His tone when he talks about extensions modifying the DOM of random sites, injecting CSS, etc was funny; almost as if they have some god-given right to control exactly how their site will appear on my computer. As long as I control the browser software, it's always going to be possible for me to choose how web sites are displayed on my computer.
Bye bye scripting with noscript and scriptno. This is nifty but if people don't want ads people won't have ads. As someone who makes most of his money off of ads I understand the want to stop ad blockers but I rather just provided a good, clean experience and when an ad is blocked put up a nice message saying how I make my money off of ads and to please disable ad block on my website.
This method seems intrusive to me and like an "Ah ha! I stopped your ad blocker from working! TAKE THAT!"
But then again, putting ads on web pages is already a matter of "Ah ha! I fooled you into downloading ads by offering you content! TAKE THAT!"
As far as I'm concerned, putting ads on web pages has always been an intrusive an deceitful business model to begin with. I sincerely hope that there will come a day when advertising via ambushing consumers is no longer considered acceptable.
Most people know that when they go to a web site, if they are not paying for it, then there is going to be ads on there. If they are put right in the open how is that deceitful?
Just because that's the way it is, doesn't mean it's the way it should be.
If you know you will be ambushed and robbed on your way through the forest, would you also say "well, that cannot be helped, people know that when they enter the forest" (excuse me for the rather harsh analogy, it's the best I could spontaneously come up with).
Thus my acknowledgement of the bad analogy. The point I was trying to make is that even if you know in advance that something undesirable will happen, that's still not a justification for said undesirable thing.
I respectfully disagree. I understand a good portion of hackers find the entire concept of advertising to be distasteful, but why this melodrama? "Ambush"? Likening it to robbery? Really..?
It's a few hundred pixel banner that's trying to convince you to buy something. Not a requirement that you sacrifice your firstborn.
>It's a few hundred pixel banner that's trying to convince you to buy something.
Yes, and that's undesirable to a lot of people. It's distracting and, depending on the intrusiveness of the ad(s), annoying to outright rude. It's gotten to the point that it's hard for me to use the internet when I'm on a computer without a decent ad-blocker. Imagine trying to read a book while a bunch of persons are screaming inane stuff at you; that's what it feels like.
Actually, I long for the day when display goggles and computer vision have advanced far enough for a "real-life ad-blocker". The world would be a much better place.
I didn't intend to liken displaying ads to heinous acts of infanticide or anything of the sort.
Yes, a good website that asks me to disable the blocker will get my repeated visits while being able to show me ads (given that the ads are not too obnoxious). A website that just doesn't work with a blocker enabled will be ignored in the future.
I have seen a few that won't work unless I disable adblock but haven't stumbled on any that ask but still work with it. I doubt many would disable it if they don't have to. Do you have an example?
Domain-based ad blocking rules cannot be bypassed this way in Chrome if you are running a development build of Adblock Plus (https://adblockplus.org/en/development-builds) on Chrome, which makes use of Chrome's new WebRequest extension API.
The whole reason I block ads is to let me focus on the content of a site, not fifty flashing boxes around it. Bandwidth saving and speed increases are pleasant side effects.
I've always (well, for 5~6 years) used domain-based ad blocking (in Opera) and was quite satisfied. I don't even use prepared filters, so by default I see all ads. I just block annoying/distracting ads and ads on sites I visit frequently. I also don't care about text ads.
The first method is also working with Firefox and Adblock Plus.
I remember once Adblock became popular, there were few sites blocking users with Adblock, they calculated some elements height and if the Adblock blocked the ads in that element, the height didn't match. So they disabled the whole page and asked users to turn off Adblock or white-list them.
You are incorrect. It does not bypass adblock on firefox. Yes, the ad shows, but that's because it does not trigger any of firefox's blocking rules (assuming Fanboy's list. I didn't check the others). He triggers chrome's by the element of name="google_ads_try". Firefox does not block elements of that name. Firefox's much more powerful plugin architecture allows Adblock Plus on firefox to actually prevent ads from loading; it doesn't insert css to hide them. As such, javascript to try and prevent css injection does absolutely nothing against adblock plus.
As a proof of concept, visit this site (it's his modified to hit adblock plus's Fanboy's List by adding ?bannerid=100 to the end) http://pastehtml.com/view/bstgyxtln.html . Turn on and off adblock and notice how, even though I left his anti-adblocking code in, it's helpless to stop firefox actually blocking it.
Does anyone know why it fails here then? It looks like there might be some other issues with the dev version, so maybe the new method of blocking just hasn't moved into the full version of ABP for Chrome yet?
Should work fine, and even a small number of extension checks is useful for browser fingerprinting. There's no need to write cookies to track you if you're the only one running your particular configuration.
> There's no need to write cookies to track you if you're the only one running your particular configuration.
Doesn't this methodology fall over the next (and subsequent) time your addins are updated? I average eight addins in Firefox, and most of them are updated at least once a month, so I'd think my "fingerprint" would change every other week.
Since your fingerprint is going to be primarily based off your user agent, if I was running this in the wild I'd only check for presence of a handful of extensions and I'd ignore their version entirely. I'd just be looking for a couple bits more information to add to standard browser fingerprinting techniques.
For most advertising purposes, you don't need to track a user for that long anyway. Conversion tracking, view-through attribution, frequency capping, retargeting, interest-based behavioral targeting... sure, businesses would ideally prefer that the unique identifier last for thirty days, but 'every other week' would capture the bulk of the benefit.
A truly shady business could rely primarily on cookies, local storage, etc. but use browser fingerprinting only to repopulate user IDs after data deletion. Incorporating extensions into the fingerprinting could make this technique a lot more effective.
Having used both Firefox and Chrome, Firefox just has a much more powerful extension model which is unfortunate. It's always seemed that Chrome extensions was just a lite version without sufficient thought given to the initial intercept (which would be key for plugins like adblock)
I might be wrong, but it seems to me that ad blockers are mostly used by sophisticated users who won't fall into the "you're the millionth user!" scams anyway.
For the ad seller, the bandwidth used to serve non-dumb users is a net loss, so non-trivial-to-install ad blockers are rather beneficial to them if they don't download the resource at all. Even more so if they pay for the ad per view rather than per click.
Disabling the ad blocker remains beneficial to the hosting site, though:
- if ads are paid per view, more ads unblocked == more money;
- if they're paid per click, ads will drive away people who never click anyway: saved bandwidth!
Not necessarily. Nearly everyone knows a savvy person like us. I've installed Adblock on many computers belonging to less savvy people, people who might be inclined to click on ads.
Also, not all ads are brain dead "you're the millionth user!" type. Some (most?) are targeted to the individual. When I'm browsing with Adblock turned off I see all sorts of ads for web services that I would genuinely consider buying.
When I'm doing computer services as part of my side job, I usually install AdBlock and set the option to allow Google ads. I know there are a lot of ads out there which are great and useful and nice and I would like to be seen, but Google's are the only ones I know I can trust to not be large, resource intensive Flash ads hosting malicious exploits.
'For the ad seller, the bandwidth used to serve non-dumb users is a net loss,
Depends. If the goal is a click or a conversion (actual purchase) then I'd agree. However, that's not the only benefit to advertising. When was the last time you clicked or purchased something from a television commercial?
I install adblock to make viewing content on your site bearable. No, I really don't want to know the one weird odd tip of anything, or a flashing banner, or something that starts talking, or these pop-under windows. I can't even use merriam webster without adblock to lookup a word unless I want to get an audio blast of something, a netflix pop-under, and 2-4 other tap dancing gifs surrounding a definition. I can't even pay for an ad-free subscription to the site.
I use adblock to make your site usable. But hey, I understand, you have to keep up the good fight. Keep fighting your users.
FYI when you go here it messes up your Adblock and turns it on for all sites. To fix it go to adblock settings and remove the last entry from the Filter List tab.
Without going too in-depth it looks like he is able to modify whatever localStorage list AB is using. I wonder how the extension is reading said list and if it is possible to maybe inject some code- function(){log_all_keys_pesudo_code}- that hijacks Chrome; presuming it is being evaled.
Pardon my ignorance, but what would prevent ad-serving websites from totally "inlining" the ads inside their own website html/css/js/? They could even render ads as fonts and vectors graphics, how would an ad-blocker tell that apart from the content part of the web page?
I've known a couple of companies who've worked on server-side ad fetching, stitching ad images together with content images, using only first-party cookies, etc. In both cases it was just too soon - the ad blocking problem wasn't deemed big enough to justify switching over from current ways of doing things.
Ad-blocking blocking (and analytics-blocking blocking) will be a real business someday, but I've never wanted to try it simply because I don't think I could time the market right.
Most people use ad networks and ad networks generally don't provide a way to get the ads on the server side. That would also be more complicated than sticking an iframe/script tag on the page for the publisher.
If you don't want to use a network, you have to sell the ads direct yourself - which isn't easy.
I am aware that it would be more complicated, but not impossible. I guess for the time being the percentage of blocked ads is still small, but once it gets significant websites and ad providers will take the next step in the arms race
I find it strange that facebook doesn't incorporate this in some manner since it is mentioned in their IPO filing that they consider AdBlockers potentially harmful to the business model.
