

Meet the Company Hijacking New York Times Ad Revenue - digisth
http://www.theatlanticwire.com/technology/2012/10/meet-company-hijacking-new-york-times-ad-revenue/58147/

======
anonymouz
Obviously the NY Times is not happy with its ads being replaced by someone.

However, in my opinion this would be acceptable if it were the intention of
the user. I hold the point of view that it is entirely my decision how to
display websites on my devices. For example, it is up to me whether I display
ads, run Javascript, or Flash. Similarly it would be okay if I decided to
install a program that replaced ads on popular websites by different ones.

But it seems obvious to me that the users installing this software have no
clue what they are doing, and are in fact essentially installing hidden
malware. And _this_ should be the way this problem is attacked and dealt with.
Not via some perceived moral rights by websites to not have their ads
replaced, but simply by the fact that this company is essentially installing
malware without consent. This is what should be criminally prosecuted in my
opinion.

~~~
AnthonyMouse
>This is what should be criminally prosecuted in my opinion.

It seems to me all the talk of laws is rather pointless. If the NY Times can
detect that this is happening then they can refuse to serve pages to clients
that do it, and instead give them instructions on how to remove the malware.
That solves the problem for everybody. The user takes a minute to follow the
instructions to clean their machine of malware, then continues on to read the
article.

Why does everything need a legal solution?

(And yes, Malware Corp. can try to sue you for telling people to remove their
crapware, but anybody can sue anybody for anything. Doesn't mean they'll win.)

~~~
benologist
Why should the NYTimes have to spend their resources and lose their revenue to
educate and support people removing that software? That's an expensive cat and
mouse game that they shouldn't be forced to play.

~~~
AnthonyMouse
Better that they should have to spend the same money in additional taxes to
support government investigations and prosecutions, only to have the bad guys
move offshore and keep at it?

I think you're perhaps overestimating the cost of banning such things too. For
one thing, there is no reason to go it alone. Major ad networks should be
providing websites with tools to identify and disinfect affected clients. Then
the cost to the NY Times et al would be little more than installing the
supplied tools on their servers.

In addition, there is a certain amount of "starve them and they die" that
needs to happen here. If something is illegal but still profitable, it
continues to happen. On the other hand, if it becomes unprofitable because no
websites will service infected clients then it disappears even if it's still
legal.

~~~
benologist
The cost isn't in implementing the detection or writing a nice notice, it's in
_supporting_ the people it's for. Removal can be hard, look at Sony's bs with
rootkits the other year.

Aside from that websites are a terrible way to fix a problem, there's probably
still a massive amount of the internet 'best viewed in X' even though
standards and non-IE browsers have been popularized for _years_. It's taken
like a decade of campaigning, education and updates to reduce IE6 to
insignificance.

Browser / operating system vendors are in a good position to tackle it and
there's precedence for that too, but a single website even as big as the
NYTimes is in a weak position to do anything except sue.

~~~
AnthonyMouse
You don't literally have to have every website on board. You just need a
critical mass such that any given malware-infected user will encounter a
website that they consider important but that they can't access, and therefore
have an incentive to take steps to remove the malware. That goes a long way to
deprive the malware authors of infected users, even if there continue to be
some websites that don't block the malware.

And as for browser and OS vendors, it seems like there is a clear way for the
Times to push that along: If this problem is nontrivially impacting ad revenue
then Google has a clear incentive to work with them on Chrome and Android, and
with that as leverage, they can go to other browser and OS vendors and say
"take the same measures to keep your users from coming to our website infected
with this crap or we'll be recommending that they use Google's products
instead."

------
shortformblog
I remember the day I figured out a Chrome plugin I regularly used was doing
this. It was a Gmail notifier that had been widely used when I started using
it. And after a while, I was getting the most annoying ads on YouTube without
realizing that Google hadn't changed anything.

Rather, the plugin changed and added the ads to YouTube. It was so under-the-
radar that I wouldn't have noticed unless I had decided one day to look up why
YouTube was allowing allowing ads with sound to play over videos.

I'm a savvy user, but that was literally slipped under my nose. I think a lot
of users that wouldn't have been nailed by such plugins in the past are
starting to find them to be a huge problem.

~~~
Evbn
Well, the official YouTube ads are rather invasive and awful as well...

------
tptacek
The New York Times could probably commission a Sambreel detector for less
money than it's losing to these scumbags. You have a right to the screen real
estate in your own browser, of course, but the NYT has the right not to serve
you content if you're not going to abide by its terms.

Whatever you think about the ethics of ad blocking (not a quagmire I want to
wade into), NYT ads fund one of the best regarded operations in all of
journalism, while Sambreel ads fund... what, exactly? Let's not lose sight of
what a scam this is.

~~~
lowboy
If a user knowingly choses to install a plugin that includes Sambreel, it's
not a scam. It's their browser to do with what they will. Having said that,
I'm guessing that there are a lot of scummy plugins/extensions that don't
alert the user to Sambreel being installed. _That's_ what's the scam here.

Also, the target of the funding shouldn't enter into a discussion about
legality/ethics of the method.

~~~
tptacek
The NYT is entitled to set terms that forbid the viewing of their site with
Sambreel installed.

------
crb
This sort of ad replacement is one of the ways Kim Dotcom intends to keep
himself in his mansion: <http://news.ycombinator.com/item?id=4576834>

------
brokentone
A social media professional (relatively computer savvy) I know came to me
recently thinking the Facebook page she managed had banner ads on it. I
quickly found she had a browser extension adding it (don't remember if it's
one this company created).

This company is parasitic, not adding value for anyone, the publisher or user.
Despite the complaints about the Chrome store becoming more of a walled
garden, perhaps it would help situations like this.

~~~
fleitz
You hit the nail on the head, the walled garden isn't about malware, it's
about killing ad replacement and the adwords revenue it kills.

------
charlieirish
I'm surprised we haven't seen more of this. I fully expect companies like
refer.ly and skimlinks.com to implement this model with a twist: share the
revenue with customers.

Customers could install the extension/plugin and browse sites as normal.
However the ads they see would be earning them cash.

~~~
sbarre
Yeah that was tried over 10 years ago with AllAdvantage.

<http://en.wikipedia.org/wiki/AllAdvantage>

------
DanielBMarkham
I own my browser. I may choose to replace all ads on content I consume with
poetry, or white space.

We need to be careful here. Simply because an ad-centric revenue model grew up
around web content doesn't mean it is written in stone.

~~~
bpatrianakos
I'm not sure if I can agree with this. While I do understand where you're
coming from I'm hesitant to say its okay to willfully replace ads on web
pages. That's a point I don't have very strong opinions on but I do strongly
believe that plugins like the one in question are unquestionably unethical and
not okay.

You do own your browser but you don't own the sites you visit or their
content. To me when someone argues for being able to replace ads on a website
that's almost the equivalent of saying "I am entitled to take ownership of and
alter anything I lay my eyes on". Some people counter by arguing that if it's
not alright to replace ads then it's not okay to use custom CSS rules or
plugins or apps designed to enhance readability. The fundamental difference
between those things is that site owners want you to read their content and
almost universally happily accept people using custom CSS and readability type
plugins but replacing ads is different in that you are making a choice to put
someone else's content on their site to the site owmer's detriment. If I were
running a site that relied on ad revenue I'd almost prefer plugins that
stripped out the ads altogether to one's that replace ads with one's that
someone else will profit from. In the case of the former you could reasonably
assume the visitor wouldn't be clicking any ads anyway but in the case of the
latter that user may still click and youd get nothing.

Imagine there was an eyeglass company that sold glasses that would replace
certain things you saw with other things that they decided on. I know this is
far out but just follow me here. Now imagine owners of these glasses walk into
a mall and the glasses replaced window signage and ads with ones from the
eyeglass maker's preferred partners. The shop owners in the mall would be
upset but the maker of the eyeglasses would claim they're just giving their
customers the deals they want. And then a certain portion of the people who
wear these glasses say "I own my eyes. I may choose to replace anything I see
with whatever I want".

In 1996 I was 10 years old and grew up from that point on with the web. Ads
were annoying for a time but the people posting and creating them learned
really fast that their strategy wasn't working and from then on ads have been
pretty polite. They mostly just sit in their grid positions. Sometimes they're
animated and sometimes they have sound but it's off by default. I don't get
why people hate online ads so much. They're easy to ignore and rarely if ever
become intrusive these days. But that's a whole 'neither topic. My main point
is that suppressing ads is one thing but to replace ads with others that
deprive a site from the CPC revenue is unequivocally wrong. It may be legal
but it's wrong.

~~~
Evbn
The site is welcome to have a login system with a terms of use agreement, or
to use quizzes to verify ad exposures, etc, if they so chose.

~~~
bpatrianakos
But this isn't about exposure or impressions. This is outright stealing.
There's a certain portion of users who will never click an ad and blocking
them out completely is really no loss. But what's happening here is that ads
are still displayed and in the event a person clicks the ad the revenue goes
to someone else. The visitor didn't come for the ads, they came for the
content. So the plugin maker is basically a leech. Replacing another site's
ads with your own and taking the revenue is theft and if it happened to you
I'm not sure you'd feel the same way. You know damn well your suggestion is
totally unrealistic but it totally misses the point anyway.

------
skarip
I have to say I have more of a problem with the advertising exchange that is
allowing this to happen than the "adware" company itself. Rubicon has to not
only represent the campaign buyers interests but also maintain publisher brand
safety to sustain a business model. It's just a matter of time before real
publishers will inevitably leave Rubicon if they continue to disregard this
fact.

------
option_greek
What a coincidence... I removed this junk yesterday from my fathers computer.
In this case, it inserts ads on top of Google search results and shows options
to search using yahoo search among the other junk. Very annoying.

------
danso
> _At first glance, it seems unlikely that Sambreel is pervasive enough to
> affect the ad industry. After all, how many people are going to download
> junky browser plug-ins? On the other hand, Sambreel’s reported use of
> underhanded tactics could mean it is indeed widespread._

The pervasiveness of hijacking plug-ins is depressing. I lent my roommate my
top-of-the-line MBP from 2008 and within a couple of months it was filled with
bizarre homepage hijacking plugins. A few days ago I got a hijacked DM-tweet
from a top investigative journalist. I wonder if general computer literacy and
best practices will ever outpace spammers' ability to infect computers?

~~~
w1ntermute
Why is it even possible to install these plugins in the first place? Shouldn't
they be blacklisted?

~~~
rsync
Some folks are using general purpose computing devices to access the web.

~~~
w1ntermute
I'm aware of that. I meant that Chrome should be blacklisting these plugins so
that they cannot be installed, even manually.

~~~
rhplus
Blacklists are a constant game of whack-a-mole. Anything you add to the
blacklist will be replaced by 10 more variants.

Whitelisting would be a more reliable solution. It has snuck into consumer
computing under a different name: app stores.

~~~
paulgb
Interestingly, this is what Crome has done. The app store used to be a
distribution point, but as of recent versions of Chrome it's become an
exclusive source of extensions for exactly this reason. (There are fortunately
ways around it, but it does minimize the threat of malware).

------
tjarmain
What's amusing to me is that you can build something like this with 100 lines
of JavaScript and a bit of Rails scaffolding (I know because I've done it).

------
antonioevans
Is this new? Advice : Read all user reviews when downloading addons / plugins
or any software.

~~~
mahmud
astroturfing & paid reviews.

------
nthitz
Curious. Doesn't bode well for the Kim Dotcom's MEGA project.

