
A Popular Ad Blocker Also Helps the Ad Industry - bpierre
http://www.technologyreview.com/news/516156/a-popular-ad-blocker-also-helps-the-ad-industry
======
guelo
NoScript doesn't mess around, it is hardcore and paranoid. I run it with the
non-recommended "Temporarily allow top-level sites by default"/"Base 2nd level
Domains" option in order to ease the pain a little bit. Still, sometimes I
can't figure out how to watch a video, or leave a comment, or some other
interaction. But I will suffer the pain, for the web is a brutal, unforgiving
no-man's land. I think NoScript has saved me from some spear-phishing attacks.
I hope. You just can't let strangers run code on your machine, no matter the
sandbox. It's the reality that we live in.

~~~
qwerta
Also noscript user. In my case I just disabled JS in Chrome and blocked a few
sites in /etc/hosts.

~~~
chalst
Dan Pollock's list of abusive IP addresses is useful for this (updated a bit
more often than weekly):

[http://someonewhocares.org/hosts/](http://someonewhocares.org/hosts/)

------
nikcub
the opt-in could be more transparent. I just installed Ghostery and the option
says[1]:

> Help Support Ghostery by sending anonymous statistical data back to Ghostery
> HQ.

It is only when you click more information that you find out this information
can be sent to other companies "Ghostery community..", and then only when you
click on the FAQ and read the section about Ghostrank is it clearer how this
information is being shared [2] and with whom.

No mention of ad networks as clients. No mention of helping ad networks better
target ads, infact their FAQ explicitly states:

> Evidon doesn’t work to allow advertisers to be more invasive.

Ghostery market to the privacy community. Their Twitter account[3] has been on
top of the recent NSA story and other privacy stories and they promote their
product as a solution for the privacy conscious. The way they have co-opted
the community, funneling new users into their product via user ad tracking
fears, while at the same time selling the data via a vague opt-in feels
disingenuous to me.

I think the 'fix' here could be as simple as acknowledging third-party sharing
in that initial opt-in screen, and then updating the language in the FAQ to
include clarification on how it is shared.

[1] screenshots: [http://imgur.com/a/xuRdj](http://imgur.com/a/xuRdj)

[2] FAQ: [http://www.ghostery.com/faq#q14](http://www.ghostery.com/faq#q14)

[3] [https://twitter.com/ghostery](https://twitter.com/ghostery)

~~~
sliverstorm
I don't remember where I read about it, but I've known about it for a while. I
was never particularly upset- I understood it to be aiding ad networks in
targeting, which I think is a good thing.

You seem to think this line implies they are not improving targeting:

> Evidon doesn’t work to allow advertisers to be more invasive.

But this says to me they don't help advertisers shoehorn ads in more places,
not anything about targeting.

~~~
nikcub
I'm indifferent to it, I knew they were collecting data, I didn't know where
it was going from there.

I have never used or recommended Ghostery because I don't believe blacklisting
tracking targets is the solution.

The 'more invasive' line isn't clear - it isn't a term that you find in other
privacy policies. It would be difficult to be 'more invasive' than tracking
with third-parties on the web the way it is today.

I think they may be forced into expanding and clarifying that line and parts
of the FAQ is this becomes a popular issue.

I read that entire section and can't figure out what they do or don't do ..

~~~
byoogle
Ghostery claims 8 million users are opted in to "share" their data. From the
informal polling I've done of Ghostery users (I work on an anti-tracking
alternative called Disconnect), I believe less than 1 in 10 of those users
know Ghostery is selling their browsing data to advertisers.

If Ghostery cared about being more transparent than the ad industry, they'd
have to do a lot more than fix their FAQs. They should opt out all of the 8
million users who opted in without being told their data would be sold. Then
Ghostery should re-onboard these users with accurate messaging. Quite frankly,
Ghostery should also send checks to the 8 million users for all the money
Ghostery made off their data.

~~~
mynewwork
Unless I am mistaken, saying that "Ghostery is selling their browsing data to
advertisers" is wrong, at least to common understanding of those terms.

I have ghostery installed and I do knowingly opt in to the anonymous data
sharing. From their FAQ
([http://www.ghostery.com/faq#q16](http://www.ghostery.com/faq#q16)) my
understanding is that there is nothing personally identifiable about this
data, they are just using my interaction with the web to say "Tracker X
appeared on website Y". I see nothing wrong with this.

I'm happy to let them gather this information and profit from it - they are
providing me with a useful service and selling that aggregate, anonymous data
lets them stay in business and continue to provide me with their service. If I
am misunderstanding something, and this data can be used to identify me as an
individual, I would welcome an explanation.

------
meritt
Fun little discussion from 3 years ago:
[http://forums.mozillazine.org/viewtopic.php?p=9518885&sid=f1...](http://forums.mozillazine.org/viewtopic.php?p=9518885&sid=f1e3da37067a5f129ee39edb5110afbe#p9518885)

> I am the developer of Firefox Ghostery

> I can assure you that the only way our company gets any information from you
> is if you opt-in

> I can also assure you that none of the data we have is ever going to be sold
> to anybody.

~~~
tdrgabi
In the article, it says it's opt-in.

The quotes you added say they get info only if you opt-in.

I see nothing wrong with the quotes.

~~~
meritt
> I can also assure you that none of the data we have is ever going to be sold
> to anybody [2010]

> Evidon sells two main services based on the data it collects [2013]

~~~
JimJames
This doesn't look good for ghostery but hypothetically both of these
statements can be true.

They may be referring to the idea that they don't sell an individuals data,
only massed results, so no one can be singled out. This is how census data is
used, the data itself is never sold but companies can ask for certain queries
to be done on the data which are then performed by the census bureau and
returned to the client.

~~~
fixanoid
Precisely. GhostRank collects and repackages tracker information on the web,
not individual browsing habits.

------
meritt
Ad blocking is already beneficial for the ad industry. The sort of people who
install ad blocking are also the type who never interact with ads. The net
result is an improved CTR/CPA because ad impressions are not being wasted on
someone who would not convert in the first place.

~~~
citricsquid
This makes the deeply flawed assumption that the only time advertisements have
value is if someone clicks them.

~~~
meritt
Brand awareness campaigns and media buys would be the sort of exception you're
talking about and you're absolutely right. Or if you're a company who buys a
ton of fraudulent traffic in order to inflate your Alexa/Quantcast/Hitwise/etc
rankings, then every impression counts as well.

However, if the advertiser is like the bulk of online advertising (e.g. one of
the many for-profit online-degree-mills or someone pushing the latest weight
loss pills) they tend to very aggressively optimize towards a desired CPA and
eliminating non-converting traffic is always the goal. A better CVR creates
happier advertisers which leads to higher bids & budgets and then higher
publisher payouts.

------
captn3m0
Its weird that nobody mentioned Disconnect[1], which is an open source
alternative to Ghostery. I've used it in the past, but shifted back to
ghostery because it was buggy.

[1]: [https://disconnect.me/](https://disconnect.me/)

~~~
byoogle
I just mentioned Disconnect, but I make Disconnect. :-)

You should try the new Disconnect (Disconnect 2) which has a lot more features
than Ghostery and is even rated higher by users than Ghostery is. We just
launched Safari and Opera versions today (and are also available on Chrome and
Firefox).

~~~
JonnieCache
Hello! Love the tool. Dropped ghostery for it a while ago.

One criticism: It's not clear from the popup what the numbers mean. Are they
counting scripts loaded, or scripts blocked? The same for the colouring. Are
coloured icons blocked, and greyed ones allowed through, or vice-versa? And of
course the tickboxes.

~~~
byoogle
Thanks! Good feedback.

The numbers indicate requests (as in HTTP requests) attempted by the tracking
companies. Green (or checked) indicates the requests were blocked. Gray (or
unchecked) indicates they were allowed.

We'll beef up the help doc
([https://disconnect.me/d2/help](https://disconnect.me/d2/help)) to clarify.

~~~
qwertzlcoatl
Ghostery has the option to block all trackers at once in a big list with 1490
trackers. Disconnect 2 doesn't provide this option, does that mean that all
the known trackers are blocked by default?

Some pages I visit show 100+ requests but when I enter the add-on it only
shows 2 advertising attempts and maybe 1 analytics request. Where do these
other hundred requests come from and were they effectively blocked from
communicating with its third-party provider?

Disconnect 2 basically replaces HTTPS Everywhere, which I find nice.

~~~
byoogle
We saved you a click. :-) Disconnect blocks (2,000+ tracking sites) by
default.

The number of requests in the dropdown menu should add up to the number of
requests in the toolbar counter (we do group requests by company, which
Ghostery doesn't do, so you will see less rows in Disconnect's UI if that's
what you mean). Do you have a site where the two aren't equal?

~~~
qwertzlcoatl
The only thing I would like to do is block certain trackers manually. For
example "geoplugin.com" is enabled by default in Disconnect while I can block
it manually in Ghostery. And I became used to not seeing google +1's and
tumblr share buttons etc. Isn't there the possibilty to block them even before
I visit a page? Right now I need to disable them via the disconnect UI and the
page needs to reload.

------
ck2
As I understand it, if you turn off "ghostrank" it's not reporting anything?

If that is not true, I definitely would like to know.

The only behavior I've seen that I don't like is after you update the
blocklists, sometimes they are not all activated by default.

The current author is around here too, they have replied to my previous posts
about it.

~~~
asperous
From the article

> “Anything that gives people more transparency and control is good for the
> industry,” says Meyer, who says it’s fine with him that _most Ghostery users
> opt not to share data with Evidon_. Meyer points out that those who want to
> block online advertising are unlikely to respond to it, making Ghostery use
> good for both sides.

------
gyardley
Can people really not tell the difference between 'my data is being sold' and
'an aggregate based on my data plus data from a million others is being sold'?

A company that only collects data when the user opts-in and sells innocuous
products like market-share information and tracking tag audits for individual
sites hardly deserves the ire. It's not like it's the federal government.

~~~
Karunamon
Apparently not. All tracking of all kinds even when completely anonymized is
evil and bad and you should feel ashamed of yourself for even thinking
otherwise /s

------
Amadou
I'm not too surprised to read this story. Ghostery seems to have redone their
UI recently and it looks like one of those form-over-function redesigns that
happen when a company comes into some money, decides to spend it on looking
pretty but forgets to spend any of it on usability analysis. Since it sounds
like their revenue does not come from the users, making it look pretty but
less useful doesn't really hurt them as long as there are no competitors.

In case anyone cares, when I say less useful I mean that the new layout makes
it harder to individually enable/disable specific trackers in the cases where
a tracker provides functionality necessary for the website to operate. The new
layout is much more mouse intensive for anything but the trivial case of
minimal trackers on a page. It's unwieldy to selectively enable trackers on
sites with more than roughly 5 trackers on them because of the manual
scolling-in-a-tiny-window layout and difficulty reading the list of trackers
due to drawing lines through the text of their names.

~~~
fixanoid
Hi Amadou, you should really post on our support board to get understanding or
where Ghostery UI is going.

------
pessimizer
I'm absolutely shocked that I don't seem to mind this or think that it's
wrong. Turns out that my enemy isn't advertisers, it's being tracked all over
the internet.

I wish there was a way to exclusively allow static, non-tracking ads that just
rely on the content of the site to target, rather than the content of my life.
It'd be just like magazines in ye olden dayes.

~~~
icesoldier
This is why I added an Adblock exception rule to allow ads from Project
Wonderful. From what I can tell, PW's network only "targets" by matching sites
to ads by category, which is decided by both the site and the advertiser.

------
hayksaakian
So they found a way to monetize not having ads. What's wrong with that? It's
also opt-in as the article notes.

~~~
byoogle
Opt in for what? They say to "share" your data with Ghostery, but what they do
is sell your data to advertisers. Shouldn't an anti-tracking solution be more
transparent than the problem?

~~~
fixanoid
Brian, I understand that its beneficial to you as a competitor to Ghostery to
bash Ghostery at this point, but please, refrain from looking stupid.

Ghostery collects tracker information and not individual users info. Ghostery
requires an opt-in before any data is shared. Anyone wishing to dig deeper
should read the source code since its not obfuscated unlike some of your
disconnect's open sourced code. If you do however have ideas on how we should
be more transparent, by all means, please share them.

~~~
Revisor
Out of curiosity what part of the Disconnect's source code is obfuscated?

~~~
thirsteh
[https://github.com/disconnectme/disconnect/blob/master/firef...](https://github.com/disconnectme/disconnect/blob/master/firefox/content/services-
firefox.js)

------
byoogle
Ghostery claims that 45% of their users (8 million out of 18 million) are
opted in to send Ghostery their browsing data. I wonder if even 1% of those
users know their data is being sold to advertisers by Ghostery. I have trouble
believing the solution to online tracking is even less transparent than the
problem.

I work on an anti-tracking alternative called Disconnect. We do this crazy
thing where we ask our users to pay for our product. Oh, and lots of people
also already happen to think Disconnect is better than Ghostery:
[http://lifehacker.com/the-best-browser-extensions-that-
prote...](http://lifehacker.com/the-best-browser-extensions-that-protect-your-
privacy-479408034). :-)

~~~
m-r-a-m
I like Disconnect (I only found it a few days ago), but I'm trying to find out
more technical information about what it does without having to look through
the code on GitHub. Basically, does it provide additional privacy features on
top of ABP+Easylist+EasyPrivacy?

Also, why is it not listed on the Mozilla add-ons site? I barely found out
about it. I think I was researching privacy extensions for Chrome and happened
to click through to your website.

~~~
byoogle
Thanks. Disconnect currently has the biggest list of tracking sites of any app
(well over 2,000 sites). And our filtering engine is written differently than
other apps (no slow regexes). In practice, we benchmarked the 1,000 most
popular sites and found they loaded an average of 27% faster with Disconnect
than without. I've also done some informal benchmarks of other apps (I should
do a more formal study at some point) and can say Disconnect accelerates pages
quite a bit more than them.

Mozilla's review process is too sluggish for us right now since we're still
making changes to Disconnect 2 quickly. When things are more stable, we'll
probably submit to AMO.

~~~
kamiel
Is there any reason why Disconnect doesn't block Disqus and OpenX?

~~~
byoogle
Disqus is in the Content category, which isn't blocked by default (reason:
users seem unhappy when we block content-y things like videos, photos, and
comments by default). But you can still check the adjacent box to block Disqus
(your settings are remembered on a per-site basis).

OpenX, otoh, should be in the Advertising category and be blocked by default
as far as I know. Is there a site where this isn't the case?

~~~
kamiel
Ok, thanks. I prefer to block everything by default, so for me per-site basis
is not very convenient. In the case of Disqus: on most websites I don't read
the comments and I prefer to block all the requests (mostly 100+ if you
include the gravatars). With Ghostery I just block everything, but this is
also not perfect because, as you mentioned, you sometimes don't see all the
content. It would be nice if the add blockers could block content in the way
Chrome blocks plugins: everything is disabled, by you have a placeholder which
informs you that something was blocked, and when you click on it, it loads the
content.

OpenX is indeed blocked (I checked it with the chrome dev tools), but it
doesn't show up in the Advertising category, e.g.
[http://www.openx.com/](http://www.openx.com/).

------
zacmartin
God forbid advertisers, who fund much of the content we consume online, get
better at serving ads that are more relevant to the consumer.

------
ChikkaChiChi
Not that this really does this, but I would be all for a better adblocking
tool that did communicate back to whatever adhosting company presented ads on
a page.

If I opt in to allow my browsing behavior to help improve the sites I visit, I
am presented the ads.

When I click to disable an ad, I am presented some options: * The content is
not relevant to me or the topic * The ad is intrusive or hurts my experience
on the site

Then let me decide to block all ads on the site, just this ad, or these types
(e.g. popovers) on the site.

The data can then be relayed back (again, I opted in) to the ad company and
the site's owners and they might even be allowed to see browsing behavior that
shows how much time you spend on the site.

It could be a clear message to advertisers and content providers about the
amount of revenue they are missing out on and why.

------
artichokeheart
Time for an open source alternative

~~~
byoogle
Done :-):

[https://disconnect.me/](https://disconnect.me/)
[https://github.com/disconnectme](https://github.com/disconnectme)

------
Nux
People might also be interested in the Request Policy addon, it acts by
blocking all content that does not come from the site you are visiting.

[https://www.requestpolicy.com/](https://www.requestpolicy.com/)

------
mp3geek
With the merger of Easylist and Fanboy's Adblock Plus List, using various
combinations of subscriptions (adblock/privacy/social/annoyance) can make the
need for something like Ghostery extension a thing of the past.

/Fanboy

------
ck2
BTW, user _ghostwords_ participates here and is a coder for Ghostery

[https://news.ycombinator.com/threads?id=ghostwords](https://news.ycombinator.com/threads?id=ghostwords)

~~~
rcfox
In general, I'd suggest you don't "out" people. First, they might not want to
be thrust into the spotlight. Second, it doesn't really add anything to the
conversation when you do it like this.

I don't think there's any harm done here though, since they have mentioned it
themselves in comments.

~~~
ck2
Oh I'd never do it unless they volunteered that info themselves.

They seemed to use that account for outreach so I figured they might show up
again.

------
greyman
I installed Ghostery just a few days ago, and it is clearly indicated that it
is opt-in. I don't see a problem here, looks to me a bit like an attack
against Ghostery. But of course, open-source alternative with the same
functionality would be better...

I find Ghostery as a good compromise for me; Noscript is too much hassle for a
day-to-day use, and I also don't like to use Adblock for "philosophical"
reasons. Ghostery does exactly what I think should be done - remove the
tracking, since I didn't give permission to anyone to track me.

~~~
byoogle
Isn't there a big difference between asking users to opt in to "share" their
data with Ghostery (which is what Ghostery says) and asking users to opt in to
have their data (what data, btw?) "sold" to advertisers (which is what
Ghostery does)?

------
cletus
This thread like a lot of topics in this space is full of misinformation so
let me dispel some common myths:

1\. "I never click on ads"

Irrelevant and, more often than not, a lie. But let's assume it's the truth.
Search advertising is an example of intent-based advertising. It's why it
works so well. If you're searching for camera then a site that sells cameras
(via an ad in the search results) is likely relevant.

Display advertising (which encompasses things like ads on the NY Times etc) on
the other hand is not there specifically to drive a particular action. Brand
awareness is a common use case.

Search advertising is sold on a CPC basis because it is intent based. Display
advertising is by and large sold on a CPM basis. You don't get the impression
and the publisher doesn't get paid. Some will label this "theft". Personally I
find this like many real world analogies to be inappropriate in the digital
world. Pejorative aside, it is taking money from the publisher and users have
largely shown an unwillingness to pay for the content they consume directly.

2\. "I don't trust [ad company X]"

The privacy argument. As this post shows, the temptation to resell your
information, particularly by small players, is alluring. Frankly I'm more
inclined to trust the Googles of the world than I am some guy who writes an
extension. Google, for example, give you several options here.

\- You can go to the Ads Preference Manager [1] and tailor your privacy
settings.

\- You can simply delete your cookies every hour/day/week/month/whatever.

3\. "My ad blocking improves ads"

I don't know where this sprang from other than ignorance of advertising is
bought and sold. No impression, no revenue. The marginal improvement in eCPC
based on not showing you an ad is a) irrelevant because display advertising is
often not action-based and b) no increase in revenue since it's a smaller pool
of impressions.

Just today (still on the front page at the time of this post) is a submission
about how people have a warped view of how much time others spend talking or
thinking about them [2]. I believe the same distorted view of the world that
most of us have also comes into play here.

As much hand-wringing as there is about privacy, when it comes to advertising,
advertisers don't really care about you, the individual, as much as money seem
to think. What advertisers care about is _groups_ of people with a particular
profile ("segment").

So I respect the approach of being paranoid (or at least diligent/skeptical)
when it comes to online privacy but, as far as advertising goes anyway, it's
largely theater.

I question the ethics of shifting the cost burden of the Internet onto others
(ie tragedy of the commons) just because an image of a pair of shoes offends
your delicate sensibilities is an interesting choice. I don't really click on
ads either but I don't really care that ads for the Westin follow me around
after I've gone to their site either (that's called remarketing or retargeting
BTW).

Whatever the case I'd rather Google have my browsing history than Ghostery any
day of the week.

I should note that I strongly believe in blocking obnoxious advertising. This
includes, but is not limited to:

\- popups (actual browser windows or just HTML elements that block content
until dismissed)

\- any video on a Web page that auto-plays

\- any sound on a Web page that auto-plays

\- most if not all interstitials

\- anything Flash based just because I don't want anything Flash based running
on my computer

It tends to be the sleazier side of the Internet that employ bad advertising
practices like this but not entirely. Auto-playing media is particularly bad.
Disclaimer: I'm a Google engineer in display advertising.

[1]:
[http://www.google.com/ads/preferences](http://www.google.com/ads/preferences)

[2]:
[https://news.ycombinator.com/item?id=5895648](https://news.ycombinator.com/item?id=5895648)

~~~
jlarocco
You question the ethics of "shifting the cost burden of the Internet"? Oh
brother.

If website operators don't like it, they can charge me for their content, like
every other business has done since the beginning of time.

~~~
redacted
This right here, this is the argument I simply cannot understand.

A business is offering a service in exchange for advertising to visitors.

You do not like the terms of that deal.

The _only correct_ action after this is: Do Not Use The Service. Don't reward
a business practice you view as illegitimate. Just walk away. Boycott
advertising-supported business models.

\--

PS: the entitlement in this viewpoint is simply astonishing. "I don't like
advertising, so the entire internet should change to accomodate me!"

~~~
jlarocco
There is no "deal." I'm not signing a contract or agreeing to an EULA to read
a website.

My browser is requesting a website and choosing parts of it to display. Where
is the problem? Is it a moral issue when people on phones browse with images
turned off? It's how the internet was designed to work.

If the content is worthwhile, people will pay for it directly.

------
wheaties
Can someone tldr this article? I tried to read it on my phone but the "view
this on mobile" not only blocked all content but had an unreachable close
button

------
eliasmacpherson
I guess now I see why people say "You misspelled ad block plus" when someone
recommends ghostery.

------
crockstar
I use Ghostery to see what is being tracked rather than block it outright.
Call me foolish but I never realised that blocking ads was the primary
intended purpose of the tool, I've always just used it to check for missing
analytics tags and so forth.

------
retube
won't blocking cookies from third party domains stop tracking? Or at least
most of it.

