Hacker News new | comments | show | ask | jobs | submit login
Ad blocking is under attack (adguard.com)
1111 points by tiagobraw 6 months ago | hide | past | web | favorite | 559 comments



It was admiral that did this: https://blog.getadmiral.com/dmca-easylist-adblock-copyright-...

They even clearly state they used the only tool available to them, DCMA. From all the current summaries on this, DMCA does not apply to a line entry in easylist. A domain can be trademarked.

This should be added back in. And if github cannot standup to DMCA abuse, then well, easylist and all other developers should be giving a clear hard though to their continued use of the github platform.

Edit: it looks like EFF has gotten in touch with easylist. Good. https://torrentfreak.com/dmca-used-to-remove-ad-server-url-f...


So, in that blog post, they state: "We asked them 24 days ago to remove functionalclam[.]com on the original commit."

Their request is here: https://github.com/easylist/easylist/commit/1ba8d4afeec6d562...

And was made by this account: https://github.com/dmcahelper

So, they made a github account the same day they made the "request" with an account that in no way indicates where the request is coming from? The github profile bio reads "Help all parties understand and resolve DMCA issues efficiently and effectively to minimize file and repository impacts."

Perhaps they should have used a bit more transparency when asking for the offending url to be removed from the repo, instead of acting like a spammy copyright boogyman, then immediately resorting to a dubious DMCA takedown request.


It may not be a bad idea to report this user via GitHub's "block or report" feature when viewing that account: https://github.com/dmcahelper

That type of behavior can only be bad for open source software. Threats like "to minimize file and repository impacts" are going to push more folks toward private repositories if they don't understand that it's not an actual authority pressing them into making changes on a given platform.


Additionaly, this account is borderline with regards to GitHub's TOS¹: “While using GitHub, you agree that you will not under any circumstances: […] impersonate any person or entity, including any of our employees or representatives, including through false association with GitHub, or by fraudulently misrepresenting your identity or site's purpose”. They haven't explicitly impersonated GitHub, but I bet I'm not the only one to have wondered for a few seconds whether this was an official GitHub account or not and I'd hardly believe this wasn't intended.

¹ https://help.github.com/articles/github-terms-of-service/#3-...


I just filled a complaint, they have a "report this use" link. Took only a minute, whatever it takes to keep people from abusing people and collaboration, especially using the ugly DMCA hammer.


Agreed. I just reported that account (https://github.com/dmcahelper) for submitting spurious DMCA takedown requests. GitHub personnel responded promptly:

  Hi Justin,
  
  Thanks for writing in. We're looking at the account.
  
  All best,
  
  (GitHub employee name redacted)
GitHub is listening. Please consider reporting this account, which can be done via the link above. Look for Block or report user link under the user description at left.


How does that non-response (the same one they pasted to me) give you the impression they're listening? For one, they have done nothing to address the issue of flagrant DMCA abuse. For two, the account is still active. For three, the commit hasn't been reverted.

This is not the first time this has happened.[0] GitHub's response has been woefully inadequate and OSS maintainers should consider using another platform. Everyone using GitHub is vulnerable to suddenly and arbitrarily losing their repository.

[0] https://news.ycombinator.com/item?id=5331766


The beauty of git and similar DVCS's is that you essentially can't lose the repository. You can only lose the github namespace for that repository. And using a different platform has the same effect. If you are worried about losing the Github namespace for the repository then moving to a different platform doesn't seem like a solution.


Not true. Issues, pull requests, deploy keys, access control...


issues, pull requests, deploy keys, access control. None of those the repository. They are associated with the repository and it would be annoying to lose them But with the exception of the issues all of them are replaceable with mostly minimal effort unless you did something really wrong.

And again switching to a different platform doesn't solve that problem either. You'd still lose the issues that are in github.


Reported.

edit:

Response from support: "Hi xxxxx. This account is not affiliated with GitHub and we are looking into it."


Reported. I think at one pooint GH has to make a decision if they want to kick him out or not, especially when paying members are reporting


> That type of behavior can only be bad for open source software.

Using github is bad for FLOSS.


How so?


Mismatching or contradictory incentives.


Seems kinda vague.


Probably because github is closed source.


I wonder if folks could get sneaky and change the design from a literal url to a regular expression tailored to single out that url but would also include additional sites that are just gibberish and could be relaxed if useful sites ever do fall into the URL overlap. This might be a new line of research to craft regExs to filter out a specific string while also throwing out a bunch of sister gibberish strings that would be unlikely to be adopted simply by virtue of language.


I'd rather just go a level up... You don't want users to tamper with your ads? Ok, we'll block your entire site. No tampering.


I like your style- maybe hard initially but if we could just stop using pages with intrusive ads, firms may finally listen and stop using those ads


If it turns out that this type of DMCA use is legally valid, adblockers could be modified to reject pages that embed URLs that have filed such requests.

So if a particular site uses admiral to protect its ads, it loses traffic.


> I like your style- maybe hard initially but if we could just stop using pages with intrusive ads,

Why stop at intrusive ads ? Just block everything that features commercial ads.

Though the real issue is not ads per se but the tracking that tags along.


That would be neat as an experiment. Like, see how far you can go and what you can get to with a "total blocker."


I've done this with FB.


users of your list will not get this. And will stop using your list. This ending up not serving your purpose nor theirs.

For instance, let me go out on a limb and point out how some distros of linux insist on shipping without any non-free software. So, a user ends up having to go through hoops to just get an audio of video file playing. I think the analogy Im going for is, you don't want to play by our rules (our license, etc), we'll not use your software (or correspondingly block your site).

I'm trying to point out what I think is likely consequence of such an action

/impassionate comment


> users of your list will not get this. And will stop using your list.

I don't think that's universally true. For me, if a site is broken because blocking ads also makes the content inaccessible, I just close the browser tab and move on with my day. (For a while the LA Times was blocking content in this way, so I just refused to visit their site. I guess it worked; they don't do this anymore.)

I don't claim to be the common case, but frankly I don't know what the common case is, and I suspect you don't either, so it could go either way.


You're definitely right. Our ability to ignore our ideals when we're slightly inconvenienced is why content paired with invasive ads is so effective in the first place.


> users of your list will not get this. And will stop using your list. This ending up not serving your purpose nor theirs.

I disagree. Users use adblock lists to protect themselves. This company has proven that they are actively hostile to users. Blocking their entire site, all of their domains, etc, is a sensible precaution for users to take. I have no doubt that this company serves JavaScript (i.e. executable code) that serves their purposes, not users'. And any other sites that insist on using their services are also hostile to users, and blocking them is sensible as well.

If some users just have to see that site, they can either find another list (who cares, no one's doing this for Internet Points), or they can click the "Add Exception" button.

We need not submit ourselves to be effectively held hostage by hostile content providers. It's just content.


What common audio/video codecs/formats require non-free software to play?


DVD, MPEG-2, Flash, MP3 (at least, until all of its patents expire by the end of the year).


What non-free code is required to play back DVDs or MP3s?

Flash I will give you, though it has been an irrelevance to me since YouTube went HTML5.


I believe he's talking about this[1]:

> Many GNU/Linux distributions do not contain libdvdcss (for example, Debian, Fedora, SUSE Linux, and Ubuntu) due to fears of running afoul of DMCA-style laws, but they often provide the tools to let the user install it themselves. For example, it used to be available in Ubuntu through Medibuntu, which is no longer available.

[1] https://en.wikipedia.org/wiki/Libdvdcss#Distribution


Perhaps, but I think it's important to note that libdvdcss is perfectly free software.


How about having EasyList clients fetch the whole history of the repo?

That way any domain that was ever added would be in the blocklist. True negatives should be pretty low.


Then they would purge it from the repo. In fact, it's questionably the case that they have abided by the DMCA order, for the very reason that it still exists in the repo history. As far as I know, DMCA takedowns normally lead to closing the entire repo.


How about don't host the code at a location which has such hostile laws?


This isn't a legal issue in that the laws are bogus (I mean, they are but it is not the issue here). The real issue is that this company is bully and using the legal system as a bludgeon. These abuses should be penalized and they would happen less.


This IMHO is the most sensible thing. There I think are a gazillion ways of serving your list which are out of reach of such laws (not necessarily US laws)


That actually made me think -- is there such location?


This is a good question. At least at a location where the US does not have an immediate jurisdiction. It's kinda lame, really, that the whole world has to bend over because all of these services are right there in the US. Make them work, at least. Germany, Sweden come to mind.

*edit: removed a redundant word


I concur, I think until the world catches up with the innovation happening in the US (I'm guessing that's why this content is hosted on US services), we'll have to put up with this

Edit: libertarianism anybody ? :D


The DMCA is a US law, so, anywhere outside jurisdiction of US law. GitLab on a C1 Scaleway instance would probably get you pretty far along the way. The lists really aren't that large in size but there are so many requests. It may be better to build in something like [WebTorrent](https://github.com/webtorrent/webtorrent) to propagate updates.


IPFS


Well, https://ipfs.io/ will block stuff. But then you just use a different gateway.


Botnet operators seem to manage it well enough. I'm guessing that something on HostSailor would be hard to take down. Or maybe China.


The downside is that some sites/patterns are removed from the list for legitimate reasons (for example, in the case where a rule is overly broad and breaks sites that it shouldn't). If you can make the software distinguish between "good" and "bad" old rules in the history, then you absolutely have not complied with the DMCA takedown notice anymore.


Or hashes.

Which will make administration rather more complex.


Why not just use a base 64 representation?


How would this help in the long term?


You probably did not understand the issue. The domain in question is a part of a copyrigth protection scheme. Blocking access to it is a circumvention of copyright protection scheme and it is illegal under DMCA. No, you cannot block hosts that are a part of a copyright protection scheme and you cannot distribute the software that does that.

How you block the domain - with a simple string or an automatically trained neural network - doesn't matter.


I can block anything I like. And I can do whatever I like to help others do that. And I'll make sure that nobody can stop me, or them, or threaten me about it.


Well, if you do not live in the DMCA country then you are correct.


I make sure that nobody knows who I am, or where I live in meatspace.


> The domain in question is a part of a copyrigth protection scheme. Blocking access to it is a circumvention of copyright protection scheme and it is illegal under DMCA.

You're asserting things to be true that are very much in question, and the assertion borders on the absurd.

Is it also a DMCA violation to add firewall rules to ones own network equipment?


Why is it that the tech set always forgets that CS pedantry != legal pedantry? Have we forgotten about intent? You can't just change the line to a regex that /just happens/ to match that URL and go "neener neener neener it's not the same!" Are you willing to argue in court that that line was changed and it /just so happened/ to match the domain from before? Do you have a plausible explanation for why that change would've been made that doesn't involve "well, we were trying to creatively skirt a DMCA takedown request"?


I'm not sure if its a matter of forgetting but about not knowing the contours of the boundaries of what's permissible and seeing a straightforward workaround as a proposition which also serves to give feedback regarding why or why not the proposition would be tenable. Evaluating a concrete technical solution in light of some legal matter should do well to illuminate and draw attention to the crux of the problem.

I guess the bottom line is whether one is forced to blacklist/whitelist a site and what means are permissible. If its simply about the site name appearing literally then a workaround would seem easy enough and one couldn't claim uniquely singling out because the filter applies more broadly. Of course the intent is the same in both, but I'm not versed enough on DCMA issues to know how intent plays a role in this field. Your point actually makes me curious about the legal field more generally and just how pervasive intent is and what areas of law it plays a role and which is does not.


It's not specifically about the DMCA; it's about legal issues in general. Intent matters in the vast majority of law. You'd be hard-pressed to argue in front of a judge that your intent wasn't to block this specific site, based on the sequence of events:

1. Site added to block list.

2. Site removed from block list due to DMCA takedown request.

3. Site block by new rule added that doesn't target it directly.

I can't imagine any judge or jury looking at that sequence events and then taking you seriously when you say "I didn't intend to block the original site".

The parent's point was more along the lines of: people in the tech world need to stop looking for technical solutions to all problems. Some problems are social problems, or legal problems. They should be solved directly, not with awkward (or possibly illegal or at least tort-worthy) workarounds. We talk about chilling effects and corporations engaging in anti-social behavior when they threaten open source and the open web in particular, but attacking social/legal problems with technological workarounds is itself also anti-social.

Not saying that technological solutions are not useful sometimes. In the short-term, you can often make a bad social or legal problem less bad by using a tech workaround, while simultaneously taking the long slog toward fixing the root of the problem. But putting tech band-aids over our problems and then walking away will only hurt us in the long run.


This is one of those areas where I'd say it comes down to your lawyer. I agree with the general premise being presented, that sometimes the tech community tries to use technology to circumvent problems that aren't technological. That being said, in this specific instance the most effective defense would probably be something to the extent of "Your honor, based on the advice of my legal staff and my own understanding of the law, I was not in direct violation of the DMCA. For this reason, it seemed only logical that the issue must have been that the manner in which I was operating was the problem and not the outcomes of my operation. For this reason, in an attempt to comply with the notice I received, I revised my software to remedy what I understood to be the problem."


I think it's about what exactly is the DMCA used against. My first thought was as well that they claimed the act of writing down the domain name somehow violated the copyright of their domain. That sounds kind of silly and if it were actually the case, I think a hash/regex solution would make sense.

However I think what actually happened was that the business is operating paywalls/"anti-adblocker-walls" for other sites - so they claim that blocking them constitutes "circumvention of protection devices" for their customers - which indeed would be far severe for adblockers if confirmed by a judge.

(That's my understanding, though I might have gotten it wrong)


OK, why not circumvent the "argue in front of a judge" aspect? Instead of a list hosted on GitHub, put it on some server that's very hard to take down, leased anonymously. You could get EasyList, and then add back whatever's been removed. And make sure that no logs are retained concerning user input.


Because that means you have lost and agree that you don't have a right to block ads.


You have it backwards. Being able to do it freely means that I have the right.


Well, first of all, blocking a URL is not against the DMCA.

So one argument to do is this is because it is NOT illegal, and the purpose would be to stop frivolous lawsuits.

So yes, it would be trying to creatively skirt frivolous lawsuits.

Another legit reason though, is obfuscation. The company that tried to threaten this frivolous lawsuit may have not even noticed, if it was some weird regex. And they'd either not complain, or have to spend a bunch of money tracking down the problem. Both are wins, in my book.


Blocking a URL is, in and of itself, not illegal, sure.

Blocking a URL that allows you to break a copyright-protection mechanism[1,2]? Well, that's not so clear. It's also unclear whether or not Admiral falls under the umbrella of a copyright-protection mechanism.

I really really really want EasyList to be in the right here, and be able to re-add the block without fear, but it's far from clear what all the implications of this are. I'm glad the EFF has stepped in to help them out; I'm content to wait for their opinion (or the opinion of an actual lawyer versed in the subject at hand) on this.

In the end, this is just another example of why the DMCA needs to go.

[1] Yes, you could say that this is bad design that the mechanism can be broken so easily, but that's not the point: the DMCA doesn't care how good or bad the mechanism is. If you break it, you're in violation.

[2] I suppose there's another point to be made: DMCA takedown notices are only for removing content or links to content that contain actual material where copyright has been infringed, not for removing circumvention tools.


> I really really really want EasyList to be in the right here

Well, they're obviously in the right :)

> and be able to re-add the block without fear

They could fix that by improving their OPSEC. So as to not be so easily threatened.


>Well, first of all, blocking a URL is not against the DMCA.

But you'd significantly help the legal case of those claiming it is by trying to obfuscate that you're doing so; they would argue in court it's an implicit admission you "knew it was illegal."


> they would argue in court it's an implicit admission you "knew it was illegal."

So you'd argue in reply that although you maintain that it's legal, you knew that it'd likely be something that bad actors would file frivolous suit over. Even when you win, being hauled into court is incredibly disruptive.


How about using ROT13 encryption for the list and then go after them if they circumvent your content protection scheme.


That's a funny thought, but the company making the complaint could probably prove that the ad blocker was interfering with their ads even without looking at the source code.

Moreover, the DMCA covers unauthorised access to copyrighted content, and the ad blocker cannot claim ownership of the ROT13'ed domain name, just as the domain name itself is not copyrightable.

In theory the ad blocker could use a more complicated scheme to obfuscate their source code, but I'm not sure whether they could combine a "do not de-obfuscate this code" rule with an open source / Free Software license.


This is a crucial point: the software is not blocking their ads, neither are the software's authors--the users of the software are. And the users have every right to not connect their computers to any other computer they please.

It's interesting to compare this to Second Amendment arguments. Do ad blockers block ads, or do users? Do users have a right to keep and bear ad blockers? Of course it's silly, and ad blockers are passive tools, but there are some striking parallels.


Not looking up a domain name cannot constitute circumvention.

Imagine a DVDCSS-like system that used remote servers to convey permission and defaulted to ALLOW. Would users who unplugged their DVD players from the Internet be guilty of circumvention? Now imagine that DVDs for said player were handed out freely on the street, stuffed into people's mailboxes, etc. Would people who played those DVDs without connecting their players to the Internet be guilty of circumvention?

That's the same thing, in principle, that's going on here. Claiming that it's circumvention (whoever makes that claim; I don't know if you are) is preposterous. This is obviously an abuse of the DMCA (not hard to do, considering the DMCA itself is an abuse, but I digress).


The claim is about copyrighted material thus DMCA, right? the only reason that string appears is for matching. The intent is for identification, not stealing someone else's copyrighted material. If there's a better way to match than comparing to a literal copy then we should do that. Ideally, one regex that matches all offending domains and no others.


They're not claiming copyright on the domain name. They're saying that by blocking it, they're violating the anti-circumvention clauses of the DMCA.


Since when does the anti-circumvention section of the DMCA have anything to do with the notice-and-takedown section of the DMCA?


Does it really matter? If they cannot send takedown notice they still are allowed to sue Github so Github might want to remove the offending code rather than enter a legal battle with unclear consequences.

The admiral website has a copy of a notice [1] if you are interested.

[1] https://blog.getadmiral.com/dmca-easylist-adblock-copyright-...


It doesn't, legally. It does in this case though, because GitHub says to use the same mechanism for takedowns and anti-circumvention requests.


Oh, that's way more interesting. So they have standing? I can see the argument that altering the execution of the program sent to the users computer is a DMCA violation (i vehemently disagree, but i can see it). But i don't think they didn't actually wrote the page that's delivered to the user.


I'd imagine it would technically need to be the publisher or the agent that took legal action. This was clearly an experiment though. Expect much more widespread use and, I'd assume, a court case soon.


We wish they claiming copyright on the domain name.

In that case, we are legally require to update all DNS servers' entries to remove that name permanently. :-)

Or alias it to 0.0.0.0 !!!


Except it's not the list which is blocking it, it's the browser plugin...


so use legal pedantry?

instead of blocking requests, replace the domain name with something funnily invalid, with a play on words on each original domain. then in case of any dmca, claim satire fair use.

it would make patchs review much more fun too!


The DMCA request itself seems to be here: https://github.com/github/dmca/blob/master/2017/2017-08-02-L...


I've done a bit of research, now. You can trademark a domain name, but it appears they can't be copyrighted. I am pretty sure the DMCA is silent in regards to trademarks.

Hmm...


To reply to myself, I need to first state that I am not a lawyer. I have, however, taken a number of courses on both law and procedures. Please keep that in mind.

I have also now spent more time on this than I'd expected.

One of the DMCA provisions, is that (as others have mentioned) that software to circumvent copyright is also prohibited.

I do not believe that EasyList meets the legal definition of software. It's not software, I don't believe. It is a list used by software. Basically, it is a configuration file. By itself, it performs no functions.

Its pretty much a 'dumb' plain text file. It is not executable, in and of itself. By itself, it does exactly nothing except take up space.

Computer software is defined in 48 CFR 2.101 and, unless my reading is incorrect (and it may be), this doesn't enable a program to be produced, created, or compiled.

I can find no rulings on this subject, however.

I am not a lawyer, this is not legal advice, and you should check with a qualified legal professional in your jurisdiction before acting.

That said, this does make for a potentially interesting case. It's probably a good thing to get some decision handed down. That and, well, it'll be pretty easily circumvented regardless of potential rulings.


By itself, any software performs no functions. Software is just instructions, and a config file is, too, just instructions. Sure, a difference is whether it's instructions for hardware or instructions for other software, but that doesn't sound material to me. Especially when hardware can be emulated by software.

However, circumvention tools (software or otherwise) require suing, not merely issuing a takedown notice, as another commenter pointed out.


I'm not sure it meets the definition of a circumvention tool, which appears to be a reference to 'computer software.' As in, the legal definition for such. The courts use a specific definition, found by the entry in the above reply. The few cases I found made use of the specific terminology.

IANAL :-)


>ads themselves could be the “copyrighted content” in question

Ok. We do not want to copy your add. We just want to get rid of those by putting them in a filter. How on earth this can come under DMCA?


DMCA is not the appropriate tool for this. Filing a DMCA takedown notice when you know that there is not any copyright infringement going on in the document you are asking to be taken down is a misuse of the DMCA, and an entity filing such a takedown can be liable for any monetary damages or attorney fess of the other party. Although I don't know that's ever happened, it's in the law as a penalty for intentional misuse of a DMCA takedown notice. https://www.law.cornell.edu/uscode/text/17/512

It may very well be that the URL should have been removed, with regard to Easylist policies, github policies, or even some other law. But not DMCA takedown notice. If DMCA takedown notice was the only tool available to them, then they had no tools available to them, because DMCA was not a tool legally available for asking someone to remove a URL from a list. A URL in a list is not possibly copyright infringement.

(I am not a lawyer, this is not legal advice, just my understanding for sake of discussion of a hypothetical)


The DMCA doesn't just let you request the takedown of copyrighted content. It lets you request the takedown of tools which can be used to "circumvent technological restrictions" on accessing other, unrelated copyrighted content.

So for instance, when the CSS encryption on DVDs was broken, there were DMCA takedown requests issued to sites hosting the deCSS decryption code, even though the copyright of that code itself wasn't at issue.

ETA: a comment below corrects me, saying that the DMCA prohibits distribution of circumvention tools (i.e. makes it illegal and even criminal I think), but doesn't allow takedown notices for such tools: you have to actually sue them in court. So this takedown notice seems to have been incorrect even if the DMCA is invoked.


That could be, cite to the law or description of it? I'm interested in learning more. What I see in the law (https://www.law.cornell.edu/uscode/text/17/512) is that a "notification of claimed infringement" must include "Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site."

Github's own guidelines to DMCA takedown notices say "Identify the copyrighted work you believe has been infringed." https://help.github.com/articles/guide-to-submitting-a-dmca-...

If the notice did not identify a work believed to have been infringed, then why did Github respond to it? Why don't they follow their own process? If the notice did identify a work being infringed, then they are probably wrong because you can't infringe a copyrighted work by listing a URL in a list. I guess actually getting damages might require proving they _knew_ that, and be generally infeasible/cost prohibitive.

There are some problems with the DMCA regime.


Part of the challenge here is that "the DMCA" is a number of clauses. People who are "against the DMCA" often turn out to have an incoherent position, at least from a legal standpoint, when it turns out they just disagree with one of the contentious clauses.

This would in fact be the most contentious clause, the one about being able to take down tools that enable circumvention, the one that is historically the one that perturbs techies and HN-types the most. I think what we see here isn't so much a DMCA takedown of a single line, but a single line modification in an attempt to prevent someone trying to take down the entire ad blocker, by making it so this particular person doesn't have any standing (in the legal sense) to make claims against the ad blockers anymore.

The copyright takedown clause would be number two, but it has a mitigating factor; the DMCA copyright takedown process that you might see on a hosting site or HN itself [1] has a positive element as well, which is that by conforming to the DMCA a site like HN is able to host user content like our comments while discharging from themselves the responsibility of having to pre-filter every comment for copyrighted content. This clause has certainly been abused, and there is a justifiable case that the Feds have not been adequately aggressive about chasing them down, but on the net I still approve of this clause, personally.

(You also have to distinguish between "the DMCA" and a site's policy, which may go above and beyond. Many or most of the things that people complain about for YouTube, for instance, are their own elaborations on the theme, not the legal requirements themselves. Not all of them, though; YouTube tends to favor the big media companies very strongly when it comes to defining "fair use". But things like taking away your monetization and giving it to somebody else is a YouTube policy, not the DMCA. Or at the very least, it's a penumbric emanation of the DMCA and not the DMCA itself.)

Were I the developers or anyone with any ownership in this software, I would hesitate on putting too much stock in the idea that this was an improper use of the DMCA claim process. It was. But the reward for aggressively pushing back on that may be a proper lawsuit for violation of the anti-circumvention clauses, for which there is not a notification process but simply a legal basis for lawsuits granted, IIRC. Your reward for armchair-lawyering this DMCA takedown request could be a true lawsuit.

[1]: https://news.ycombinator.com/dmca.html - have a look at the footer of this page


The DMCA does make distributing circumention measures illegal, but I can't find anything in the law, or discussions of it, saying that the takedown process applies to circumvention measures. The takedown process says an ISP like Github is not liable for copyright infringement if they respond to takedown notices, which is what creates the takedown process. It doesn't say anything about circumvention measures and liability with regard to notices though.

What the DMCA says about circumvention measures:

> (2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—

> (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

> (B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or

> (C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

It seems obvious to me that Easylist is not such, I don't think it meets A, B, or C. But it'd be an expensive court process and who knows what the court would end up doing.

In this example, it seems like Easylist has no desire to include that URL anyway, as it is not an ad server.

It may be true that Github can decide to refuse to host the thing anyway, but it's not a DCMA takedown notice process.

The whole situation is indeed a mess.


As I added after you replied, I agree that this is an improper use of the takedown procedures. However, your reward for successfully armchair-lawyering that may be a full-on Federal lawsuit.

Also, I agree that Easylist itself may still not be a lawsuit target. It simply makes a claim about a certain domain, it doesn't do any access circumvention itself based on that claim. But if Easylist isn't, the ad blockers using it certainly would be. And that alone would change the dynamics of the situation quite a bit.

I hate to say it because I like adblockers too, but it is frankly very likely that when the advertising industry finally makes the push against them that by current law, it will indeed turn out that it is illegal to use ad blockers on sites that take active measures to ensure you view ads [1]. Again, don't mistake me saying this for endorsing it, but I think it's a very plain and obvious reading of not just the DMCA, but even something as fundamental to our legal system as common-law contracts... if a website wishes to make viewing their content conditional on viewing an ad, they can do that, just as they can make viewing their content conditional on paying them money, joining a club, or anything else that qualifies as "consideration" [2]. They can also place further restrictions on that content as part of that content. Any argument in favor of ad blocking that would also explain why either Netflix customers have the legal right to retain copies of the movies, or in the most extreme cases, explain why everybody has the legal right to retain copies of Netflix movies, should be discarded as an argument that proves too much [3].

I'd suggest the ad blocking community and the interested tech community at least wargame out the plan for if they lose the legal cases, because I would personally put that at somewhere around 90% probability if any of them ever go to court. Even with the EFF supporting it, I fear the EFF would pretty much be reduced to making very handwavy arguments about fundamental rights and basically pounding on the table, because in my considered opinion they really won't have much else. And even if they are correct, courts tend not to take much account of those arguments.

[1]: If the judgment goes really bad, it could even be illegal to bypass sites that don't try anything explicit. However there is a very good argument here that there is a history on the internet of assuming more rights rather than fewer if you don't assert yourself, such as the fact that browsers generally render things differently anyhow, the long history of search engines, the needs for accessibility software to render pages fundamentally differently anyhow, etc. I think there's a good chance no judge would want to overturn that consensus as it's now around 25 years old.

[2]: https://en.wikipedia.org/wiki/Consideration

[3]: http://slatestarcodex.com/2013/04/13/proving-too-much/


I understand I'm arm chair lawyering, but the purpose of a user agent is to display what the user wants it to, not what the site wants it to. I can't be sued for not watching commercials.

Actively circumventing access restrictions is another issue entirely, but if I'm sent data, there is no reason or guarantee it must be displayed as intended. What about blind folk, or those who don't run JavaScript? Is turning off just now illegal? What about not downloading images?

If a site can't make me pay, and doesn't want it's content to be viewed unless I pay, simply don't send me the content.

Again, circumventing access control, even terrible ones, is one thing, but if you send me the data, then you sent me the data, what the issue?


> If a site can't make me pay, and doesn't want it's content to be viewed unless I pay, simply don't send me the content.

I'm fully on your side here, but to play devil's advocate, I think it's fair to consider an analogy like "if a restaurant doesn't want its food to be consumed unless I pay, simply don't serve me the food."

You ask a server (of the web or the hospitality variety) to serve you the usual. The server gives it to you and reminds you that the deal hasn't been fully executed yet: you're to next [ask the cashier by the door to ring you up || ask the ad server to serve you an ad], and then [pay when asked || render the ad amongst the rest of the content]. Sure, you could forego talking to the [cashier || ad server] instead.

Again, I don't like that one bit, but I think it's the kind of "reasonableness" that holds up in court. IANAL.


But there is no expectation that a restaurant will serve you without paying. There is an expectation that a website will ask for payment/authorization if required, otherwise I'm not required to pay.

Moreover, there is no way to know if the content you're requesting will require a transaction (unlike a restaurant where the prevailing expectation is payment for service, even if prices are left off the menu). It has always been the case that I need to request the resource and then be told if it costs money, otherwise it's given to me.

Likewise, there has never been, and I would argue can't be, an expectation that a user agent render all content as expected. Would custom style-sheets violate the law? Do Lynx, Links, Links2, w3m, mutt, and pine all of a sudden become illegal? How does a screen reader render an ad? How does a braille interface render an ad? Am I now legally required to run a graphical interface otherwise I'm playing legal roulette?

What happens if the adserver malfunctions and doesn't send me an ad? Am I now put in a legally bad spot? What if an ad is sent in swf and I don't have flash installed? I also feel like there are legal implications to forcing someone to execute code sent to them. Do ad servers all of a sudden become responsible for drive-by malware? Can we sue them for damages?

I feel that the crux is that there is no way to know if "payment" is required before requesting a resource. You can't send me something and then say, "oh, yeah, hey, you need to pay me for that" when the (vast) majority of the time I'm sent things without any expectation of payment.


Perhaps the better analogy, then, is that it's kind of like an unattended farm stand with an honesty box. Except the honesty box isn't visible on the way in, it's located on the back of the enter sign so you only see it on the way out, and the driveway is so long that surely you've already started munching on the fruit while starting to leave. Since I'm still on a food kick the whole expectation-of-paying thing is still clouding the analogy a bit, but at least this is closer to the situation than a sit-down restaurant analogy. Oh, and of course our hypothetical farmer needs to have primarily fixed costs, little or no variable costs based on the amount of fruit taken.

It may very well be more common for such hypothetical farmers to forego having an honesty box hiding where you don't see it until you've consumed the fruit, but for those who do choose to have one, are you stealing the fruit if you don't drop in a few bucks?

More on topic: I also think courts would see quite a difference in intent between using a mainstream graphical browser with an ad blocker vs using things like a text mode interface, a screen reader, a braille display, or libcurl. The former is like driving past the honesty box while chuckling; the latter is like not even knowing it was there.


I seem to have hit the max reply depth, so sibling posts will have to do.

> disable JS and images

> They're all the same thing. I'm deciding how I want to consume content; I'm not circumventing a access control mechanism.

I guess the difference I am trying to highlight is:

* a lack of ads for hard technical and/or compatibility reasons (JS not enabled, images not enabled, graphics subsystems not existing, not having sufficient eyesight, etc.), versus

* a lack of ads because screw you.

This line in the sand may be stupid, but I'm afraid it's not "the same thing." I'm afraid this difference could be argued successfully in court, and that is my point.


Hn removes the reply for an increasing amount of time per level, I think.

But it's not "screw you" it's "I don't want to waste the bandwidth I pay for and am metered on with things I don't want to download and could potentially harm my computer". Viewing those ads costs me money as well, money which isn't going to the person serving the ads, not to mention the risk of malware.


> Perhaps the better analogy, then, is that it's kind of like an unattended farm stand with an honesty box

The issues is that there is normally a expectation of paying for things like produce. Unless there was explicitly a "Free Produce" sign, I would expect to have to pay.

There is no expectation that you need to pay for the data sent to you later; if payment is required for access, you're told so and need to provide it to continue to the resource (or otherwise provide proof that you had paid, e.g. logging in).

There hasn't historically been and can't be an expectation of payment later because that would be untrue for many, if not the vast majority, of websites. Additionally, there has never been an expectation that the client will render everything you send to them. All browsers have the option to disable JS and images, and always have.

It's these differences in expectation and culture that I believe provide the difference between your examples and the web. Violating these constraints would cause legal issues in the vast majority of systems, would mean running old software would be illegal (Chrome preloads links under certain circumstances, but doesn't render them), and would also end up forcing users to run code they didn't choose to run (there is no expectation or knowledge of what code the server will send and choosing to not run harmful code would be illegal), which would be an interesting thought experiment as a civil rights violation. It would also force me to, say, accept a EULA for Flash, even if I disagree with it because I visited a site that randomly sent me a flash payload. Or what about something without a linux runtime; I would have no ability to avoid committing a crime, because I don't have the choice to accept the rest of the content that came with the content I can't run, but am legally required to run.

Violating the very assumptions of how the web works would have terrible ramifications.

> More on topic: I also think courts would see quite a difference in intent between using a mainstream graphical browser with an ad blocker vs using things like a text mode interface, a screen reader, a braille display, or libcurl.

Why? They're all the same thing. I'm deciding how I want to consume content; I'm not circumventing a access control mechanism.


Because what a court does isn't always logical or even reasonable. Especially on IP stuff, especially on IP stuff involving software. Did you pay attention to Oracle v. Google?


So far in the Oracle v Google case it's been ruled that apis are covered under copyright, but that implementing them from scratch is covered by fair use. I mean, that's not wholly unreasonable.

Oracle has appealed, would we'll see what happens.


So, they serve you the food, and you pay for it.

But, you choose not to eat the raw onions they've served with the meal.

This would be the analogy of choosing not to render html/javascript content.


At the risk of destroying my efforts at being reasonable, suppose it's an "if you eat the whole thing, it's free" situation, except there is no "$19.99 if you can't finish" else clause. You know that they didn't offer an else, yet you eat anyway, and you slip your onions into the plant in the corner.


Then they can make other ridiculous rules too, for example "you should pay 100x the price in menu unless you can stand on your head for an hour". That would probably increase the income dramatically.


"I understand I'm arm chair lawyering, but the purpose of a user agent is to display what the user wants it to, not what the site wants it to."

This is an assertion that is commonly made on the internet, but I see no reason to believe it carries any legal force, or even necessarily any moral force. In fact it's not that hard to read it as an argument made solely to come to the desired predetermined conclusion rather than any sort of principled argument. It implies that the sender loses all rights to anything they send to you, which is definitely legally untrue; I gave examples above already.

Also, if you win on this point, you will not experience a glorious utopia in which ad blocking is OK and you can save whatever streams you want and so on... you'll experience a world in which all this content gets removed from the web and locked behind even more proprietary clients that will come with what the publishers want. What may seem to you to be a simple bugbite back in favor of what you believe your rights to be may cause a much larger allergic response than you'd anticipate.

"I can't be sued for not watching commercials."

You haven't signed a contract saying you will. That may not be the case online.

The questions about whether such contracts should be something that even can be offered, or whether simply clicking through a EULA or accessing a bit of content can bind one to a contract, or the nature of what such a contract may be allowed to be, are all separate matters of interesting discussion. However I don't foresee any world arising in which the "the purpose of a user agent is to display me what I want to see and therefore any manipulation of the content other people own the rights to is within my rights" is going to hold up. There's too many rights and rights-holders that won't stand for it, and even if you did somehow win that case, they'll simply retreat and retrench in whatever it takes to recover those rights for themselves. If you rewrite the terms of the contract, you have to account for the other side of the contract reacting to it, not just passively sitting back and going "Oh, gosh, I guess I'm stuck then, I'll just keep doing what I'm doing without changing anything."


> The questions about whether such contracts should be something that even can be offered, or whether simply clicking through a EULA or accessing a bit of content can bind one to a contract, or the nature of what such a contract may be allowed to be, are all separate matters of interesting discussion.

But you can't accept a contract just by visiting the site. Especially since the in the same action as becoming aware of the exist of the contract also makes you breach the contract.

> However I don't foresee any world arising in which the "the purpose of a user agent is to display me what I want to see and therefore any manipulation of the content other people own the rights to is within my rights" is going to hold up.

Why? This has always been the purpose of the user agent and it's difficult to impossible to actually make sure things will always look the same in all browsers. Could viewing a site in FireFox or Edge become illegal? Again, how would I know that _before_ taking the action. What about systems such as links2, w3m, elinks, and lynx?

> f you rewrite the terms of the contract, you have to account for the other side of the contract reacting to it, not just passively sitting back and going "Oh, gosh, I guess I'm stuck then, I'll just keep doing what I'm doing without changing anything."

Which terms? The UA has always been the agent of the user, not the site whose content is being displayed.

I just find it very difficult to believe that the court will accept that I've broken a "contract" I can't know exists without breaking it.


> However, your reward for successfully armchair-lawyering that may be a full-on Federal lawsuit.

I assume Github has a whole bunch of non-armchair lawyers.

But this is indeed the problem with the whole system, it comes down to who can pay the legal bills.

It seems obvious to me that Easylist is neither "primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access", "has only limited commercially significant purpose or use other than to circumvent", nor "is marketed.. for use in circumventing a technological measure that effectively controls access."

But it could take a whole lot of legal fees to determine that in court, and as we saw in Oracle v Google, the courts don't always decide what seems obvious to us. For better or worse, any sane person or entity wants to stay out of court regardless of whether their lawyers think they have a great case. Unless they have a whole lot of money to burn.

At the least, I think Github should make it's policies clear about what it's doing. If they say a DMCA takedown notice must "Identify the copyrighted work you believe has been infringed" (as the law indeed says), they should not take action to complaints that don't do this. If they want to respond to other types of complaints, they should say so, and explain how. (And ask their lawyers how it effects their liability under DMCA, if at all).

Github appears to be trying for transparency with their docs and practices on DMCA, which is great and important and greatly appreciated. This is one area where it could be improved. Responding to DMCA takedown notices that are not in fact DMCA takedown notices and do not follow Github's own published instructions/requirements for DMCA takedown notices (cause they aren't DMCA takedown notices)... is not transparency. The DMCA regime has plusses and minuses; mis-educating people about the DMCA law doesn't help us evaluate what these may be in order to be engaged citizens.


What you are describing applies only to US where copyright laws are biased towards the interests of publishers. Developing adblockers in other countries might be the solution I think. It is unbelievable that a publisher might decide what I do with content on my computer. No, he cannot or at least should not be able to decide. If he doesn't want me to block the ads then he should not serve the pages to me in the first place.


> penumbric emanation

Vocabulary much? I'll bet there's a blip on Google Trends today.



An adblocker is not a tool which can be used to "circumvent technological restrictions" on accessing other, unrelated copyrighted content. It is a tool to restrict access to content.


At first glance you're right, but it's not hard to imagine an ad system which makes the text of a website invisible (or scrambled) until the advert has loaded, and imagine an ad blocker which is designed to do the unscrambling without rendering the ad.

I don't know if that's the precise situation here, but if the ad blocker is intentionally carrying out a process like this to access the copyrighted work of the website without obeying the restrictions of the technological control process, then I could see that falling well within the bounds of the DMCA.


AFAICT, the relevant provision of the DMCA here is "No person shall circumvent a technological measure that effectively controls access to a work protected under this title".

Is there any elaboration on what "effectively controls access" means (e.g. in case law or in the statute that I missed)? Does a system that fails open (the only thing listed in the EasyList commit was the domain name, so a network error would replicate the same situation) fall within the scope of the provision?


> Is there any elaboration on what "effectively controls access" means

Apple Inc. v. Psystar Corp.[1] involved circumvention of a system that "effectively controls access" to Mac OS X, preventing it from being installed on non-Apple hardware.

Apple's anti-circumvention system is (in part) that some of the important system binaries are encrypted, the kernel transparently decrypts them when they are executed.

The key isn't secret (in fact it's a constant that hasn't changed in 10+ years), but it is only distributed inside the SMC chip on the main board of a real Mac.

There's no question that encryption is generally an effective access control method, it can't be circumvented without either having the key or breaking the encryption system in use.

The court found that regardless of how trivial it was to obtain the key, the fact that it was encrypted made it "effective":

> Psystar contends that Apple's anti-circumvention technology was ineffective because the decryption key for circumvention is publicly available on the internet. This argument fails.

> "The fact that circumvention devices may be widely available does not mean that a technological measure is not, as the DMCA provides, effectively protecting the rights of copyright owners in the ordinary course of its operation." Sony Computer Entm't Am., Inc. v. Divineo, Inc., 457 F. Supp. 2d 957, 942 965 (N.D.Cal.2006).

> Generally, measures based on encryption "effectively control" access to copyrighted works. Here, when the decryption key was not employed, the encryption effectively worked to prevent access to Mac OS X. And that is all that is required.

> See Universal City Studios v. Reimerdes, 111 F. Supp. 2d 294, 318 (S.D.N.Y.2000) (noting that when a decryption program was not employed, the encryption worked to control access to the protected work).

> Accordingly, Psystar has violated the DMCA by circumventing Apple's protection barrier and trafficking devices designed for circumvention. Apple's motion for summary judgment on its DMCA claim must be granted.[4]

[1] https://www.courtlistener.com/opinion/1557201/apple-inc-v-ps...


> this is not legal advice

Funny how this disclaimer is only found besides legal advice. Really, you should not have to write this. ("I am not a lawyer" is more reasonable, though.)


From what I understand, "legal advice" has a legal meaning, basically requiring it to come from your lawyer, and implying an attorney-client relationship. People want to be clear that they aren't a lawyer, and that they aren't attempting to practice law by offering someone else Legal Advice. Instead, it's more like Uncle Fred saying "You should sue the guy!"


There are many cases of DMCA abuse, and it'd be nice if someone had the resources to go after these, get them fined and help set a precedent to prevent further abuse. Unfortunately, that probably cost more than it's worth.


There should be a mediating body that looks at each request and determines the veracity of the request.


EFF?


I mean, the EFF has offered to assist in this case, but it will probably be solved with a simple cease and desist letter.


> And if github cannot standup to DMCA abuse, then well, easylist and all other developers should be giving a clear hard though to their continued use of the github platform.

This. This is the main topic here. The wide use of centralized services (such as Github, but it applies also to Facebook, Google et al.) makes you dependent to corporate decisions, including coward (or maybe rational) decisions towards freedom of their users.

This is also why linux kernel developers will never, ever use a service like Github. Apart from scalability issues, the single point of failure that these services are (not for technical reasons, but for political reasons) is simply scary.

TL;DR: Assholes who send buggy DMCA is not the issue here. Depending on a centralized service is.


It's not Github's job to stand up to DMCA notices. The law requires them to forward them to the account publishing the content without any consideration of the merits. Then, easylist has the option to comply or refuse.


That's besides the point. It's the reason open source projects should not depend on centralized sites like github or any other site that make this kind of disruptive automated dmca take down easy.

It should take much more legal effort and 'application of mind' to effect disruption.


> It's not Github's job to stand up to DMCA notices.

I want to make it clear that I'm not arguing for the legal grounds here. I'm not a lawyer, so I will leave that to them. I'm arguing from a more moral/ethical stance.

I'd like to disagree with you. By allowing you to run under their umbrella, I feel that Github has a responsibility to take care of you, and the data that you put on their site. I feel that it is quite insincere for them to say "Sure, put your code on our site!" but then kick you to the curb as soon as there's any trouble. There's definitely a level of extremity that I don't expect from them: I think that after a certain amount of legal argument, they should pass it to the uploader, but I feel like their default attitude should be "no, you can't just attack the uploader because you feel like it."

It sends a clear message to the FOSS community that they don't care about taking care of their own, which is bad for Github, and bad for the committers.

I'd be curious though: Why do you think that "The law requires them to forward them to the account publishing the content without any consideration of the merits"? It's my understanding that they do have some grounds here as it is their site.

EDIT: I reworded my post as the original was rude, and accusatory.


From the original github commit:

> With all these dozens of domains (over a hundred), it sure smells like they're incorporating a HSTS fingerprinting attack into their product portfolio. HSTS fingerprinting enables a server to tag every browser with an n-bit (ie: 100 domains is 100 bits) unique identifier so you can track that browser whenever it returns (or wherever it goes). Since users cannot clear their "HSTS cookies" as it were, this fingerprint remains permanently associated with that browser. > > Wonderful feature for an ad agency to track each visitor indefinitely. Even while in Private Browsing / Incognito mode.

Okay. Let's eradicate them from the surface of this planet.


Or, more constructively, go after them in the EU, where such practices would surely be illegal under the so-called cookie law (which is actually about storing information in a user's browser more generally, and not specific to cookies at all).

As long as that really is what they're doing, of course.


Couldn't they just use 100 subdomains for their 100 bits?

Maybe we need a browser extension (or just a website) that instructs your browser to make requests to the HTTPS version of domains that are found to be used to set HSTS cookies, thus "blowing the fuses" and making those domains unusable for providing bits of entropy.

In fact, rather than blowing all the fuses, the extension/website could blow just a random few, as a bit mask, giving you someone else's ID number and ruining the ad company's profiling/analytics. That way you would be helping people who weren't using this defence, rather than just having your visits not added to any profile.


> From all the current summaries on this, DMCA does not apply to a line entry in easylist. A domain can be trademarked.

I believe you can trademark a domain, but trademarks are irrelevant to this discussion. The DMCA is a copyright law. The key questions are:

a) Can you have copyright over a domain? (According to https://copyright.gov, no)

b) If you could, would having a list of them constitute fair use? (Almost certainly, otherwise all search engines would be illegal.)


It's not clear how trademarks would apply here. I can write "General Motors". I can write about General Motors. I just can't impersonate General Motors or their products. That's trademark.


That was my point. GP mentioned trademarks for no reason and I said that the DMCA is a copyright law (that's what the C stands for), and that trademark law is irrelevant to this discussion. I also agree that even if trademarks mattered in this case, it still wouldn't be infringement.

On the other hand, it looks like it was an improper use of the DMCA because they're claiming that EasyList is an anti-circumvention tool (effectively arguing that it breaks DRM).


They say it's not an ad server but it sounds like one.


It's a "detect-adblocker" service.


So is their argument that by including their hostname in easylist, you are circumventing copyright controls because they validate copyrighted material usage? The takedown notice didn't seem to be related to the domain name per se, but rather the effects of including it in easylist. IOW in order to view our client's copyrighted material, we are providing access controls and by denying the code access to our server, you are circumventing those access controls.


So we should be adding functionalClam.com on our own? Perhaps all of these.


I already did.


I hadn't edited a hosts file since college, boy that was fun!


You can add it to "My filters" within uO. Host file has no wildcard support which you need for full coverage.


what is uO? I've been using a hosts file. I'd love to up my game.

Ahhh... other comments are saying https://en.wikipedia.org/wiki/UBlock_Origin


Tangentially related, the author of that project has also created uMatrix. Well, it's the micro symbol, but you get the idea.

uMatrix is pretty much like an old school software firewall, except it is just for your browser. It works by whitelisting, instead of blacklisting. There is a bit of a learning curve, but after you've visited your most visited sites, it becomes a fairly easy solution. As you fist visit sites, you configure it to only allow what is needed to get the functionality you want. Once done, you don't generally have to muck with it further.

As stated, there is a learning curve. There are many choices of what to allow and block, but you can surely figure it out. You can even export and share your configuration.

I am not affiliated. There is a version for Firefox, Chrome, and my beloved Opera. It'll probably work in Pale Moon, Vivaldi, etc...

It eliminates the need for multiple extensions. I've been very happy with it.


I did too


IMHO opinion, this shouldn't even be necessary.

I use ad-blockers in every browser and I would have no problem if that were part of the headers my browser emits ( have no idea if it is or not). If websites don't want to serve me because I'm blocking ads, so be it.


GitHub is just the platform. If they get a DMCA complaint, procedure says they should contact the repository owner. The repository owner receiving a fraudulent notice sends a one-line email stating "consider this my DMCA counter notice". The content stays online, the DMCA notice does nothing and the only avenue now is for Admiral to sue, which of course they are not prepared to do.

You post an entry on your blog ridiculing them and their VC funded shenanigans and HN gets a good laugh out of it.


This might create a new front in the war against ads. You'll have ad blockers, then they'll build in a component to block anti-adblock mechanisms, which will force the ad makers to employ more countermeasures... I don't see how the content providers will ever win this war. They have more to lose here.


Isn't that front already open?

>uBO-Extra

>A companion extension to uBlock Origin: to gain ability to foil early anti-user mechanisms working around content blockers or even a browser privacy settings.

I think /u/gorhill is the lord of this particular war, and his followers are armed to the teeth. I type this on Firefox on Android with uBlock Origin.

I check his github occasionally to see if he accepts donations, and I donate to a couple of the lists occasionally.

In the war analogy, we have the best arms dealers. They other side is fighting a losing war.


I have checked multiple times and gorhill doesn't appear to accept donations. I seem to recall reading a thread where they indicated they didn't want to ever be considered to be beholden to anyone.

As mentioned above, uMatrix is my favorite. Once configured, it is easy... There is a learning curve.

I'd donate regularly, but that doesn't appear likely. I greatly appreciate their work.


Even if we take for granted the absurd premise that this is "copy protection circumvention", it's still nonsense for the same reason that gun manufacturers aren't sued for murders.


Good to hear. I sincerely hope this turns into a lawsuit to scare off others who may be watching the outcome of this to decide if they should try the DMCA route, too.


In which countries could you host, where the DMCA isn't applicable or enforced?


The DMCA is United States-specific. Copyright laws are very widespread and harmonized to some extent by international treaties such as the Berne Convention; a Google search for that term can lead you down the right path. (I'm not trying to explain anything, just give you some good search pointers if you're interested in researching yourself.)


anywhere but US, already EU countries definition of legality of streaming should be enough to safely just filters lists

from what i remember Spain and Central Europe are very laid back regarding your rights to non-commercial steaming of copies of works you don't actually own


From what I can tell, the DMCA does apply (sort of)

Admiral seems to be a paywall server basically. If blocking their domain gave access to paywalled content, then the DMCA seems to apply http://www.dmlp.org/legal-guide/circumventing-copyright-cont...

However, that defense is a bit flimsy to me since the fall back to having the paywall blocked could/should be a "Paywall blocked, please disable your addblocker to gain access to our content" msg.

Anyhow, that is immaterial because so long as they don't actually serve adds, Easylist could/would have removed the line no problem. Admiral should have just said "Our domain doesn't serve adds, we work on paid content access" and they would have been removed without all this hassle.


It's their fault for delivering data they want restricted. I'm under no obligation to make every HTTP request they want me to or execute any untrusted JavaScript. Nor am I obligated to render their HTML as intended. If they want these things then they need every user to enter onto a binding contract agreeing to those terms.


ah, but you might be. This gets into a crazy area where we're talking about some entity offering up information via HTTP and you choosing how to represent that data. You could use Lynx, Firefox, Chrome, IE or even just browse everything with Python/BeautifulSoup in a console. Does the provider get to chose how you represent that data?

Well it turns out they kinda do. Sites have terms of service people supposedly agree to, all the time, without reading, because it's fucking impossible.

I posted this argument before and got the following comments which make a good argument:

https://news.ycombinator.com/item?id=14095147

https://news.ycombinator.com/item?id=14095410

However the comments get into implementations like Netflix and rendering that data, but it's a bit different because in that case you are paying for access.

Will we be in a world one day where sites can require specific web browsers, by law?


Worse. A world where companies just take their stuff off the web and require you use their apps for everything. Much fewer legal questions there.


That is not a problem because there will be competitors without this requirement. The problem is laws that are not well balanced and are biased towards interests of one party.


This argument really gets old. Morally you know what you're doing. Most people would be fine blocking the big dozen or so of the most offensive ad networks but this extreme approach (especially when the publisher is trying to offer you choices) just comes off as ridiculous.


Morally maybe we just ought to kill off their entire industry because the world is a worse place with them in it?


What entire industry? Advertising? And how is the world worse because of it?

Do you realize just how much advertising funds? It's a 12 figure global industry and 99% of the content you consume is funded in part by it - and that's before we get to how advertising drives the economy by efficiently matching businesses to customers. Every company relies on advertising (whether paid, word-of-mouth, etc) to succeed.

It's irrational to see so much hate and it's likely your complaint is really only about intrusive ad formats and data privacy. That is something I agree with and I'm for every change that makes for safer, better, and more private ads, but that is vastly different than calling for the elimination of advertising in any sensible reality.


Morally, advertisers know what they're doing, too.


It's not advertisers as much as a complex supply chain with bad incentives in a 12-figure global industry.

We say the same things with government waste over military and healthcare. And we can fix it in the same ways with better trust, accountability and regulation.


I think it's worth mentioning that even if an easylist filter entry counts as "circumventing a technological measure that effectively controls access" -- which I think is debatable for multiple reasons -- the DMCA takedown procedure only covers copyright infringement. It does not apply to anti-circumvention measures.

As Admiral's blog post points out, Github recommends using the same contact procedure for anti-circumvention takedown requests as for normal DMCA takedowns. But as far as I can tell, they're doing so purely on their own initiative; such a takedown request doesn't have the force of law in the same sense that a claim of copyright infringement does.


> Github recommends using the same contact procedure for anti-circumvention takedown requests as for normal DMCA takedowns

I made this mistake to, Admiral's blog post does imply it. However, they were making a DMCA take down request, based off the reasoning it was for anti-circumvention.


https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_A...

It most certainly does apply to anti-circumvention in many cases.


I don't understand how your comment is a response to mine. Could you please clarify?

The DMCA is a set of laws. The DMCA takedown procedure is a part of those laws, defined in a fairly rigid way: it has specific notification requirements, timeframes, and is clearly defined to only apply to copyright infringement. Just because the DMCA also prohibits circumvention, it doesn't automatically follow that circumvention is the same as copyright infringement. And the Wikipedia section that you linked to doesn't mention the takedown process at all.


But nothing prevents Admiral from notifying Github about a DMCA violation informally and Github removing the code.


But isn't that referring to DRM?


By that logic, ad servers themselves could cite their own copyright of ads, and thus request removal from easylist!

EFF has gotten in touch with easylist according to [1]. That's good.

[1] https://torrentfreak.com/dmca-used-to-remove-ad-server-url-f...


The only hope against the DMCA is that eventually the takedowns get so ridiculous that courts are forced to strike it down as the unconstitutional garbage it is.


To that same logic any operating system that allows editing the hosts file or running your DNS service and routing a domain name to loop-back or some other server is also liable for producing circumvention tools.


Operating a private, air-gapped LAN could be seen as circumventing ads on the Internet.


Don't give them ideas


A quick Google search reveals the following.

"Admiral identifies audiences with ad blockers turned on, works to re-establish those users (by opting in to a lightened ad experience, say, or asking to be whitelisted) and then makes a small cut of every ad served to the reacquired audience."

Source: https://adexchanger.com/publishers/another-ad-blocking-solut...

tl;dr Admiral is a startup that measures an audience's "ad block rate". If the rate is high, they then work to "establish explicit value propositions with users and then serve them with minimal tags and tracking". It also mentions plans to try to process micropayments.

"Admiral is built for a world where ad blockers have won."

Source: Id.

tl;dr Unless the founder has changed course from what is described in the 2016 article, as far as I can tell, this startup relies on widespread usage of adblockers. If users do not use adblockers, then this startup has nothing to sell.

VC: "What happens if the ad blockers block the servers that serve the ad blocker tracking image?"

Founder: "I'll send them DMCA notices."

VC: "Excellent. I'm in."

?


Bordering on off-topic: what is, "Id?"



At risk of duplicating, thanks. I thought it was some company.


The source is the same as the previous source.


Thanks!


From Admiral's responding blogpost:

> 5. We asked them 24 days ago to remove functionalclam[.]com on the original commit.

> Transparent engagement between publishers and visitors is a critical piece of that.

Umm, no? Admiral created an account that they hoped would be mistaken as an official github bot or something. And then, instead of asking, they threatened disruption of the repository.

So, in summary, they:

* Tried to hide their identity * Tried to trick people into thinking they were Github * Threatened, not asked, to remove the site from the list

Look, I'm okay with them wanting to remove a server that helps inform users that they'd like to show ads on their customers sites. At the very least, though, be honest about it.

Also, bless the EFF, man. Heading over there to donate right now.


And in one feel swoop they've managed to destroy any good will towards their mission and business model.


Also

> 3. Circumventing a publisher’s paywall or copyright access control technology is not OK

Would any technologist who doesn't work for Admiral consider javascript a "copyright access control technology"? (I'm assuming their product is javascript.)


....yes?

But not in the "hide content you've already sent" sense. However, a script that verifies credentials and only then accesses content using those provided credentials sounds like "access control technology".

My reasoning is simple: if I block the script and still see the content, it's not access control; if I have to run the script to see the content, it is access control.


The DMCA only applies to the US. Fork the repo and move on. It's time to forget about American hosting.


What about when the USA sent super cops to rappel into Kim dotcoms house and kick down doors?


Dotcom was accused of doing things that are illegal in both the US and New Zealand (and around 200 other countries...). That's why New Zealand cooperated with the US's extradition request, including raiding Dotcom for the US.


He may not be the best example, but there are others who have been bitten by things as trivial as "routing data through U.S. servers" (including through a CDN).

So I guess the lesson here is: don't do that.



Kim should have chosen a different country. One that isn't so keen on letting the US raid their citizens.


I don't think such a country exists. The influence of American's empire, and its entertainment industry, is pretty vast.


Kim was already persona non Grata in different countries, accused of copyright infringement AND other serious crimes

He should have stayed in Honk Kong

Btw nobody could make you take down a link from a list if you host it in EU.

Not even DOJ It's perfectly legal and it's a protected right


And this is why maybe Trump can have one good effect: By causing other countries to distance itself from the US.


The unfortunate truth is that there are mostly only much more authoritarian countries to fill any leadership void left by the US. As flawed as it is, and as flawed as Trump is, European countries can only step up so much to keep liberal democratic societies as the global ideal.


Maybe it could also help Europe to unify better. I'm certainly hopeful.


My worry is that the current regimes of Russia and China are on the political upswing faster than the European experiment and struggling or young democracies in the developing world can stand the test of time.

Enthusiastic participation by America in upholding the idea of liberal democracy (even when it's imperfectly executed) can tip the scales.

The way that happens is by the head of the government reversing course as smoothly as possible from admiring and praising autocratic regimes to giving hope and comfort to democratic allies. Whether it's President Trump, Pence, or fucking Mark Zuckerberg doesn't make too much of a difference in that regard.


Russia and China come to mind.


Not exactly safe heavens for internet hosting.


safe enough for above adblocker lists

Sweden comes to mind too hosting WikiLeaks, so i am pretty sure some irrelevant ad blockers are certainly not big deal


Dunno, IPFS?


Sad but true :(

If we could only remove the logjam in congress right now to get some real work done... currently the two parties are deadlocked in a power struggle and have completely forgotten why they're there.


> currently the two parties are deadlocked in a power struggle

You mean since about 1790? There have always been two parties in congress (minus the era of good feelings) and they have always had opposing ideology, and have almost always blocked one another's proposals.

It is very naive to think the current Republican congress is anything different or new. Their inaction is intentional - they need to pass their anti-citizen legislation they were appointed for when people are not watching them.

It is also somewhat inaccurate to blame it on "deadlocked parties". The factions within them to varying degrees stifle them. The parties aren't monoliths of ideology that uniformly vote the way the chair swings.

If congress isn't passing good legislation, its because the constituent members of that congress aren't a majority good actors. Regardless of color. Regardless of excuses given.

Politicians always act in the interest of someone. Sometimes its themselves. It used to sometimes be for their constituents (because they had to appease them for votes). Today it is mostly for corporate campaign donors. And those donors want the status quo. They don't want the changes average Americans want. The whole point of their buying and owning of politicians is to impede change. Of course a congress filled with men told to maintain gridlock and prevent reform by their masters will do so, and they do it in a way optimized for themselves - by always blaming someone else and taking no responsibility for the gridlock you cause, your base can just keep reelecting you despite hating congress in general. As long as the voters remain ignorant to this con, the business interests get what they paid for - usually corporate welfare.


This paper tells a very different story: http://journals.plos.org/plosone/article?id=10.1371/journal....

It's true that partisanship and the two-party system have been a fixture of our system from the very early days. But there are matters of degree, and the degree today is at a peak.


There is way more money in politics now than there was in 1790. Hell, there is way more money in politics now than there was in 1970. It's the root of all evil, it really is. Name any malady you want of our current system -- at the end of the day I guarantee you it is in some way attributable to somebody buying influence at some point.


> You mean since about 1790? There have always been two parties in congress (minus the era of good feelings) and they have always had opposing ideology, and have almost always blocked one another's proposals.

That's by design, actually. The goal was never to create a government that can efficiently create a million laws and regulations.

The point of having multiple parties is that each of them will block each other and only the laws and regulations that everybody can agree on will actually get through.

Unfortunately, politicians have been learning to game the system for ~200 years now, and it's not working exactly as designed.

Another big difference lately seems to be that everybody's an extremist because nobody can change their mind or compromise without getting called out in the media for back pedaling or giving up or "working with the enemy" or whatever.


> The point of having multiple parties is that each of them will block each other and only the laws and regulations that everybody can agree on will actually get through.

Gridlock is part of the design, yes. But consensus or unanimity are not. The simple majority rules, except for the cases defined in the Constitution, such as constitutional amendments. The Senate's filibuster is not how the Senate is supposed to function.


> It is very naive to think the current Republican congress is anything different or new

The Democrats are doing now what the Republicans did for the last 8 years. And I imagine in 7 years the opposite will happen.


Are they really though? Is it obstructionism to vote no on something that you wouldn't have voted yes on even if it had come from your own party? Voting no on a healthcare bill that has been given a terrible score by the CBO and most healthcare groups and is going to increase the number of uninsured by millions [1] is not obstructionism.

The ACA was debated and discussed for over a year, it was very moderate compared to what most liberals would have wanted and the democrats had to make concessions [0] just to get 1 or 2 votes and those who voted against it hadn't bothered really to propose anything to the contrary. The repeal plans were rushed, were going to hurt tons of people [1]

Obstructionism is taking something that would usually be a no-brainer or that were your party to have suggested it would have sailed through and turning into a crusade and I haven't seen any of that, unless you can point it out for me.

[0] http://www.cbsnews.com/news/health-care-concessions-irking-l...

[1] https://www.usatoday.com/story/news/politics/2017/07/19/cbo-...


The Republicans control congress and the presidency. With some exceptions, Republicans don't need a single Democratic vote to pass legislation.


Most legislation needs 60 votes to pass the Senate, which means you need at least 8 Democrats (counting the two independents with them). Legislation which Republicans can pass by themselves is the exception, not the rule. One of the problems they had with their health care bill was that it had to fit into the narrow budget reconciliation rules so that they could pass it with a simple majority.


Yes, a hurdle that Republicans already jumped over for the confirmation of Neil Gorsuch and don't need a single Democratic vote to do so again.


Confirmations are quite different from legislation. Most confirmations had already been reduced to only requiring a simple majority. Supreme Court was the only remaining position for which a confirmation still required 60 votes.

There doesn't appear to be any movement toward changing the rules for legislation. If they were willing to do that, they wouldn't have tried so hard to squeeze the AHCA under the budget reconciliation umbrella.


Sure. They can change the rules for legislation in much the same way they were willing to do so for Supreme Court nominations, and do it without Democrats. That confirmation rules are the same as legislation, or that Republicans were willing to use this option is obviously not what I was trying to say.


Don't think it's accurate to say that the Republicans (or indeed anyone else) controls the presidency


Well, the President is the member of the Republicans that is meant to control the presidency. If that Republican cannot control himself then I don't think the rest of the Republicans would have any Democratic obstruction to worry about if they wanted to replace him with someone who does.


Do you have some good examples of what people would consider obstructionism coming from the Democrats? Its easy to find over Obama's 8 years, but how much consistent obstructionism have the Democrats engaged in? Every single minor thing under Obama was an absolute catastrophe, every budget every debt ceiling, pretty much no matter what. For some reason both parties get equal "credit" for the lack of progress but I can't personally see it that way though I try to have an open mind.

When having a discussion with someone about obstructionism I like to point to instances on both sides, and if it seems one side has twice as many that make a difference to me and I refuse do acknowledge that they are truly the same, numbers matter.


They never forgot why they were there, it's just that the reason (self enrichment, both financially and in terms of power) isn't the one US citizens believe it's supposed to be.


also, few (if any) have the understanding of technology to affect appropriate reforms, which leads to industry lobbyists crafting legislation.


what happens when lawyers are elected to congress


Libertarian here-- what makes you think that the two parties working together will increase our liberty in regards to the internet?

The logjam keeps the parties from working together to create new inefficient programs, expand others, increase spending. The logjam is _great_ and frankly I hope it continues.


Would forking really help or is it because it's hosted on github? I mean US citizens would still contribute. Together with a lot of people from other countries. But moving it to a European server with a European domain should increase their safety from those takedown requests, but also limits their impact when you're not on github anymore.


I didn't get what the hell happened.

So, Admiral—an anti-adblocker company—contacted EasyList and told them to remove a domain from their list. This domain was a server they needed for their anti-adblocker platform to work.

EasyList told Admiral that they would only do it if GitHub agreed, so Admiral contacted GitHub and the domain was removed from the EasyList list after GitHub told EasyList they should comply.

The "attack" is that any company can tell lists to remove their website via using a DMCA violation, so lists become useless.

I have two questions:

1. how would a domain name on a list violate copyright

2. why aren't lists hosted anywhere else but the US so that they can't be controlled by DMCA requests.


Frankly parts of this summary sound like the Admiral spin on things.

> So, Admiral—an anti-adblocker company—contacted EasyList and told them to remove a domain from their list.

In reality, a new Github account made a comment on a commit. That account had no identifying details to link them to a company, person, or anything else. For all intents and purposes, it was nobody.

The account is @dmcahelper on Github. It has a marketing blurb in the bio (which mentions no companies or individuals' names) and has starred one repo, Github's dmca repo.

> EasyList told Admiral that they would only do it if GitHub agreed

A reply said that, essentially, "if you're Github and trying to tell me something, a brand new account isn't one of the channels I'm listening on."

(Anonymous) Admiral didn't reply to that comment.

IMO EasyList had no choice but to thoroughly ignore that comment, as it would be ridiculous to act on it.


Oh, no... Now I'm confused again :-/


IIUC, the DMCA says that if there's some technological mechanism X that's used to enforce copyright, and a tool Y that is (or can be) used to circumvent X, then making or distributing Y is itself illegal (as opposed to the act of using Y to circumvent X, which is already illegal even without the DMCA). The DMCA then provides a notice-based method for 'taking down' online copies of Y.

In this case, X is the Admiral technology. Copyright owners use it to control access to content. However, an adblocker with Admiral's domain on its blocklist is a tool Y that circumvents that.


What does ad-blocking have to do with copyright circumvention or copyright enforcement? The only think on that list is the domain name.

I'm certain that including a name in a list does not fall under copyright (ample precedent that backs it up). In the unlikey (and unfathomable) case that it is protected under copyright, I bet it would fall under fair use.

Trademark law isn't relevant to an entry in a machine database.


I think the argument would be that, say, the New York Times wrote an article, and that article included ads for their sponsor. This third party tool is making unauthorized edits to the New York Times' copyrighted material.

I'm a hardline free speech dude, but I find it difficult to justify "We changed around your copyrighted work to remove stuff we decided we don't like." If you don't like ads, pay up or go elsewhere. You do not have a right to anybody else's IP.


>This third party tool is making unauthorized edits to the New York Times' copyrighted material.

It's not a third party tool. It's a tool used by the first party (user) to modify information that was sent to him without effecting the publisher. I don't see how the publisher has any authority over what the user chooses to do with the information he obtained.

> I find it difficult to justify "We changed around your copyrighted work to remove stuff we decided we don't like." If you don't like ads, pay up or go elsewhere.

That's an interesting take on IP rights. By generalizing your argument, would you argue against newspaper snippets because a reader would only collect the article without adjacent ads? (with scissors made by a third-party, no less.)

> You do not have a right to anybody else's IP.

Fair use, Noncopyrightable items, old expired IP, and the public domain are all examples of rights I have to others IP. Rights have been - and I hope will continue to be - balanced between the concerns of IP "owners" and the rest of society to best serve everyone's interests. Tipping the scale in one side's favor like what you advocate here will disrupt that balance.


For the sake of argument, there's a difference between someone's IP and the wrapper it comes in. I'd be more than happy to pay for an audiobook through Amazon (or just get Audible), but until a recent hardware upgrade, I literally couldn't listen to them on the device I had access to during the period I had time to listen to them because Amazon decided I had to have their software to do so. So I found another place I could get the actual content in a different wrapper that did let me play it on my old Sansa+Rockbox (Downpour, if anyone's wondering). I'm more than happy to see an ad beside or before the main content, but whatever site I'm on did not make the ad and taking it off the page is no more changing their IP than taking a black marker to a physical newspaper.

I do block ads, though, despite actually wanting to see them to support the site. My problem is in the potential for viruses and tracking, and while that's a separate issue a few other threads are already talking about, there's been disappointingly little actual progress in making sure you can browse safely without resorting to nuking everything. I've been following the development on Brave because their proposed methods seem like one of the few ways to actually make it work.


> We changed around your copyrighted work to remove stuff we decided we don't like.

That is totally ok. For example, if I record a video from TV and remove the ads is that a violation? I think it is not as long as I use this video for myself and do not distribute it.

Copyright laws should not regulate what I do in my house or on my computer. I should be able to modify any copyrighted work as I wish as long I am not redistributing it (and yes, I should be able to inspect and patch copyright protection schemes too).


> I'm a hardline free speech dude, but I find it difficult to justify "We changed around your copyrighted work to remove stuff we decided we don't like."

How?

How can that possibly be hard to justify for anyone that even believes vaguely in the notion of freedom, much less someone "hardline"?

Do you think I break the law (or ethics) if I take the ads insert out of a newspaper I buy without reading them? How about if I hire a secretary to do so?

> This third party tool is making unauthorized edits to the New York Times' copyrighted material.

At the request of the first party (you) after receipt by the first party. They're not packaging it up and reselling it, they're automating your curation of a work you legally own a copy of for the purposes of your own consumption.

> You do not have a right to anybody else's IP.

Then the NYT should stop giving it away free.


I get in a lot of arguments with dudes who believe they have a right to stuff other people made without payment or consequence. The last one I remember is a bunch of DJs who didn't want to get permission to use samples.

I find the arguments pretty spurious and it's best not to engage.

It's their website. If you don't like their website, we got a whole other internet to enjoy.


This has nothing to do with believing that we have right to other people's work without payment. The fundamental issue is that these publishers are allowing public access to their work than expecting to have some control over how it is consumed. Hanging your painting in a public park and then demand that people not wear sunglasses when looking at it, or demanding that onlookers look at it sideways would be absurd. Don't hang your paintings in public parks. Hang it in a private gallery, and make no-sunglasses a term for admission.

Publishers would be better served if they restricted their articles, by demanding payment upfront before serving the article, rather than unreasonably and unrealistically demanding that people consume their content in a certain way. Don't blame your users for your failed business model.

As a side note, Copyright is not the place where this issue should be tackled as no copyright is being infringed (Content is not being redistributed).


It is their website but after I download the content to my hard drive it becomes my files and I can do whatever I want with them privately (as long as I do not redistribute it, claim authorship etc). That is how copyright should work, but of course the actual laws might be biased to the interests of some party. There is nothing new if you learn the history of human society, some groups of people always wanted to have more rights than others.


Two points:

Free sampling for the purposes of cultural remixing is explicitly built into (US) copyright (across media) as a mitigation to some of the harmful effects of artificial monopolies on culture. It's a compromise between those who think artificial monopolies are the only way to encourage the creation of culture and those who view such contrived monopolies as a net negative. There's a fundamental difference between copying and stealing. You seem to be intentionally conflating them by using phrases like "stuff other people made". It's not really "stuff" that they're "taking" and the copy is made by the copier, not the original composer. Nothing has been taken besides the right to artificially restrict the behavior of other people for the purpose of rent extraction.

Secondly, they give me a copy free when I request it. It just has ads included. But there's no reason I'm obligated to read the ads. It's exactly the case where they give me a free paper with an ad insert and I have the secretary throw away the ad insert before I read it.

Do you think I'm a monster because I throw out the ads in my weekly periodocal unread?

(For the record, I'm taking about ad blockers, not bypassing paywalls -- I generally just don't go to those sites. Your arguments hold more weight when discussing bypassing paywalls.)


Admiral's domain serves software that enforces access restrictions to copyrighted content. Including their domain in an ad-blocking list is a way to circumvent the restrictions.

Whether distributing a list of domain names counts as distributing "tools" or whatever the exact language of the act is, I don't know. This other subthread contains a better discussion: https://news.ycombinator.com/item?id=14991624


I doubt failing to contact a server would circumvent DRM. Blocking their servers would only make their DRM scheme fail and prevent access to said copyright material.

Using the DMCA to protect company's defective and flawed DRM scheme does not constitute circumvention. As such, I do not believe that DMCA's anti-circumvention laws are relevant.


They might use a scheme that would allow access by default and block it with a script from that domain. So blocking the domain becomes a circumvention (today I finally learned how to write this word).

Or that domain could be used to collect views stats for copyrighted content and make decisions based on that stats. Blocking this domain is obviously messing with copyright protection scheme which is illegal inder DMCA.


For example, the web page with copyrighted content can load a script from admiral's domain that would check whether a user is allowed to view the page or not. Adblocker is blocking that domain and therefore circumventing copyright protection scheme which is illegal under DMCA.

The people who invented this are really smart I must admit.


please show me on the doll where easylist caused copyright infringement.

admiral provides some service. some people do not want it. the list is not owned by admiral and easylist does not go into the functionalclam website, nor is it a list of results to copyright material. what exactly does a text file do to violate the dmca? this is setting a dangerous precedent.


Did you understand the comment you replied to?

The DMCA is not just about direct copyright infringement, but also about preventing the circumvention of technological protections for copyrighted content.

No one is saying there was copyright infringement here.

You can think that this is super bogus (I sure do) but make sure you understand the nature of what you're mad about. ;-)


What about this?

- Host content A subject to copyright on site X

- Devise platform Y on site Z whose claimed role is to check whether user has rights to access content A

- Send DMCA on any list or apparatus that tries to block site Z on the ground that it would be a circumvention attempt of platform Y to unlawfully access content A

- Piggy-back on platform Y to do some tracking/stat building about ad-blocking

- Manically laugh at your brilliant scheme

Note that content A and site X could literally be anything and anywhere, possibly even as trivial as a haiku such as "our hard work / by these words guarded / please don't steal". It doesn't even matter that no one is ever meant to ever see the copyrighted work. In this case the copyrighted work could very well be the text/image displayed when ad-blocking is detected, making A == Y and Z == X to confuse everyone while they think this is about displaying ads W.

To sum it up: ad blocking enabled -> copyrighted work displayed -> user views content unlawfully -> ad blocker just circumvented a technological restriction intended to prevent this -> DMCA applies.

Another possibility is that platform Y is preventing ads W to be shown to a certain theoretical group G of people, hence if you are blocking Y, control about W cannot be enforced, whether you were part of group G or not (and of course you were not, but then even though you're not infringing on copyright about seeing W, you're still infringing on circumvention of a device intended to control copyright of W).

Totally roundabout, entirely bogus, but hey, not the first time such heavily pictured crap could still hold water in court.


That is smart but the primary reason why that is possible is the copyright laws that are biased towards the interests of copyright holders.


Blocking a domain does not circumvent any copyrighted content distribution

It's like saying that turning off TV block the distribution of GOT hence is a tool to circumvent HBO copyright


The mechanism in place here is that the domain provides code that sites use to will block content if the visitor is using an ad blocker. The argument being made is that by preventing this code from running by blocking the domain, the site thinks you should have access when in reality, they don't want to serve the content up to you.

As for your TV comparison, the better comparison is probably with satellite TVs, where you are just decoding signals being sent to you anyways, and if they don't want you watching those signals, they shouldn't send them to you. It's not the same, but it's far closer than your comparison.

Note, I'm not backing either side with this post. Only explaining the argument so you have a clear understanding of the issue at hand. Whether you agree with it or not is immaterial, but understanding the rational is important.


again, what does a text file do to violate the dmca? what's next, a 128-bit number?

IANAL, so i guess until it goes to the court and is decided, we won't know.


The complaint alleges that text file is used to configure software in such a way that it the software circumvents their copyrights, thus the text file itself is a tool for circumventing copyright and violates DMCA.

It's just super dumb, really.



Actually, yes.

This number is illegal: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0


Ahhhhh. PERFECT. It looks like the counterargument here is that easylist itself isn't used to circumvent admiral, it's only a list. Other things, like ublock, are the ones that use the list, and are actually blocking admiral.


Whew I had no idea wtf until this comment, thank you.


Oh no, now I'm confused again... :-/


Thanks, I understand better now.

If Admiral enables paywalls, then I kind of agree with Admiral.

If companies want to put paywalls, circumventing them is kind of like jumping the gate to see a concert for free.

I always hit the back button, but publishers should be free to put up paywalls (no idea why they don't do it server-side, but that's another story).

So, I guess the article or at least the title are a little sensationalistic?


They shouldn't send the content before they check if the user has paid to view it. Otherwise if they send the content to anyone who requests they can't complain when I choose what does and doesn't run on my computer.


Here's the thing - if blocking the loading of your protection script from a third-party server is all it takes to bypass your paywall, haven't you really, really screwed up?

Surely it should be the other way around - the paywall doesn't let you through unless the code is accessible and gets run?

I'm not going to try and claim people wouldn't be so stupid as to try to implement it this way...


> I'm not going to try and claim people wouldn't be so stupid as to try to implement it this way.

They aren't stupid: they are incredibly intelligent.

It was implemented this way to weaponize the DMCA, plain and simple.


If it's actually to protect anything, it's dumb, as it's defeated by whitelists, filters or even poor connections...


Just move the list on a server in Iceland

Game-set-match


If your paywall can be circumvented by not making a single http request then the problem lies in bad software engineering, not the law. What happens if I'm on a slow connection and that request fails? Do they get to send the FBI after me since I'm suddenly a criminal?


> If Admiral enables paywalls, then I kind of agree with Admiral.

I do and I don't. I think paywalls should be allowed to happen, but I don't think EasyList is circumventing paywalls. The companies that use EasyList might use it to circumvent a paywall, but what they do with a list of domains is up to them.

If I grabbed the EasyList repo, there's no way I could use it to circumvent a paywall. Nothing in that repo carries that functionality. It's not a matter of semantics or mincing words, either.


> EasyList told Admiral that they would only do it if GitHub agreed

I don't understand. Why would GitHub have to "agree" that EasyList removes a domain from their own list (for whatever reason)?


The idea of "removing" a name seems technically unreasonable too. Lists may legitimately be pattern-based (like "ads.*.net" for instance, where ads.targetdomain.net technically matches too).


I hate to say it, but the ad-blocking community is handling this problem the same way governments often handle things: Reactionary instead of pro-active.

The real source of the problem with ads, is that almost every ad network allows ads to be self posted with little to no filter. This opens us all up to the abuse from ads we've been experiencing for over a decade now.

Could you imagine what would happen if you were allowed to self-post an ad on television without the network manually approving each one?

It's time to hold ad networks responsible for their own content. If a virus spreads because of their ads, THEY should be sued, just like MTV and others were when they violated FCC decency rules during the Super Bowl.


I like NPR's approach to broadcast ads: their own commentators read a short little script, rather than playing an audio clip that was provided to them. There are various ways this can and has been applied to Internet ads, like making them text-only.

On the other side of things, I would love to see a search engine that pushes sites down in its rankings proportionally to the obnoxiousness of their ads.


I dislike this more. I can identify most ads quickly and mute them, while on a network like NPR I might be expecting something, you know, interesting until 20 seconds in I realize it's an ad.


"I like NPR's approach to broadcast ads: their own commentators read a short little script"

This is not always true - for instance, the "brought to you by" slots at the beginning of the PBS Newshour are advertiser-supplied audio clips.


but NPR and PBS are not the same thing.


From a recent WSJ article about anti-ad blocking companies:

“We really think the free internet is at risk because of ad-blocking, so these types of solutions are needed to turn the tide”, said Dan Rua, CEO of ad-blocking “revenue recovery” company Admiral, which recently raised $2.5 million to help build its platform."[1]

It's amazing how selective the CEO's concern for the "free internet" is. Threatening community github repos with DCMA takedowns is OK though?

[1] https://www.wsj.com/articles/the-rise-of-the-anti-ad-blocker...


From Dan Rua's LinkedIn:

>The power of the internet to inform, entertain and liberate mankind is at a crossroads. The future of ad-supported content is in peril, and with it, free access for citizens to critical news, education, discourse and resources the world over. The shorthand name for this looming catastrophe is "adblocking"

It's like a pimp claiming the human race is going to stop reproducing and die out because people don't want to pay for their prostitutes


Ads are a plague that drive content creators toward ever increasing shock value just so that they can get clicks. Quality be damned, views are all that matter.

I would say this is more damaging.


Usually the "free" in "free internet" refers to free-as-in-speech but it sounds like Dan Rua means free as in beer. And it's true that companies are more likely to put up paywalls if they can't make money with ads but he's using the term "free internet" in a misleading way.


It's amazing that they are so uneducated about DMCA. This is called defective DMCA notice, and it should be ignored. The sender of the notice can now file a suit, since the publisher of the list is no longer under safe harbor. But they won't, since they know it is defective. And if they did, it would be thrown out with a summary judgment.


What, specifically, was defective about the notice?


The notice does not list the copyrighted works that are being infringed (I.e. made publicly available). This is the necessary element of a valid DMCA notice.


It made me curious, too. All DMCA takedown requests I saw contained this element - except this one.


Wasn't the takedown request for a circumvention technology versus any specific works?


In this interpretation, the list of the specific copyrighted protected works that they provided a circumventing technology to access, is absent from this notice. I believe no legal theory works here, and I can refer them to a capable law firm if they are interested.


> What copyrighted protected works did they provide circumventing technology to access?

Anything behind a paywall. I'm not defending what they did. But I sort of understand how it could be permissible under the DMCA. (A law regarding which the EFF and I share many opinions.)


DMCA is for copyright violation.

What copyright was being violated here and how?


Apparently the copyright of web pages behind a pay wall. Blocking the domain causes their pay wall to not work - they probably load pay wall scripts from there - and allows unauthorized users to view their client's page without compensating them.

It's similar to having a movie theater with a locked door. We want to see the movie, but we don't want to pay, and distributing lock picking tools is illegal. And their door is "designed to only stay locked when a light is shining on it".

Here again, we are using technology to disrupt old laws.


There has been a growing trend of websites that will ask me to either:

a) whitelist their site in my adblocker b) or subscribe to their monthly subscription and keep reading their site with adblocker


I've said this before, but it bears repeating. "Unblock or Subscribe" misses the point. The the point is this: I don't trust you.

I don't trust you not to show me scammy ads, load 2MB of tracking JS, maliciously redirect me, or generally ruin my overall user experience with your content you claim is so valuable. So I run an ad-blocker. I'm blocking your infrastructure because I don't trust it and blocking your ads because I question your judgement.

And the only other option you offer me is for me to give you my credit card number!? To infrastructure I don't trust and to a company whose judgement is in question.

Nope.


So consume content from providers you trust.


Which results every single time in choosing option C: the browser back button.


Or D: add the popup asking me to disable my adblocker... to my adblocker.

Only works on some sites, but where it does it's effective.


If I'm really interested, I might open the inspector and delete the offending div, but often scroll is still hijacked or I'll delete div after div up the stack only to accidentally delete the content too.

It's a pain and it's often easier to use the cached version from a search engine or some archiving service.


After you delete the div, go to the body tag and delete the relevant class, or add style="overflow: auto !important;" to the body tag.


I'm quite fond of the "Kill Sticky" bookmarklet

     javascript:(function()%7B(function%20()%20%7Bvar%20i%2C%20elements%20%3D%20document.querySelectorAll('body%20*')%3Bfor%20(i%20%3D%200%3B%20i%20%3C%20elements.length%3B%20i%2B%2B)%20%7Bif%20(getComputedStyle(elements%5Bi%5D).position%20%3D%3D%3D%20'fixed')%20%7Belements%5Bi%5D.parentNode.removeChild(elements%5Bi%5D)%3B%7D%7D%7D)()%7D)()


Usually two or three times because fuck sites who hijack browser history because I scroll a little too far


That's what open in new tab is for.

Close tab is way better than back. Easier, more consistent and faster.


Use the mouse wheel/middle button. Will open a new tab when you click on a link and will close a tab when you click on the tab. This changed my life.


too fickle: half the time I endup also scrolling. ctrl-click is far more predictable. Same result, less "trying to press a thing designed to roll".


On most mouses that's not an issue (assuming no motoric problems). Ctrl-click, on the other hand, requires the use of both hands in most cases.


I've never had a mouse where it wasn't a problem. I don't buy uber-quality mouses, so I'm down in the trenches with the vast majority of mouse users with moderate-to-low quality hardware.

I'm also often using a laptop, on linux, and I do the middle-click-simulation (both buttons at once) with two hands, which is really annoying. I suppose I could fix it.

Also I always have my left hand on the keyboard, so for me it's not a problem to ctrl-click.

Ctrl+click doesn't work on a tab, though--have to hit the X.


My laptop has a middle click button ;)


That's a cool trick. Thank you.


It's fine if they're just letting you bookmark the particular spot in the page, but this is what replaceState is for. pushState is definitely wrong.


That's most likely a well known issue WITH adblock, not the site.


Typically, I find that toggling Javascript Off works - like with Wired.


Some of the websites that do that have solid content though. Not good enough for me to pay them though so I end up clicking the back button and using alternative sources.


soon, someone will implement one-subscription for online content - something like netflix.


You realize that everyone CBS, Disney, everyone is starting their own subscription service and (for many) pulling out of Netflix.

Besides grasping at maintaining stranglehold over distribution. They are hoping to replicate the cable model. Pay for the base package where all the crap no one wants is, then pay for all these extra premium packages.


It's kinda like the channels a-la-carte they've fought against for two decades.


This idea has been Coming Soon for decades. But maybe that's ok.

I really like that I can visit the vast majority of links I click on for free.


Do you think this will collapse if adblock becomes 90% ubiquitous?


Well, the sites that currently fund operations through ads would have to fund them some other way, right? I think many of them would transition to other business models, scale back, or go away completely. I think you'd also see a sharp rise in types of sponsorships that look less like traditional ads and aren't as blockable, like when The Onion has funny original content about cooking at home brought to you by Blue Apron.


Already happening in some form with Blendle. It will always be bundles though, the internet is too huge.


why? what if sites are rewarded based on time user spends on it actively? what if websites just sign up to be part of the network, and uses common api (think: subscriptionService.isPaidUser() { show content } else { say "sorry" }


I always enable ads on a URL if it asks me to (provided they don't over advertise/have spammy advertisements), kind of already feel shitty about what is effectively stealing content for free so those notices just make me conscious of the guilt.

I wonder how others rationalize blocking ads and not subscribing either but still feeling entitled to access the content.


I block all ads because my safety is a higher priority than the site's profitability. Internet ads are a malware vector, with no accountability. Also, advertising companies have made an art out of psychological manipulation; I protect my mind by filtering their input from my senses.

Just saw your subscription update. Why would I subscribe to something that I am unlikely to return to?

The only solution that I can think of, are micropayments. Perhaps this financial pressure will motivate the powers that be to eliminate roadblocks to its implementation.


I don't feel guilty about it, just like I don't feel guilty about not reading ads in magazines or newspapers.

If you put something on the web, and you want me to pay for it, put up a paywall. If you want to instead serve ads, don't expect me to read them (or load them, even). My bandwidth, my decision.


I don't feel entitled to access arbitrary content. But by the time a web server has already sent it my way for free, I don't give any fucks. If they can't afford to do that, then they shouldn't do that. But they probably do it because they can afford it, and find it profitable enough. I'll be happy to leave if the site sends me a paywall instead of content.


4) accessing the site via archive.is or similar service.


That's honestly what they would prefer if you're not going to make them any money. It's fair to both sides.


I'm surprised no one has mentioned this alternative: disable JavaScript.

It's fairly easy in any browser to create a list of websites to ignore JavaScript on.


Doesn't disabling JavaScript these days pretty much break all websites? Or do you disable by default, then keep a whitelist?


To me, disabling JavaScript often tends to fix websites. I consider ads, animation, interactive menus, scroll-hijacking, malware, and auto-playing videos to be broken functionality.


Depends on what you define as “to break”. Of all the sites I use most remain very much usable even without scripting support, but certainly some functionality is often lost (whilst performance, on the other hand...)


I see some disagreement with you, but I am somewhat of the opinion that I agree (though I don't think it's a great "common user" solution.)

ScriptSafe is running and I allow some sites, trust a few domains, and the rest get, at best, temporary access to run local JavaScript if specific content I want isn't loading. I get the feeling the majority of sites don't even function without JavaScript at this point, and some intertwine their ad system with other "necessary" JavaScript, so it's tough to surf the web without some hassle.

I don't think this is a perfect or even passable long-term mainstream solution.


doing so breaks an increasing number of sites. "so don't visit those sites" is the common response, and is fine as general policy, but sometimes isn't an option.


I have noticed that blocking scripts makes the pages of most local television stations break.

But then I look at the list of 50 different domains blocked on the page, and I am not sorry--not one little bit. I don't really need to watch your little news video that badly. And I certainly don't want it to autoplay.

They are by far the worst offenders among sites I am likely to encounter frequently, as destination links from aggregators and social media. Newspaper sites are far more well-behaved with respect to their scripts, but also more likely to directly monetize the page view.


If disabling JavaScript allows you to circumvent copyright access controls, you're right back where you started ostensibly violating the DMCA.


Yep. I do it in a slightly different way. I have uMatrix installed as a browser add-on to help control for privacy, fingerprinting, security etc. But it can also be used for stuff like this. Simply disabling scripts on many sites' root domain and hitting refresh solves paywalls and adblock prevention on a fair amount of sites. For others it obviously doesn't work and nothing will load, but it works on more than you may expect.


uMatrix rocks. It can take a few minutes of fiddling to get a complex site working, but it's totally worthwhile.


It only works for some sites.


Unless it's The Atlantic, which blocks all article access from my iPad even though I'm a subscriber. I can read their content only with a computer-based browser (with ad blocker, of course).


I contacted them about this, actually. I subscribed to The Atlantic's digital edition expecting ad free: it turns out you need to specifically get an ad free subscription from them. The one offered on the block page is what you need or it doesn't count.

Bonus: After I asked The Atlantic, they partially refunded my subscription and a magazine arrived at my door (for my now cancelled and partially refunded digital only subscription).


Well, it sounds reasonable to ask that question if so many people have Adblock installed?

I have always blocked ads and always (try) will be, but I this is the outcome from Adblock going mainstream. Yes, the ad networks/sites were the reason in the first place, but it doesn't matter. Another side-product is (hidden) "native advertising"... so many tweets/share/likes are purely marketing. That gay marriage article Madonna tweeted? Think twice before you believe he does it out of morals, most likely she is being paid to share that out with her audience.


I click on "Reader Mode" in Safari, and see the content without the pop-up, which I don't have to click or touch in any way.


I have just been blacklisting those sites for myself. I haven't missed out on anything yet.


How would you know what you missed, since you missed it ?


I just globally turned of javascript, then enabled it on a site-by-site basis. I have been against this for a long time, but turns out I was wrong, and as a site effect this prevents most ads (it also makes sites loads fast).


Call me crazy, but this seems like a pretty honorable scheme for profiting off of content.

Someone put effort in to create content, and has the option of putting this kind of paywall up. There is a consumer choice made to sell their own attention by viewing ads, pay a subscription fee for the content directly, or just move on to free content elsewhere.

That said, most places where you pay the subscription fee will ALSO show you ads and silently sell your data, but still... The above scheme feels reasonable in principle.


Adblocking, at this stage, is about personal safety. Ad networks are demanding the right to execute arbitrary code on end users' machines, and have shown themselves to be completely incapable of vetting that code, leading to ad networks being a common and persistent malware distribution channel.

Which means that using the best available adblocking technology is a necessary personal-safety step on the modern internet.


Perhaps. They are losing people like me though. I will never pay for a subscription to read a website and I will continue using adblockers to get rid of annoying ads.

But they could still profit from me. There are less annoying ways to monetize which I might accept.

For example affiliate links to buy products I am interested in (books, video games, gadgets). I'd be willing to pay % extra for some nice product in order a fund a website which pointed me to it. Or extra traffic I'd refer to their site.


There's no way that affiliate links can pay the bills for publishers; numbers don't ad up (otherwise everyone would do it, and no one does -- well, actually, there's extremely limited situations where it works in some consumer corners, but those situations are limited and the total amount of revenue is also very limited). And how much extra traffic are you really going to refer? Ads are sold on the thousand -- $X per thousand (consumer can be cents up to maybe $8, B2B much higher). So even if you referred 200 people that's not even worth any effort. Unfortunately, if you're not going buy a subscription, register for a paper or click on an ad, you're probably not worth anything to the site anyhow.


But they would not make any money via ads from me anyways. I never click ads unless I do it accidentally by mis-clicking. So even with disabled adblocker I'd just lower their CPC (cost per click). So it costs them nothing to let me read their website with adblocker and there a tiny possible upside from me referring more traffic to them.

Either way I assume people like me are a fast growing part of millennial population so their business model based on ads is doomed to fail anyways.


Ads are far more influential than you think, clicking on them is not the only they care about nor the only way they are paid.

Also the ad business is not going anywhere, the tech will evolve and you'll start seeing more native advertising and sponsored content.


Click throughs aren't necessary for advertising to work. A lot of it is to prime your subconscious, or strengthen associations. This is why Coca Cola doesn't care if you click through. Same with car companies. When most Americans think of soda, they think of coke. If you prime their subconscious to associate soda positively with thirst, and soda is similarly associated with Coke, you've got them.


> But they would not make any money via ads from me anyways.

Then perhaps you are not their target audience, and they won't miss you.


Some sites still monetize (minimally / part of the time) with impression based schemes.


I don't understand the distinction between intentionally overpaying for products to benefit a website and just paying the website directly. Also, not all websites can (or should) talk about products.


Why would they care about extra traffic referred to their site if they can't profit from traffic (other than with even more traffic)?


Publically accessible content simply wants to have their search engine pie (public content) and eat it too (paywall).

Ad-blocking makes sure they have to make the hard choice of putting content behind authorization. A user-agent's job is simply to be the user's agent, and not the publisher's monetization platform.


Is this a complaint? I find this perfectly reasonable if you're browsing their content which they would like to be paid for.


I think it's fair game to say "Our newspaper pays for quality journalists to do quality journalism, please consider subscribing or not using an adblocker on our site".

I prefer this to the WaPo model of paywalling or having a limited number of articles.

I do object to the Bloomberg model though, where they say "We notice you're using an ad blocker, which may adversely affect the performance and content on Bloomberg.com. For the best experience, please whitelist the site."

Wth? No way. Please ask nicely, no FUD.


I agree it's fair game. But I think that message needs to recognize why I blocked those ads in the first place. It's not because "I don't like ads" or "I don't want to support you". It because the ads you were showing sucked: they bogged down my computer and they were malicious.

I would very likely unblock a site if they spoke to that. "We've taken numerous steps in the last 3 months to increase your privacy and eliminate bad, bloated, malicious, and frankly user-unfriendly advertising. We value and will not abuse your trust in allowing us to share advertising with you."


Absolutely agree. And for really large sites such as major news sites, there really isn't even an excuse for using any of the "normal" ad networks. There should be (if there isn't already) an ad network with only acceptable non-tracking ads that just show dumb images to people without worrying who sees shoes and who sees cars. I accept a shoe ad as relevant next to a shoe article, not because a Facebook friend sent me a PM with a picture containing a shoe yesterday.


> Please ask nicely,

Asking nicely doesn't work.


So being a dick about it will? It hasn't worked so far for me. I still block, and almost without exception still get the content.


The verbiage isn't exactly assaulting anyone, and it sounds like you're being the dick if you can't see why publishers would like to make money.


Right, because they aren't earning revenue otherwise.


Admiral's product is so poorly designed that it requires cooperation from the browser to work? That violates rule #1 of client/server programming: never trust the client. Instead, they have to abuse the DMCA to cover for their uninformed engineering choices.

This is despicable.

"Here hold this copyrighted content in memory for me, but don't make any other copies of it because, uh, you don't have the license to make copies of it. Except for, uh, the one that we sent you? To hold in memory? Look, computers are magic.

Nevermind. DMCA!"


No, they knew exactly what they were doing.


It is designed perfectly and it works as we see.


Note that the offender's privacy policy [1] appears to let users (e.g. you or me) contact support@getadmiral.com "to know whether their Personal Data has been stored and [to] consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons."

[1] https://www.iubenda.com/privacy-policy/347981/full-legal


Via https://github.com/easylist/easylist/commit/a4d380ad1a3b33a0... by one of the Easylist maintainers:

> If it is a Circumvention/Adblock-Warning adhost, it should be removed from Easylist even without the need for a DMCA request.

Anyone know why he's saying this?

Edit: I guess he's referring to the following via https://easylist.to/2013/05/10/anti-adblock-guide-for-site-a...:

> Anti-Adblock should only be challenged if the system limits website functionality or causes significant disruption to browsing


I didn't realize that anti-adblock lists were generally maintained separately, and this comment tipped me off to it.

If you're using something like uBlock, it might be worth going into Settings -> 3rd-party filters. There's a few lists in there which are not enabled by default that are curated to work around anti-adblocking technologies. For example, "Adblock Warning Removal List".


If you're going into uBlock's settings, don't forget to add the domain this whole this is referring to (functionalclam.com) to your custom block filters.


Could this comment alone be considered infringement and be subject itself to a DMCA takedown? You are instructing someone how to potentially bypass security measures for copyrighted works? /s


Some adblocker lists maintain blocks for anti-adblock messages separate from blocks for ads, which allows people to choose which they block.


> Anyone know why he's saying this?

Because their business model depends on it working.


I believe EasyList only accepts ad servers onto their list as a general rule, not adblock warnings/blockers.


I have a very unpopular opinion that pulls me in two directions.

Advertisements have exceeded the point of being a nuisance for many years. But adblocking is a fight that solves symptoms and will affect more than just advertising in a negative way.

The best parallel I can draw is to the Napster era when pirating music cut off the head of the chicken in the industry. Hollywood and like were refusing to adjust to digital downloads and streaming. Part of this was due to the fact that it would drive down profits. But people started pirating the content and getting it for free so they lost money anyways. It's not impossible, but it has become more difficult for artists to break into the industry (along with competition) because of the margin of profitability.

In that same vein - publishers and advertisers have resisted the market and have bled their visitors for every penny. Finally the users stood up and said enough is enough - and now we have adblocking. The problem I have with adblocking is that it doesn't resolve the problem, just the symptoms. Adblocking pushes out smalltime publishers whose only revenue are these obtrusive ads. The "big guys" can stay alive as the reduction will be drops in the water for them. The way I see adblocking is that it will only drive the publishing industry further towards monopolies who will push the little guys out. And once you are getting all your content from 1-3 sources and the little guys are gone - there's nothing to stop them from becoming the same monoliths that exist as Internet Service Providers. They control the means and have no urge to change.

I stand on the fence, wishing there was a better solution to this problem but some times the only way to bring change is to burn it down first and start from scratch.


> The best parallel I can draw is to the Napster era when pirating music cut off the head of the chicken in the industry.

I don't think this comparison holds up. Napster was a peer to peer network where publishers of the works being downloaded had no control over who was able to download what. By contrast, web publishers have extraordinarily fine grained control over distribution of their works.

For example, when I connect to nytimes.com to read some news, I politely ask the nytimes.com servers for access by saying:

  GET /some/article HTTP/1.1
The NYTimes, or literally ANY publisher on the web, have the option to say no right there for any reason. They are under zero obligation to give me access to content I'm requesting.

If publishers are upset about people reading their content without displaying ads, maybe they should stop giving it all away for free.


> If publishers are upset about people reading their content without displaying ads, maybe they should stop giving it all away for free.

Hence, monopolies. Small timers won't be able to afford the lack of revenue.


Advertising has crossed that line much earlier: at the beginning of the 20th when advertising stopped being based on facts and started being about emotions.

Current advertising is immoral because it is trying to shut down our rational thinking to drive us into consumerism that is destroying the world. This goes even against the basics of the free market idea.


The tools for "ad blocking" are NOT just for ads and arguably ads are their least important function lately. These days I am far more likely to use element-level blocking tools such as uBlock Origin to maintain my sanity in the face of TERRIBLE web design.

Now that I can make any stupid popover or poorly-placed "div" go away forever, I'll never go back.


> it has become more difficult for artists to break into the industry

I would argue it's easier than ever for artists. Anyone can easily get their music onto a variety of sharing and download sites. You don't need a studio to record and produce your music, you can do it on a laptop. And you don't need to make physical copies of your music anymore.

Sure it's probably hard to break out of the "noise" of all the artists doing the above. And it may be harder to actually make money as a music artist. But that's never been easy. In the old days unless you were a true supergroup the studios ended up with most of the money.


There are solutions. Things like Patreon:

http://penguindreams.org/blog/how-patreon-is-disrupting-yout...

Patreon is interesting because they host no (well very little) content, and can help some creators with a tip jar (some make $10/month) and others with a sustainable wage. It's a more well though out Flattr.

..and the thing is, everyone gets the end creation. Supporters get some extras or behind the scenes or rewards, but a small subset of fans can essentially support big projects that are often made available to everyone. Some youtubers use only Patreon and have removed all sponsored content/ads.

Support via ads is really not the way to go. To quite David Firth: "...Advertising is dog shit anyway. I don’t like all that subliminal suggesting; it’s poison..."


All of this adblock tech works on domain blocking for the most part. If they wanted to, they could host the ads on the first party server and most ad blocking wouldn't work anymore.

They haven't yet, so it hasn't gotten to the point where they have been forced to. This adblock whining / detection lets publishers keep third party ad hosting and reduce adblock usage.


IMO: The problem is an economic one. Our economic models are so out of touch with reality that there's no way to solve this peacefully within our current system.

There's no reason for middle-men or gateways in distributing digital media anymore, but we still don't have a reliable alternative to pay the artist. The distribution middle-men used to do that.


This is the problem that is grabbing at me. Well put.


As I understand they're using copyright laws not to prevent me from copying content, but to preventing me from not consuming content.

In other words, the copyright law is used to force content consumption.


you better not watch Black mirror 15 million merits


>"This domain accepts GET and POST requests over standard HTTP ports (TCP 80 and TCP 443) via strictly web based traffic originating from browsers"

lol


Don't joke. You really don't want to see these kinds of ravenous lawyers try to define website access not from an 'approved' browser as unauthorized access under the CFAA.


You could add to your TOS which browsers are approved. Using an unapproved browser would violate the current CFAA - under the current interpretation. Federal felony 1-5 years.


False. See 828 F.3d 1068 at 1077 (9th Cir. 2016):

>From those cases, we distill two general rules in analyzing authorization under the CFAA. ... Second, a violation of the terms of use of a website--without more--cannot be the basis for liability under the CFAA.

They say this because (Id. at 1076):

>"Not only are the terms of service vague and generally unknown . . . but website owners retain the right to change the terms at any time and without notice." [676 F.3d 854 (9th Cir. 2012)] at 862. As a result, imposing criminal liability for violations of the terms of use of a website could criminalize many daily activities. Accordingly, "the phrase 'exceeds authorized access' in the CFAA does not extend to violations of use restrictions. If Congress wants to incorporate misappropriation liability into the CFAA, it must speak more clearly." Id. at 863.


Interesting. TOS can't be a 'catch all'. There needs to be another criminal intent. But, wouldn't using the plugin to avoid paying for the service be the other crime? Seems like two crimes? Which would satisfy?

http://harvardlawreview.org/wp-content/uploads/2017/02/1265-...


And then submit a subpoena for all users that have installed a user agent switcher plugin. Because clearly they're all criminals with nefarious intent.


Exactly. Next;

1) Find a young eager numbers driven federal prosecutor near 'US District Court Of Wyoming'

2) Offer plea deals. Explain to the users of said 'hacker plugins' they can choose to take the 'risk' of a (confused local residence) jury or take the generous plea of 2 years of federal prison.


Where are you looking at that?



got it, thanks.


Am I the only one who thinks its laughable that adding their domain to a blocklist "circumvents" their protection technology? If I was a content provider I don't think I'd want to rely on something so flimsy.


It's turtles all the way down man, at some point, everyone has to use DNS.


Everyone should contact their investors.

"Your portfolio company @getadmiral is committing fraud by filing false DMCA requests. Can you fix this?"

Birchmere Ventures

Florida Gulfshore Capital

Florida Institute for the Commercialization of Public Research

Mosley Ventures

New World Angels

https://www.crunchbase.com/organization/admiral-2#/entity

If they are made aware a portfolio company is committing fraud, hopefully they have enough ethics to help sort out the situation. Not a lawyer, but if the investors are aware of the fraud and do nothing, they may have some liability themselves.


I'm not convinced people that do this wouldn't be making an arse out of themselves. No lawyers have appeared in here to say that anything fraudulent has happened. The DMCA does prohibit dissemination of any software whose purpose is to circumvent technological measures that control access to copyrighted works. If the domain we're talking about is key to such technical measures, then distributing software that blocks it may in fact be illegal under the DMCA, and sending a DMCA notice to take it down ordinary and allowed. "New World Angels" have no power to overturn the law of the land, especially one which is implementation of a broad international treaty.


EasyList is not software. It's just a fracking list. Is it a DCMA violation to state factually, as I am doing now, that functionalclam.com is a so-called "access control" domain?


It would also be great if a list of their customers could be found/generated/etc. That is, if they have any yet.

Seems like one to add to the hosts file forever.


Github should have protected easylist from this bullshit DMCA request, here it is on github : https://github.com/github/dmca/blob/ff44d37f62d772bfec5fd432...

Github is the culprit here.


Why should Github take on unlimited liability for someone else's code? If a judge agrees that blocking this anti-circumvention technology is illegal (something the DMCA does prohibit), and Github had refused to take it down (which means they don't get safe harbor), then Github is the first-party that is liable for distributing that illegal technology, probably many millions of times. When you start taking statutory fines and multiply them by millions, you end up with numbers that would put Github out of business overnight. Is that beneficial to anyone?


Because it does not accept unlimited liability by following DMCA takedown procedure. Following it places Github into the DMCA safe-harbor. Not following it opens Github to liability.

This is what should have happened:

  1. Github is served with a DMCA Takedown notice
  2. Github validates that the notice is valid
  3. Github takes down the $FILE or $REPO
  4. Owner of the Repo contacts Github
  5. Github notifies the owner of the repo that it was a DMCA takedown
  6. Owner of the repo provides Github with the Counter-notice.
  7. Github restores access to the taken down $FILE or $REPO
At this point the party issuing takedown must sue the owner of the repo. It cannot go after Github. It also cannot take down the content again using DMCA to github.


Github should think about protecting its users, DMCA takedown request only target copyrighted works, not circumvention measures, I understand Github point of view to minimise its work and legal liability, but they have a lot too lose in the eyes of users here. Maybe Github DMCA take down request is wider than the USA one, but it feel like an abuse in this case.


Is it illegal to claim something under DMCA when it does not in fact represent a DMCA claim?


Yes, but:

A. Nobody - NOBODY - is ever punished for violating.

B. The folks in question here think they have a colorable argument for why it really is DMCA. As linked from the OP, this is here [1]. (FWIW, I think it's silly)

[1] http://blockadblock.com/adblocking/is-adblock-plus-violating...


Nobody is punished because the DMCA claim/counterclaim process gives them a chance to back out of the claim before it goes to court. And the word is that if it does go to court, proving that they willfully and intentionally misrepresented their ownership of the material under question is a very high bar; it would probably require some internal memo with content approximating "We know we don't own X but let's issue a DMCA against Y for hosting X anyways."


The problem here DMCA is that there is a way to prosecute for a false notice, but it's not the one people want it to be.

Most people hear that DMCA notices are sent under penalty of perjury and think that means "if there's no reasonable claim of a copyright violation it's perjury". But the part of the notice that's made under penalty of perjury isn't the claim of violation, it's the assertion that the person sending the notice either holds copyright to the work in question or is authorized to act on behalf of the entity that does.

So to nail someone for perjury from a DMCA notice, you have to prove that they don't hold a copyright, or aren't authorized to act on behalf of whoever does hold a copyright, to the work in question. "This isn't a copyright violation" doesn't do it.


In the US the "justice" system is predominantly accuse first ask questions later, and because legal council is insanely expensive (by design) in most cases all you have to do is accuse someone of something and it will either bankrupt them trying to defend it or they will pay you off to let them go.

It is incredibly broken and corrupt, but like many things in the US nothing will be done about it because the elites have the money to defend themselves and enjoy the benefit of being able to ruin anyone they want who don't have access to similar financial resources that they wield.

If you can afford the several hundred thousands to millions of dollars a protracted legal battle will take you can often get the costs dumped on the losing party. You just have to spend years getting there with your own money and time.



Store a hash of the URLs instead of the URLs themselves.


I don't see how this would work when the URL lists are full of regexps etc.

If you could make it work, you'd would wind up with some sort of source file of domains, parsed at build time to generate list of hashes that actually ship with your plugin. That source file would belong in a repo, and would still be DMCA-able in this way.

Also, this would make ad-blockers even more CPU intensive than they are.

We shouldn't have to pursue a technical solution. It's my computer, it's my internet connection. If I'm not allowed to control my own property, then the concept of property becomes meaningless.


>I don't see how this would work when the URL lists are full of regexps etc.

I guess you could distribute a compiled finite automaton instead of a list of hashed values. It would make searching GitHub for "infringing lists" much harder (even harder than hashes).

Nevertheless, I agree with "We shouldn't have to pursue a technical solution". There's no point in trying to act like a Mr. smarty-pants in legal situations, as most technical solutions might not work out as expected in court.


>Also, this would make ad-blockers even more CPU intensive than they are.

Although they may be CPU intensive in terms of browser add-ons, I'm under the impression ad blockers are usually less CPU intensive than loading all the scripts required to display the ads, at least on particularly heavy pages. Does the CPU cost of blocker vs ads ever favor ads?


Agreed with seeking a legal solution instead of just relying on a techincal one, but if the problem is the string of characters, just hash those instead without hashing the whole host:

[HASH:1AB543.124A3CC4.1AB543]/ads


Good idea, had the same idea, but we need (the community/users need) to be able to determine what the URLs are, for transparency. So I suggest ROT-13 instead.


URLs are matched via a regex or wildcard type syntax, to eliminate files served out of /ad/ paths (yes, people still do this).

This makes hashes somewhat less useful. And a distinct hash of a URL could likely be considered to be the URL itself for the purposes of a legal action.


Regexp could still work by only hashing the domain name and keeping the regexp separate.


uBlock and uMatrix have a "page blocked" function when the entire page matches a filter, could something similar be implemented for these situations?

Say, if a page requests content from these blocked domains, the ad blocker display an SSL warning-esque page that says something along the lines of "This page contains ad content protected by the DMCA. These ads may contain malicious material, and can not be safely viewed. Please alert the site owner to resolve this issue." If you want to make it really effective, you may even be able to pull contact email addresses from WHOIS data and make the contact line a mailto: URL.


This is pretty much what I want. If loading sketchy third-party tracking images is a condition of reading your content, fine, but tell me in advance so I can pass.


In for a penny; in for a pound.

If I can't put your domain name in my adblock blacklist because it violates your copyrights or trademarks, then my DNS provider shouldn't be able to put your domain in their resolver, either.


Peter Lowe’s Ad and tracking server list still includes functionalclam. I recommend using it: https://pgl.yoyo.org/adservers/

uBlock Origin includes it.


This is very interesting, I had not considered that besides blocking ads, we should be blocking the anti-adblocking servers that seek to prevent us from blocking ads. We should also block those anti-ad servers. This is war.


One should not need to think too much to realise that if this is allowed to continue, it will set a dangerous precedent of effectively removing the freedom to close one's eyes --- hitherto, it seemed to be accepted even among the strongest DRM supporters that consumers had the right to not consume content they didn't want. They've tried to force (or perhaps "encourage" is the wording they prefer) consumers to consume with things like unskippable video adverts and warnings in DVDs, but AFAIK it's absolutely not illegal to look away (perhaps even at a different TV) or go do something else while that content is playing; now, by effectively trying to say that blocking or denying oneself from consuming --- or letting one's browser or other technology through which one consumes --- certain content, is illegal, they are trying to make it legally enforceable to consume content.

I wish all those who are involved or support such insanity would be themselves strapped tightly in front of a computer or TV, with eyelids glued open, and subjected to this force-feeding of content they don't want to see.

Ultimately, this loss of control of one's eyes, ears, and mind is something I strongly abhor, strong enough to express in a manner I normally don't partake in: fuck this shit!


If in the future I am forced to view ads, I won't click on them and I won't buy any products advertised via forced ads.


If I see an ad, I click it. In fact, I right-click it and click the button for my shitty addon "thousand-click".

Then my raspberry pi loads that ad in a headless firefox and clicks it thousands of times.

You won't believe how soon you stop getting ads, and instead just empty iframes, or warnings from Google that you're abusing their ads. Well, their problem.

Luckily, there's now an addon that does this fully automatically: AdNauseam.

Fully automated ad abuse, and ensures that if enough people use it, online advertising will die within of weeks.


But the ad will leave residue on your brain. So you are still being advertised to.


Then perhaps like me, that ad will mean he actively avoids that product and brand out of ad-fatigue and simple spite rather than the intended effect, which is to attract people to them.


Well the point was that we should reward ads that aren't forced on us, or at least the ones that try to be as nice as possible. Intrusive advertising should not work...


This is what you get when companies have all the incentive to file DMCA takedown requests and there's no punishment for filing a bogus one. And modern technology is making this problem increasingly worse, with all the automated takedown tools.


The only way I see DMCA applying here is contributory infringement in enabling modification of the page.

With that in mind I think the question to be answered is does a user/viewer have the right to modify a page in their own web browser or must they view the page as intended by the creators?

You can get in to technicalities then like are Links creators committing contributory infringement, but I'm not sure that's helpful.

Should a user be able to purposefully block parts of a page?


> Should a user be able to purposefully block parts of a page?

I have yet to see a compelling/coherent argument for why they shouldn't.

As a partially sighted user myself, I find it infuriating when web developers try to override browser behaviour/modifications (e.g. blocking pinch to zoom). If we go down a path where users can't modify pages, we are taking a huge step backwards.


I don't know, but should a user be in control of his own computer and screen?


> That domain is part of the DMCA copyright access control platform Admiral provides publishers so they can engage visitors in a transparent way on the value exchange for their copyrighted content, instead of resorting to surprise ad reinsertion the way some of our competitors advocate but visitors and advertisers dislike.

Does anyone actually understand what this garbage paragraph is actually saying? It stinks of corporate-esque bullshit to me.


They show a pop-up attempting to convince people to disable adblockers rather than running ads that get around adblockers.


Surely if you are truly conserned about the copyright of your work you wouldn't freely send the content to the user's device before issuing some sort of challenge e.g login at which point circumventing that becomes a crime. Websites shouldn't be allowed to dictate how the user agent decides to execute the content received. This seems like a case of wanting to have the cake and eat it too.


You can add this list to get around admiral domains: https://pgl.yoyo.org/adservers/admiral-domains.txt


Encrypt the list and then send a DMCA notice to any company who decrypts it without permission (non ad blocker) and tries to use this scheme again. That would seemingly be a valid DMCA claim, but IANAL.


Just encode the list of urls with htmlentities, base64, rot13, whatever. Then the DMCA can't be used to attack it.

Edit: Disagree? Please comment. It's attackable via the DMCA because the word/brand is in the file in it's copyrighted form. If you encode it such that it isn't in that form, it's protected from that approach.


How would encoding help? It's already encoded! That repo contains the bits: 0b11001100b11101010b11011100b11000110b11101000b11010010b11011110b11011100b11000010b11011000b11000110b11011000b11000010b11011010b1011100b11000110b11011110b1101101

which is the ASCII _encoding_ of the forbidden string.

Just because these bits are an EBCDIC cp500 encoding of that string doesn't make it less forbidden than an ASCII encoding:

0b100001100b101001000b100101010b100000110b101000110b100010010b100101100b100101010b100000010b100100110b100000110b100100110b100000010b100101000b10010110b100000110b100101100b10010100

Here's how I made both.. shows reasonably (IMO) that encoding is.. nothing.

    > ''.join(bin(c) for c in 'functionalclam.com'.encode('ascii'))
    > # vs this:
    > ''.join(bin(c) for c in 'functionalclam.com'.encode('cp500'))


Because of the light touch string matching that providers do before complying with a frivolous DMCA request. Most will deny the request if they dont see "the text".

And reduced discoverability that your url is on my page in the first place. Even though a url isn't something you can copyright.


Encrypted IP is still IP.


Encoded, not encrypted. I can't be violating a copyright with text that can't possibly create brand confusion, etc.

The DMCA complaint is patently invalid in this case. A counter notice would almost certainly eventually succeed, it's just a lot of work and potential spend in legal. Encoding it is just removing the ability to use it inappropriately in the first place.


"brand confusion"? You seem to be conflating copyright law with trademark law. If I had a copy of "Steamboat Willie", it wouldn't matter if it was H.264 encoded or md5summed or stored in an AES locker, it's still a copyright violation because I don't have a license for the content.


I'm not, the filer of the DMCA is. How else could just a uri being on a page cause a DMCA takedown of a page? That's what happened...they filed a DMCA because the text "http://whatever" was on a github page. Which sounds a lot like meaning trademark, but saying copyright.

That's why I don't consider this underhanded. As you mention, it's not copyrighted in the first place. Obscuring it is just closing the loophole that's being exploited.

I'm not talking about obscuring long passages of copyrighted text. Just obscuring one plaintext url that's on a page with others.


The project maintainer wanted to take it down. He has gone on record saying that the url shouldn't have been there in the first place, regardless of the DMCA.

If you put an encrypted blob on each line instead of a plaintext url, the DMCA notice will contain "My copyrighted work appears at <link to github line number> which decrypts to <my url> when using <decryption method>." It's exactly the same as the original claim. If you feel they're not technically sophisticated enough to file a claim like this, I think we'll have to agree to disagree.


In practice that "when using" stuff doesn't work. The DMCA request is denied by most providers if they can't see "the text in question".

This is from experience. Scrapers that change one or two words in a long passage of text getting away with it because it doesn't match. Or very lightly cropping 1000's of original photos. I will cede that it depends on the provider. Google and many others do some rudimentary checking for sanity before allowing a DMCA request. They would never have passed this one, where just a short piece of text was claimed as infringing.


a url isn't and can't be IP - otherwise, how would anyone go to any website without violating copyright?


That's what I'm getting at. The DMCA complaint should have been rejected. It wasn't because the people filtering the incoming requests are using a simple high pass filter of "is this text on this page". So, if you encode the data, you remove the ability to use the DMCA inappropriately.


There are two aspects to your question which are tangled together.

1. Can IP be encoded as a way of dodging the DMCA? a: no.

2. Will encoding the source material allow you to dodge DMCA trolls?

I think the answer is again no. The tradeoff in complexity isn't worth the marginal gains. Imagine not being able to browse the code on github, for example, since it's encoded.

A better response is to fight. If the DMCA has been abused, it's up to us to meet each claim with energy and on the same battlefield. It's tiring work, but this is the compromise America has reached circa 2017.


I don't consider a url to be IP.

So the encoding isn't skirting anything.

It is just removing an easy, incorrect loophole. They are getting away with the DMCA complaint filing because most providers will allow them if you can find the "matching infringing text" on the page, without further justification.

Encoding it forces the DMCA filer to more comprehensively explain what is being violated. Basically it just raises the bar to a point where frivilous complaints can't clear it.


No one is getting away with the DMCA complaint. The target in this case did not file a counter notification. If they'd done that, then the DMCA complaint would be invalidated.

You can argue that's unfair, but we don't have a justice system. We have a legal system. And these are the rules.

Encoding it forces the DMCA filer to more comprehensively explain what is being violated. Basically it just raises the bar to a point where frivilous complaints can't clear it.

I think the crux of the disagreement is that I've seen how tenacious DMCA trolls are. They're smart. We like to think of them as dumb, but that's just flattery.

If you're trying to apply technical tricks to get around the legal system, you generally lose. The way to win in this case is to meet force with force on the same terms: file a counter-notification.

I think you're underestimating how valuable it is to have the content un-encoded on github. Anyone can see it. Flip through their commit logs. They have dozens of contributors that add or remove URLs almost daily. That wouldn't happen if it were encoded.


Technical solutions to get around the legal system can work quite well. Just go ask all the not-in-jail users of The Pirate Bay.

Github is a very above the table solution for distributing a list of things. But if it gets to expensive to host it there, due to frivolous lawsuit threats, I expect other solutions to distributing these lists start to pop up.

The best advantage of encoding or even encrypting this stuff would be obfuscation. It would make is much more difficult for someone to even become AWARE that they are being blocked, if the info is hidden.

Not everybody has the resources to fight off trolls, even if what they are doing is completely legal (as in this case). Sometimes technical solutions are your only option.


I'd be interested in examples of technical solutions evading the legal system. The Pirate Bay example is mistaken -- there are millions of people that use Pirate Bay with no VPN with no ill effects. But if you have specific, correct examples, then this is an area of some interest for me.

Regarding your point about obfuscation, I feel like people aren't thinking this through. It's on Github. The commit messages are public. Finding whether you're blocked is as simple as grepping the logs for your domain. And if you feel the people filing the DMCAs aren't technically capable, you may be underestimating them.

The advantage of having it on github far outweighs the negatives. How many contributors do you feel they gained from this publicity? Possibly at least one, which is one more than EasyList would've had otherwise.


Filing a counter notice has risk...being right still has costs.

Obscuring it makes the DMCA filer have to better explain the why in the request. Something more than just "this short piece text is on this page and I don't like it".


>1. Can IP be encoded as a way of dodging the DMCA? a: no.

This is false if the IP being enforced is trademark (which I'm not even sure is covered by the DMCA).


This seems a bit hyperbolic. If you believe there's a battle between ad servers and ad blockers, it's obvious the ad blockers are winning by a lot.

IANAL but this seems like a questionable use of DMCA Takedown notice which, in any event, isn't actually binding. EasyList could probably file a counternotification and risk a lawsuit.


a DCMA request for listing a inherently public domain name? Am I the only one confused?


No. It's appears to be a weird situation, described poorly by all sides, each of whom appear to be highly concerned with promoting themselves within their explanations.



It is super ironic that the co-founder @jameshartig was previously at GrooveShark aka "The legality of Grooveshark's business model, which permitted users to upload copyrighted music, remains undetermined."


Now is a good time for me to plug Reek's Anti Anti-Adblock: http://reek.github.io/anti-adblock-killer/


Can't we host EasyList somewhere safer?


International safe zone or something distributed like IPFS?


IPFS dev here. We are quite close to having git being hosted directly on IPFS/IPLD. Things like pushing and cloning work. Example workflow:

    git push ipld::
    <prints out CID of that commit which has 1:1 mapping to hash of the commit>
    git pull ipld::$CID
    <or>
    git clone ipld::$CID
Important fact is: the git objects are stored in native git format. Hashes are the same, but are pretended with CID header (content identifier) which tells IPFS how to understand links and content of this object.

We plan to work on remotes in close future. There is one more issue where our measure of DoS protection causes that repos with files bigger than 1MiB+ (or 2MiB, I can't recall) can't be fetched. It will be a bit harder to fix but I know we can do it.


Blockchain would be great for this.


what would block chain give that git wouldn't? Wouldn't anyone beable to remove a domain or add a domain.


No, you just have a hash of the "official" version of the list. And when the list needs to be updated, the person with the private key publishes a new list again.

The advantage of using the bitcoin blockchain, for example, is that it can't be censored. DMCA trolls now have to go after every single bitcoin company in the world, to stop them from "hosting" the copyrighted work.


Why would they not go after the guy with the private key? Any way he can escape that so could git.


Permanence. The lists would be blockchain addresses that you compile locally into the blocking list.


Perminance is not a great thing for a blacklist. Spamand ads is complicated stuff. There are false positives, and abuse.


What's the DMCA rational here? Admiral wants to run code in my browser to offer their service, and thus instructing my browser not to run their code is circumventing them in a way that violates DMCA?

Screw that.


I use privacy badger, and unless I'm mistaken, it doesn't use a list to block content, it just blocks any 3rd party request that send cookie information.

Why are we relying on a list?


That approach might not be enough:

https://github.com/jspenguin2017/uBlockProtector/issues/95

Edit: the linked issue is regard "instart" which seems to exploit a Chromium flaw that allows it to disguise third-party cookies as first-party, preventing filtering based on that categorization alone.

It seems it's getting harder to rely on browsers working how they were originally intended.


>getting harder to rely on browsers working how they were originally intended

That's because people want to Do Cool Stuff™ in their browsers - ie, they don't want to merely "browse"


Instart is a MITM service like Cloudflare. It more or less partners with adproviders to serve thirdparty requests through a proxy on the first party domain.

Not so much a flaw.


Because that means you might be blocking legitimate stuff too.

My company, https://TalkJS.com, makes a pluggable messaging component. Customers embed it in an iframe, created by a 3rd party (from their perspective) hosted js file. Currently, it doesn't rely on cookies for security but we easily might change that.

Same for other pluggable content, say Disqus and many more. I would be very sad if an ad blocker would block us because we dare use appropriate tools for security.


I used to read about 25 or so online news publications each week. A bit more on a monthly basis. I had paid subscriptions to a handful of publications (8-9?), spending more money on these subscriptions than I had ever done for paper newspapers and magazines in the past.

Over the past 3-4 years I have ditched most newspapers and I have dropped most subscriptions. For three main reasons:

- Both advertising content and the newspapers advertising themselves has gotten really annoying. No, I don't appreciate you throwing modal windows at me. No I'm not going to subscribe to your newsletter. No I don't appreciate having to click away a second or third modal window.

- Advertising masquerading as content. Sure, it is marked as "sponsored content", but every effort is made to hide that fact. This is dishonest.

- I don't gain anything from reading most of these publications. They don't make me smarter and I don't remember what I read one week later. The bulk of news articles are written by uninformed people incapable of useful analysis. Important news is widely disseminated anyway so I won't miss anything.

When the ads are more important than the content, I won't burden them with my page views. It isn't for me.

In the process I found that I had been spending too much time reading news. Limiting my news intake to just a few news sources (3-4) whose biases I understand, and at least which I can try to adjust for, is enough. The number of books I've consumed per year has had a sharp uptick since I stopped reading as many news websites.


This outlines a great reason as to why Github silo can be risky and have adverse side effects.

Does github offer the ability to host repositories in other legal jurisdictions than the US?


Hey Admiral, and websites using this anti ad blocking technology,

I don't want to circumvent your copyright access control. I really don't.

All that I ask is a way to quickly and easily identify such sites so that I can block them and never ever visit them again. Never ever. Even if the sites and Admiral quit this despicable reprehensible behavior, I won't know it -- ever. Because I simply will never be back again.

Thank you!


So right now this is one of the top stories on HN. How ad-blockers are being threatened and from comments below, "how annoying website subscription requests are."

Later this week, I expect we'll see another post about the derth of quality journalism and the "unfortunate" continued growth of buzzfeed-style and listicles taking over the net, slowly killing off quality content.


Sidenote: not that I think you are personally attacking them, but BuzzFeed does have some quality investigative journalism.

Listicles and clickbait help pay the bills, and I didn't believe it when I was informed the first time, but... it exists. Probably wouldn't be able to continue without the clickbait ad revenue, though, heh. :P


127.0.0.1 www.functionalclam.com functionalclam.com


There's quite a few domains that host the same site, so it might be most effective to block it at the ip level: 104.198.107.72


Thank you!


Wow, this really stinks. They (Admiral) supposedly figured out how to use DMCA-1201 to prevent ad blockers from adding their domains. That's a glaring example which shows why this anti-circumvention garbage needs to be completely repealed.

As some proposed, they should move the repo out of the jurisdiction with these corrupted anti-circumvention laws.


Can we have a list of domains that should be excluded from these kinds of lists, so they may not be added again by accident?


This seems like Github's fuck up.


So, if the DMCA request turns out to be valid (e.g. hypothetically in court), shouldn't all the ad-serving domains just include a similar anti-adblock measure on their ad servers, thus making it so, that blocking their servers would count as a circumvention?


I guess my approach of blocking domains in the dns server turned out to be a win after al


>"However, further research showed that this domain hosts the code of an anti-adblocking startup Admiral"

Who goes to work for an anti ad blocking startup? What is their mission statement "to make the web a more intrusive place"?

I am OK with Ads and understand their purpose in the business model. The reason I use and ad blocker is because of how intrusive they are to consuming actual content. You can subscribe yes but you will still get intrusive ads:

http://www.kirkville.com/i-pay-for-news-why-do-i-still-see-a...


There is a PR to add it back in: https://github.com/easylist/easylist/pull/500


The DMCA itself should be taken down. Where is the organizing against it?


Seems to me this can be handled the way the open-source community always handles such drama: fork the repo a bunch of times. I'll probably start keeping local copies of filter lists as well.


Is it safe to type this blocked URL in browser? Will i get sued?


Only if you delete all and any memories you have of the domain. I suggest a bottle of strong alcohol.

If the contents of the bottle doesn't facilitate in aforementioned memory deletion, usage of the bottle to apply liberal amounts of blunt force is suggested.


Yes because DMCAs work so well at stopping content distribution. It's not like the lists can't be hosted on other sites, dare I say a bay where many pirates roam.


What's with the "they would only take action if GitHub agreed." ? I'm confused, what's the link between GitHub and EasyLink (except code hosting)?


Wonder if we could create a git in the blockchain... where DMCA just can't exist/happen since there's no central authority to ask to take stuff down...


Copyright law doesn't care what technology you use to store and distribute material. If you have a blockchain that contains unauthorized copyrighted material, any host participating in that network would be legally subject to DMCA requests by the copyright holder. What would the defense look like in court, anyway? "We can't stop illegally distributing the plaintiff's content because that would break the chain?" In effect it would just be a spectacularly inefficient distributed storage system.


You are overlooking the fact that there is no actual DMCA violation in this case. The problem is that companies being bullied with frivolous DMCA threats will comply because it is easier than fighting it. Using a blockchain removes this as an option (and also makes the bullying pointless in the first place).


And when your DMCA-proof storage system receives a valid DMCA notice for an actual case of infringement, what's the plan?


they will need contact each node..i.e. device that has the blockchain and file a dmca directly w/ each one... maybe? lol


How would that work though? DMCA only applies to the US, so with a global network how would the DMCA be effective? Even if every node in the network in the US removes it, all you might achieve is break the chain. The content will still be there.


The same is true of any other distributed storage system. Adding a blockchain doesn't change the situation in any way, other than making complying with the law far less convenient.

Though I should add that while the DMCA is indeed a US law, and notification and enforcement mechanisms vary by jurisdiction, other countries also have copyright law. It's illegal to publish copyrighted material without permission in any country with a copyright system. That's what copyright is.


It's possible and a proof of concept does exist but it's no more than that currently: http://blog.printf.net/articles/2015/05/29/announcing-gittor...


Make a quick ICO. You will raise 200 million in 1 hour. /sarcasm

This is half decent idea though actually.


damn if not for the /sarcasm tag I might've actually done it...actually might still could use a couple $mill.


I think IPFS would be a better bet than block chain for this.


You might be interested to note the IPFS DMCA policy:

https://discuss.ipfs.io/tos#8


Perhaps Dat would be better than IPFS? https://datproject.org


This is irrelevant because ipfs.io may act as a proxy but content is stored somewhere on the network and accessible via IPFS.


Still need some proxy for it to be accessible from the internet right?


If by "internet" you mean your browser/over HTTP, then yes. But the IPFS client provides exactly that, on your local machine, without any restrictions. If you offer it to the public, you can choose your own policy on copyrighted etc. content.


I mean it's unusable to the general public since IPFS network is not accessible via the browser without a proxy.

In other words, one would first have to integrate an IPFS client into all major browsers.


No, you don't need one: you are supposed to run your own IPFS node. There are even browsers that supports IPFS out-of-the-box.


What's to stop people from forking off that list and transitioning to another one? Like what if ad blockers just switched to use EasyList2 instead of EasyList?


As long as code is hosted in U.S. (GitHub) the cat and mouse game will continue.

If you host your repo in some other country that does not care about U.S. DMCA then it should be fine.


Other countries have copyright laws too. Most of these laws have some kind of notice-followed-by-takedown protocol, and my understanding is that in many jurisdictions, a DMCA takedown notice qualifies as such a notice. Probably the only major difference would be the amount of effort the infringed party would have to go through to enforce the takedown notice if the infringing party is non-compliant.

Disclaimer: IANAL.


Most other countries don't have the concept of "anti-circumvention" laws, though.


For example, if you host this list in Russia DMCA will not do anything because (sorry for my French) Russia does not give a shit about U.S. copyright laws.


It's quite possible that Russian companies will not care about DMCA, but that's not to say Russia doesn't have their own copyright law, which includes a notice and takedown protocol. It's just a question of how much effort you want to go through to take something down.


> and my understanding is that in many jurisdictions, a DMCA takedown notice qualifies as such a notice.

It sounds a bit weird that a notice that has legal ramifications and is written in non-official language of the country would be legally binding. Or would American judges accept DMCA notice that was written in Spanish (I was considering using something like Comorian, but that's probably a bit too different case)?


I imagine it differs from jurisdiction to jurisdiction. If the law merely states something along the lines of the takedown notice having to contain the copyrighted work, the name of the copyright holder and some kind of assurance that the copyright holder is in accordance with the content of the notice, a DMCA takedown notice might qualify. Language could be a problem, but it would probably be hard to argue that you were unable to process a takedown notice written in english if your site is doing business in that language (which won't apply to every case, but presumably the majority).


Serious question: what does “hosted” means with a distributed system or repo? Ok, on Github you have the PRs and issues, but in the end it’s just one copy of the repo.


"Hosted" in this context implies the content is served online by another entity than your own organization.

https://en.wikipedia.org/wiki/Web_hosting_service


Since all this is tracked in version control we can just add it to our filter manually and the problem is solved.


Is there any incentive or law that causes Github to accept digitally submitted DMCA orders through a web form at all? If it was possible for them to require individually signed (by an actual person with a pen, not a picture of a signature), individually snail-mailed requests, then that would at least make the process take O(n) time and O(n) money, making it a bit harder to abuse.


If I'll write some kind of malware and comine it with technology that helps me to protect digital rights, would antivirus violate DMCA?


Another reason to not host freedom tools on Github


You can tell a young person wrote that copy from the use of "on accident" instead of "by accident" on the DMCA image.

https://user-images.githubusercontent.com/5947035/29184514-2...


Why use github ? Just move to another service or host your own repo. Be outside US hence outside DMCA reach. problem solved.


The reason why this is possible is because DMCA by itself is biased towards interests of copyright holders and therefore can be abused. You can always claim that some domain is used for protecting copyright and therefore blocking access to that domain as well as distributing software that can do it is clearly a violation of DMCA.


This is the second time in a few months that I have heared DCMA and github have come up (GadgetBridge). At this point in time I do feel that github's policy on DCMA tale down notices are a little heavy handed am I right in thinking that DCMA is a US only issue?


I'm struggling to understand how preventing access to a tracking pixel circumvents copyright.

Does this make sense to anyone? It sounds like they're "crying DMCA" because someone turned off their analytics? Can analytics be a "right" under copyright?


> We had no option but to remove the filter without putting the Easylist repo in jeopardy.

Or, you know, host your project somewhere that's actually free & open. Yet another reason GitHub is about the worst place to host community software.


How to really fix this: make an extension that detects when a request is made to a domain owned by these scumbags and pop up a warning message, allowing the user to make the right decision and close the tab and go elsewhere.


Request: someone please make a code-hosting site that's only accessible via TOR.


grep functionalclam.com /etc/hosts 0.0.0.0 functionalclam.com



So, if blocking domains is illegal, what happens to Parental Controls? Or Open DNS?

I sincerely hope Admiral gets smacked hard for this.


I say don't just move it out of Github - move the list to a blockchain. It's the obvious solution.


Someone should make a separate explicit list with such kind of domains. Let them get the Streisand effect.


Is there a blocklist that contains domains like this? Would want to add that into rotation.


Are they going to issue DMCA takedown requests to the other (currently) 76 forks?


I would assume they'll follow up with a single request targeting all forks. You can see in many of GitHub's other listed takedowns that one request can target multiple repositories and forks at once.


What is the IP range of these bastards so I can at least add them to PeerBlock?


So there is a Chrome extensions called Domain Blocker, useful to add your own custom domains.

Question is, what else is missing from Ad Blockers that I should add (apart from these *)?


Start a gofundme for raising money for a counterclaim? I'd throw some in.


ROT-13 the entries in the list. Update ad blockers to read that format. Solved.


Well, I just blocked functionalclam.com in my OS hosts file, try to DMCA that


Sounds like it's time to relocate to a self-hosted git repo


This is crazy, how can a link be a violation of the DMCA?


I'd call this the adblock Straisand effect.


So wait what, can someone explain:

What is being DMCAd here?


sudo sh -c 'echo "0.0.0.0 functionalclam.com" >> /etc/hosts'


They should just base64 encode domains. if the name isn't in cleartext can they issue a DMCA for trademark infringement?


why not just host ad filter lists outside US jurisdiction?


My web browser, my rules, if this triggers you, fuck right the fuck off.


Personally, this could be a real problem, if Ad services decide to pry open the doors on our ability to deny them our screen real estate. I block Ads, primarily due to the fact that I don't want my web surfing history and behaviors captured by some uncontrollable mob a ad-servers. Further, most advertisements are akin to the dreaded <flash> tag of old! animated, ugly, and obtrusive.

We are coming to a point in the Internets genesis, where technology should evolve to allow the "information consumer" to directly reward the "information producer"... without the need of an intermediary like Google Adwords, etc. etc.


>allow the "information consumer" to directly reward the "information producer"

That's what paywalls are.


Time to move the ad blocker hosting to a country that doesn't have backwards ass laws and then hit back as hard as possible.


[flagged]


We've banned this account for repeatedly violating the guidelines.

https://news.ycombinator.com/newsguidelines.html


homophobic or not, name-calling does nothing to advance the conversation.


Just flag the troll and move on. :-(


[flagged]


There are many alternative words available to describe someone of poor character. Words that are not homophobic slurs would be less prone to misinterpretation too. You may have presented evidence about Dan's character but your use of language was mostly informative about yours.


And yet your evidence is glued to the bottom of the discussion because you called him a fag. You've only degraded the conversation.


[flagged]


Ok, you're clearly a free thinker, which is nice. I think you mean well.

The problem is, society doesn't care. You're not allowed to mean well in this context. It's like being a heretic during the inquisition, then trying to argue that you're actually the good kind of heretic, the kind that believes in kindness and compassion even though you reject god. It doesn't compute.

Your options are to martyr yourself and be excluded, or conform while trying to be subversive in other ways. The former hasn't worked very well.

Your original contribution was valuable. It was excluded solely for your language. I would recommend trying again, and let readers decide for themselves. We're pretty good at reading between the lines here -- it isn't reddit. You don't usually have to be explicit, and we like drawing our own conclusions.


Actually no, your comment has been flagged so no one, oversensitive or not, can see it. Do better. Damore doesn't give a pass for these kind of childish antics.


If you're using a word that requires explanation that you mean it innocently perhaps it's wise to use a different word.




Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: