on ad
quality.

~~~
isostatic
The ads I ran in the 90s were cut and paste html along the lines of

<a href='[http://doubleclick/adid'><img](http://doubleclick/adid'><img)
src='[http://doubleclick/ad.jpg</a>](http://doubleclick/ad.jpg</a>)

I never ran puch the monkey stuff, but I think that was something like <object
src='[http://hell.com/argh'>](http://hell.com/argh'>)

------
bronlund
Stop visiting those sites already!

~~~
Valmar
Eventually, more and more sites will push these things on users, so it will
not be enough to not visit these sites.

------
pessamistic_dev
So here's the thing. It's easy for any first-party to circumvent any of these
attempts with a simple node proxy on aws lambda that passes data between the
web browser and the tracking service.

------
juskrey
Maybe finally let's adopt, you know, the best strategy: stop visiting
distracting sites?

~~~
sashimy
Websites that are involved are french news papers, french Amazon like
marketplace and a french mobile provider.

I don't think you can categorise those as "distracting".

~~~
squiggleblaz
A website with unblockable ads is surely distracting. I mean, isn't the entire
point of an ad to be distracting? "Instead of paying attention to what you
want to pay attention to, remember that I have bridge to sell you at basement
bargain rates just buy my kettle for 20 euros"

------
djsumdog
If this is a French company/website, doesn't this violate the GDPR?

~~~
shdon
The GDPR doesn't outlaw tracking. It outlaws tracking without consent.

People will allow the tracking pretty much whenever they have to when not
doing so is an obstacle to accessing a website (Or simply because they get
annoyed at the popup or it doesn't allow opting out).

uBO (in the common case) prevents tracking even when consent has been given.
Subverting that is not against the GDPR because for the law, the consent is
the only thing that matters.

~~~
cornedor
Those pop-ups should be privacy first, if not, they are still violating the
GDPR

------
yason
It's fun to see the contrast to paper magazines.

Advertisements in magazines are often somewhat interesting, well-made to be
entertaining, or even useful. I used to read ads in magazines and I still
sometimes do. It doesn't give me a bad feeling, at worst/best I'll just emit
an indifferent "huh", and proceed to the next page.

And I've never, ever seen a single internet advertisement that wouldn't make
me irritated and start gradually boiling my blood. Early Google-style ad boxes
were closest to bearable so far but I still never read them nor showed any
slightest interest in them. They were just kind enough to not irritate that
much but merely be mentally blocked right off the bat.

I can't stand a web page with ads yet I would find a magazine boring without
them. I don't think it's the ads: I think it's the presentation and the media
that differs between paper and web. My eyes can wander to an ad and then back
to text quite easily on paper, but my browser can't fit several columns of the
article and a full-page ad on the same screen. This either-or proposition
interrupts my reading and causes agitation. On paper I'm in control, on web
I'm not.

~~~
Roark66
What about youtube ads, do you consider them pretty bad too?

Personally I think they are the most tolerable. There isn't that many of them
displayed for me (maybe one ad per 3-4 10-15min videos). One can skip it after
5s and around half the time those ads are fairly well matched.

Contrast this with web page ads that obscure the entire content until you find
a tiny x in the corner to close them or worse require you to click some stupid
button to disappear. With websites that display the content, but then obscure
it within a split second I realised a pretty quick way to get rid of them is
to right click on the ad/element-> Inspect in Chrome then hit delete removing
DOM elements that obscure the main content until you can see the content.

~~~
veilrap
For me personally, I find Youtube ads tied with peak annoyance. Ads which
jarringly interrupt my audio, like Youtube ads inevitably do, are the worst.

Usually, audio ads are an ignore-able abomination, fortunately my audio is
muted most of the time. However, if I'm watching a Youtube video, then my
audio is almost certainly NOT muted, hence the terribleness of the ads.

Often an ad interrupting whatever content I'm watching on Youtube is enough to
make me reconsider whether it's worth bothering finishing the actual video.

------
Iv
Forbid advertisements.

We can't solve a political problem with purely technical solutions. We can
provide workarounds for 5 to 10 years but the core problem has to be shut down
at one point.

~~~
donatj
Why is it a “problem”? Outlawing ads seems hugely regressive for society as a
whole.

Without ads there would be basically no free content online, and those who
cannot afford content would simply go without. Consider how much better the
world has become due to easy access to information. To yank that away seems
like bringing a dark age.

~~~
DJHenk
> Without ads there would be basically no free content online

Citation needed. I don't believe that for one moment. Already people are
producing far more content for free each second than one person could ever
consume in a lifetime on sites like Youtube and Instagram. The urge is there,
even without any monetary reward.

> Consider how much better the world has become due to easy access to
> information.

Now consider how much worse the world has become due to the incentive to hide
wanted information behind commercial information. Simple example: there was a
time before adblockers when it was not a rare sight to have a page with 80%
advertising and 20% actual content. Think unskippable ads before videos. Think
of the mountains of useless content that SEO spam produces that hide the
interesting pages in search engines.

Marketing does not give access to information. On the contrary, it takes it
away.

~~~
donatj
Firstly, I honestly don’t believe citation is needed on “people don’t work for
free”.

We’re seeing it already. Many if not most news sites are pay gating their once
free content. Cite: Wall Street Journal, New York Times, The New Yorker. All
charge for access. All we’re free before the proliferation of ad blockers.

Yes there would be hobbyist information for free, but WebMD? News sites in
general? Any sort of resource that takes money to pay people to maintain? It
will all be pay gated.

As someone who does not use an adblocker, I have genuinely no problems finding
the content I’m looking for.

~~~
Iv
> We’re seeing it already. Many if not most news sites are pay gating their
> once free content. Cite: Wall Street Journal, New York Times, The New
> Yorker. All charge for access. All we’re free before the proliferation of ad
> blockers.

See? They found a way to put content online without relying on ads.

------
brnt
"We have noticed that you are using an unsupported browser. Please install
Google Chrome."

~~~
takeda
This is why using Firefox is so important. We are not there yet, or at least
most sites still work fine with FF, but once that changes Google will
essentially own the web. There are multiple browsers that also use Blink
engine, but they basically just a Chrome with a different skin.

I also really miss that Opera gave up on their Presto engine and at the same
time decided to not open source it. Yes, the source code leaked, but without
license no one will touch it.

~~~
disiplus
i use firefox on android, mostly because of adblocking, and the number of
broken websites on firefox is not small, the menu on the mobile website of my
bank does not work in firefox.

it's shit and i consider changing banks because of that (and other things).

~~~
pteraspidomorph
Tell them. I had a similar problem a couple of years ago, I logged a complaint
and they eventually fixed it. It took a few months, IIRC, but they replied and
confirmed that it was fixed.

~~~
cpeterso
You can also file a bug report with Mozilla's Web Compat team:

[https://webcompat.com/](https://webcompat.com/)

They diagnose websites broken in Firefox and reach out to website developers,
fix Firefox bugs, add Firefox UA overrides (see Firefox's about:compat page),
and start discussions to resolve ambiguities in web standards. For example,
what should happen for a broken image without an alt value?

[https://webcompat.com/issues/44353#issuecomment-555793736](https://webcompat.com/issues/44353#issuecomment-555793736)

------
acoye
GDPR much?

------
davidhyde
Ad blocking seems to be a perfect use case for machine learning. Ads can
usually be trivially spotted by humans. Why not have the ad blocker "look at"
the web page before you see it and decide what it thinks are ads regardless of
where they come from or how they got onto the page.

~~~
ojosilva
Very hard to do. Humans get tricked into ads all the time, so imagine AI.
Besides, an AI trying to understand the intentions and meaning of a Turing-
complete system from a slice of its code and data is like a brain trying to
guess another brain's intentions from looking at partial imaging of its
neurons.

Actually think about the problem the other way around, as it seems easier to
do the opposite in most cases (or at least for news/articles sites such as
liberation.fr): a page readability extraction plugin, sometimes called
summarization. It identifies the "meat" (ie. the main article or video),
extracts it and gives it to the user bare bones. No ads, no tracking.

At least that's what I'd prefer once everything else fails, and that's why I'm
using Firefox's reader mode and Pocket a lot these days, and if ads take over
again like in 1998 that's were I'll be surfing the readable web.

~~~
davidhyde
This is true. Those "Download Now" ads on download pages are case in point.

------
buboard
Don't worry though, google is safe. They 'll strongarm people to use AMP and
Signed HTTP Exchanges for first party access.

I think however it's time to grow up and stop playing this cat-and-mouse game.
Advertising is crucial to the web and should be allowed. We should be shifting
towards ideas that decentralize the tracking itself (like Brave does) or allow
users to completely control and explicitly switch their advertising tracking
identities

------
going_to_800
uBlock is too aggresive, I stopped using it. As an example it's blocking live-
chat widgets like Intercom. Also, as a website owner, I don't see how web can
work without any sort of tracking like uBlock suggests, simply you won't see
any high quality services if all tracking, even safe one is blocked. You can't
optimize a service from both technical and business perspective if you are
blind/have no data to base your assumptions on.

~~~
vesinisa
The issue is not with uBlock itself but the filter set you are using.

Also, 95% of the time the live-chat functions on websites are obnoxious. If I
have a concern, I am happy to open a dedicated chat page. Having a chat widget
on every single page is annoying and unnecessary. But that's just my opinion.

Are you sure you are not able to do your website performance analytics from
your server logs? More often than not, user agent side analytics end up
collecting lots of unnecessary sensitive data, and sharing it with third
parties like Google.

~~~
going_to_800
It's not about having access to server logs, you need tools to make business
and technical decisions and no tool will use server logs to show you how users
interact on your app or website.

What's the privacy concern if I'm tracking on what pages my users visit? I'm
not sharing those with anyone.

Small business owners like myself are hurt by these things, I can't afford to
pay 4-5 figures to a developer to build a tool to analyze my server logs and
won't give even 5% of the quality of data analysis Google Analytics or
Mixpanel gives.

~~~
vesinisa
> What's the privacy concern if I'm tracking on what pages my users visit?

You can get this very easily on the backend side.

> I can't afford to pay 4-5 figures to a developer to build a tool to analyze
> my server logs

No need to bother, there are tons of easy SaaS tools like Splunk in that
marketplace already.

