Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Who else uses adblockers for safety?
128 points by julie1 on Mar 17, 2016 | hide | past | web | favorite | 92 comments
I have been programming immersive ads. I could modify from an embedded iframe the content of information sites, suck data out of people, manipulate data (like navigation history). And I got really not confident in what unethical people could do and seen no way we could detect misbehaving code.

I feel like the potential of vulnerabilities dynamic ads (JS based) exposes the users to is under stated by the industry.

I use adblockers to just protect myself. Who else does it?

And who else think their may be an ad-gate of the ads companies not stating the risks clearly? I mean to any coder that actually coded ads, we know what it actually can do, right?

Over the last few years I've settled on using NoScript. Mostly it was more for security or speed reasons; that it happened to block ads was just a happy side effect and often not one that I pursued very hard. For many sites, I'd end up with a page that had a couple of ads still on it, rather than a dozen ads plus a popover. The only time I've spent much cognitive bandwidth on getting rid of the ads is when the ads are being disgusting or half-pornographic. (It is not per se that I "disagree" with skin, it is that I hate the advertisers for deliberately trying to bypass my rational brain with those images. It's a hostile cognitive move on their part.)

But it's getting harder. More JS frameworks that depend on JS to render anything other than an empty white page. Then you whitelist that site, and it needs a couple of other domains to render anything. Then you're playing "guess which domain hosts the JS framework", which is not obvious, then you can also go back and play "unwhitelist the wrong answers", which since we're probably talking about a page that takes ten seconds to render and fifteen to be sure it didn't render when I blocked that site is quite a pain.

Also cloudfront is getting more popular, and that's all but an opaque domain now when it serves JS.

I'm getting seriously tempted to throw up my hands and do a serious adblock switch. I don't think using somebody else's list of domains is ethical, for various long and complicated reasons, but I'm finding myself having to balance that against the fact that the advertising industry doesn't seem all that worried about ethics at all, so I feel like I may be bringing an ethics knife to an ethics gun fight.

I've found Firefox reader mode can often give me the content when all scripts are still blocked. The blank page often still gives the reader icon :)

For those that don't trigger reader mode I'm increasingly hard nosed and just start ignoring that domain. I'll not enable JS just to read an article or see some images, only when it adds functionality. Most of the time I don't need to - most sites work remarkably well with little or no JS, so I can afford not to care about those that don't. I'm very reluctant to enable anything that's not the visited domain.

EDIT: uBlock+NoScript+Stylish almost always active.

> I've found Firefox reader mode can often give me the content when all scripts are still blocked.

For some reason Iceweasel doesn't seem to display the reader icon. It's a bit of a nuisance …

Is Reader even part of Iceweasel? I was under the impression that it was something that Mozilla licensed from a third party.

I've finally given up on using NoScript! I used it for quite a while and finally just got sick of everything not working all the time. I think you're exactly correct, so much now depends on JS it just ends up that most every new site I went to was unusable.

Maybe the day will come when NoScript allows me to catch up with the internet, but as it is, it remains essentially endless even with NoScript active.

throw Privoxy into the mix a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk.


I am using HTTPS Everywhere. Will Privoxy work with HTTPS? I'd believe that you are restricted to block entire domains with that.

Also, Privoxy requires to either run a proxy locally or on your router. Both not exactly easy for non-techies.

ack, no, it bypasses https

This sounds like FUD. An iframe can get the page it's embedded in, but what do you mean by "suck data out of people?" and how do you manipulate navigation history out of an iframe?

What surprised me most from my time in adtech was the way companies used redirects to sync user ids, i.e. news.com/story loads an image from ads.com/user-sync-start?partner=data which 302 redirects to data.com/user-sync?id=123 which redirects to ads.com/user-sync?your_id=123&partner=data&our_id=456, which returns a 1x1 transparent pixel gif. If that bothers you, disabling third party cookies should make it impossible.

That said, I use adblockers for safety because ad networks seem like a great way to serve browser 0-days.

Manipulating history belongs to one of the dark ages secret of "everlasting cookies" aka the zombie cookies you can't kill. Navigation history was globally accessible from any DOM elements when I was working in ad industry (2013).


Some of these have been fixed, some not.

I use adblockers (ABP and Ghostery on desktop, Crystal on iOS) mostly to minimize annoyances: videos that play automatically, malicious redirects to the App Store, multiple trackers that slow down browsing or suck down data.

I'm not worried so much about safety (e.g., ads as a malware vector), but I know that happens. I don't have too much of an issue with data collection in of itself, unless a) the act of data collection impacts me (e.g., 1MB of tracking JS) or b) if your follow-on processes are sketchy and annoying (e.g., spam emails).

I have explicitly unblocked pure analytics platforms (e.g., Google Analytics), trustworthy ad platforms (e.g., The Deck), and a few "site optimization" libraries because some sites don't work without them (shame on them).

I totally get that ads are a revenue source. The problem is that you (as the publisher) need to convince me that your ad platform is trustworthy—not annoying or malicious. You have failed that test in the past and taken advantage of me as a consumer. So you now need to earn that trust back. It's not that I don't value your content, it's that I don't trust your infrastructure. (And yes, from my perspective, a third-party ad network is still your infrastructure because you've chosen to use it.)

Wired is an example of publishers not "getting it". I get a big pop-up that reads "Here's The Thing With Ad Blockers".

It goes on to say, "We get it: Ads aren’t what you’re here for. But ads help us keep the lights on. So, add us to your ad blocker’s whitelist or pay $1 per week for an ad-free version of WIRED. Either way, you are supporting our journalism. We’d really appreciate it."

As a reader: I get it! I want to support you! Of course I'm not here for ads, but I don't care. I care about your malicious ad network—do you? You haven't proven that I can trust you to whitelist you, nor are you even showing that you know what my problem is.

So no, you don't get the trust in a whitelist. I might pay for your content explicitly, but I'm not paying $52/yr when I can get a year-long physical subscription for $10. And, back to trust, I don't trust you with my CC number either.

And finally: I have another channel! I can go get all the Wired content I want through Apple News, which is a) trustworthy, b) ad-free, and c) easy to use.

... and can trivially bypass WIRED's pop-up by just disabling JavaScript in your browser (just 2 clicks Safari if you have Develop menu visible) after the page loads but before you scroll.

I just had this conversation with the director of IT yesterday. Given the rise of ransomware and malvertising, I think its absolutely time we consider ad blockers as important as anti-virus software. I realize how damaging this can/will be for content publishers, but the ad networks have nobody else to blame but themselves for how chaotic and dangerous online ad markets can be.

At Bromium we do complete task isolation in uVMs and use monitoring to watch what happens inside. Most customer infections we see come from ads, and they're mostly cryptoransomware. It's absurd.

that's true but the sad thing is, it's been the case for past few years and ad gateways did little to control the abuse, they thought money > safety, now they are paying the price.

Yeah I'm with you.

Neither publishers or advertising networks seem to want to care about sanitising the code they're letting be run in my browser, so screw them all. I'll sanitise it by blocking it.

It's not just that though. Browsing without adverts is a better user experience. This is just a side-effect of adverts, I'm afraid.

Now, I'm sure this probably fractures my license to read content on certain sites... But I'm selfish and detecting ad-blocking is possible. It's up to publishers now to decide whether or not they're really happy blocking 30-70% (demo-dependent) of their traffic.

On my personal machines, I use µBlock (I'll always call it that, not uBlock …) Origin and NoScript, and only disable NoScript when I really, really want to read a page which is so broken that it requires JavaScript to even display. Normally, I don't bother: people who break the Web don't really deserve to have their words read.

On work machines, I use µBlock origin and NoScript, but with NoScript set in blacklist mode, so almost all sites run JavaScript.

In this manner I reach what I consider pragmatic tradeoffs.

I'll admit though that I am absolutely, completely livid at the continued destruction of the Web's ideals by JavaScript. The Web is about documents, not executables!

This is the real ublock origin:


correct ? I am always wary that there is some clone project out there that hijacks the original intent of ublock and is somehow name-camping on some derivative of "ublock origin".

That's the correct add-on in the google chrome store, yes ?

That + uMatrix (using the u, not the mu, because I'm a human and actually want this tech to proliferate...) are made by gorhill - see the 'Related' tab on the Chrome store link you gave, 'Same developer' and you'll find uMatrix.

ublock-origin is the cut-down, simplified version, uMatrix is the 'power user' version, giving more finely grained control over what's blocked.

zeveb: you should probably just use uMatrix. Less memory consumption and deduplication of tasks. Not to mention the shady noscript under-the-table deals.

I'm ethically opposed to adblockers as they deny content creators a means of making money for their work.

Yet, ads have gotten so out of hand that I'm about to install adblockers partly for safety, partly for other issues. They track my information when I would not expect it. And I just had a simple news website suck up 2GB of memory. And on my phone, simple websites with 1K text frequently suck up 5MB for ads - and I can't easily predict and control that.

Edit: ADP now installed. And it says it doesn't block "non-intrusive" ads unless I ask it to - which sounds pretty good from my perspective.

> I'm ethically opposed to adblockers as they deny content creators a means of making money for their work.

Quick rebuttal:

- People who use adblockers aren't likely to click ads anyway (maybe improving CTR for advertisers?).

- Server logs can still tell you how many 'hits' you've had, which were bots etc. even if various JS analytics snippets are blocked. These can be shared with ad partners, even if 100% of your visitors use adblocking.

- Advertising is not the only way to make money from writing/media and I'm becoming ever more convinced that it is even an immoral and hostile action on behalf of the advertisers and their partners (unless done in a mutually beneficial way, such as keyword bidding/ads relevant to expressed commercial needs).

Sadly the response to all this seems to be increased product placement. There are cultural divides between various countries and the web will most likely homogenise over the average at one point, but in areas of ad-desensitized culture we'll see the worst of advertising (or best, depending on your viewpoint).

EDIT(3): uMatrix + pihole user (uMatrix for me, pihole for everyone else on the network, mobile and tab included)

1: I don't judge anyone for using adblockers because there's a lot of moral grey area here.

2: "Advertising is not the only way to make money from writing/media"

-> I don't think this is a very good argument. It may be the only reasonable way for that content creator to make money.

3: "I'm becoming ever more convinced that it is even an immoral and hostile action"

-> Some of these ads are hostile, but some are attempting to make money in a very reasonable way. You're demonizing the entire group, including some who are creating value for you and me.

Edit: A little anecdote: There is a project I'd like to do that involves investing considerable time and money in creating content that will be shared with the world and would help a lot of people. I'd like to make some money back out of it for my time and costs. Free but with ads is the best way to help the most people but still make money. However, it might be difficult to make much and I would have to deal with people attacking me for trying to make money off ads. This is a factor that is actually affecting my decision as to whether or not I pursue this project (which I will decide in the next several months).

Appreciate the further consideration of those points.

As for your project; do it! If it'll help people, write it all and release it under a creative commons licence. Spread it far and wide. It could be your legacy, long after you've left the earth and stopped worrying about money.

I self-published a book in 2011. I charged for it. It ran its course, the product lifecycle played out and I'd made more than it cost to put it together. It's now free to read on my site and will soon be added to the creative commons as a PDF to be freely shared. I continue to benefit from its existence in other ways than monetary.

If you really do want money in return for the effort, charge for the publication. Get it published professionally or self-publish and promote it widely. Do you think the ad model is best because you are convinced people will only find what they're looking for through a search engine or social media?

EDIT: Would the people you help with your publication be helped even more by the ads displayed alongside it? Who would click the ads to make the project pay?

Quick rebuttal to the quick rebuttal:

- Many advertisers pay by the impressions, especially "premium" ad slots. They treat ads as billboards and pay for "reach."

- (1) If you're using a CDN, hits don't got to your server (2) Advertisers trust numbers from an industry-common analytics solution, they don't trust something hand-rolled

- Agreed on your last point, I think ad-supported content is creating perverse incentives for content creators.

Quick rebuttal to the quick rebuttal's quick rebuttal:

- Potential improvement to adblockers: a sacrificial server needs setting up that displays these ads to nobody in a dark room somewhere when triggered by the adblock software, thereby maintaining 'reach' figures for the scattergun advertisers.

- (1) Potential improvement to CDN services: display hit counters for users. (2) Many industry-standard analytics solutions use server logs for quantification.

- Agreed on your agreement point.

> immoral and hostile

Have these become code words for something beyond or outside of the dictionary definition? I have seen both of these words used recently in such a hyperbolic manner that defied any other explanation.

I'm using them literally. Immoral as in 'not a moral activity' and hostile as in 'attacking my freedom'. I think we probably agree that advertising can be improved, it's just likely that I'm more offended by it than you are. Maybe for cultural reasons or maybe because I'm an idealist.

> Edit: ADP now installed. And it says it doesn't block "non-intrusive" ads unless I ask it to - which sounds pretty good from my perspective.

Unfortunately, that's the worst part of ABP and many other adblockers - they allow companies to pay them off to be whitelisted. The program is meant to sound consumer-friendly, but it's just another way to get their cut of the ad spend.

I'm not going to go as far as calling this extortion, but it's definitely misleading.

A more upfront way of doing it would be to call them sponsored ads or something that implies it being paid.

>I'm ethically opposed to adblockers as they deny content creators a means of making money for their work.

Why don't advertisers make ads I want to consume?

Trick question: they actually do, and it's called native advertising. Ad-blockers block the grimy, scummy, bottom-of-the-barrel ads that are little more than an assault on the senses.

The myth that ad-blockers prevent content-creators from monetizing is just that: a myth. Ad-blockers just mean you can't be lazy about your monetization strategy.

In the days when an "ad" was just an image on a website (or newspaper) I'd agree with you.

Because I visited your site, you don't get to follow me around for the next day or year...

I don't see how it is ethical to be exposed to ads, in fact ads make my mind sick and I think we should be striving for a better revenue model.

Patron is great.

Well, concerned websites could choose static assets based only ads.

Static ads bring less revenues than dynamic ads per exposure thus less $ / kb loaded. That's all.

But does the ads industry fairly give them enough information to make a rational choice?

I think there's a place for a network to go back to those, and offer to serve ads with no user tracking.

Course the question is the would anyone trust them enough to actually white list them?

I'm ethically opposed to adblockers as they deny content creators a means of making money for their work.

This is a reasonably common argument, but I never quite understand it. Ad blockers deny content creators a (one) means of making money, but not a (any) means of making money.

One particular business model is unlikely to survive as ad blockers become ubiquitous. That business model was not good for visitors, and that's why it's becoming obsolete in the face of resistance.

However, there are plenty of other viable business models on the web. I'm not sure it's a bad thing that sites with good content will increasingly have to look to those, and that users will have to get used to providing real financial support to content creators if they want good quality material to be available. Perhaps as a result we'll even develop some new mechanisms for efficiently transferring small amounts of compensation on a large scale in return for producing worthwhile content.

This all represents a change from the status quo of the past few years, but I don't see anything inherently unethical about it, any more than it's unethical for people to only buy media in convenient formats or wheelwrights to have less business opportunity since horse-drawn carriages became obsolete. The only group I see losing out profoundly in the long term are the ad networks and related services, and to some extent I think they have brought this fate upon themselves.

If your business model is based on the presumption that your users will voluntarily download anything that you want them to download, and they don't, maybe it's just a shitty business model.

As it stands, HTTP is all about the client choosing what requests to make, what to render and how to render it. If I don't want to download and view ads, I don't request them. If there is some information on a page that I am not interested in, I don't render it. I couldn't care less if this makes someone's business unviable, because in their use of web technology they are implicitly offering me the option not to be bombarded by information that I am not interested in. User discretion is part of the protocol.

>they deny content creators a means of making money for their work

I try my best to whitelist ad content from websites that I frequent for this very reason. Ads don't inherently bother me, but the extra bandwidth can be ridiculous.

I'm ethically opposed to ads, as our attention is (becoming) a scarce resource, and ads increasingly try to disrupt consumers' control over their focus.


(edit: on-topic, I use NoScript/RequestPolicy, Disconnect and UBlock whenever I can)

Safety is the primary reason I use not just Ad Blockers but NoScript as well. Preventing cross-site tracking is a nice bonus (I don't mind Ads so much, but the networks cross a line because they track your browsing behavior which violates your privacy).

While the safety argument remains, you might want to look in enabling the Do Not Track feature in your browser. While I can't guarantee every bidder / adserver / etc.. respect it, it's a good way to insure some privacy while allowing sites you visit to survive.

It seems that the Do Not Track feature will only give you a false sense of safety and privacy. It depends on the advertising companies actually respecting your choice, which most do not, according to this article:


Without even needing to read it, it is, you're right. It becomes a bit of an ethical problem at this point where in order to get accreditation, adtech companies need to respect the header but, unfortunately, no one is forcing Advertisers or Publishers to work with an accreditated adtech company.

Also, another problem there is giving 'bad actors' another signal to identify a particular client, as I imagine not many people have the DNT feature enabled currently.

I primarily used adblockers to remove invasive ads that take over the page, but with more and more reports of malware served through ad networks I consider it safer as well.

The only ads I ever click on are ones I never meant to. Usually because the page loads so slow because of ads so content jumps under my finger on my phone.

I use uMatrix, mostly to block malicious or intrusive JavaScript. It's not primarily intended as an adblocker, but effectively works like one since most ads are served by untrusted third parties.

But since more and more malware is now spreading through ad networks, I've taken it one step further and rolled out domain-level adblocking on my router (on the DNS level), mainly as a way of securing non-updateable devices like Android phones of guests.

Note that this means that I cannot whitelist ads for a specific domain, but since adblocking was never my primary concern to begin with, I consider that acceptable. I will always see ads if they are served from the same domain (or from any other domain that is not a known ad server), so there's a clear and easy way for publishers to get ads in front of my eyes, should they decide to give a shit.

I installed an adblocker on my Mac after I was using mobile tethering with my computer muted, and some ad went through a huge video playlist in another window using close to 1 GB of data. It was worth around $20 at the time in local currency, and that was it for ads on the laptop.

I installed a hosts blocker on my Android phone after I found myself hitting a large number of sites which would popup ad alerts and then forcibly redirect to another site (where they'd try and get me to download and run an APK). This might be more prevalent in "poor" countries where the fill rate is bad, and so these kinds of scams end up being the only ads available and possibly aren't noticed by the networks.

Just a tip, Firefox has Android version too, and many plugins (including uBlock Origin) work just fine with it.

I browse mostly on mobile these days, with JS turned off. Sites load quickly, the small amount of actual content can be quickly consumed, and my monthly data allowance remains in trim.

Before this humungous amounts of JS and adverts blocked the screen, slowed loading times, tried to infect the phone, steal browser history data, and sucked down my data allowance greedily.

This is my main usage of uBlock and Firefox Beta on Android. I cannot browse the web on Android with Chrome and without Adblock anymore because I got so annoyed by Malware/Scareware/Scamware which vibrates my phone and redirecting me to virus warn sites (which look like made from Google). Good example which is 100% safe (open with Chrome on Android): https://shkspr.mobi/vibratescam/

Try to explain to some non nerds or your parents what is happening on the last link ;)

My mother-in-law very much appreciated not having ads in her free apps recently, as well as browsing her favourite news sites quicker, ad-free, due to the pihole set up and used by the router.

I didn't put her up to appreciating it either, I'd just mentioned I'd done it and some weeks later when visiting she noticed the difference. They may not always be the most tech-savvy generation (in general), but some things are universal!

I use an adblocker because many ads are annoying and consume much CPU and bandwidth. And of course, the security impact is another reason to block all those ad networks but that was not my first intention.

Only very few pages are on my whitelist. E.g. Stack Overflow because they have good ads which are well-chosen.

I use it for safety, bandwith reduction, performance gains, and to not get distracted while focussing/researching. In that order of importance.

Do you tell your kins/friends about your safety concerns and advise them to do the same? Else, why not?

I tell them, but this particular topic doesn't seem to be a huge issue that interests them, like virus protection for windows. Some just default install free protection, some ignore it and re-install their computers from scratch yearly.

Perceived performance and (expecially on mobile) reduced bandwidth/energy usage is the seelling point for my non-tech friends.

Does noscript count? You "miss out" on a whole boatload of ads by accident that way.

it does to.

It is also a prophylactic measure that is efficient. And yes, I missed the non ads dynamic contents that could also be unsafe. Then I would get paranoid with thousands sloc of JS included of minified code per project build with complex build chains. Knowing that ff extensions are in JS, I should purely stop using JS with my reasoning.

But as pointed out it results on some websites to serve degraded contents.

So it makes you choose between full access of web content, or safe access to a smaller part of the web.

I've been putting ad blockers, one form or another on all my friends/family devices for some time. Mostly cause I hated wasting time cleaning up crapware infections. Security yes but also prevents wasted time.

This. I had been cleaning my parents' computer about thrice a year. I haven't had to do that ever since I added an adblocker.

Just the other day, I needed to get a print driver for my aunt's computer. I searched bing (which she had as the default), and this came up:


Yes, there is a muted gray "Ad" there, but the first two links - rendered like real links - are not to HP. And I'm pretty sure that's just asking for problems.

I use RequestPolicy. It gives fairly fine-grained control over which third party sites are loaded, and from which origin.

It's the best of both worlds for me. I'll see the ads I don't object to (those not served from an ad network), greatly reduced cross-site tracking, and the risk of exposure to malicious ad content is much reduced.

Occasionally you run into a poorly coded site that fails to render because facebook or twitter didn't return what it expected, but for the most part it's a good compromise between extremes of wide open and noscript.

I used to use RequestPolicy too. Then I found uMatrix, which simply has a much better representation for this, and allows finer control (cookie/image/css/plugin/script/XHR/frame). I suggest you to try it out.

As for the setup, I made it accept all first-party content, and images+css from third parties, and block everything else by default. Then you play the "guess the source" game for a couple of scripts that you as RequestPolicy user are already familiar with :)

Thanks, I'll take a look

It costs me twice to see an ad. It costs me time to look at it (and possibly interact with it), which is fine because that's what actually pays for the site. However, the ads are costing me again because they are using too much of my limited data (esp on mobile). Sure, I don't go over my allotment usually, but it does prevent me from using that data somewhere else.

The advertisers need to figure out the latter in order for the ads to continue to be a viable revenue stream.

I use ad blockers for all these reasons (safety, speed, readability), but also as a selective tool for often-visited web pages to remove parts of the website that i find distracting. For example I remove the divs of comment sections on news pages, irrelevant side bars with distracting features etc.

Edit: In particular also annoying navigation elements like gigantic top bars that stick to the browser top. I have a Macbook 11" and this have made many websites way more readable.

Everyone on this thread categorising the question as FUD should read up on the Same Origin Policy of the browser and the context in which embedded javascript gets executed.

Definitely enough room for malicious behaviour.

Also, the threat does not just include ads, but the fact that too many a developer is very happy of pulling in 10+ 3rd party javascript libraries into their web application, effectively exposing their web application to risk in case one of these 3rd parties gets compromised.

I've seen many cases of payloads being delivered through 3rd party ad networks. I also despise how ads will track users. Those are my two top reasons.

> I use adblockers to just protect myself. Who else does it?

I use a javascript/flash/etc blocking plugin.

If people show me static advertising assets, I'm fine with that even if it lets them track me a little. If people try to run software on my computer I'm not comfortable with...that is a separate problem.

If you are concerned about malware, the first thing you must do is to ditch FLASH.

Yes, that is the purpose of the plugin. However, I need to use it rarely to test something I've had to work on so I can't disable it 100% of the time.

Which plugin?

I was convinced to install an ad blocker solely for the safety reasons. It is the new antivirus.

I do. I'm the defacto tech support for most of my family and friends. The amount of spyware, viruses, and questions of "This website is telling me I have X problem!" type questions I've gotten over the past decade pretty much forced my hand. I used to setup their computers without adblockers, but decided to just install them by default a few years ago. It's cut down the amount of support requests from a few per year to almost none. Personally, I do whitelist sites I know to be safe and protect my privacy, but for everyone else, it just saves me so much time that it's a no brainer.

Pure FUD.

Find me an example of any widespread attack from ads alone. Find me one major network (Oh wait, thats only adsense, FB, and bing) who allow anything malicious.

Dynamic ads don't allow custom JS, and you thinking they do is ridiculous.

Sucking data out of people? That is FUD if I've ever seen it. You mean, "collecting data"? Which some people have a problem with.

Your perspective is warped as hell, 80% of users don't care at all. The other 19% installed an adblocker and left it there. The 1% have noscript or JS disabled and are overly worried about security concerns and paranoid about data collection.

NoScript (+ Custom ABE rules for specific websites) + uBlock - Basically all external plugins like Java or Flash with Firefox

NoScript with ABE is pretty much what everyone needs but uBlock is there to block most of the non-JS ads (and save some bw) and from malicious js ads on the allowed ones but without enabling scripts most ads don't even run so basically uBlock is almost doing nothing (in at least a year it only shows 4% of request blocked so almost all the work is done by NoScript).

Still wishing someday to see NoScript on chrome.

Is there a list of vulnerabilities one gets exposed to with these /immersive/ ads? Maybe making this problem more visible will help content owners stay away from bad ads companies.

I use uBlock, Ghostery to block all trackers and ads. Lately I have been writing a DNS based blocker using Rpi, Most adblockers are as good as the list they maintain.

I started blocking ads when I realized they are used to spread malware using sites like adfly, bitly(in the beginning) ... then I got used to pages without ads, it's difficult to go back from that.

I've developed some kind of blind spot for ads, so I'll accept them as long as they don't track me. For blocking spying ads and invisible trackers, I'm using Privacy Badger (https://www.eff.org/privacybadger)

I use a lying DNS resolver where possible (my VPN, my home router). It redirects any ad-stuff to an nginx server that happily replies "204 No Content" to anything you ask it.

I had an adblocker at work until someone pushed a corporate admin-managed Chrome on my machine and I can't install and adblocker anymore.

I use ad block because ads are annoying, invasive, don't add value, and are immoral (i.e. the way they're disguised to look like real content, the way they prey on ignorant people, install malware, etc.).

I've been using Ghostery (with everything blocked) on all my browsers for the last couple of years.

I feel safer online and site tend to function better since I've started using it.

I would use caution with Ghostery. It's proprietary and closed source, which is really suspicious for privacy software, doubly so when you realize that the company running it is in the advertising industry. It also phones home and is not entirely clear about what it's sending. I'd suggest using uBlock Origin instead.

It also phones home and is not entirely clear about what it's sending.

Are you suggesting that it does so other than to download library updates, even if you have opted out of their data sharing (which is a single option on the settings screen)? If so, please give details, because this is a common allegation but I've yet to see anyone substantiate it.

I'd suggest using uBlock Origin instead.

uBO is helpful if you're happy with the defaults, but it's horrendously difficult to configure it or figure out what it's actually doing. This is something AdBlock Plus/Edge were always much better at, whatever their other limitations.

Just to chime in with uMatrix by the same dev as uBO - it has always been the 'power-user' version to rival noscript etc. A much more 'open' solution.

Yup, there was an HN post last year where a guy took apart Ghostery network traffic and saw a UUID being included with requests. Got me to uninstall real fast.

Not to spread FUD, and it's probably nothing, but some blockers, such as Disconnect, have founding teams that formerly worked at DoubleClick, Google and NSA. None of this appears on their website post-2013, the summer of surveillance.

Saw it once on their 'About us' page, can't track it down on web.archive.org just now, but I'm not making it up...

Wowzers, never realized that, thanks for the heads up.

Somebody should develop an AI approach to ad detection.

And then make a webbrowser that uses a shadow DOM to remove the ads without the website noticing.

I just loaded AdBlock Ultimate 2.18 and wonder if this is legit/non-harmful?

Mix of reducing annoyances, security and reducing required bandwidth.

Mostly for speed. I don't consider the web safe anyway.

I run an adblocker to protect myself from "the latest steroid taking GNC by storm" and "This website sells apple products for cheap!". Its an eyesore and ruins my user experience.

This is fine as those are clearly scams designed to separate you from your money. But on the flip side you're missing out on the new skin treatment that a stay at home mother found that takes 20 years of your face (doctors HATE her). Hint: It's acai berry.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact