
AdNauseam: Browser extension to fight back against tracking by ad networks - abc-xyz
https://github.com/dhowe/AdNauseam
======
chaz6
Apart from actual malware, this is the only browser extension I know of to
have been blacklisted by Google. If you want to use it in Chrome you have to
jump through hoops. For the record, I approve of AdNauseam. I have every right
to browse the internet how I choose. My computer, my control. I am firmly
against the corporization of the internet.

~~~
amelius
> If you want to use it in Chrome you have to jump through hoops.

Why would a potential AdNauseam user even use Chrome?

~~~
teh_klev
Multiple and fully isolated user profiles - hugely important for the work I
do. I know Firefox has containers, but they're not really feature complete
compared to Chrome's, and the UI experience leaves a lot to be desired,
there's just to many friction points.

edit: forgot to also mention, I'm also aware FF has profiles as well
(about:profiles) but the implementation has too many speedbumps. As I
mentioned in another post on HN, the profile manager needs to be an upfront
and first class UI citizen, something hidden away with a fairly poor UIX.

~~~
mrighele
Firefox has profiles too, although they are probably even even harder to use
than containers.

~~~
teh_klev
Yeah, I forgot to add to my comment something about their Profile
implementation which feels like another half baked idea.

------
bad_user
This extension apparently simulates clicks on blocked ads. I'm not comfortable
doing that.

First of all I don't see the point. I don't click on ads, so there is no
profile that advertisers can extract from that.

Having an extension that simulates clicks would only link to my supposed
profile shit that I don't want, plus in my experience from when I worked in
the ads industry, the user profile often gets compiled from better signals,
like actual searches, apps used, websites visited, articles being read, or
data freely provided by the user himself, like age, sex or location.

Clicks on ads are misleading because the ads themselves are misleading. It's
not a good signal unless it leads to a conversion and a click is just part of
the funnel and not a conversion. In fact the only really useful signal is that
the user clicks on ads, in general, or in other words you're inviting
publishers to serve you more ads.

Also this "fighting back" attitude is not very constructive. If you hate the
direction of this industry, consider paying for shit that you consume, instead
of pushing for extensions that will inevitably get banned (due to this being
essentially fraud) and that are pushing more and more publishers towards
native apps and towards DRM, because the open web is a risky platform due to
these extensions.

\---

For protecting my privacy, besides Firefox's built-in trackers blocking and
uBlock Origin, I also use and recommend Privacy Badger ... this is a neat
extension that automatically learns about trackers that follow you around the
web; it can brake some websites, but it's the best at bypassing protections
against ad/tracker blocking.

~~~
0xADEADBEE
A couple of quick points:

\- Your ad profile will be built based on pages you visit as you indeed note,
not just things that you click. Any noise you can introduce surely has to be a
win for obfuscation? Would be interested in your thoughts here because you
have more experience than I do!

\- I'm not certain that paying for content makes any difference from a data
mining perspective. Loading a NYT article causes uBlock Origin to deny 14
requests; I don't currently have a subscription but I imagine those assets are
still loaded even if I'm signed in (with much clearer markers towards my
identity!)

\- Fighting back is a fine way to effect change. It's clearly working or
Google wouldn't be banning this extension from their store or limiting their
API.

I'm very comfortable with this so it's interesting to speak with someone who
isn't. If adblocking is on the rise, I wonder what the next step will be
towards monetizing content? Micropayments didn't take off (perhaps
unsurprisingly) and subscription models seem to not have the return that
people had hoped. There's huge amounts of money on the table but a lot of very
smart people don't seem to have hit upon anything yet!

~~~
0xADEADBEE
Also I upvoted you - I'm not sure why you're being downvoted without
explanation since you've axiomatically added an interesting viewpoint to the
discussion.

~~~
hombre_fatal
What exactly does it clarify to modify "add" with the adverb "axiomatically"?

~~~
etchalon
It clarifies that the writer likes Jordan Peterson.

------
hawski
In previous discussion about AdNauseam one user familiar with the ad industry
said [0]:

> I worked in adtech a few years ago, and AdNauseam-style click fraud is a
> relatively trivial to detect and ignore. It does nothing, and adtech
> companies don't care about your hate of online advertising the least because
> that's what brings in the cash.

Then other user clarified [1]:

> The most usual technique is to setup click baits/traps, once you click on a
> trap link you (= IP or UID via cookie) are added to an ignore list, where
> all your actions are not invoiced to advertisers. Simple and works,

With all that in mind I came up with an idea at a time [2]:

> What would happen if there would be a popular extension that would share UID
> cookies between all its users?

Now, the question is: is it worthwhile to do something like this?

[0]
[https://news.ycombinator.com/item?id=19279384](https://news.ycombinator.com/item?id=19279384)

[1]
[https://news.ycombinator.com/item?id=19279452](https://news.ycombinator.com/item?id=19279452)

[2]
[https://news.ycombinator.com/item?id=19281078](https://news.ycombinator.com/item?id=19281078)

~~~
yeppie
Claiming it's trivial to detect feels like a weak attempt to try to discourage
people from using the extension because it's anything but, and that it's
something ad networks fear will become mainstream like regular adblockers.

The click baits/traps would, in terms of cookies, be countered by the Cookie
AutoDelete extension and whenever you browsed in private mode. As for
blacklisting IPs, that seems very risky since an IP is often shared among many
users (and it's always a risk people use same device, e.g. a MacBook), and it
would continue to result in an increasing amount of legitimate users being
wrongfully blacklisted as the extension's user base grew. Moreover, assuming
these techniques are actually used, then it's safe to assume that at least a
few ads would be clicked before they detected they were malicious clicks. And
this would be the case whenever a user used a new IP with no cookie present.
I'm definitely not convinced it's something ad networks can reasonably detect,
especially considering it's important that the ads are served as fast as
possible.

------
0xADEADBEE
I used this for some time and it's great; built atop ublock origin and does
exactly what it purports to. The only downside is that it is used by such a
comparatively small market-share that it's harder to blend in, but I imagine
modern browser fingerprinting negates this concern anyway. Also it's
(tellingly) banned from the Chrome store last I used Chrome, and you had to
install it via a zip file. There is (or at least was) a user-hostile nag each
time you start Chrome (or Chromium) about allowing an unidentified extension
but I guess that's now moot if Chrome now doesn't permit sanctioned ad-
blockers.

~~~
TeMPOraL
They should promote the hell more out of the fact that it's uBO underneath.
For a long time, I didn't install AdNauseam simply because I trusted uBO more,
and didn't want to have two ad-blockers in a single browser.

~~~
0xADEADBEE
I agree with this - it's there (annoyingly, phrased exactly the same way I
wrote my comment but I swear I didn't know and I haven't been on that page in
months!) but they're not exactly leading with it. uBlock Origin has a strong
brand and it's a bit myopic not to leverage that in a more prominent way.
Still, I'm glad it's getting noticed and I'm sure their install base went up a
fair bit from this thread alone!

~~~
TeMPOraL
I'm on a fresh desktop setup and just installed it, so it's +1, and when I go
back to my usual workspace, it'll be +3.

------
danielcampos93
Best part is it tells you how much ad spend you have caused. It’s crazy how
quickly the number reaches 4 figures.

~~~
dymk
The fake clicks that this generates is one of the most trivial to filter out
for even the most simple ad systems. It’s costing ad companies and advertisers
approximately zero dollars.

It’s a nice additional data point to identify and track the users running it,
though.

~~~
abc-xyz
1\. If it's so trivial and costs ad companies nothing, then why would Google
go out of their way to ban the extension when it's essentially just an ad
blocker that clicks on the ads in the background?

2\. How would you filter out AdNauseam ad clicks with genuine ad clicks?

~~~
dymk
It’s banned because it’s made by people intentionally trying to not just
subvert, but inject _fake_ data into Google’s core business model. It’s like
asking “why doesn’t Apple allow Cydia in the App Store?”

AdNauseam clicks occur far more often than normal ad clicks, aren’t associated
with other ad load events, timing is all similar, ads are clicked regardless
of predicted relevancy. There’s dozens of obvious, and hundreds of non
obvious, ways to detect if a particular user is a bot or not. Literally
legions is PhDs study this attack vector and work at Google and Facebook.

~~~
llukas
PhD time doesnt cost "nothing" like you said in grandparent post.

~~~
dymk
They’re working on actual hard problems, like combating click fraud attempted
by organized crime and actual sophisticated actors, and they’re working
regardless of the existence of this extension.

This extension just isn’t effective, and any time working in the ad industry
makes that overwhelmingly obvious.

~~~
kurthr
LOL, that's great idea!

Adnausium can just connect us through an anonymizing server so that we can
sell our well chosen (by them) clicks to those organized crime and
sophisticated actors. Heck, those bad guys would probably be willing to pay me
or Adnausium a fractional CPM for the service.

------
have_faith
Not sure why simply blocking the ads isn't a better signal than trying to send
mixed messages that they can just filter out. Ad blocking already is fighting
back, is more environmentally friendly, and doesn't expose you to anything.

~~~
mhuffman
> trying to send mixed messages that they can just filter out.

How does this work? Remove clicks from people that click many ads? Doubtful!

It is noteworthy that Google doesn't bitch too much about AdBlocking in the
past, but lost their shit at AdDauseam![1]

[https://www.theregister.co.uk/2017/01/05/adnauseam_expelled_...](https://www.theregister.co.uk/2017/01/05/adnauseam_expelled_from_chrome_web_store/)

------
antpls
\- Blocking ads had the nice argument of being more "green" because of less
internet requests, less CPU and data usage.

\- How do I make sure this extension will not download and run a javascript
exploit from fake ads ?

Security, ecology, business threat : they are valid arguments to Google for
banning it

------
angel_j
I like the data-breaking approach to anti-tracking and ads. I wonder if it
would be more effective to fuck with cookies, like randomly scrambling your
cookies with other browsers'.

