Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] Forbes Site, After Begging You Turn Off Adblocker, Serves Up Malware 'Ads' (techdirt.com)
606 points by jackgavigan on April 8, 2016 | hide | past | favorite | 271 comments



Blogspam of the story discussed in https://news.ycombinator.com/item?id=10870892


My process

1. Click Forbes link 2. Get blank page where ad should be and "Continue to site" link 3. Click continue 4. Get request to turn off ad blocker 5. Laugh that I can't remember that Forbes blocks ad blockers 6. Google the headline 7. Read the story someplace else

Hope that helps.


I really want a plug that will let me mark sites like Forbes and then decorate any links to it indicating I've already decided I don't want to go there. This way Forbes doesn't even get a +1 visit from me. I've had this thought several times over the last few months so last night I started work on a Chrome plugin that takes a regex pattern and css styles, finds the pattern in the markup and then applies the css to the first visible element containing the pattern. I'm hoping it will be useful for more than just reminding myself to not click links.


This is possible with a custom user stylesheets and a clever CSS rule (I haven't verified this, currently on my phone):

    a[href*="forbes.com"] {
      color: red;
    }
You can make it more restrictive (e.x. match the beginning of the attribute with ^=) if this results in false positives.

If you don't just want red links you can also combine it with pseudo elements, e.x.

    a[href*="forbes.com"]:after {
      content: "[warning: forbes]"; /* or an emoji or something */
    }
Unfortunately Chrome removed user stylesheets awhile ago, but there are 3rd party extensions (Stylish etc) which fake it.


I've been using Stylebot with great success. So much so that when I visit sites on other peoples machines it takes me a minute to figure out why certain sites are so hideous


What's the advantage of Stylebot over Stylish?


I've not used Stylish, but from looking their Chrome Extension page it looks like they don't allow you to write CSS for pages, but rather apply themes that have been built for sites by third parties?

Stylebot lets me just write css, or can grab an element off the page and they give you a GUI to edit the most common style properties. The ability to just write CSS as simple as .stupid-ad { display: none; } is what I was after.


Stylish lets you write your own CSS. It doesn't give you a GUI for it, it expects you to look up the elements yourself. I have custom CSS for a number of sites, and find Stylish sufficient.


Verified, as I had the same idea earlier and have started a userstyle to alert myself when a link points to one of these anti-Adblock sites.

To anyone who wishes to do this, you can add more sites by listing them, comma-separated, except for the last entry, like so:

a[href^="siteone.com"]::after, a[href^="sitetwo.com"]::after, a[href^="sitethree.com"]::after { content: "[generic warning because multiple sites]" }


That would be useful but it almost sounds better to register the view of their landing page and then not register the view of their article. Surely they will see a widening gap over time?


>I really want a plug that will let me mark sites like Forbes and then decorate any links to it indicating I've already decided I don't want to go there. This way Forbes doesn't even get a +1 visit from me.

Host file.

forbes.com 127.0.0.1

At home I have a giant list of sites I've blocked for this.

#Requests I turn off uBlock. Doing them the courtesy of not giving them any traffic instead.


I've tried some stuff like that but I still accidentally click the links and then get angry for a few minutes afterwards. Maybe I should work on my anger issues instead but that'll take years, if I get the extension working the way I want I expect scanning the front pages of HN and Reddit will take significantly less time and each decorated link will give me a little sense of triumph.


Yeah, work on your anger issues.


speaking of hosts file, here is a pretty good one [0]. albeit it may block more than just ads however I find its nothing I want to see anyway.

[0] http://someonewhocares.org/hosts/


You might like Steven Black's hosts file [1] which "consolidates several reputable hosts files, and merges them into a single amalgamated hosts file with duplicates removed." Sources (which can be extended easily) include: The Adaway hosts file, MVPs.org Hosts, Dan Pollock (someonewhocares.org), Malware Domain List, Peter Lowe, and Steven Black's own small list.

WestCoastJustin shared a great one-liner [2] for checking the list to make sure there were no nefarious entries; here it is without the unnecessary cat command:

  grep -v '#' steves_hosts | awk '{print $1}'| sort | uniq -c
[1] https://github.com/StevenBlack/hosts

[2] https://news.ycombinator.com/item?id=5264955


Awesome! Thanks for sharing!


The thing is that actually is a curtesy. If you have your adblocker off, they gain nothing from having you read their article and have to pay for the bandwidth. They don't want your traffic.


Yes - and that's the point. I wasn't being sarcastic in my comment of being courteous. I have three options. Ignore their plea, disable my adblock for them, or don't visit at all. They expect me to choose option 2. Out of the other two options, I choose the more courteous one.

All it is doing is slowing their death. News which doesn't get consumed will die out.

I'm of the opinion that ad-based business models on the internet will not work much longer. I'm of the opinion that only three business models will survive the next decade:

1) Collecting and selling user data in bulk (Massive sites that have access to said data)

2) Paywalls (Most sites)

3) Donations (minority, tight knit communities)

Will the web be worse off for it? Potentially. But I see ads as extremely harmful to people and not something to be tolerated regardless of the reason. From the subtle control over peoples' psyche, serving malware, or even being straight up scams... I don't see advertisements as moral and think the world would be better off without them.


which is great. the idea is not to do them a bad turn, it's just to partition them off into a "doesn't belong on my internet" bin and then let them go their own way.


You could also just block the site with your ad blocker. uBlock Origin shows a screen telling you are about to enter a blocked site and gives you the option to unblock it temporarily.


I have wanted EXACTLY this for a long time. What I want to also block are sites that serve up crappy "suggested" content from taboola and their horrible trashcan ilk. If you value me as a visitor to your site that little then to hell with you as a website. There are plenty out there that deserve me attention much more.


Adblockers like Ublock Origin already block that Taboola/Outbrain crap. Sadly Chrome Android doesn't allow for these, so I use Firefox Android, which fully allow extensions, 95% of the time when I'm on mobile.


>What I want to also block are sites that serve up crappy "suggested" content from taboola

add this line to your host file:

0.0.0.0 taboola.com


Quick gist of the code you could drop into a chrome extension to make you confirm going to forbes.

https://gist.github.com/bcruddy/4a994621c7ba050b19ddc956769e...


What's the NPM package name?


I see what you did there...


LeechBlock for Firefox won't quite let you do that, but seems like it might do some of what you want. http://www.proginosko.com/leechblock/


I think Google experimented with black listing at some point. I remember seeing something along the lines of "no more from this website". I was very hopeful it would do exactly this, but didn't seem to do anything.


start a github repo - maybe we can help ?


I will, sometime in the next week, hold me to it. I've actually got something working. So far I've got a hardcoded list of rules and styles and it works, even if the page content changes dynamically. I have to make all changes in code and manually reload the extension every time but it's not bad since I don't need to change things often.


I used to get so annoyed with all of the expertsexchange answers that popped up on google to take you to their paywall that I put a 0.0.0.0 www.experts-exchange.com entry in my hosts file.


My favorite part of their anti-adblocker approach was when I actually disabled my blocker and ran into a hilarious "ad-light"[0] experience that was so ad-heavy I immediately gave up and found somewhere else to read an article. Countless "sponsored" article links, old-timey banner ads, and 75% of the visible page devoted to items other than content.

[0]https://twitter.com/mmoche/status/710167616535531520


I had an identical experience and reaction:

https://twitter.com/PeterKimFrank/status/710164166636675072


My process

1. Install https://github.com/reek/anti-adblock-killer

2. Laugh maniacally.


Why do you insist to consume content when the publisher tells you they don't want your visit if you don't want their ads?


Because I wanted to see the content? Is that what you're really asking? Am I supposed to feel some kind of moral obligation to see the ads just because they want me to, even if my browser is perfectly capable of blocking them?

Sorry, but it's _my_ computer. I control it. Publishers don't get to decide what it does or does not do. I do.


The publisher told you that if you want to see the content, you have to see ads too. They are very explicit about it. You are not entitled to see the content. If it was just an adblock issue, I can see the logic of clicking on links and blocking the ads. I do not condone it, but I can see that some people might find it logical.

BUT the publisher intercepted you and said "you cannot continue with adblock turned on". Why do you think you have the right to see that content without seeing the ads when the publisher explicitly said you can't do that?

When he wastes your bandwidth with ads, he is the devil, but when you waste his bandwidth, it's perfectly OK?

Technical ability has nothing to do with it. You have the technical ability to stab someone with a knife. You have the technical ability to download a book, copy it and then distribute it. Is that OK too?

Just because you CAN do something does not mean you SHOULD do it.


Ok wait now that's just turning these publishers' (indeed very explicit) message around.

> you cannot continue with adblock turned on

They don't say that. They tell their users "to continue, please whitelist our site or turn off your adblocker", which is a whole lot more irresponsible and something I am totally not okay with.

People might actually believe the message, they ought to turn off their adblocker and view the site!

I help many non-technical people clean their laptops (yes it takes a lot of time, but I'm a nice guy and it can be done during beers). I install them an adblocker. If the only reason was "because the Internet just looks nicer without ads", I probably wouldn't. But especially for not-very-technical people, an adblocker is usually a better (and way less resource-intensive) security defence than an actual virus scanner.

What if sites like Forbes manage to successfully guilt these people into disabling their adblockers? Forbes will get a few dollars yay and my friends may lose a few hundred because they got ransomware not-yay.

I wish they just told people to go away.


> When he wastes your bandwidth with ads, he is the devil, but when you waste his bandwidth, it's perfectly OK?

Yes. He can try to stop me, just as I try to stop him. This is the game. It's an antagonistic relationship. There's nothing inherently "wrong" about either side - it just is how it is.

> You are not entitled to see the content.

If their server gives me HTML containing the content, it's up to _my_ computer what to render, therefore I am entitled to see or not see whatever is in that response.

I am very entitled to use of my own computer. They do not get to decide what happens once their content is on my end. If I were sending malicious code to their server in order to remove the adds or similar, you'd have an argument but since it's happening entirely on my computer, you don't. The entitlement to how my computer renders it rests entirely on me.


This is not ad blocking. They told you they don't want your visit and you still go ahead and consume the content.

This is not a game. You just like to freeload and when somebody calls your bull, you throw a tantrum.


Yikes, angry much? Do you run Forbes or something?


I am amused, not angry. I find self entitled goofs tiring, but like to poke them a bit from time to time.

Blocking ads will only make things worse, btw. You just don't see it coming, yet. Just wait for the telcos.


Telcos? Please, enlighten me.


What do you think will happen when the media companies realize that the promised subscription revenues will never come and scaling web advertising is not a realistic goal for them? Do you think they will say, "oh fuck it" and close shop? Oh, you thought they will wither and die. It's cozy to think that way, but it is not based on reality. They are gonna get bought. And do you know who is in the best position to snatch the market? Yup, you guessed it. They have entered in the ad business in a big way already. Just a select few partners to keep it quiet. For now. Buying distressed media companies is the best path forward. All the reach they need, the sales pipeline and even more data then they already have. Oh that sweet, sweet data.

You think your privacy is violated now? LOL.

Oh and btw, if you missed it, Verizon bought AOL. Have a nice evening.


Yeah, definitely seen some sketchy shit like that with consumer grade ISPs, but the way I look at it, as long as the big datacenters don't do it (and I doubt they feasibly could) I'm still in the clear.


Moral obligation is the reason to not take/copy other things.

This is the same as music/movie piracy. Basically you're doing it because you dont have the legal/physical repercussions of taking other things in life.


Not quite - with piracy you get a modified full copy of the content from a non-original source. This non-original source produces an unlicensed copy of the content. This is the illegal or "immoral" or what have you part of piracy.

With ad blocking you go right to the original source, ask them for a copy of the content, they give it to you, then choose how you're going to render it. They gave you the content. They never made me accept a license agreement on it. I can choose to render it however I damn well please because that's up to my computer. Does IE produce an immoral rendering of the page because it doesn't support a CSS feature they use? What if I load the page in Lynx and don't see ads, is that immoral?


I kind of doubt it's even legally possible for a copyright license to only allow use if people also consume the ads linked with the content.

Might depend on your country (or state). But it doesn't really seem like a legally enforceable condition to me. Not to mention all the practical snags of such a demand.

For instance, these ads are generated real-time and are targeted towards the user. Would yielding to that be part of the same demand? If you block or shield against targeting, or even in a private tab, or clearing cookies on exit. You could make the same argument that, this too deprives publishers (part) of their income because tracking is less effective.

What if the ads contain tooling for realtime monitoring how long you are "active" on the page, which parts your mouse hovers on, etc? Are we morally obliged that we run that code and (truthfully) submit that data as well? (Rhetorical question obviously)


So if someone takes something without permission, it's ok to take it from them because they already did the original "taking"?

Morality is tied to intention. If you can only access something with a screen reader and can't see ads, that's fine. If you're intentionally removing ads while full well knowing what they are for, that's immoral.

Then again morality is subjective to the individual so perhaps this is better described as basic ethics.


I think they mean: Why do you want to consume content from companies like that?


The quality of their publishing practice doesn't necessarily reflect the quality of the content.


If they don't want the traffic they are more than welcome to put it behind a paywall.


Why people don't understand this I cannot understand. If you respond to a get request the html is mine to do with as I like(personal use), maybe not render it to a browser at all.


It's about intent. Yes, currently you can work your way around ads and anti-adblockers, but seeing as that's not the intention of the publisher they will eventually have anti-anti-ad-blocker measures just as they came up with anti-ad-blocker measures in the first place. The way content has developed on the internet is based on this implicit agreement that the free content comes with the ads, if there was no revenue source, they might not desire to be in the content publishing business in the first place.

All that being said, I'm not sure how me seeing the ads helps them as I never click on them anyways, but I chalk that up to their business issue. I do not necessarily believe that just because they don't provide their content in a form/implicit contract that I wish to participate in, that I am still entitled to consume that content. A prime example for myself is EA Games. I disagree with a lot of their publishing practices and business decisions, but that doesn't mean I play all their games as pirated versions anyways, I simply abstain. Consuming the content by skirting this implied contract only results in this arms race you see in games, online content, and just about any other form of media. It's a competition between users wanting money-free content and publishers wanting to control exactly how their media is distributed and paid for. I don't think either side in this fight is right, but by participating on one side it eggs the other side on.


> I'm not sure how me seeing the ads helps them as I never click on them anyways, but I chalk that up to their business issue. I do not necessarily believe that just because they don't provide their content in a form/implicit contract that I wish to participate in, that I am still entitled to consume that content.

Wait, I don't get this "business issue". If you really never click the ads, you're ultimately not making anyone any money either. In fact, if you think ad-blocking is bad, merely never clicking on them is even more toxic to that industry. And I don't mean bandwidth. Because now it's the businesses paying to uselessly show you ads who are paying for your free content.

How is that better? You're still consuming your content for free (which is a terrible thing :P), except you're now also voluntarily punishing yourself with advertisements you don't care about that do nobody any favours. Of course you're free to believe that makes up for it, or something (not judging, they used to base entire religions around the concept).

I find it a bit hard to reconcile chalking up never-clicking-ads as their business issue, and simply not downloading and displaying the ads at all (thus also never clicking them) as a user problem.


I wonder if it would be possible to successfully sue a site that asks you to disable your ad blocker, which you do, and then serves up malware ads that infect your computer? I'm sure they'll try to say their ToS protects them but that doesn't mean it's so.


> anti-anti-ad-blocker measures just as they came up with anti-ad-blocker measures in the first place.

To be fair, the current anti-anti-adblockers like anti-adblock killer could defeat such a measure as is. Short of rendering their page to an image with ads builtin, there's not much you can do if someone's willing to replace JS.

What do you have against a good old fashioned cat and mouse game?


It's a waste of time and resources, and as long as one side persists in thinking that they can work around ad-blockers, and the other thinks it is justified in ignoring clear terms of use, then we won't ever get a solution that works better.

As it is right now, we are disincentivizing people from participating in a system that actually has a chance of surviving. Without compensation in some form, higher-tier journalism can't survive, and I for one don't think a world where all news comes from amateur bloggers is a better one.


I'm not so idealistic as to think I can change the model. I just want the content in a way that's acceptable to me so I can consume it now. It's not a waste of time if I save more time not looking at ads, not loading ads and have to remove less malware infections from my friends and family's computers. Not a waste of time at all!

The only way the model is going to change is if everyone adopts ad blockers and anti-anti solutions. And that's not going to happen. So I've got to deal with what we realistically have until someone comes up with this mythical better model and makes it work.

I can't change the model, but I can change what my computer does about it.


That's a realistic position, and I can't fault you for that. I was responding mostly to "What do you have against a good old fashioned cat and mouse game?" I don't like where we are going, but I don't necessarily see a way to exert enough force to stop it, nor know what stopping it would result in. I don't think we'll actually end up with paid content going away, but it sure would be nice if we could skip a few years of bullshit half-solutions and fast-track something that works, whatever that ends up being. :/


More to the point, they could go to the trouble of hosting and serving their own curated advertising, like newspapers used to do.

They could forbid JavaScript, require simple URLs, and flow their content around well-defined and crafted ad locations. Their site would load quickly, the ads would still attend to the image they intend to project to the reader. Metrics on such ads wouldn't require third party JavaScript to monitor.

None of their readers would be subject to malware. Reader and provider would not be an antagonistic relationship.

They could do all of these things. They seem to have chosen another path, and made the choice for their readers--those they've kept--at the same time.


How does only wanting visitors who are willing to view ads recommend the use of a pay wall? Those hardly seem related.


They are both trying to monetize the content. I thought that was obvious.


That is obvious, but the person I was replying to said "if you don't want the traffic." It is not evident that they want to exclude 99% of web traffic, only the relatively small number who are unwilling to view ads.

In short, for most people, a paywall is a much stronger negative than ads, so it's not an obvious why somebody who wants to use ads should just use a paywall.


This is one of those topics where people feel so strongly (because of the annoyance), that I strongly believe that quite a few people are subject to cognitive dissonance regarding it. That is, of course, a self-serving opinion, so I try not to rely on it.

That said, there are good, defensible reasons to run an ad blocker. Namely, that it's a security risk not to. That's not a moral argument though, and my only issue is with people that think they are justified to consume the content no matter the desires of the producer, that once it's published it's fair game. I have no problem with people that run an ad blocker but acknowledge that it does cause some harm. I count myself in that group.


> my only issue is with people that think they are justified to consume the content no matter the desires of the producer

Oh, I missed the bit where these people were hacking or forging credentials to get the content.

> that once it's published it's fair game.

Of course it is. Once you give me a newspaper I can cut out the articles I want - format shifting if you will. I simply can't duplicate them.

HTML is intended to be interpreted and rendered to the client's specifications. Don't expect this to change, it was designed this way for a reason. If that's not what you want, distribute PNGs.


> Oh, I missed the bit where these people were hacking or forging credentials to get the content.

That's okay, I seem to have missed that part where it's shown how that relates to my statement in any way.

> Of course it is. Once you give me a newspaper I can cut out the articles I want - format shifting if you will. I simply can't duplicate them.

That's after you've already gotten the material. You are addressing the method in which you consume, I am talking about your right (if not legally, morally) to consume. If you walk up to me and ask for my newspaper without offering compensation, and I say "sure, but you have to first look at this pamphlet I'll hand you with it", then I think in this example it is clear that throwing the pamphlet away prior to reading the paper is morally wrong.

Where I think most people differ on this subject is how accurate that analogy is for consuming internet content. If you believe the implication is clear that in visiting a site and retrieving their content that they would like to grant permission to view it based on the either an implicit transaction or an explicit statement (such as here), then you probably fall on one side of this issue. If you believe that no such implicit understanding exists, or where made explicit it's invalid for some reason, you probably fall on the other side of this issue.

For me, the arguments that fall along the lines of "once it's been sent I can do what I want" don't sit well because they feel anti-social in nature. We don't act that way with the people around us, why should be expect it to be entirely different just because we can't see their face? Unaccountability for poor behavior is a downside of anonymity, and something to to by mitigated, not accepted.

> HTML is intended to be interpreted and rendered to the client's specifications. Don't expect this to change, it was designed this way for a reason. If that's not what you want, distribute PNGs.

I don't think this really applies to my position in any way or the argument as I see it in any way.


> For me, the arguments that fall along the lines of "once it's been sent I can do what I want" don't sit well because they feel anti-social in nature.

For me, guilt trips are anti-social in nature. And from a business perspective, they're a losing proposition, because over time people just stop feeling guilty.


I'm not really sure how that applies. You'll have to define what you think is the guilt-trip, and how it's different than social pressure.that provides a positive effect. I see a loose social contract, but that's the same effect that prevents a lot of negative selfish behavior, so I see it as mostly positive. There are of course cases where you are pressured to conform for conformity's sake, and there is little or no benefit in much of that, but I don't think that applies here


I think it's pretty simple, any time you're admonishing someone and telling them how they should behave, rather than how they have to behave, it's basically a guilt trip. It makes people feel guilt. This guilt is supposed to motivate actions you desire from the individual.

It's fine if you have your morals, but your morals are not my morals. And it's a more effective argument to talk about yourself anyway: "I view ads because I believe it's a fair exchange for the publisher's content."

So, while I'm kind of a hypocrite for saying you shouldn't guilt trip people, what I really mean is that I've found it's better to talk about my own morals than to tell people that I think they should have them.


> any time you're admonishing someone and telling them how they should behave

I tried very hard specifically to not do this. The only case where I put a specific label on someone else's behavior was in an example in which one party is not acting in good faith. Specifically, much of the comment was about the dichotomy of views, and whether you think that example even applies to the situation we are discussing. To be clear, I don't think someone who uses an ad-blocker is immoral unless they themselves believe what they are doing is wrong, because I don't believe it's possible to be be accidentally immoral (and if you believe what you are doing is fully justifiable, it's moral, regardless of whether it's seen as social acceptable or not).

> It's fine if you have your morals, but your morals are not my morals. And it's a more effective argument to talk about yourself anyway: "I view ads because I believe it's a fair exchange for the publisher's content."

That is exactly what I did. The portion of the comment where I actually examine a stance is prefixed with "For me", and is about my relation to that specific viewpoint, which itself isn't meant to be inclusive of the entire other side of the argument.

I suspect you formed an initial impression of what I was trying to convey, and that colored your interpretation of my words. I urge you to go back and read my comment again, but keep in mind that my goal was firstly to provide what I thought was an accurate, non-accusatory assessment of the sides of the argument, and present them in a way where rational people could see the merits of each (and I may have fully failed in this), and then provide my own personal reasoning why one interpretation does not work for me. I guess that's why I was honestly confused when you started talking about a guilt trip, because that wasn't my intention at all (so I may have failed horribly in that respect).


Alright, these are the statements that made me feel guilt / anger, along with the message I interpreted:

> If you walk up to me and ask for my newspaper without offering compensation, and I say "sure, but you have to first look at this pamphlet I'll hand you with it", then I think in this example it is clear that throwing the pamphlet away prior to reading the paper is morally wrong.

"You shouldn't accept my gift without reciprocating."

> For me, the arguments that fall along the lines of "once it's been sent I can do what I want" don't sit well because they feel anti-social in nature.

"Your arguments are uncivil, you should make different arguments."

I get your point about "For me".

> We don't act that way with the people around us, why should be expect it to be entirely different just because we can't see their face?

"You should not treat your property like it's yours alone."

> Unaccountability for poor behavior is a downside of anonymity, and something to to by mitigated, not accepted.

"Your behavior is bad, you shouldn't behave like that."

I hope this helps, and I understand that I may have misread you, it's just my reaction / perspective.


> "You shouldn't accept my gift without reciprocating."

That example was set up specifically to not be a gifting. If someone sets terms before giving you something it's not a gift, it's clearly transactional. In my mind, the newspaper is being given by someone at a stand, it's being "sold", but not for money.

It was set up this way specifically to show one particular way of thinking about it, not to imply that is the only way it can be seen, which is what I was getting at when I said "Where I think most people differ on this subject is how accurate that analogy is for consuming internet content." Some people believe it's a clear transaction, others seem (I assume, not being of this group) to believe it's not.

> "Your arguments are uncivil, you should make different arguments."

I can see why you think that, and it's due to a poor word choice on my part. What I was thinking when I wrote "anti-social" is "anti-societal". That is, anti-social but not in the colloquial sense. Specifically, since I think the exchange is transactional, ignoring my own part of the transaction on purpose is selfish in the singular, and society breaking when accepted by the masses. Almost nobody does this (that's sociopathy), but I think people have convinced themselves that it doesn't apply in this case (i.e. it's not a transaction, which is the root of my cognitive dissonance assertion in my original comment). This is nothing special, people behave in anti-social (anti-societal) ways all the time (lane hopping on the freeway, cutting in line, etc). It happens when we convince ourselves that the negative consequences, or the chance of them occurring, are small, but our need is great. The individual effects of this as small, but in aggregate it would be unsustainable.

But this is all couched in why I can't subscribe to that view, not why I think someone else should be ashamed, or feel guilty. If you don't think it's transactional, there's nothing to feel guilty about, as you aren't doing anything wrong in your own eyes. I happen to think people of that view are wrong, but I don't think they have anything to be ashamed of.

> "You should not treat your property like it's yours alone."

That's the point in question. If you believe the relationship is transactional, it's not fully your property until you've fulfilled your side of the bargain. I've been trying to show both sides of the argument, but you seem stuck on ignoring mine; It's not about controlling your property, it's about whether the transaction that makes it your property has even been fulfilled. If there were money involved (I sell you a paper for $1, but hand it to you before collecting the dollar. You walk away without paying), I doubt there would even be anything to discuss. The question is whether, and how, it's different if I expect something besides money from you. This is ambiguous in most cases, but when a site has a banner that explicitly outlines their views on ad-blockers, it's much less so.

> "Your behavior is bad, you shouldn't behave like that."

Should be viewed in light of my "anti-societal" meaning above. In my examples I use a person-to-person situation because I think people are much less likely to think certain behavior is acceptable then. If it's not acceptable then, why is it acceptable when you are anonymous, or the other side is not a person? That is, anonymity does seem to encourage some bad behavior because of lack of accountability, so is some of what we're seeing he attributable to that, or is it entirely separate?

> I hope this helps, and I understand that I may have misread you, it's just my reaction / perspective.

It does, and I hope what I was trying to express, is a bit more clear. That is, explicitly, "there is a disconnect between the sides of the argument, this is what I think it is, and here's my reason for choosing my side in light of that information".


I think there's two things here.

The first is the implicit or explicit contract to view ads in exchange for getting to view content. Entering into a contract in bad faith or breaching a contract is both a legal and moral issue. When the terms of a contract are repulsive to me, I have no moral problem breaking them or lying about my intentions. I would let you pay me any amount of money to eat shit without proof and not follow through. You could always try and sue if that ended up being a problem. Generally though I won't enter into such contracts if there's a viable alternative.

The second thing is ownership of the property that's used to view the content. The argument here is that since it's my computer, I can control what my computer displays to me. I know that you have the copyright on the content and the ads, but copyright doesn't stop me from doing what I want with my own private copy so long as I don't distribute it.

So in the end, if you distribute content to me without verifying that I've viewed the ads first, you're putting yourself at risk for breach of contract on my part, and since I find ads repulsive it's a really high risk because it's my computer and I'm going to program it the way I want.

I'll readily agree that the content/ads thing is a problem, and that people deserve to make money for making things. But any fix to this problem is going to be systemic, not based on convincing people to play by the rules when they can easily get away with breaking them.


> Entering into a contract in bad faith or breaching a contract is both a legal and moral issue.

I believe it is a moral issue, but depending on whether it's a legal contract, or observed legally, I'm not sure it's a legal issue (not sure as in don't know the specifics of contract law and what is considered a contract).

> When the terms of a contract are repulsive to me, I have no moral problem breaking them or lying about my intentions.

I have no problem breaking a contract where it's been misrepresented to me. But when the terms are up-front and clear, but I don't believe they are fair, I don't believe I have a right to enter into that contract with the intention of breaking it. What's worse, trying to get someone to sign a contract with (up-front but) unfair terms, or lying about your intention to fulfill your side? Does it matter which is worse, if they are both bad?

> The second thing is ownership of the property that's used to view the content. The argument here is that since it's my computer, I can control what my computer displays to me. I know that you have the copyright on the content and the ads, but copyright doesn't stop me from doing what I want with my own private copy so long as I don't distribute it.

I'm not trying to make a case about having to display content, I'm trying to make a case about obligation to display content when you want to display other content. The medium is irrelevant. I would make the same case with paper. Having an assistant cut out the ads from a magazine (or removing and reprinting without them) before presenting it to you is equivalent in my eyes, and the same problem. The magazine is clearly offered with the advertisements as part of the package, to offset what would be the true consumer cost. That you are capable of having someone take scissors to it is not the issue; whether that breaks an implicit or explicit agreement based on the purchase of the magazine would be (and in this specific case the magazine would have a foreword saying it should not be altered from the form it was presented in, as that was part of the purchase price).

> So in the end, if you distribute content to me without verifying that I've viewed the ads first, you're putting yourself at risk for breach of contract on my part, and since I find ads repulsive it's a really high risk because it's my computer and I'm going to program it the way I want.

Every contract entered requiring something from both parties puts at least one party at risk the other will breach, and sometimes both are at risk. The other party putting themself at risk is not a justification for breaching the contract in itself, otherwise libraries would have a very hard time functioning.

Again, this line of reasoning only even makes sense if you believe there is a contract. If you do, then you either accept it or you don't, and you either fulfill your side or you don't. I know what I believe are the right choices of those available (where "right" means society perpetuating, not society breaking, when extended to all people).


> up-front and clear

I don't think you can argue the terms of ads on the web are upfront and clear. It takes serious reading to learn about all the different methods they use to track you now. They often give people malware. Is that part of this inherent "contract"?

> I'm not trying to make a case about having to display content, I'm trying to make a case about obligation to display content when you want to display other content. The medium is irrelevant. I would make the same case with paper. Having an assistant cut out the ads from a magazine (or removing and reprinting without them) before presenting it to you is equivalent in my eyes, and the same problem.

So you're saying that even though I paid for the magazine, I own the magazine and can do what I want with it, I don't have a right to use the paper it's made of as I please? Sorry, but that's utterly ridiculous. And I think most people would find it so too.

It'd be different if I borrowed the magazine, but since I own it I'd say it's fully within my right to cut out ads, chop it in half, fold it into planes, use it as toilet paper, what have you. That's my right as an owner of the magazine.


> I don't think you can argue the terms of ads on the web are upfront and clear.

When the site has a banner that says they want their ads displayed, then that's clear. I've made it obvious that I think it can be ambiguous otherwise, but it is not in that case.

> So you're saying that even though I paid for the magazine, I own the magazine and can do what I want with it, I don't have a right to use the paper it's made of as I please?

No, that's not what I said. Very specifically, we are talking about whether you own the magazine yet when you haven't fulfilled the transaction that would give you ownership, and if that is actually a transaction. I've written extensively in this thread about exactly this. Either you didn't bother to read the back-and-forth rwjwjuwjudf and I were having, or ignored my point.

> It'd be different if I borrowed the magazine, but since I own it I'd say it's fully within my right to cut out ads, chop it in half, fold it into planes, use it as toilet paper, what have you. That's my right as an owner of the magazine.

Sure, if you own it. Very simple, if a magazine that costs $9.99 starts selling for $1.99 but has some conditions (you need to view all the ads at least once), do you fully own it before you've fulfilled that condition?

Specifically, what you identify as different in the following scenarios will probably illuminate the actual difference in your point of view to mine:

- You pay full price for a magazine without ads, which is $9.99.

- You pay a subsidized price for a magazine with ads, which is $1.99.

- You pay nothing (fully subsidized) for a magazine with ads, and an explicit signed written contract that you will not alter the ads.

- You pay nothing (fully subsidized) for a magazine with ads, and there is a notice that this price is only for people that agree to no alter the ads.

- You pay nothing (fully subsidized) for a magazine with ads, and there is no notice about ads whatsoever.

In which cases would you feel fine altering (of having someone alter for you) the ads?


Do you sit through television commercials without talking, getting up, turning down the volume, muting them, or looking away?


> the publisher tells you they don't want your visit if you don't want their ads

Well if you say it like that, it almost sounds harmless! But that's not what they're doing.

What they are doing, is encouraging/begging people to disable their adblocker--which functions as a security (and privacy) feature of the browser--instead of telling people to go away if they want to keep it on.

Of course there's no way to nicely word an honest message that communicates "adblockers are not welcome". Especially not for a site that depends on advertising revenue, it would never get past the marketing/editors. That's a big part of the problem; the majority of advertising depends on skirting the line between honesty and dishonesty, and this attitude tends to seep into the businesses that are so dependent on advertising.

This becomes an even bigger trap if their content-quality is on the low end to begin with. I'm not familiar enough with Forbes to say that is the case for them (IIRC it's not that bad, is it?), but consider all those really shitty clickbait sites with listicles and blogspam. That's what those advertising dollars buy us. Who is more likely to stop producing content if advertising revenue drops? High-volume low-effort clickbait writers, or the "quality content" writers that actually care about the topic they write about?


Because I want to. The publisher is free to put a paywall up; of course we know they won't because nobody will ever pay even $1 for the overwhelming majority of the content they have and no publisher in the world has control over my browser, running on my hardware, running on my power so they don't get to prevent me from going around their funny little anti-adblock scripts.


You click on a link that you know has advertising

2) The site tells you, "hey, we see that you run adblock. If you want to consume our content you have to disable that. If you don't want to disable your adblock, bye."

3)You still go ahead to consume the content.

In what universe this is OK?


In a universe where their server still gives you the content.


If a door is open but has a sign "do not enter" above it, should you enter?


If what I want is inside, yes, always.


Self-entitlement. Google it.


Yeah - I'm very entitled to my own computer and I'll use it as I damn well please. Would you expect me to have any other attitude towards my own hardware?


You are not entitled to other people's computers.


Yup, that's completely correct. No argument there.


Then why do you access their computers when they have explicitly said they don't want you to? Even further, you circumvent a system they have put in place to stop you from accessing their property.


Because they gave it to me and I just decided how to render it locally on my own computer? There was no unauthorized access as you're suggesting. Blame their server I guess. I'm only working with what they give me.


You are straight out denying the reality.

They didn't give it to you. They put a wall and said "You cannot pass this wall with adblock turned on". You decided to circumvent it. Because...?


You need to look at where the code executes in reality.

Their "wall" as you describe it is actually just client-side code which runs on _my_ computer, not theirs, so I get to decide how it executes. It would be completely different if the "wall" was on the server side of course (for example, a paywall).

If it's on my computer, it's under my control. Just because it came from their server does not mean it has any rights on my computer at all. They're not entitled to my computer.


You are fetching their property and do not respect their rules. No matter how much you squirm and squeeze, this is objectively not OK to do.


I'm obeying their rules for fetching their property. I'm just not obeying their proposal for client side execution where they have no authority.


Um, excuse me, ads don't really pay the bills, people buying stuff that's advertised actually pays the bills. Do you feel a moral obligation to buy advertised products? If not, how do you justify consuming content without doing so?


I am rendered speechless by your immaculate logic.


Your comments break the HN guidelines on a regular basis. We ban accounts that do this, so please reread and follow the rules from now on:

https://news.ycombinator.com/newsguidelines.html

https://news.ycombinator.com/newswelcome.html

That means posting civilly and substantively or not at all.


Every time I reached the Forbes website I was really wondering if there is any option to hide a website from Google search results. So, I would like to never have any result from forbes.com (even if I search forbes). Do you know if there are Chrome Extensions or settings you can turn on in Google Search to hide certain websites?


This is the official Google extension for doing that: https://chrome.google.com/webstore/detail/personal-blocklist...


Any idea why this needs such wide permissions like managing my apps and extensions and reading my history?


Wow! Thank you very much I never thought of looking for an extension. For a very short time I found that feature in my search results directly. Then it just went away.


Yeah, Google did that for a short time. I used to use it to filter out content farms. They've gotten better at filtering content farms since then, and dropped the feature - probably because it was too expensive resource-wise to personalize results like that.


Not sure if it's very functional. I blocked W3Schools + Wildcards (because I'd rather read MDN) and after a few months of working their results continued appearing at the top of my page.

There are a few blog posts around the net where some users have tried similar and found that W3 schools was also serving up content from another place that had not been blocked.


There's a Chrome extension (by Google, no less) for this!

https://chrome.google.com/webstore/detail/personal-blocklist...


Now that's a thought. In our Ad Limiter add-on (Firefox and Chrome), we have the ability to delete and reorder items in Google Search results. Right now, we only do that for Google's ads. Maybe we should be more aggressive.

Is there a list of sites with ad blocker detectors? We could easily move such sites to the bottom of search results.


Well, you can remove Forbes temporarily from the search results:

    Whatever -site:forbes.com
Of course this would not scale well, because you can't block all sites. This is better then the chrome extension that only removes the HTML because if the first 10 results were from Forbes, you will not get an empty page.


There used to be but Google got rid of it. I used it to block the worst google spam offenders back in the day like expert sex change and huffington post.


This seems like something that could be automated into a browser plugin.


Use a good news RSS feed to find similar articles. I think there are some that aggregate by story.


My process

1. Open Forbes link in a new tab 2. Get redirected to completely blank page with only /welcome/ in the URL path 3. Temporarily enabling JavaScript for its domain and reloading won't help, since it lost the original URL and I don't remember where I got the link, so I don't even try 4. Give up and close the tab

For most sites where JavaScript is required, temporarily enabling (uBlock origin advanced mode) and reloading is enough. Forbes is the only one I recall which completely loses the URL in the redirect.


If you are using uBlock Origin, Forbes' anti-blocker is bypassed with default settings.


Copying titles into archive.is works for forbes and wsj.


I use a text command line reader for news and I really have found it makes these things just go away :)

I use w3m


I once disabled something in by adblocker that prevented Forbes from knowing I had an adblocker. Basically, you only allow that one adblocker detector to come through.

Of course it is not like I remember what it was, but I don't have to bother with Forbes anymore.


What cheeses me off is that I get blocked from many sites just for using FlashBlock. I'm not blocking all ads, I'm just using a "disable flash by default and enable manually if necessary".


Does that still happen? I remember this being the case years ago, but in the last 3, especially since Firefox went "click to flash", I haven't encountered this.


Works for me too, and I like to add 8.) Reflect for a moment on how much of human endeavor is wasted effort before it even began.


IMO, this is the biggest issue facing ad providers today.

I get the anti-ad blocker complaints - there are a lot of sites that depend entirely upon advertising revenue for their continued existence. And this isn't just crappy blogmills - even a company like the New York Times doesn't make enough money from subscriptions alone to continue operating without advertising of some sort.

Maybe there's a different model out there but as far as I'm aware no-one has found it yet, and in the mean time I'm quite prepared to tolerate advertising on web sites in return for the content I get. I'll even tolerate a pre-roll ad or a full-screen takeover before I get to a page every now and then - but there's a line. The mild end of it (for me) is ads clearly intended to make you click by accident, and the severe end of it is malware like this. And in my experience it's on the rise.

By all means implore your users to turn off their ad blockers. But clean house first and make sure you know what you're serving. The real problem is that it's borderline impossible for anyone to do so, given how many reseller networks exist out there these days. I often see people say that sites should arrange and sell their own advertising - but the reality is there's no money in it. Selling yourself out to the Google ad behemoth is often the only way out.


I think most people, with a little education, are reasonable when it comes to ads. I know I was. Most of my computers didn't block ads or scripts. You can try to be nice but the ad makers have escalated things to the point that you have to respond. It's like content creators these days are so upset about ad-blocking that they feel they have to lash out with ads at the people that don't block. I went to some random Linux Q&A forum and had to force-quit my browser because the ads brought the browser to a standstill; all tabs were frozen. I consider ads that crash or force me to close my browser as an act of violence. Nobody in their right mind wants to subject themselves to that, regardless of their opinion of ad-blocking.


"Maybe there's a different model out there but as far as I'm aware no-one has found it yet"

Sure they have. Sites just need to host the ads natively instead of outsourcing that responsibility. But they don't want to do that, because they don't want to take on that responsibility.


This is how my site works and it works well. In theory I might be able to make a bit more via an ad network, but I like treating my site like a magazine and have highly relevant and high-quality ads.


I just looked at http://officesnapshots.com/ and I agree -- that's what advertising should be. Congrats.

Two questions: how much time do you spend selling/negotiating with advertisers? And you say you could earn more from a network: have you researched at all exactly how much more?

Naively, it seems that maybe advertisers would pay you more because 100% of the visitors to your site are relevant to their products (but admittedly I'm out of my realm of expertise).


Thanks for the kind words!

It is difficult to say how much time I spend on that side of things since it has been built up over time and have pretty high advertiser loyalty - total guess, but maybe 5-20% depending on the time of year. Most of my time is spent acquiring, editing, and categorizing content as well as adding new features to the site.

I haven't really done much research into the various networks, but I do get sales pitches from time to time. My first question is always wondering which advertisers using the network are relevant to my readers (almost always the answer is none). Plus at this point I have a direct relationship with marketing departments, so there isn't really a need for a middleman.

Edit: for people here interested in tech offices, here's the best link: http://officesnapshots.com/offices/?fwp_industry=technology


This is more or less the old print model - take a topic, create quality content, take money from very specific relevant advertisers.

It's such an obvious model that it's amazing the ad industry hasn't understood how well it works. Instead they persist in using crappy non-functional trackers and ad blocker blockers and all kinds of other bullshit techniques - because apparently they'd rather game readers than provide something good and useful.

Postscript: a minor bug. I'm using OS X Chrome, and the ad bar keeps twitching when I reach the end and try to scroll down further.


Yeah, I basically think about the site as being a magazine with enhanced features. Unfortunately news sites like CNN don't have a narrow audience and therefore use technology to slice and dice the visitors into narrow groups.

Is that scroll bug on all pages with the ad sidebar? Do you run any script blockers?


You guys should add a search text box, so you can search for specific companies.


Here's the megalist of them all: http://officesnapshots.com/companies/

There is also http://officesnapshots.com/search/


>Naively, it seems that maybe advertisers would pay you more because 100% of the visitors to your site are relevant to their products

The fact that a website is about interior design is already enough information for advertisers to show you relevant ads.

I think all this tracking is pointless. They still show me ads about fridges weeks after I've bought one.


I'll second `oaktowner's comment: the adds fit right in. They fit in naturally and it feels curated. If this is what we were immersed in, web ads would be a much more relevant. the ads don't smack you and stand out as ADS! And instead blend in nicely.


I genuinely wondered if those were even advertisements. They look professional, pretty and placed well. Your site is a lesson for the entire advertising industry. It is not often that I see an advert and do not immediately go to edit my Privoxy blocking lists.


Hey, I want you to know that I read a few of your articles and clicked on the ads, because they were relevant to the content and theme of your site.

They weren't ads for Amazon products I looked at last week, or ads for jobs. Good job, it's a really well done site.


I seem to recall seeing an article indicating that is what StackOverflow do - and it works out p well for them


Yeah, someone else in the comments mentioned the link: https://blog.stackoverflow.com/2016/02/why-stack-overflow-do...


The thing that astounds me is that Forbes and most magazines would never not take the option to curate the ads in their print magazines. You think Forbes would let a "one weird trick..." ad anywhere near their print magazine? (Caveat: perhaps they do now, I've not picked up a print copy of Forbes in years.) Back in the day when I would purchase ad space in a magazine, I'd deal directly with someone from that magazine's organization. My ads were always pretty bland, but I've heard of print magazines turning away ads.

But it looks like all bets are off when things go to the web, and even the most high-brow magazines take their web properties and make it look like the web equivalent to something next to the chewing gum at the grocery checkout stand.


IMHO, if content providers/content hosts are going so far, in some cases, as to threaten law suits about ad blocking, they're putting themselves on the hook for liability when ads served for them cause harm to visitors' systems. I have no idea if there's any legal precedent for that, but morally it seems like two sides to the same coin.

You make money by putting me at risk? We share that money (and more) if you actually harm me.


I'm imagining the ultimate approach will be server-side includes of raw content from the ad networks so that the ad content is served from the content server and not sent off to a 3rd party.

From a security standpoint this is horrifying because it means that attempts to sandbox ad javascript away from site javascript in the browser will become impossible, since the sandbox will tell the browser what to block.


I block javascript. I whitelist very few sites. Ads - like sites themselves - need to work without javascript. Then we can all get along. Running random, unsigned, untested, unwanted code from strangers on my own computer doesn't really work for me, thanks. No, I don't care if your business model depends on it. I'm more than happy for every single site which depends on advertising to go bust. There'll always be another news site, and those failing sites will have no impact on the social media, shopping, banking etc sites which comprise most of most people's surfing. Really, ad-blocking just isn't that big a deal; the fact that it's got people talking and having big players like Apple get involved really speaks volumes about the sheer, gross violation of trust that's gone on all this time, as well as how security is being taken much more seriously than ever before.


More importantly than hosting the ads natively is handling media sales themselves. I think offloading that work to ad networks and ad exchanges is the first step in giving up responsibility for what gets shown to a user/viewer.


That works for niche or locally scoped/focused sites. The problem is that Google & Facebook offer a one-stop shopping experience that advertisers like.


A company I founded, Publir, is working on a new model here -- well behaved ads for anonymous users, microsubscriptions via Stripe to eliminate ads client-side for devoted readers.

Turns out that eliminating ads in the client upon payment is actually quite difficult to do with good hygeine; ad networks are very sensitive to "fraud." Now that we have a good solution, we're pretty excited about it.


For a while now I've been thinking about something like this: once a month I put some amount of money in my "browser account". Maybe it's $25, or $10, maybe sometimes it's nothing at all. This money gets automatically distributed to the sites I visit, potentially subject to a white/black list that I control. Payments automated, cryptographically secure. I never see an ad or run ad-related JS. And the sites that I support get my patronage as directly as possible. Edit: oh, and somehow my privacy is magically preserved. Small detail. :-)

Maybe that's too close to the "public radio" model, and would never work at scale, but I'd pay for it.



The only thing I fear with this (Brave) is that it is gameable. Whenever you create a pot of money, it will be gamed. Someone will come up with the Brave equivalent of a "One weird trick slideshow!" to extract maximum dollars.

Subscriptions, however, are consumer-empowering. And everyone gets how they work. (Netflix, Prime, etc.)


I think you just described the basic concept of Brave, Brendan Eich's browser project.

https://www.brave.com/about.html


It's just like cable used to be! Before they started serving ads anyway...


Most cable networks always showed ads, other than the premium channels (hbo, sho, etc)... They used to show fewer ads though... and the shows are now, mostly slotted to 44 minutes of show (give or take), closer to 36 for reality TV. So the rest gets filled with ads.. because money.


>Maybe there's a different model out there but as far as I'm aware no-one has found it yet

You could try Google Contributor. It shows you pictures of cats instead of ads, and let's you give a couple pennies to the website. It's not 100% but it's something different.


I actually do. It works very well, but still involves loading a lot of JS on the page. Still, a lot better than anything else.


For me, the breaking point were ads that expanded to fill the screen, or that autoplayed something loud. I hated searching a page for the little ad that was blasting me in the ears. Then, once you realize that seeing ads is actually a choice, why would you ever go back?

"We need you!" or "We're better now!" is a hard sell after all of that brutal, personal experience.


If all ads were just jpeg, it would be hard to hide malwares or tracking systems in them


Sure. It would also be very difficult to make any money from them.


That sounds an awful lot like a You* Problem, not a Me Problem. If the only way your business can stay afloat is by peddling malware to unsuspecting users, your business deserves to fail.

*By "you," I mean the content publisher.


I don't see where I suggested otherwise.

It will be come a You problem when these sites cease to exist because they have no money. No, we're not anywhere near that stage yet, but that doesn't mean we can't talk about it.


I didn't mean to sound like I was disagreeing with you, just continuing the discussion.

> It will be come a You problem when these sites cease to exist because they have no money.

Nah. Like I said, whatever value they provide is not greater than the cost of the malware they distribute. Them going out of business would be a net-good for the world.


> whatever value they provide is not greater than the cost of the malware they distribute. Them going out of business would be a net-good for the world

That feels like a blanket statement. When we're talking about the free press going under because they aren't able to afford to keep running, that sounds a lot more like an Us problem than a You or Me problem. Yes, I realise that sounds hyperbolic, but...


To me this feels like a false dichotomy. There are business models other than "literally distributing malware" and the only reason they're not pursued is because distributing malware is currently profitable. We need to make that not the case so we can move on.


No, we're not talking about "the free press" going under. We're talking about news (and "news" and entertainment and…) sites that take money from malware pushers. Think about that.

If your news source is willing to take money from folks attacking your machine, what does that say about their trustworthiness? Sure, go on about the wall between church and state, or that it is the ad network and not blog, but there is a reason some of the larger corporations occasionally go on media buying sprees. I'm not sure that it is strictly impossible to be financially dependent on others and maintain a completely independent voice, but I can't think of an example.

It is a suboptimal situation. I get that publishers are ending up with horrible tradeoffs. At the same time, if faced with a close friend who has ebola, I'm going to be incredibly sympathetic while also keeping quarantine.

I also heard another complaint about my approach, which was that if I avoid sites like Forbes, why do I still need an ad blocker? And of course, the answer is that I rarely bump in to things or stumble, but still like guardrails on steps.


> It will be come a You problem when these sites cease to exist because they have no money. No, we're not anywhere near that stage yet, but that doesn't mean we can't talk about it.

At this point I'm willing to take the risk of there being less content on the web.


Then you are precisely who Forbes is targeting to keep content away from.


So can we reverse the ban on discussing site paywalls already, and stop putting posts from Forbes.com on HN?


Nope, because this site is more than just you and your views.


Here's an idea: Maybe they should try and find cheaper hosting[0] and solutions, rather than getting the reader to foot the bill for their (generally) crappy technical decisions.

[0]: I generally suggest nearlyfreespeech.net


Yeah, there's plenty of sneaky ways to host for dirt cheap. OVH, DigitalOcean and CloudFlare have really worked wonders for me. The hosting isn't usually the expense here though - it's reporters, photographers, etc. How do you pay that many people's salaries?

Answer is probably that you don't - these companies will probably fail and other companies that can get away with cheap hosting and staffing will hack together comparable things using amateurish content.

I'm fine with it. I just want them to die already so that alternatives will spring up more readily.


I like NFSN's approach, and they're cheap enough for small sites, but their hosting is incredibly expensive at any kind of scale. ($0.25/GB traffic, $1.00/GB/mo storage, plus various other miscellaneous fees.)


Who says that this will be a problem? We'll just start paying for content.


Is that true? Google made tons of money from ads that weren't even images, just text. If you really need data about the reader, the site can cooperate to send this stuff back. I see no excuse for allowing the ad buyer to provide anything besides text and images. Allowing third parties to embed code in your pages is completely irresponsible.


True, but also by tracking the hell out of their users.


Seems to work for the print industry.


What print industry?


The print industry doesn't have to contend with Facebook ads that know every piece of demographic data about the reader looking at them.


The one that's dying these days?


People are making money off billboards just fine.


I'm willing enough to tolerate a moderate amount of ads on the page. This malware issue is a real problem though - I wouldn't know if an ad infected me with malware until it's already a big problem to deal with, possibly even including a ransomware infection. The only safe option is to block 'em all everywhere.


Simply make the ad networks liable for the damage caused by malware they distribute - this would solve the worst problems caused by ad networks.


Even Google ads contained malware recently.


Since adsense is automatic, malware does sneak in from time to time. Typically, within a few hours and after a few reports it's fixed. That said, it's a long time since i 've had any complaints about malware / popups using adsense so presumably they have improved.



I'm willing to compromise on web advertising, but not while this is possible. I don't understand why on Earth ad networks, and more importantly content publishers, allow arbitrary Javascript and Flash through their networks and onto their websites. You as a content publisher are not allowed to compromise your users' security, full stop. You are responsible for any compromises that come through your website. Until content publishers get that through their thick fucking skulls, I will continue to use an ad blocker and strongly recommend them to everyone I know. I would rather all ad-supported businesses fail than allow this malware to continue be distributed.


Google is largely responsible for the situation we're now in. As the largest provider of ads on the web, they regularly turn a blind eye to malware advertising served by their network.

They simply do not take malware seriously. They continually let it exist on their ad network. As a publisher that uses Adsense I find this extremely frustrating. As example: I've spent quite a bit of time attempting to block ads that lead to the "ask.com toolbar." These are always deceptive. They confuse my visitors and then I hear about it.

Additionally ads where the only text is "Download Now" or "Read Your Private Messages" are clearly deceptive. And yet they're allowed.

There are so many easy ways Google could improve the situation. And yet, they don't. This is a serious problem, and it is only going to get worse until Google responds appropriately.


The problem isn't Google or DoubleClick; it's a structural problem with the ad industry.

Most sites that serve ads can't sell all their inventory directly, so they fill their remaining impressions with ad networks, who sell bulk inventory space. Those ad networks have the same economic limitations from selling all their inventory, so they need to sell _their_ remaining impressions to another network. And so on down the line.

All it takes is for one ad network to get a little loose with their serving policy for a malware provider to make an in. And I can't think of a way for an upstream ad network (or even DoubleClick) to ban malware, without tracking down that errant provider. You can't blacklist a domain, because usually the ad network hosts the ad itself. And like it or not, ads have to run Javascript or Flash.

It's a crappy situation to be in, but it's not any one actor's fault (except for the malware advertiser), and the fix isn't easy or else someone would have thought of it.


> And like it or not, ads have to run Javascript or Flash.

They certainly don't need to run whatever arbitrary scripts the advertiser wants. The advertising network can provide whatever functionality the advertiser needs, there's no reason to leave this obvious hole open. The idea that I can pay someone some cash to put whatever arbitrary JS I want directly into Forbes's website is utterly ludicrous.


Then ads should be bucketed as such... Ads that are a link, and an image can be automated, or changed via the end user without intervention.

Ads with JS, require going through automated testing (certain things like new Function, and eval are not allowed, along with `window[`, as well as creating a script tag, XHR, and some other bits... No remote content loading, beyond images, period... all content for an ad must be in a self-contained file, and can only exit via a window.goto that the ad-network injects for the purpose... A whitelisted subset of DOM interaction is all that is allowed, and the total payload of an advert must be under ???kb, something reasonable.

Flash ads requiring a source inspection...

All ads served from the network directly, not loading js/html/css or anything outside their network...

It's easy enough to do this, and pass the cost of inspecting JS and Flash ads onto the customers... they can decide if they really need it. It becomes part of the cost of doing business... Banning interstitial ads, and those that take up more than half the screen.


Why do they need to run a script? Why can't ads just be a static image?


They have no incentive to improve because you continue to display their ads and do their work for them.


They absolutely do have an incentive to improve. Every time someone is deceived by an ad, or encounters malware via their ad network, that person is more motivated to install an adblocker and to tell their friends to install adblockers.


Because it may not be obvious, this article is from early January. A number of different sites reported on these incidents back when they happened. Here are a few examples:

http://www.engadget.com/2016/01/08/you-say-advertising-i-say...

http://www.extremetech.com/internet/220696-forbes-forces-rea...

http://www.networkworld.com/article/3021113/security/forbes-...


Was wondering if it was happening again or what the deal was. Just a months old article popping up again for some reason.


And as xori points out, they are all examples of irresponsible clickbait journalism.

https://news.ycombinator.com/item?id=11455718


My $0.02

Publishers should look to Stack Overflow and be inspired to run ads of high quality and relevance[0].

Throw out the ad networks, tracking, and reject rich media ads. Instead focus on high value ads that align well with your readership and manually verify the quality of these ads. If publishers do this I am willing to turn of my ad blocker.

0: https://blog.stackoverflow.com/2016/02/why-stack-overflow-do...


Publishers want to make more money than Stack Overflow. That's basically why.


This is why I use an adblocker blocker blocker (https://github.com/reek/anti-adblock-killer/).


Seems to me this functionality could be wrapped up in a web proxy. The proxy can pretend to allow all the ads, and simply drop them on the way to clients. Of course this doesn't deal with the issue of ads soaking up a bunch of bandwidth.

I get tired of installing ad blockers on every machine/device in the house, and on some machines use multiple different browsers -- I'm suffering from blocker installation fatigue.


> I get tired of installing ad blockers on every machine/device in the house, and on some machines use multiple different browsers -- I'm suffering from blocker installation fatigue.

If you run dnsmasq, you can block [1] a lot of ads for your entire house at once through DNS.

1: https://www.debian-administration.org/article/535/Blocking_a...


There's also Pi Hole, which you setup on a raspberry pi. Which is nice because you can leave it on all day. Where as at night when I shut down my desktop but might be using my phone or a tablet.

https://pi-hole.net/


This looks awesome, but is there a way to bypass this from the browser? Occasionally, I give in and disable ad block if I really want to see something.


Thanks for the link.


>The proxy can pretend to allow all the ads, and simply drop them on the way to clients.

Look into setting up a Squid node for your home network and run adblock in the ACL rules.


For anyone using uBlock Origin, you can enable this in 3rd-party filters.


I believe it still requires a Tampermonkey script in addition to the filter list to properly function. I'm not sure how I feel about having to use a Tampermonkey script for it (I currently don't use either the filter list or the script, I rely on uBlock Origin's built in functionality instead (see below)).

It's also worth noting that uBlock Origin has a separate redirection framework which includes certain anti-anti-adblock capabilities. uBlock Origin also recently introduced an overlay buster[1] which can work as a generic filter to block the kinds of overlays that the anti-adblockers show.

[1] https://github.com/gorhill/uBlock/commit/ff8f0eb7a9c39e8941f...


This is a silly arms race. I can't wait until sites start employing adblocker blocker blocker... blockers.


Pretty sure they didn't actually serve malware and that news sites just made the click-bait title for clicks.

http://www.ghettoforensics.com/2016/03/of-malware-and-adware...


I understand everyone's frustration around this issue, I hate site that block adblocker users as well. However, this article is an example of unethical journalism.

TL;DR

Article says "Well, how about they start treating their ad inventory with at least a percentage of the care with which they treat their content?"

The researcher who discovered the issue says "Forbes almost immediately reached out and we started a dialog. We shared logs, events, and descriptions of the ad."

In contrast, when the researcher reached out the correct the Engadget article that started this and quoted him, he got no response.


Yea, the Tech Dirt article is suggests a bunch of nefarious stuff, but doesn't actually state anything unambiguously.


I remember thinking this was suspicious. I remember about three months ago I added a bunch of known malware sites to my hostfile so that I wouldn't give them traffic, and I couldn't get to Forbes.

Funny, too, because I don't even use Ad-block.


Those sites that serve up malware scripts and call them ads, perhaps ad-blockers should rebrand and start calling themselves malware-blockers?


Wow, the language, "hold their content hostage". I hate ads probably more than most[1], but still, if Forbes doesn't want to give up their articles without fair compensation, that's their prerogative. They're not taking hostages.

--

[1] https://news.ycombinator.com/item?id=10939083


Uh...'fair compensation' is not installing malware. I don't think that's ever fair.


I didn't say it was. I thought that was implied when I said I hated ads. But the language of holding your own writings "hostage" because you don't want to give them up without some kind of compensation is just absurd.

I wish Forbes just was honest and went full paywall. I wish everyone did this.


I noticed there are a lot more sites that can detect Ad Blockers. They hassle you about disabling the blocker.

Why not just make the ad inline into the content of the page. It would speed up the site as you would not have to make all the extra connections to these ad networks via thirdparty javascript.


Ad networks don't want to trust publishers to accurately report page hits with inline images, they also would presumably like to be able to track users and serve up "tailored" ads, which they can't really do if they don't get any information on the user before serving the ad.


I'm not sure why one of these big sites haven't been hit with a class action lawsuit... the website is responsible for the content it delivers... period. Especially when they force users to disable their ad blockers.

It seems to me, that someone who got an $xxx ransomware, or paid the nerd herd to remove malware from their computers could be the base of a class action lawsuit... That's what it will take to get this crap to change is to actually hold one of these larger media sites responsible.


Agreed. If Forbes is serving malware to visitors who have complied with its instruction to turn off their adblockers, and if those visitors suffer damages due to malware served through Forbes, you'd think there's the basis for at least individual suits against Forbes, maybe class action.

One argument is that Forbes has a duty of care and the ability to prevent serving damaging malware to its compliant invitees (visitors). They're in breach of that duty, so maybe damages for negligence?


So what's wrong with image-only ads? Why do we have to let advertisers inject their own JS into a web page?


What bothers me in the ad blocker debate is that publishers want me to turn it off so I can see the ads.

Not click on them, just see them. Even though I never click on any ads, they still consider it valuable to subliminally influence me into wanting stuff I don't want.

To me, this is even shittier than forcing me to click on an ad before giving me the content. But to also serve me malware... is beyond shitty, it's dangerous.

Content is cheap these days. There's too much of it out there, high quality and free. In fact, I wouldn't mind if there were less content produced on the Internet.

I know that the content that is really valuable will still stay and all the bullshit that needs ads to stay afloat will disappear.

Forbes with malware? No, thanks.

For me the rule of thumb is this - if you need me to turn off my ad blocker, then I don't need your content.


I use Steven Blacks hosts script[1] and every time I see Forbes paywall, I just leave. If the article is that important, some other outlet will cover the news.

[1] - https://github.com/StevenBlack/hosts


I knew about someonewhocares, but this is appears to aggregate that plus several others. Thank you for the tip!


I run both AdBlock and Ghostery. I experienced the same interstitial as every one, was particularly interested in the article headline, disabled AdBlock, reloaded the page, still blocked, disabled Ghostery, reload the page, worked.

Ghostery disabled, it initially reported that about 60 trackers loaded in the page which then quickly turned to 97 to then reach more than 110 trackers.

I highly recommend installing Ghostery.

https://twitter.com/teapot/status/707016161234276352 https://twitter.com/teapot/status/707016382286680066


Why use a blocker by a company that sells user statistics?[1] Seriously wondering, since uBlock provides virtually the same and more.

[1] https://en.wikipedia.org/wiki/Ghostery#Business_model


I'll give uBlock a try!

I am aware of Ghostery's business model and I am not against businesses selling metrics and/or ads in general. I think there should be consequences for companies that do not have the best interests for the users.


Forbes' "Please turn off your adblocker" interstitial is a great reminder not to read Forbes' clickbait bullshit pseudo-journalism.


as opposed to this article's clickbait bullshit pseudo-journalism?

https://news.ycombinator.com/item?id=11455718


Yesterday I tried to read a Forbes article on my mobile. It presented me with the banner asking me to turn ad-blocker off (which I haven't installed). I reloaded the page and was faced with pop-ups claiming I had won free Amazon products.


If you're interested in mobile ad blocking (if you're concerned about the security of your mobile device, you should be), uBlock Origin works very well in Firefox for Android. I strongly recommend you install it before your device is compromised.


Or on iOS Purify, which was made by the developer of uBlock, Chris Aljoudi:

https://www.purify-app.com/


Apart from the security aspects (and Forbes' responsibility therein), I'd like to say something about an argument I hear often in this context: That without payment via advertising, the "quality content"-writers won't have a reason to produce more quality content and it will dry up (or something; the actual consequences are often left to the imagination).

Consider clickbait.

Consider listicles, blogspam, the "you'll never guess X these celebrities Y", reposts of photos of cool-seeming-yet-utterly-impractical things to do with food/furniture/clothing/lifestyle/health/etc. At some point you probably helped clean out a friends' Windows laptop, tried to Google whether some process or application is useful or safe to remove--yeah those sites. I can't list all the types and categories, there's hundreds.

The only reason trash like this even exists, the only way this unfathomable high-volume fire-hose of vapidity is made possible, is because of these advertising networks.

This is what the vast majority of all those advertising dollars buys us.

Who is more likely to stop producing content if advertising revenue disappears? The high-volume low-effort clickbait-linkspam writers, or the "quality content" writers that actually care about the things they write about?

I'm convinced that if the online advertising industry were to collapse some day (I can hope, but I doubt it'll happen), it will be a net-positive for ALL the content online. Not just because an Internet without advertisement is just so much nicer, but also because the clickbait writers will be the first to stop producing "content", because unlike the quality writers that care, there will be exactly zero reason for them to continue producing informational landfill.


I block all ads globally. Until this "different model" becomes prevalent I'm not budging. The argument that there are websites that can't operate without ads is valid, but there is no websites that __actually__ need ads that would be willing to wall users of ad blockers. Sites like YouTube could never implement such a wall without significant loss of revenue.


Forbes is truly terrible at this. I tried to read something there, had to disable my ad blocker and ghostery. After refreshing, ghostery counted 40+ trackers on the site.

https://www.ghostery.com/ - I recommend it


How is this not a violation of the CFAA? Why isn't Forbes being held responsible and prosecuted? So if I go and access one file whose name is not public on Forbes' website, I'm looking at least at 5-10 years in jail but Forbes can infect millions and they get off scott free. The problem isn't ad blockers, the problem is the ad networks. They are criminal and should be held responsible. They should be shut down like any other spam network. They should be made to pay. And anyone who uses these criminal networks to infect computers is an accomplice and should be treated so.

At the very least, the people who are anti ad blockers will hopefully shut the fuck up now because they're wrong and it's not a matter of opinion.


The other day on Forbes site I clicked political article title in "relevant articles" section just to be directed to penis enlargement web-site w/ popups & malware. Interestingly the political article was definitely relevant not to the article I read, but to my region. Checked back and found that this "relevant" section is actually some 3rd party content exchange widget that masks malware links under popular keywords and titles relevant to a reader region where all titles lead to a malware web-sites.


If Forbes set a minimum price for their ad backfill inventory (the shitty ad inventory they fill with low quality ads), could it economically not make sense to the networks to fill that space with malware ads?


Unfortunately I think you have it backwards.

Malware ads are being displayed because they are winning the auctions. That's because - on a CPM basis - malware authors are probably the ones who will always be able to pay the most. A successfully infected machine is worth a good chunk of change.

Ad networks are uniquely suited to malware delivery. Have an exploit which only works for OS X users? Don't bid on the windows users.


You don't want me as a reader and I don't want to read your ads, including the ad about turning off my ad blocker. But the search engine I use sent me to your site and it doesn't let me filter out sites with ads. I wish it did. Obviously Google is never going to do it since they're the ones selling ads. I had hopes for duckduckgo but they're showing more and more ads. What I'm saying is, we need a search engine that excludes sites with ads.


Apart from this, i have given up on Forbes because they keep almost all content in multiple pages with no option to load in a single page(at least on mobile).


Maybe we need to hold websites accountable for the ads that are served through them. Maybe once they are sued a few times, they will take this seriously.


Wasn't there a report like this about Forbes and malware a few months ago? Have they responded in press? (Hopefully on Medium so I can read it.)


As far as I've seen, content publishers' response to being caught distributing malware is to say "It's the ad network's fault! We'll work with them to clean it up." They never name the ad network and no changes will be implemented. The only way to protect yourself is to install an ad blocker.


  C: Excuse me?  Are you the produce manager?
  M: Yes, that's me.
  C: Oh, good.  Yesterday, I bought a banana here.
     When I got it home, I discovered there was a bomb in it.
  M: I'm only the produce manager.  I don't deal with bombs.
  C: But the bomb was *in* the banana.
  M: How was it?
  C: How was what?
  M: The banana.  Not bruised or overripe or anything?
  C: No, the banana was fine.  It was a perfectly normal banana.
     ...with a bomb in it.
  M: Ah, good.  Another satisfied customer.
  C: I am *not* satisfied!  I could have been killed!
  M: Were you?
  C: Obviously not!
  M: So what's the problem?
  C: There was a bomb in my banana!
  M: Well, we just sell the bananas as we get them, from the banana-modifying company.
  C: Why can't you just get your bananas direct from the plantation?
     Why can't I get an unaltered, unmodified banana--without any bombs in it?
  M: Excuse me, sir or madam, but this is a *business*.
     How do you expect us to pay our employees with a store full of unmodified bananas?
  C: [facepalm]


Or not use the site. :P


I think this is reporting on the same incident. The comments on the article are dated from early January.


You know, this is why my dad's computer is riddled with malware every single time I go over to his place. No new apps were installed, he doesn't even know how. But he does browse the web.

First thing I'm doing when I get over there is install the most restrictive ad blocker I can find.


Business opportunity:

Browser extension that gets all the articles, post-processes to strip the ads and serves the content when user asks for the same article url. I'd pay $9.99 for it. If the publishers won't get on board a unified subscription service, let's just go around them.


Pretty flagrant copyright violation. However something like this idea is what Brendan Eich is currently working on with Brave.


Simple fix: https://github.com/Mechazawa/FuckFuckAdblock I don't know why more people use this. It simply blocks sites from taking you hostage


I'll just take this opportunity to plug the Forbes™ Splash Screen Bypass Chrome extension.

It's not my extension, and I don't know the nitty gritty details of how it works, but I do know it stops that horrible Forbes splash screen from popping up.


This is why I block all ads, all the time. No exception. There are no "good" ads.


Same. Ads aren't good for anybody's health.


And that's why I use a nice helpful userscript that aims to work around these things: https://github.com/adsbypasser/adsbypasser


This article is true, but it's from January. Why is it at the top of the heap now?


Seems simple enough, sue Forbes.


So far pi-hole[1] network based ad-blocker has proven to be the best use of the Raspberry Pi i bought and didn't know what to do with it.

[1] https://pi-hole.net/


Seems interesting. What is the performance/latency penalty?


Performance seems fine (on a Pi 2). I am going to have to add some URLs to the whitelist though, as it has recently started affecting the ability to log into Xbox Live.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: