Hacker News new | comments | ask | show | jobs | submit login

I wish Google would do something against the so called 'Rogue Redirect Ads' in their AdSense network. Ads that redirect the parent frame.

When I browse the web on my Android phone, I get redirected to spam every 10 pageviews or so. And no, it's not a problem of the phone. It's a known issue that ads can break out of their iframe:


IMO Javascript should not be allowed in ads at all. Unless that gets implemented, I have the feeling that all blog posts about improving the user experience are just lip service.

> IMO Javascript should not be allowed in ads at all.

I agree fully. I think part of the issue is that the folks submitting ads want to collect a lot of data. They probably don't use that data (or if they do, not well), nor do I trust them to not collect very invasive and unsafe data, but I suspect for many folks that having their own JS payload makes or breaks a possible ad network.

Given concerns about Monero mining, redirects, and other hijinks, removing JS from ads is even more critical now. I think the compromise will be to give ads some kind of network provided hook to get data back to "home" eventually, though then the issues above only shift from the ad provider to the ad network provider.

Or at the very least, provide a domain-specific-language that "compiles" to JS that can do very limited things like animations and others.

That combined with requiring all of the assets to be hosted on the ad-network's servers would greatly improve the experience. (mainly because ad-networks are larger companies that the host website has a direct relationship with, so when users complain the site can talk to the ad-network, and the ad network can instantly do something about it)

Sadly, they have no incentive to do that, as those ads would be more expensive to create, most likely make less money, and most users that block ads block all of them regardless of how invasive they are. Adblockers treat all ads the same, and so now advertisers are faced with the choices of:

1. make more shitty invasive ads

2. make "better" ads (better for the user) and make less money while spending more and having users still block them anyway.

This is why I really believe that the "better ads" thing from google and others is a really good idea, because it helps re-align the incentives back with the user in some ways. If that works, shitty ads will be blocked much more widely, while good ads will get more views and more users.

I believe the term you are looking for is "transpiler".

No, it's a full compiler that would compile a DSL into JavaScript. Just because it's "to JavaScript" doesn't mean it's a transpiler.

> DSL to Javascript

That is a perfect example of the definition of transpiler!

I've never heard the term "transpiler" used to refer to anything DSL specific.

I've only ever heard it used for source-to-source compilers for JavaScript dialects.

Any source code to source code translation is considered transpilation until targeting byte code or other form of representation that is byte code, VM, or CPU specific. The terms do become blurred sometimes.

I know that they have this new mechanism in Chrome 64. That is actually mentioned in the article I linked to.

But I would prefer if the did not deliver Javascript inside ads in the first place.

So you when you said you'd "wish Google would do something" you already knew that, in fact, they have already done something?

And presumably the use of this lie was to provide an example to support your argument that ads should not contain Javascript at all?

Google runs an ad network and releases a browser. Presumably he is aware that Chrome is doing something, but wishes that AdSense and DoubleClick would do something.

If you're on Android I very highly recommend using Firefox with uBlock Origin.

Or Firefox Focus. It quickly became my default browser on Android, with the regular Firefox left for sites where I maintain a session.

Focus is probably the best option on iOS but I don't trust Mozilla to block tracking the way I want it done, I'm far more comfortable with uBlock Origin handling it. If I want the extra protection of deleting my cookies and history on exit I'd rather just start a private tab. Most of the time, I want to stay logged in on sites.

Why Focus on iOS? iOS has had a framework for third party content blockers for years. If you install a content blocker for iOS, it also works with other apps depending on which webview they use. For instance they work with Feedly.

The iOS version of Focus is implemented as a content blocker, and you can use it across the system.

Not across the system, though. It only works in Safari. For system ad-blocking, the easiest option is via DNS based Ad-blocker services like Adguard Pro or Adblock (both are paid apps and available on the App Store).

There's also the VPN option. PIA, for example, comes with its own system ad-blocker (MACE) although it's nowhere as good as Adguard Pro (which allows you to use custom DNS server).

It's not just Safari. The only times I really care about ad blocking are using the web with safari and Feedly and watching video. The content blocker also works with web view embedded in Feedly.

I very seldomly watch live ad supported video. I have ad free Hulu. For the two networks that aren't on Hulu - CW and CBS, I watch VOD from them via Plex. Because of the way that the Plex channels work, they skip the ads.

Why do you distrust Mozilla in this case?

For me it's not a matter of trust, it's just that there's no customizability to the ad-blocking on Focus, even at the level of choosing blocklists to subscribe to, or adding particular elements to be blocked.

I don't want a company that releases a "privacy focused browser" with telemetry enabled by default deciding which tracking is "ok" and which isn't. I love Firefox compared to other browsers but there's definitely some user-hostile choices being made at Mozilla and I'd rather they just not get involved in ad blocking (other than ensuring the add-on architecture allows proper blockers to do what they need to get the job done right).

Or Brave.

Brave is not usable yet in mobile, from my experience. I'll give them a few more cycles before using it full time on phone. Desktop version is much better though.

From my experience it's as good/fast as Chrome + the ad blocking.

I tried it in the very initial days. Maybe it's much better now.

> Ads that redirect the parent frame.

Putting the ad in an iframe without the allow-top-navigation[0] sandbox permission could prevent that. Or if the ad naturally consists of an iframe then a browser extension could intercept the iframe load and add the equivalent CSP rule[1]. Or google could do that themselves. I think they would still be allowed to open in a new tab.

[0] https://developer.mozilla.org/en-US/docs/Web/HTML/Element/if... [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Co...

Similar things happen on iOS, too. I can't tell you how many times I'm trying to go to a seemingly legitimate site on my iPhone and I get redirected a dozen times and end up at "You've won a free Samsung tablet!" instead of the content I asked for.

You're probably either not using the right ad-blocker or fail to configure the ad-block properly. If you just want a content-blocker that works in Safari- I find Purify works the best. If you want a full system ad-blocker which works in most apps- NYT, BBC, Chrome though not in the YouTube, Instagram, Twitter apps- it would have to be a DNS based Ad-blocker like Adguard Pro.

Try firefox on Android. It has full extension support, so you can use whatever adblocker or javascript blockers you like.

Brave is also a good choice.

I saw this happen on an AMP page.

I was... rather surprised. One of AMP's huge value props is preventing that type of garbage.

I'm also surprised that the publisher did that, I hope that'd be a good way to get blacklisted from the higher search ranking placement.

Thanks for reminding me about this problem. A few websites I visit have spammy ads that do this and it is very frustrating, but I forget as soon as I leave the loo.

And now I have FF and uBlock Origin on my phone.

I started getting them for a while a few month ago. It made browsing certain sites on my phone almost impossible, I'd get a rogue redirect literally every time I tried to access the page.

How do you define "ads"?

There is some work going on to remove Javascript, but it is slow going. Most publishers won't trade off revenue for performance and security so there is no incentive for the buyers to change their ways.

Giving publishers a choice would be a start. A checkbox 'Allow JavaScript' for AdSense publishers and a way to run revenue experiments about JS on/off.

That does raise the question is Google big/ubiquitous enough to force that on publishers? If Google unilaterally decided no more JS in ads., would the publishers grumble about it but adapt, or would they look to other ad networks.

...onwards to the WebAssembly ads!

You should use a system wide ad blocker. Adhell2 is a good one. I've stopped seeing any kind of ads in my phone, even inside apps.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact