Hacker News new | past | comments | ask | show | jobs | submit login
AdNauseam Banned from the Google Web Store (adnauseam.io)
345 points by yuvadam on Jan 5, 2017 | hide | past | web | favorite | 329 comments

At the risk of downvotes: Is anyone really surprised?

AdNauseam is silently clicking ads. This directly costs Google money. Google happens to control the extension web store for their own browser. Removing it from the store really isn't that bad. Uninstalling it from existing browsers as malware? A little more malicious, but I would still consider it self defense.

There is even a method to install it directly[1] which AFAIK Google has not blocked.

Granted, if Google were not both running the browser and the ad network, these actions probably wouldn't have been taken. But the whole attitude that this is some sort of tyrannical thing is a little over the top.

1. https://github.com/dhowe/AdNauseam/wiki/Install-AdNauseam-on...

> But the whole attitude that this is some sort of tyrannical thing is a little over the top.

This is the exact sort of thing anti-monopoly laws are intended to work against: that a major market force in one market uses that power to intrude or support itself in another market. Since Google Chrome undoubtedly has a sufficiently large market share that this may be a concern and the removal of this extension certainly affects the advertisement market, this seems like a very dangerous move for Google.

Yes, it may be considered “self-defense” but is the cost incurred really so large that they want to risk another lawsuit?

> This is the exact sort of thing anti-monopoly laws are intended to work against: that a major market force in one market uses that power to intrude or support itself in another market.

That's actually not true. There's some case law about that sort of thing (the Microsoft antitrust case being the most famous), but the basis for anti trust law has always been about price efficiency, not protection of competition for competition's sake (c.f. the Microsoft breakup was overturned), nor consumer benefit.

The case against Standard Oil was pretty explicitly because of anticompetitive behaviour, not price inefficiency.

The anti-competitive behavior was creating price inefficiency. Standard Oil owned almost the entire refinery market, and they were colluding with railroads so they effectively owned distribution. This vertical alignment meant they could effectively set whatever price they wanted because there was no other game in town.

But this isn't a case of two different markets...Google makes no money off of Chrome. They make money off of advertising. The bottom line of Chrome is that it is just there to view advertising. The better they can make it, the more it will be used, and the more advertising will be viewed (hopefully Google's)

Microsoft wasn't making any money off of IE in 2001's US vs. Microsoft.

It was defaulting to Yahoo who was paying them. Also their browser was mandatory, not optional. You don't need to use Chrome.

I switched to FireFox long ago.

Google Assist (enterprise support and management for Chrome) makes a bunch of money.

People should still be giving Google shit for decisions like that, even if they're not surprised.

If you look at it as the extension performs fraud, then what Google did is completely defensible. And I feel that it does. You may not feel that way exactly, but it's certainly justifiable that the extensions actions defraud the ad network.

Defraud: illegally obtain money from (someone) by deception.

That does not describe the situation in the least. AdNauseum is more akin mailing junk back to junk mailers using their paid postage. You show me an ad, which I did not ask to see? Fine, I'll click it, automatically. Enjoy.

Fraud? If a user wants to automate his browser to click all ads encountered as he surfs, that's fraud?

Yes? I'm honestly not sure how you could think otherwise. This is a clickbot just like any other.

In te Netherlands, we have stickers that we cab place on our real-life mailboxes: "No ads. No unspecified recipient." The advertisers (mailmen) are not allowed to ignore this sticker.

Am I stealing money from advertisers?

There is no such rule for online adverts. So what is a parent to do?

By blocking them and obfuscating through clicking I am protecting my own sanity, and that of my children. This is my "No/No" sticker.

> In te Netherlands, we have stickers that we cab place on our real-life mailboxes: "No ads. No unspecified recipient." The advertisers (mailmen) are not allowed to ignore this sticker.

Wow, that's actually kind of amazing. I wish we had that in the US...

I have such sticker but not anyone is actually following that. It helps to shout at ad mailmen sometimes when I notice them. I'm much more irritated over political junk mail.

You could call the Advertisement Code Commission. See: https://www.rijksoverheid.nl/onderwerpen/bescherming-van-con...

Sorry for my lack of knowledge about this, but are "ad mailmen" a specific thing in the Netherlands? In the U.S., junk ads just come in the regular mail.

If it is like in France (we have the same regulations) then you have two kind of junk mail :the one addressed to you (because they have your mail status, supposedly because you have it to them and agreed to get mail spam) and anonymous one (from supermarkets for instance, with their promotions or sales) which are delivered by someone payed by them. The stickers work for the latter (which is maybe 70% of the volume)

It's arguable. Fraud generally requires intent to result in financial or personal gain. There's no gain here for the user. There's gain for the advertising company at the expense of the company purchasing the advertisements.

But the advertising company is supposed to well-qualify their targets, right? It's on them for serving and charging for advertisements to people who don't want them or will 'click them' regardless of content.

I'm not a lawyer, but according to this definition the fraud perpetrator need not gain, only cause injury to the fraud victim:

"A false representation of a matter of fact—whether by words or by conduct, by false or misleading allegations, or by concealment of what should have been disclosed—that deceives and is intended to deceive another so that the individual will act upon it to her or his legal injury."


If we take that definition, what is misleading? Users are presented with something asking them to click and then they just automate the clicking. They aren't attempting deceit through their actions.

Now, if the advertiser knows that people are clicking things through a script, and has some clause with their agreement with the company that says 'We won't charge you when this happens' but charges them anyway, that would be deceit. But it'd be on the part of the advertiser to the company buying the advertisements.

> They aren't attempting deceit through their actions.

You don't think so? Isn't the whole point of this extension to try and trick advertisers into paying for non-existent user engagement?

But the user never makes any kind of claim or promise that their advert clicking represents real user engagement.

It's up to the advertiser to accurately classify user behaviour, and the user has no responsibility to make that easy for them.

There is gain for the user, in the respect that they receive the service of their privacy being protected

Who is the user defrauding? If they're not the site running the ads, they have no business relationship with the ad company, so the ad company really can't reasonably demand of them to only click certain ads.

Yes, you don't sign any agreement to see or click on ads. Clicking them is in no way fraudulent, just standard behavior.

I often click ads with no intention of buying... just to redistribute money around to Google and website owners.

I'm pretty sure that, in the USA, choosing to click ads would be protected under the first amendment.

You'd be wrong. Many people, even Americans, don't really understand that freedom of speech doesn't mean you can do and say anything you want regardless of the context or consequences.

I suspect the comment is a frustrated response to American courts declaring that all kinds of weird things are somehow protected as "speech", not an unironic endorsement of the practice.

Has a US government agency tried to stop anyone clicking ads?

Yes. The intent is what's important to me. If it were an extension, like in the 90's when everyone was on dial-up, that pre-loaded links, and some of those links happened to be ads then that's one thing. The goal of that extension is to load pages faster since they've already been downloaded. That's not fraud. This extension clearly understands that links are ads and that clicking them will cost the advertiser money with no benefit to them. And then clicks them. That's what makes it fraud.

That's not how fraud works.

How is that not how fraud works. The extension practically bills itself as a form of protest intended to devalue an ad for an advertiser by acting in an intentionally deceptive manner.

It is generally understood and indeed reasonable to assume that in order for most users to click an ad they must first see it. This extension intentionally violates that in order to deceive that same advertiser.

Fraud is a poor word choice, because it is a legal term. There must be a better word out there.

Attorney here! (But not your attorney and not giving legal advice -- seek qualified counsel in your state if you need assistance.)

Sending automated clicks to ads arguably meets all the elements of common-law fraud:

(1) A false representation of fact (that the user clicked on the ad);

(2) Knowledge of the falsity (by the user installing and using the extension);

(3) Intent to deceive the party by making the false representation (that is the extension's stated purpose!);

(4) Reasonable reliance by the innocent party (by believing the "click" was real and intended);

(5) Actual loss suffered (by paying the owner/operator of the page containing the ad)

In my view, therefore, "fraud" is an applicable term.

You're missing a few elements. One of which is, "the injured party’s right to rely thereon"[0] (unless that's what you mean by #4 above).

"A party does not have a right to rely on a representation if she is aware the representation is false, not enforceable, or not made to her."

It's clearly arguable that the ad network knows that a browser is able to click on an ad in an automated fashion. Thus, they do not have a right to rely on that representation, as it is not enforceable.

[0] - http://www.mitchell-attorneys.com/legal-articles/common-law-...

Knowing that it is possible for a representation to be falsified (what you describe the ad network as knowing) is very far from knowing that it is false (the branch of the standard you appear to be appealing to argue a lack of right-to-rely.) So, I don't think the argument, as you've made it, is convincing.

As far as (1).... making a web request is NOT a user saying they clicked an ad. That is an inference that the website owner is making, not a statement the user is making. The user never agreed to that.

This would be like if you are a dairy farmer and you notice people who buy cookies usually buy milk, so to make things simple you make an agreement to pay a store 25 cents for every cookie they sell (because you want to incentivize them to sell more cookies and therefore more milk). You couldn't then accuse a customer of fraud when they buy cookies but not milk. They never agreed to always buy milk when they buy cookies, that was just an assumption you made.

> making a web request is NOT a user saying they clicked an ad.

Whatever the merits of that argument might be in the general case, using an extension which expressly advertises its function to include falsifying clicks to mislead ad networks makes it hard to make the argument in that context.

Right, but just because I know the inference that a 3rd party is making, am I under some responsibility to not change my behavior? I don't think I have some legal or moral responsibility to not troll someone watching me.

Since the packets are being sent to your computer, I consider the situation analogous to a someone coming to your home and then you replying to them with bogus information. Maybe that still fits this definition of fraud, in which case I would say I don't believe such fraud should be legally suable. I think the users property rights of their computer trumps the advertiser's complaint about fraud.

The distinction is automation versus manual process. If you manually reply with bogus information, then your illustration works. When you automate the process, there's no intervention on your part. Ad blocking is fine with me, but when you intentionally click on ads in an automated way, this becomes click fraud. There's a certain level of click fraud that is tolerated by Google, but AdNaseum takes it too far IMO.

You're joking right? You obviously never automated bogus reply on the phone answering machine for one or the other reason. If you don't pick a phone at home and answering machine takes it, are you comiting a fraud because it is automated and telling everyone that you're not home.

The intervention on my part is writing/compiling/installing/actively using the automation.

You could make that argument for any bot, but in the eyes of Google or myself, I see it as click fraud. I think Google made the right choice here. If you disagree with surveillance and want privacy, there are other tools available such as Ghostery and µBlock. They provide what you want without being retaliatory.

When I manually click an ad for a political candidate or party that I despise, am I committing fraud?

(Not saying that I do that, of course. Entirely hypothetical.)

Seems like point 1 would not be satisfied, because you are actually clicking the ad. I suppose someone could argue that you're still deceiving them about your intent but it seems like quite a stretch.

Is this analysis independent on whether I'm the party who gets paid for the ad clicks? It makes sense to me that if I make someone sign a thing saying I get money per click, and then go ahead and simulate clicks, I'm defrauding them, but if I'm just some random guy, why's it on me to play nice with their method of detecting clicks?

> (3) Intent to deceive the party by making the false representation (that is the extension's stated purpose!);

I think you are deceiving everyone that you are indeed an attorney.

A very large part of the globe does not follow common law.

Why does Google deserve the shit for stopping people from taking money from them? I wouldn't think to give a department store shit for pressing charges against someone who smashed up a bunch of merchandise, whether or not the act was politically motivated.

I feel like we could come up with an analogy that captures more of the nuance of the issue. How'd we feel about it if Windows went around and uninstalled non-Microsoft-Office word processors, to stop competing companies taking money from the Office division?

Sure, Google wants to make money on ads and they're under no obligation to let people use their infrastructure to undermine that goal. But likewise, the people who get fucked over by Google compromising the Chrome ecosystem to defend their ad income are under no obligation to be particularly enthusiastic about it.

Google deserves shit for using market power to stop the purchasers of personal devices from running software of their choice.

If the user does something with their device Google dislikes, Google can block the user from using Google services, or if they're doing something illegal, they can go that route.

This habit of retroactively removing functionality from devices is not OK. If Google relies on a business model other people hate, perhaps they should give some thought in to doing something about that.

And users deserve shit for buying Chromecrap, then expecting Google to act in users' interests rather than its own.

Most large tech companies want to get a noose around users' necks. If you stick your head in the noose, guess what happens?

As far as I know, there are laws against smashing up a bunch of merchandise you haven't paid for, and the department store would probably press charges rather than taking advantage of the fact that they're part of a conglomerate providing medical insurance to refuse coverage to the protestors on shaky grounds.

Google's lobbyists may well be pushing for laws against "click fraud".

(I'm just guessing that's what they might call it.)

They might! The case they would have to make seems pretty shaky to me, but legislators have done some things that seem pretty ridiculous to me in the past, and I am sure there is plenty more coming.

That doesn't make acting in such blatantly bad faith until you are able to take legal action forgivable.

> We wrote Google to ask the reason for this sudden move and they responded that AdNauseam had breached the Web Store’s terms of service, stating that “An extension should have a single purpose that is clear to users…”

They deserve shit for lying.

Are you trying to relate clicking ads to smashing up merchandise?

Both actions are done with the stated intent of costing the target money. Sure, it only involves accessing URLs the public is actively encouraged to visit (in a manner intended to bring the system down) but so do many DDoS attacks...

A lot of things costing a company money are perfectly reasonable and we rightly complain if a company sabotages them. Things like leaving negative reviews/ratings, receiving refunds for defective products or shopping around to compare prices ultimately hurt someone's bottom line, so I think we can expect better from an analogy here.

I think "indiscriminately bombard ad networks with the intent of sabotaging the ad network's business" is a lot closer to my DDoS example (or smashing up a store) than "if a product proves to be disappointing, exercise my statutory right to a refund and/or tell people about it". I'd also feel Google could and probably should remove browser extensions whose distinctive feature was that they automated the process of submitting fake reviews or purchases/cancellations if they stumbled across a class of product the plugin designer disapproved of enough to want to harm the vendors' ability to continue selling it.

I don't think you can reasonably frame clicking on too many ads as an act of sabotage. It's interfering with the metrics that some people who you don't necessarily have a business relationship use to make business decisions (like paying out money), but it's not obvious to me how you're obligated to be particularly cooperative in their gathering of the metrics. The system continues to work as intended, you're just not supplying it with the data its creators would ideally hope to receive. That also seems to contrast it with a DoS attack.

I agree that Google should probably remove browser extensions that are convincingly designed to facilitate actual fraud. I'd also be on board with Google removing a browser extension that was designed by a site operator to produce artificial clicks on ads on that particular site, since now there's someone involved who probably signed a thing saying they won't produce artificial clicks.

But my point with my examples was that you can harm someone's bottom line without it being fraud or otherwise illegal, so it doesn't just follow that if you harm someone's business, you're doing the equivalent of a DoS or smashing up their merchandise.

> I don't think you can reasonably frame clicking on too many ads as an act of sabotage. It's interfering with the metrics that some people who you don't necessarily have a business relationship use to make business decisions (like paying out money), but it's not obvious to me how you're obligated to be particularly cooperative in their gathering of the metrics. The system continues to work as intended, you're just not supplying it with the data its creators would ideally hope to receive. That also seems to contrast it with a DoS attack.

Blocking an ad/tracker is being "not particularly cooperative", and fulfils the goal of not seeing ads or being tracked pretty well. The entire point of modifying an existing ad blocker to click everything, as stated by the creators is to disrupt the metrics to the point where the system doesn't continue to work as intended, and cost the indiscriminately clicked ad-purchasers an average of $1.58 per wasted PPC click, as they've taken the effort to estimate (see their FAQ).

I can't see how anyone can honestly argue that a tool whose creators openly state that its purpose is to indiscriminately "obstruct" and "resist" an industry to force it to change its business model by rendering its analytics worthless and wasting PPCers budgets isn't sabotage, irrespective of whether they agree with the desirability of the end goal.

Fundamentally I feel like sabotage involves something like me going to someone's place and destroying their equipment like in your original analogy, also I'm probably being really sneaky about it. Naturally there's a legal and moral right to me not coming over and fucking up their shit, and probably to not be sneaky in some ways.

But here, they are wasting their money because they decided that they'd pay some amount per click. That doesn't somehow confer a legal or moral obligation on me, some random third party, to behave in such a way that this is actually a good deal for them.

That whatever they measure when my browser follows an ad corresponds to some amount of human attention is a gamble they're making, and in no way comparable to the expectation that in civilized society, someone doesn't walk into your store and smashes your merchandise without being punished for it.

Next we're going to go around and fine people for leaving their TVs running without paying attention to the commercials...

> Next we're going to go around and fine people for leaving their TVs running without paying attention to the commercials...

Well that actually might happen someday. Not sure where, but some podcast on youtube was discussing almost just that. Electronics companies might strike a deal, where you have a smart tv with a camera and face recognition, where you get a good deal of channels cheaper if you watch the commercials. Also when you rent a movie via their streaming partner, you pay depending on how many eyes are watching.

Off course we all know how easy it is to game face recognition now, but in the future it might not be as Ai algos keep improving. Sadly I hate to see this day when we get to the level where most people will obediently watch the commercials because they can't pay trice the price. This kind of future seems both comical and disheartening, like someone would combine 1984 and They Live.

You could use the same "they decided to publish the URL and make it serve data... no obligation on me to behave in a way that is actually a good deal for them" line of rationalisation to justify a DDoS attempt or computer worm.

That's why the relevant criterion here is is this software written for the express purpose of fucking up their shit?, to which the answer is obviously, yes and they've said as much, and acknowledged that if you just don't want to be tracked you're better off with a proper adblocker anyway.

If you want to leave your TV running without paying attention to the commercials, regular adblockers exist and are amongst the Google Web Store's most-downloaded apps.

I don't think it's comparable, a DDoS attack is aimed at taking down a whole site, or otherwise making it inaccessible. Here the system keeps working as intended and the other side just has to deal with how the intentions turn out to be not very productive.

Can you cite any evidence that the "stated" intent of AdNauseam is to cost the target money? According to their video, the intent is to protect the user's privacy by preventing advertisers from building an accurate personal profile of the user. You may argue that this has the effect of costing the advertisers money, but just because that is a result, doesn't make it the primary goal. It's certainly not AdNauseam's fault if the advertiser's business model depends on violating user privacy.

From AdNauseum's FAQ

Indeed it is marginally safer for one to simply use a strong adblocker and protect themselves. And it is also safer to stay at home rather than to attend a protest. But safety is not the only concern. Using an adblocker does little to change the status quo. AdNauseam, and the obfuscation strategy in general, instead presents a possible avenue for collective resistance; a means of questioning and perhaps, eventually, changing the system. But this is not for everyone. If your goal is primarily self-protection, it may not be for you...

So they're aware of the fact this is worse at protecting privacy than a simple blocker, and equally unambiguous about their objectives being to change the status quo by damaging ad networks' business models. And yes, they've calculated the direct cost of some of those clicks too:

As the precise cost generated by clicks is not visible to the client, AdNauseam calculates an estimate using an average value of $1.58 for each clicked Ad.

> Both actions are done with the stated intent of costing the target money.

No it doesn't, it is to obfuscate the results about your interest and make the information they sell about you - useless. They are not giving me any money so I have no obligation to provide truthful ad clicks either.

> (in a manner intended to bring the system down) but so do many DDoS attacks...

You can't be serious, it's not comparable to DDoS attacks. It is just obfuscation, pure and simple. It is not in any way unethical either, digital surveillance that ad companies practice is on the other hand very much unethical. When I visit one website, why should dozens of third parties be able to sella and that information? When did they ask my consent? The only way to make that info useless is to have automated add-on like this, if the majority would use it, we wouldn't have as big problems of ad networks spreading malware and proving government agencies with surveillance information.

The stated intent of blocking ads is not to cost the target money.

Yes, he is. People get very sensitive (and illogical) when their income is put at stake.

No need for personal attacks. While the analogy (like all analogies) is an imperfect one, there are clearly some parallels between the two situations and I think the comparison is interesting.

It's purpose is to get you to look at things from the other side: what would you do if one of your customers was intentionally harming your business?

To pre-empt a personal attack against me: I do not make a living from advertising.

I don't hold any bad feelings towards Google for banning AdNauseam. What I do hold against them is that they are not being open and transparent with their reasons.

One of the many things about humanity- we adapt to near all circumstances no matter how bad. And we adapt fast, in 20 years from cold-war showroom equality and egality to oligarchy without borders.

Oligarchs abusing there power? Not so bad, as long as it hits somebody else backyard. Even better, if it just never makes its way into the news.

All even, the democratic powers playing the great game again, condemning every country who doesn't want to be a feudal servant and go for a "Leave me alone" nuke-stance? And after all - hey we are still here, aren't we- so its not so bad.

People vanishing every night? Guess, one can get used to that, nobody of the vanished has ever complained. And hey, dropping housing prices, finally a solution to that.

To actually get a accurate, neutral moral "measurement" you would have to take a group and enclose them in the isolate standards of the past- and then have them write about how they perceive today.

The interesting measurement question- if there is one, is what is left that those in power could do- they wouldn't get away with? That couldn't be swept under the rug, that once really tied the room together?

Google HAS to block this and prevent it from ever being run if it can, its click fraud plain and simple and they've been stung too many times with huge bills for fraud it could have prevented and didn't.

Everything that is GETtable risks being GET. Why would Google serve an ad to someone who might click it without the intention of following through with the ad? Because Google chooses who to show the ad to. So it is really Google's fault. Google created click fraud.

See how ridiculous this is?

...and, this is how search engines work, on a simple level. They request a web page then they "click" on everything and request all those other pages.

Of course, Google probably detects bots and doesn't count these clicks, but your statement that "Google created click fraud" is correct (although they weren't first) and kinda funny.

Just issuing a GET doesn't cause a somebody to be charged.

It's a process involving delivering specific tracking cookie along with the ad that should you end up clicking through to the intended destination gets tracked through either more cookies or tags in the URL.

How is that the user's problem? I don't care what the ad network does. If they are sending me links and I'm choosing to click on them, whatever happens is their own fault. I entered into no contract with this company.

Disagree. If they want to stop click fraud, they can try to do it from other than the browser end.

I'm not surprised either, and I might do the same if I were Google, but "Tyrannical" does feel like an appropriate word given they are using their multi-industry monopolies to crush threats.

No (it doesn't surprise me). I figured it would be banned at some point, it is essentially click fraud but with a (noble?) purpose. And once it reaches enough critical mass to be annoying (and by annoying I mean interfering with other analytics) it would be dealt with.

I certainly resonate with the issue of advertising getting ridiculous (and love Troy Hunt's response) but don't begrudge Google their right to not help people mess with their income stream.

It's important to separate the distinction between legal and illegal, and right versus wrong (morality). the two are sometimes correlated but they do not necessarily have to be. It's much easier to prove something legal or illegal because you just look at the laws on the books. It's like a mathematical proof. It doesn't have to be morally correct but it can still be legal.

The holdup are people confusing this click fraud with immoral. It seems to be very clearly illegal by the books, but in my opinion a moral and right thing to do

According to TFA, they are also blocking manual installs and updates.

If true, that would be a bit more disappointing. Can someone verify?

Edit: Keep in mind I'm referring to developer mode installation per the link above, not directly installing the extension package from the store or a file.

I tried earlier today in Chrome Canary in developer mode and after a short while the extension disabled itself. When I try to enable it back again the console on the Extensions page says "Unchecked runtime.lastError while running management.setEnabled: Extension kkendhmcacabobepidajpejenjinojhp cannot be modified by user."

100% assholish on google side to disable side loading for a very specific extension.

The good thing of course is that it shows that they are afraid of such an extension.

I'd imagine that if it's flagged as malware, this is correct procedure; you don't want to let users accidentally side-load malware either (too many real-world examples of people falling for "Go to this dialog, click this option, NOW click the link and it should work" attacks).

> The good thing of course is that it shows that they are afraid of such an extension.

Seriously. I'd figured they'd filter these "clicks" out easily server-side and didn't bother to install this thing, but this ban has hinted otherwise. I'll be installing it everywhere I can now.

Why such "clicks" would be easy to filter on the server side? What distinguishes them so clearly?

Well, tons of them coming from one IP address, on seemingly every site that address visits, for one thing.

"One IP address" as in "the address of the same NAT box"?

With IPv6 it could work, or maybe with the local IP address passed by the script at click time, but the latter would be trivial to forge.

Sure, but most or all ads on every page visited by a given IPV4 address surely throws up red flags, NAT notwithstanding. And all this is assuming that the extension bypasses session tracking and makes resorting to IP address necessary in the first place.

Then again maybe it doesn't, since they bothered to ban this extension. They did seemingly more-or-less give up trying to sort spam search results from low-traffic but high-value sites a few years back, so I guess they can't algorithm their way out of every abuse problem.

[EDIT] all ads on some pages visited by a given IP over some shortish span of time, I should say, in the case of NAT.

Fortunately Chromium is open source. I would hope that linux distros downstream would patch this anti-feature.

Can't you just Firefox with the extension? And then browse Google from there

Oh yeah, they are doing no evil! Probably time to switch back to Firefox.

And they're locking users out of their data.

> This directly costs Google money.

1. Does a user searching without paying not cost Google's money?

2. Does a user using Chrome for free not cost Google's money?

3. They even built Chrome to boost advertising ecosystem.

4. Is there any law or ToS said users are not allowed to use a script to click the ads automatically? Are the advertising companies going to spy on me to check if I'm using a script?

5. Advertising surveillance directly violates my online privacy. Yet, "by using our services, you are agreed to our terms and conditions"

> This directly costs Google money.

Instead of playing dirty they could accept the challenge and tweak their click-fraud algorithms.

Reminds me of the joke about Jesus and Moses playing golf.

Why get into an arms race when you control the battlefield?

You're being imprecise - it doesn't cost Google money, it is advertisers who are losing money in this case. Of course, in the long run, if clicking ads gets popular as a trend among adblocking tools, it can influence the whole industry, and Google will earn less money. This is not the same thing, though.

Few month ago we developed and launched an AI-based AdBlocker (called AdFilter) and also had several problems with Google Chrome Web Store. Almost every week they had a "strange reason" to remove our extension from the Google Chrome Web Store.

We had more than 380,000 DAU (Daily Active Users) from 36 countries with all good feedbacks on Google Chrome Web Store, but even so, Google always tried to find a way to get us delisted and sometimes removed... they called it "an automated review process that is not performed by humans".

Every time this happened we need to send several messages to all available email address to get our extension approved and listed again in 24-48 hours. After facing this kind of situation more than 12 times, we simply gave up and remembered that it's not worth trying to build a business (or App) on top 3rd party company, like Google or FB.

Meanwhile, there are blatantly illegal things on the Android app store with no touch at all from Google. (For example this Age of Empires "clone" https://play.google.com/store/apps/details?id=com.squid.ageo...)

Priorities clearly higher in killing ad blockers.

How is the game you linked to "blatantly illegal"?

Edit: I'm genuinely curious -- did they copy the actual assets from the original game, or did they just copy the style and gameplay (which would generally be legal).

Screenshots, graphical assets and soundtracks / - effects are one to one copies.

Sorry for the delayed response, but yes, they copied the original assets.

I'm surprised people still use Chrome and not Chromium. Perhaps a few devs in your situation could improve the Chromium installation flow for Windows, etc.

Google doesn't have much incentive to make it easy, but third parties (like Debian) do, and do a lot of the heavy lifting on an ongoing basis.

why are you surprised? most people don't care about stuff like this. most people don't use ad nauseum. most people don't even use ad block.

I can't even figure out how to install a stable version of Chromium. I only spent two minutes trying, but installing Chrome consists of one web search and one button click, so the difference is pretty obvious to me.

Here's a (macOS-specific) guide, unfortunately it still requires basic knowledge of the Terminal and a working installation of Ruby.


> it still requires...a working installation of Ruby.

Does OS X/macOS not still come with a bundled installation of Ruby? Or is the version it comes with too old to use with brew/brew cask?

I believe it does, but I don't usually use it; rather, I usually get Ruby Version Manager to manage one or more Ruby runtimes on my Mac. Therefore I can't vouch for it to work with brew and/or brew cask.

I thought for sure this was an exaggeration but you are absolutely correct. I couldn't find anything in two minutes either.

I have Chromium installed on a my Ubuntu desktop but I think I had to add a PPA to get it.

No PPA necessary: http://packages.ubuntu.com/yakkety/web/chromium-browser

Most of the more-or-less mainstream distros ship Chromium in their standard repos. In fact, they're more likely to ship Chromium than Chrome due to the fact that the former is FOSS and the latter is not.

Neither macOS nor Windows have such a philosophy of "prioritize the FOSS alternative", so Chrome is unsurprisingly the better-supported option there.

> Most of the more-or-less mainstream distros ship Chromium in their standard repos. In fact, they're more likely to ship Chromium than Chrome due to the fact that the former is FOSS and the latter is not.

That's actually how I first started using Chromium early in my Linux days; I didn't really know the difference between Chrome and Chromium, so I just picked the one that was easier to install. Once I finally learned the difference, I consciously made the choice to use Chromium on all of my systems, even the non-Linux ones.

It's possible to install Chrome extensions outside of the store: https://github.com/dhowe/AdNauseam/wiki/Install-AdNauseam-on...

> Earlier this week, on Jan 1st 2017, we were informed by our users that Google had banned AdNauseam from its Chrome Web Store. We’ve since learned that Google now also disallows users from manually installing and updating AdNauseam, thus locking users out of their own saved data, all with no prior notice or warning.

I'm not sure why you're quoting that? I literally just installed the plugin.

Google has blocked installing AdNauseam from the Chrome store and installing the .crx file manually.

Manually installing the developer package is completely unhampered.

Restart your browser and you will see the extension is no longer installed. This is deliberate on the part of Chrome (Firefox does this too) - It is to prevent malicious extensions from using the developer mode as a backdoor to install themselves.

On each restart, you will need to re-add the extension from source.

I've been needing to do this with the LastPass Chrome extension as well. It is rather annoying, but if you just keep the browser running it is bearable. I'll slowly switch back to Firefox though. They are adding sandboxing and swapping Gecko to a Rust-based engine. We'll see about the performance. Bottomline is, I'm done with being overly reliable on Google.

Oh, I didn't know that. I restart Chrome less than once a month :)

There's related discussion on this here: https://news.ycombinator.com/item?id=13325507

Not only is it apparently banned from the store, but also it's being removed from existing user's machines, on top of not allowing new installs.

Edit: Going to quote my thread from that discussion as this announcement confirms they were banned over the single use policy...

> Other ad blockers "block ads" and "block annoying eu cookie notices". Should they be removed?

> I just visited the Chrome store and chose the first extension: https://chrome.google.com/webstore/detail/office-online/ndjp.... It makes word documents AND spreadsheets?!

> Hopefully you can see where I'm going... whatever's written in the policy is difficult to enforce literally. Someone has to make the distinction based upon the intent of that policy. A person has to draw the line. If Google have made the decision based on that policy, well that's their decision.

> Reading https://developer.chrome.com/extensions/single_purpose (part 4) makes me thinking "disrupting ad networks" could be that single purpose. Then it'd cover blocking & clicking. Just like "Office Online"'s "edit office documents" covering both "word processing" and "spreadsheets".

Hey man, I think your discussion points finally reached the real reason why "single use policy" applies differently for Office Online than it does to AdNauseum. AdNauseam team are intelligent and they probably realize it as well. In their self-description:

> AdNauseam, a not-for-profit, research-based privacy tool, hides and clicks every tracking ad that it identifies in order to resist the opaque collection, analysis and monetization of private user data, and to challenge the intrusive and unethical business model that currently dominates the web.

Ital. gives you the justification Google could use to block the product. "Disrupting Ad Networks" is the single purpose, but while "Ad Blockers" are a simple nuisance to Ad Networks and 3rd party revenue streams, "Ad Obfuscators" poses a threat to affiliate marketers and resellers who may interact through Google's channels.

(In my opinion.....) Is AdNauseum justified in their work? ABSOLUTELY YES. But there are other hands at play. This also explains why Google is working so hard to block updating or new installs of it.

It's pretty simple: this has to be wreaking havoc with Adsense - depleting ad budgets, artificially inflating CTRs, and giving website owners revenue they didn't earn. This extension also exposes website owners to unfair Adsense bans for generating high numbers of invalid clicks, which can cost them two months of revenue that is almost always withheld when Google bans a site. So by using this you could be costing someone (your favorite blogger etc.) their livelihood.

If you are going to block ads, block them. Don't click on them.

Neither you nor Google has any right, morally or legally, to tell me what to do with the content that Google willingly served to my personal property (my computer). Once those electrons cross that boundry from <Google's property> to <my property> they lose any and all control (although of course in reality they try their damnedest to retain it).

If Google wants to wholesale block all IPs that cause them a problem with click fraud that's their prerogative, but manipulating the electrons that very safely reside within my own private property and then turning around and continuing to serve me ads is something straight out of a Dickens novel and I shudder to think of what happens after the second chapter.

Of course you can do anything you want. I'm just telling you the potential repercussions, which include destroying someone else's livelihood. If you are OK with that, fire away. But if everyone did the horrible/harsh things that they are legally entitled to do in this world, we would be in a very bad place.

If your income stream relies on millions of random internet strangers gracefully letting your code live rent free on their own personal devices then you have nobody to blame but yourself. That is assuming that sending GET requests to a public internet endpoint is a "horrible/harsh" thing to do...

Right, just like a DDoS attack is just "sending get requests to a public internet endpoint".

Were there really enough people using this to cause such an impact?

If someone creates a plugin with the stated goal of screwing up your clients' analytics to discourage them from paying you, do you really wait for it to work before you remove it from your platform?

I don't know, but I certainly wouldn't want to be a favorite site of even one AdNauseum user. Adsense is very sensitive to stuff like this, especially in higher CPC niches.

Why not? On the short term, you get more income from ad revenue. Who knows what the effect on the long term is going to be.

You would be banned - very fast. You would never actually receive the money since Adsense pays out on a two month delay. They are very good at identifying this type of activity and the webmaster is the one that pays the price.

Well, if that’s true, within of months, half of websites will have to search for a new ad network, and we might get a chance at less intrusive ads.

... Or, more likely, they will switch to an ad network with more obnoxious, or dangerous ads. Google, Microsoft, and their ilk are a fair bit better as ad networks then some of the less scrupulous players.

Yes, the large networks occasionally serve dangerous ads. But by far and large, they have better standards then most of the fly-by-night ad networks.

Or, even more likely, they’ll actually switch to direct negotiations with the advertisers themselves, through more open and manual brokering platforms.

This model works for buying advertising space on ESPN, or in a print magazine, but not on the internet. Economies of scale, need for targeting, the inability to force unskippable 5-minute-long streams of ads on users...

There's a reason why everybody uses ad networks.

I’ve done all this myself before – even when running a small Let’s Play site with a few friends we negotiated with publishers directly for advertising, and managed to get quite good deals.

I’m not sure why you think this is so complicated or impossible.

I've been using it for a few months and more recently took to installing it on public computers and telling anyone who would listen to use it. Just put it on my Mom's computer a day ago. I alone had it on a dozen machines or so.

There is one more now. I completely forgot to install this until I saw this story this morning.

Yeah after hearing about all of this I'm now a new happy adnauseam user! :)

How can the Adsense distinguish whether it is AdNauseum clicking or the human clicking?

They probably can't, since it's an extension and thus uses the user's browser, IP, cookies etc (Adsense does use mouse tracking and other techniques that will likely flag these clicks as suspect, requiring additional analysis). Therein lies the problem. It appears to them as if someone is going and clicking on every ad, or is using an automated headless browser to click on ads. That can easily get you banned. Google doesn't care about who is doing it, they only know that it is happening on your site, and as a result will treat your site as a threat to the Adsense network.

> (Adsense does use mouse tracking and other techniques that will likely flag these clicks as suspect, requiring additional analysis). Therein lies the problem.

Actually, Google does track all of this stuff already:


Google could decide to just ignore IPs that host users that display this behavior pattern. But yeah, it's "easier" to just ban the offending Chrome extension.

How about clicks from browsers that have this plugin installed are just not counted? That sounds simple enough.

They could certainly do that in this case, but they are probably trying to send a strong message to would-be developers of similar extensions. One is a nuissance; a thousand would be much more difficult to chase down and block.

Also, if these developers really wanted to, they could distribute it directly from their site and dynamically generate the extension, packaged with a unique identifier, for each download. This would make it effectively unblockable. So simply identifying an install of this specific extension is not a solution.

How can they tell if the browser has this plugin installed?

Let's make AdN a thing like privoxy, where it runs on the network and does all of this outside of a browser, and for all clients on the network.

The extension clicks every ad on a page. This is almost certainly extremely atypical and could be detected.

Seems like there's room for an arms race here, where you tune the extension to only click on some ads, and ultimately approximate legit user behavior as Google keeps cracking down.

No privacy/security/adblocking user should use Chrome; it's a browser made the company you block ads from and tracks you whether or not the ads are there. Use Firefox, Safari, open source chromium, MS Edge, or anything else, just not Chrome. Also a Safari extension would be very nice.

I always thought Stallman's ideas were _too_ crazy. Until I struggled with Chrome for 10 minutes trying (and failing) to install this extension in a way that wouldn't bother me. And then I realised that Chrome is dictating what can I do on _my_ computer and what I can't.

This year I will try to fix the rough edges in any FF plugins I use instead of switching back to Chrome.

https://www.gnu.org/philosophy/free-software-even-more-impor... https://www.gnu.org/philosophy/keep-control-of-your-computin...

This is why i don't use Chrome. Enough of my life is in google's hands. I believe they are already too big.

I wish for a more open smartphone ecosystem and better tools for privacy.

I use Chrome, but I don't exclusively rely on it. I always have both Google Chrome and Mozilla Firefox installed on my systems/devices.

Can I ask if there's a good way to keep bookmarks synced between Chrome and Firefox? I know about Xmarks[1] but I'm just curious if there's another way that doesn't involve storing my bookmarks on a third party.

[1] https://addons.mozilla.org/en-US/firefox/addon/xmarks-sync/

You are looking to sync bookmarks through a server you host yourself? Any other option involves a 3rd party, no?

If you don't care about sync / mobile then just use a local .html file. Maybe this could be Dropbox'd around but there's that 3rd party problem!

>You are looking to sync bookmarks through a server you host yourself?

Sure, just a way to keep bookmarks synced when I might switch systems/browsers without having to manually export-import them every time.

Everytime a Google product makes it to the front page a Google engineer chimes in. No one today?


"Company which makes its money from advertising bans automated click fraud extension from being used in its browser."

Not that I'm really surprised by Google's action, but "fraud" is a pretty strong word for what's happening, and pretty disingenuous IMO. No one's pretending to be anyone they're not.

Click fraud is a standard industry term for robot initiated clicks, which this is a case of. What this extension generates are certainly not legitimate clicks form interested users, or even unintentional clicks that happen due to various reasons (some HN readers like to blame them on dark patterns, but they're really just of a consequence of the fact that ad tech is just not that great in general).

No, it is not. It is an industry term for robot initiated clicks for the purpose of profiting, that is the "FRAUD" part, just clicking random ads is not defrauding any party to the benefit of another, it just wastes resources.

Do you think it is fraud to order a pizza to be delivered to someone else's house, because you are a vegetarian and wish to destroy the business model of meat-based pizza?

How about doing this to every pizza store you encounter that serves meat?

You're not profiting..just wasting a business's resources by misrepresenting your identity and intentions.

Either that or tracking clicks is a terrible way of keeping track of ad effectiveness, and therefore cannot rise to the definition of fraud.

What if I had a billboard with a camera that used face recognition to determine how many people looked at that billboard. Is it fraud to put on a mask to prevent my face from being detected? Is it fraud to put a bunch of faces on a poster-board and parade it in front of the billboard to confuse it?

Websites only provide information that I then can choose to render/manipulate however I want, and what I do on my application on my end with that information is my business.

Someone clicking an ad is not a) making an order or b) pretending to be someone else, which seem kinda instrumental for the fraud in your analogy. The ad didn't get served with a ToS document explaining that by clicking it, you enter into a contract or whatever. It's your decision to pay money based on ad clicks, and it doesn't somehow oblige people who have nothing to do with you to only click ads in the manner you intended.

Alright, how about an example with no orders? Let's say you think the police state is evil, and you wish to destroy it by wasting its resources. Is making automated empty 911 calls justified?

Just because you intend to use the 911 hotline as an emergency resource surely shouldn't impede my right as a phone owner from calling it in the manner you intended. It's my god-given right as a phonebook owner to call whatever numbers I see fit in whatever quantities I want to.

It doesn't even have to be 911. You can DDOS the phone lines of any business to make them less effective. Is this ethically defensible?

This analogy is still a stretch. Both are examples of DDOS which prevents legitimate requests from going through.

This is more the equivalent of replying to every piece of physical junk mail that you get using their provided self-stamped return envelopes. I think you'd be hard to pressed to argue that, while being a jerk move, you're still aren't entitled to do it.

Used to actually do this back in the day. I would send them back their offer with something like "I regret to inform you that I am not interested in your offer. Have a nice day." on the top page. I figured that going out of my way to let them know that they shouldn't expect a sale from me was simply being polite. I used their handy return envelope to send it back to them.

There were stories of people who would attach their return envelopes to heavy objects and try to send those back to them.

Maybe some day advertisers will come to understand that if their ads affect me negatively, then I will do my best to make it unprofitable for them to present them to me.

I'm not sure I am a fan of the analogy, but either way, I think we've moved away from calling it fraud so I'll accept that.

It's more like you get a call that tells: you can get a free pizza as their promotion only if you open a door. When that pizza arrives, they demand money from you and try to sneak spying equipment to your home. Saying "get the hell out of my lawn" is the only right response.

"Click Fraud" is an industry term precisely because that's what the ad networks want you to think. It's fraud when you unintentionally (automatically through a script or otherwise) click on their ads, but when they spy on you, it's not called "spying", it's called "personalised" advertisements. "Standard industry term" is just another way for the big players to justify what they are doing, in essence, a euphemism.

On their FAQ page AdNauseum reproduce the following definition of click fraud to argue they're not engaging in it:

The practice of ... clicking on an advertisement hosted on a website with the intention of ... draining revenue from the advertiser

Elsewhere on the same page they've even gone to the extent of explaining how they calculate the average revenue they think each simulated click drains from the entities they wish to "resist"

The difference is that in the classical definition, the revenue is drained from the advertiser to the click fraudster. That's an obvious and prohibited motive for traditional fraud.

In AdNauseum's implementation, the revenue is drained from the advertisers to all of the sites where those ads are hosted and where AdNauseum's users browse. Neither AdNauseum nor the users browsing the sites benefit from that revenue. Instead, the advertiser's marketing budget is slightly less effective.

This changes the behavior from an intent to profit to an intent to harm. I'm certain that they could prove in court that they do not intend to profit from this activity. But I don't know whether or not the court would classify the outcome of the activity as "resistance" or "harm".

The classical definition AdNauseum reproduced regarded it as fraud if it was to generate revenue or to drain revenue. Wikipedia uses the even more straightforward definition: "Fraud occurs when a person, automated script or computer program imitates a legitimate user of a web browser, clicking on such an ad without having actual interest in the target of the ad's link"

Regardless of what a court may decide if it ever gets involved, the term "click fraud" as its most widely used and defined certainly includes clicks aimed at causing a party to lose money as well as than clicks aimed at directly obtaining money.

Can someone explain what the point of silently clicking the ads is? Why not just block them? Does clicking the ads somehow aid in blocking or is it a way of fighting back against perceived abuses by advertisers?

It's supposed to mess up the stats and inject uncertainty into ad analysis.

They are trying to bring down the price of ads on the internet, thus making them unprofitable. I hope they succeed.

I find it a bit harsh to be so hostile towards online ads. After all, it's has been a significant source of income for innovative companies or services that couldn't exist otherwise, because users are notoriously reluctant to pay for virtual goods.

Yes, tracking and overly intrusive fullpage popups are real issues, but not all ads are inherently evil.

Not all dictators are inherently evil either, but because of the state into which a dictatorial ecosystem inevitably declines, we don't want them either.

I strongly disagree, and feel the overall utility and usability of the internet has been negatively affected by advertisements.

Companies that can't survive by selling a product or service directly probably should go out of business, IMO.

You get that companies that sell a product or service ALSO show advertisements too, don't you?

This extension only clicks tracking ads. The authors seem to primarily be upset about mass surveillance.

I'd hope that it enables do not track, and also checks for tracking cookies before clicking, but haven't looked carefully.

I can't name a single online service that is supported by ads and that I couldn't live without.

>not all ads are inherently evil.

All advertising is manipulation. Advertisers are bad and should feel bad.

I prefer classic advertisement labelled as such over subliminal manipulation like product placements or fake reviews / fake "fans" on social platforms.

And frankly, I even discovered products through ads I might have never found otherwise, even though that's not how it should be in a perfect world.

If I have a friend who I know is interested in a particular author, and I notice that that author has released a new book, is it evil for me to tell my friend?

I don't think it is. I'm connecting a producer and a consumer in both of their best interests. When the producer is the one who asks an entity like Facebook "who enjoys this author?" and advertises the new book to them, why is this evil?

People have desires, and without advertising it is very difficult to connect those people with producers who can fulfill them.

I think advertising isn't inherently evil, just some tactics used to persuade people with misinformation.

Ignoring your false equivalence:

If you already want something, then the ads are useless because the entire point of an ad is to manipulate me into buying something I didn't want to buy.

If I want to buy the book already because I am interested in the author's books then the books sell themselves without need for ads.

> I can't name a single online service that is supported by ads and that I couldn't live without.

How about search and email? All the major players are ad supported.

I run my own email service. I also find search currently very disappointing. Google, Yahoo, duckduckgo? Remember when they were several major indexes? Lycos, Altavista, etc.

Today Google actively removes things from their index at the requests of various governments and entertainment industries. We have very little choice in search, leaving much of the web unlocatable.

I don't remember Lycos/Altavista etc rendering anywhere near as much of the web (as a proportion of what existed back then) locatable, having a radical stance on copyright or having less obtrusive ads...

I vividly remember being unable to find anything useful in the first half-dozen pages on Lycos and Altavista and Yahoo and all the others, which is why Google took the entire market when they showed up with PageRank.

I am in the process of switching everything over to fastmail, which is a paid email service without ads, because I dislike the current state of the advertising industry so much. Plus, I'm now in a financial relationship where I am the customer, not the product.

I might likely do the same for a search page if such a thing existed and the price was right. Until then I use startpage or duckduckgo to (attempt to) retain some anonymity.

Serious question, but how do you feel about persuasion? Is all persuasion inherently manipulative, or are there some types of persuasion/marketing that don't cross the line and become "manipulation"?

It's a blurry line, but I believe it passes far to the left of advertising.

One dimension of that distinction is intent - are you trying to persuade me having my best interests in mind (including not applying the technique if you're not sure about the consequences)? Then I'll probably be fine with it, and consider it an act of friendship. Are you trying to exploit me by convincing me to make self-harming decisions? I'd consider this an act of malice. An attack.

Advertising of all kinds would be fine if it performed just the information function - by honestly trying to paint the whole picture and give all relevant information to enable customers to make a rational choice. As it is today, it's squarely in the malicious, abusive zone.


> essentially all of the ad supported sites I visit are diversions

So you're taking all of those services away from other people.

So, I have to waste my mobile bandwidth on ads because you want free email?

I see ads in my gmail. How exactly does that force you to see ads on your mobile bandwidth?

> [...] because users are notoriously reluctant to pay for virtual goods

Perhaps the reason for this is that virtual goods have often been for free, because of ads (?)

...because you want the sites that use ads to all go paywall?

It's impossible to block all ads and trackers, especially now that so many people load vital resources from CDNs controlled by the tracking companies. With something like AdNauseam you add noise to your actual browsing so that it makes the data about you less valuable. If everyone were to use it suddenly no one would pay for the data and since it's no longer profitable it would stop. At least, I assume that's the theory.

> especially now that so many people load vital resources from CDNs controlled by the tracking companies.

I've been noticing this trend. I have a pretty extensive hosts file and this one site I visit started displaying ads. I had to double check to make sure my hosts file was correct and it turned out that they were saving the ads from their own CDN.

The idea is to mess with advertisers' metrics. If people using ad blockers are peaceful protesters, AdNauseam is trying to riot.

Assuming they aren't detected as fraudulent, it's messing with more than metrics. The advertisers, in many cases, are paying per click.

Edit: Not making a judgement here, just clarifying that the extension is doing more than messing with metrics.

The advertisers don't mind paying for disruptive, intrusive, battery-draining, bandwidth-consuming, rich-media advertisements, so I don't mind draining their wallets.

You just said, "The sites I visit don't mind receiving money for disruptive, intrusive, battery-draining, bandwidth-consuming, rich-media advertisements, so I don't mind draining their wallets."

If there's someone who makes content you like to see, why don't you mind draining their wallet?

If there's someone who makes content I like to see, I purchase their merchandising, books, courses, assist to their events, etc., that's pretty simple.

Why support the middle man who just makes the Internet a worse place when you can directly support an author's efforts?

The advertisement business model just exists to justify the existence of low quality content.

Yeah? When was the last time you purchased a music video?

Okay, when was the last time you watched one?

You want to stand by that argument, or admit that you're talking out your butt?

It's precisely only messing with metrics, it just so happens that one of the metrics happens to be the one you agreed to use as basis for your payments. ;)

That's like harming the Pope to get back at God.

AdNauseum doesn't hurt advertising networks, it hurts publishers. When they get banned for click fraud, the network keeps the money.

If google bans legitimate publishers, then the advertisers move elsewhere.

Also, increased click fraud on tracking ads lowers their attractiveness, nudging ad revenue toward sites that serve display ads targeted to their content.

This helps funnel money to sites that produce high quality content and away from low quality sites that happen to attract users that view high quality content elsewhere.

and when networks have no publishers left, what do happen to them ?

> no publishers left

They become the publisher. In the grand scheme, this is a misguided effort that will further monopolize publishing.

So what will they publish then, fake news?

Advertising networks create profiles of users based on online activity including searches. It's called profiling. The ads you see are relevant to your interests as it is described in your profile. By randomly clicking on ads you render the profile irrelevant.

But what if you clicked on no ads at all? Doesn't that make the profile equally irrelevant?

Yes and no. If you don’t click on ads you make advertising irrelevant but they’ll still keep collecting data on your behavior. Sure in the long run if everyone stopped clicking on ads it would be game over for the whole advertising industry. But in the meantime we can wreck havoc on their tactics.

The Firefox extension review turned this up:

"If you have a YouTube channel (s) and your logged in to that channel it will get your channel suspended for Violation of TOU #4 Section H" [1]

Has anyone else confirmed this behavior on YouTube?

1. https://addons.mozilla.org/en-US/firefox/addon/adnauseam/rev...

Of course this could happen. This plugin automates clicking ads on a page, which does directly violate exactly what that section of the TOU is saying.

The users of this extension have a clear case of the "I'm allowed to poke the dog with a stick, but the dog is not allowed to bite me" mentality, so it's a complete surprise to them when it happens.

If you're not browsing youtube with the extension enabled, I'd expect that Google refrains from using that completely unrelated customer relationship to fuck you over for using an extension they don't like. It's like if the city arranged to have your publicly-managed utilities cut off because you're fighting them in court over a traffic ticket, only I guess a bit less critical.

more like "I'm allowed to defend myself from the attacking dog by using the stick." I'm not surprised they want to take my stick away, but that doesn't make Google's actions any less shady.

The dog, in this case, is protecting their property. They're not in your yard, you're in their yard. So get out of their yard if you don't like the dog.

Maybe the dog in this case is protect people's incomes, but they're not a regular guard dog in the sense of protecting from intrusion. More like they're out in public, begging for food. Oh and some of them might have rabies.

> So get out of their yard if you don't like the dog.

I would if I could!

But we are not in a yard. We are in a public area, where I was walking along minding my own business and the dog came up and started barking at me. I never wanted to interact with the dog in the first place. He intruded on my life.

There's no public space on the internet. Everything is somebody's yard.

This is Y Combinator's yard. YouTube is Google's yard. So is the Chrome Web Store.

If it's publicly available then it's public, otherwise it's just deep web requiring authentication which is not public by any means. WWW was designed to be public, if you don't believe me you could ask Tim and "World Wide Web Foundation, which seeks to ensure the web serves humanity by establishing it as a global public good and a basic right." (http://webfoundation.org/about/sir-tim-berners-lee/)

What Tim Berners-Lee aimed to do is largely irrelevant, it's how it works in practice that matters, and in real terms, it's not public space. You can be banned by the owner with no rationale, or access could be restricted behind a paywall with no notice, or content you contribute could be deleted with no notice.

The World Wide Web Foundation has no particular standing and no authority on what actually happens on the web.

Shitty metaphors are shitty. It doesn't detract from my point. I'd avoid using Google if I could, but they seem dedicated to interacting with me even when I go out of my way to avoid them. I'm not going to accept that I'm the bad guy when I try to fight back.

Since when is youtube a public area?

But the internet packets are sent to your computer, so it is your yard that the dog is throwing things at.

A friend of mine studied abroad in Cuba. There were wild dogs everywhere. One of his roommates was shocked at their treatment. She would feed them and try to pet them, until one day she was bitten.

So maybe it's OK to poke them preemptively, to keep them at a distance.

I believe there's a saying in the Caribbean: "Feel sorry fi maga dog, him turn roun' bite you."

They fall into the gap where the most humane thing to do would be to kill them, but they aren't quite dangerous enough for anyone to do that without feeling bad about it.

In the context of ad networks, they do need to be burned to the foundations and rebuilt better, but no one can stomach hurting anyone that currently needs them.

Better link (jumps directly to the review):


Wikipedia summarizes fruad as "In law, fraud is deliberate deception to secure unfair or unlawful gain, or to deprive a victim of a legal right." The user does not unlawfully gain and the ad provider doesn't have a legal right that's being infringed on here.

Some legal resource I found online says that in the US fraud requires: (1) a false statement of a material fact, (2) knowledge on the part of the defendant that the statement is untrue, (3) intent on the part of the defendant to deceive the alleged victim, (4) justifiable reliance by the alleged victim on the statement, and (5) injury to the alleged victim as a result. [1] Note that "material fact" here is a legally significant phrase, and implies a written agreement or some other mutually agreed to terms that establish the expectation - which never happened between you and the ad provider.

No matter how you slice it the user of ad nauseum is not committing fraud. This misinformation needs to stop.

[1] http://legal-dictionary.thefreedictionary.com/fraud

"I am this browser, requesting this content on behalf of the user, who clicked on this ad."

Walk me through this, okay?

I don't understand what you're asking for.

The user is using an extension that, on their behalf, is directing the browser to request content, acting as if the user had clicked on an ad.

(1) a false statement of a material fact

The extension is telling the site, "I am this browser (user agent), requesting this content (what's behind this ad url), who clicked on this ad (calling the onClick handler of the element that has the ad."

That's not true. The user did not click on the ad.

(2) knowledge on the part of the defendant that the statement is untrue

The user knows they did not click on the ad.

(3) intent on the part of the defendant to deceive the alleged victim

Everyone in this thread is saying it's to confuse the metrics, and some are saying it's to purposefully take money from the advertisers.

(4) justifiable reliance by the alleged victim on the statement

The vast majority of HTTP GETs to URLs that are only found as href on Ads are requested because the user clicked on the Ad in their browser. Can you name even ONE other time a browser follows the onClick event on an Ad?

(5) injury to the alleged victim as a result.


So, walk me through how this is not fraud?

> (1) a false statement of a material fact

First, a GET request is in no way a statement that the user intended to view an ad: is accidentally clicking an ad fraud? Of course not.

Second, a GET request is not even an indication that the user clicked on some element. It's not even a statement that the user requested a particular resource. Indeed, when the ad itself is requested you could hardly call that user-requested; if your analysis were correct I see no reason we couldn't extend it to say that ads themselves constitute a fraudulent statement that "this content is something you requested".

Third, even if a GET request amounts to a statement of user action (if not intent), adnauseam's actions do not constitute a false statement of user action/intent. There are lots of ways to activate the default onclick handler; physically pressing a mouse button is only one of them. Trackpads and touchscreens are other ways; are they fraudulent? Keyboard shortcuts and other keyboard navigation are yet more, are they fraudulent? No, of course not, since they accurately represent user actions. Installing adnauseam is just another method of performing the same action, clicking on ads. It accurately implements the intent of the user, more so than clicking, which can be accidental.

IANAL, but based on your own criteria, without a false statement of material fact there is no fraud.

You should read the comment you replied to, dude.

>(1) a false statement of a material fact

>The extension is telling the site, "I am this browser (user agent), requesting this content (what's behind this ad url), who clicked on this ad (calling the onClick handler of the element that has the ad."

>That's not true. The user did not click on the ad.

I said in my comment:

>Note that "material fact" here is a legally significant phrase, and implies a written agreement or some other mutually agreed to terms that establish the expectation - which never happened between you and the ad provider.

It's not the GET I have a problem with, it's the fact that you're following the onClick, as though the user did in fact click.

And you left a YUUUGE amount of ambiguity there, intentional or not, when you used the word "implies."

I don't know how the courts take things like "Click here if you agree to the terms" on an online form, but I don't think you've closed the door on my argument, yet.

Not all users of this extension are in the US :) But a very thorough analysis, I must admit.

Thanks, Google. I'd never heard of this extension before now and had often wondered in the past why no one had thought of this strategy to screw with online tracking and data collection. The free PR is great, and now AdNauseam has another new user. :)

Because Google is not "the man" in this scenario that you're sticking it to - it's the website owner whose content you're consuming. Google gets paid either way, and AdNauseam is pennies on their dollar. Webmaster however, depend on advertising revenue to keep publishing.

Google is not the one we're trying to "stick it to". They are far from the worst player in this space. Moreover, AdNauseam is not meant as a surgical strike against some player in particular, but as a carpet bombing of the whole ad scene. Which, IMO, totally deserves it, and the collateral damage dealt to some publishers is totally worth it.

> collateral damage dealt to some publishers is totally worth it.

Said a clown before the rodeo.

The collateral damage is putting small independent publishers out of business and reinforcing monopolies in publishing. If you think tracking is going to be less pervasive by knocking down the little guys, you are sorely mistaken.

> ‘We know your dark secrets. We know everything.’ - Steve Huffman from Reddit

When all that's left is Reddit, Google, and Facebook - the collateral damage is the same thing you're trying to protect.

It seems this extension could be tweaked to only operate on sites with high Alexa rankings or similar to avoid this problem. That would probably be a good idea, because you make a good point.

Or, it could even have two "modes": a "carpet bombing" mode for high Alexa sites that clicks everything, and as you decrease in popularity, it increasingly begins to simulate real user behavior.

That would simultaneously disrupt the system for the big players and, hopefully, get extra revenue for the little guys.

The extension is trivial to customize if you'd like to employ it in a more discriminate fashion. Many people already whitelist sites they care about in their normal adblock extensions, this one is no different.

But more importantly: > If you think tracking is going to be less pervasive by knocking down the little guys, you are sorely mistaken.

I believe the only way tracking is ever going to be less pervasive is when tracking simply doesn't work any more. Nothing short of widespread technical countermeasures will ever convince these people to back off, so I will gladly do anything I can to make their data as worthless as possible.

Monopolies in publishing seem to depend much more on ad revenue than small, independent publishers - who tend to utilize solutions like Parteon, fundraisers, donate buttons, referrals, sponsorship or just plain old self-hosting like in the good old days. There are plenty of alternative strategies available to players big and small, and the only thing I can see dying off is all the crap that the Internet drowned in since people started monetizing eyeballs.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact