Hacker News new | past | comments | ask | show | jobs | submit login
If you're seeing ads on Wikipedia, your computer probably has malware (wikimedia.org)
84 points by vgnet on May 15, 2012 | hide | past | web | favorite | 31 comments



A commentor on that page notes that it might not be malware, just an evil ISP. If that notion comforts you at all.


Or you're using a Chrome extension that serves ads. I flipped out the other day because I thought someone had hacked our application and decided all they'd do is serve ads. Bad behavior on the part of Chrome extensions.


I'd like to hear more about your experience. Was it a previously straight-laced extension that, upon acquiring a decent user base, then decided to update with ad injections? What function did the extension serve? If it did start serving ads after an update, did the update also ask for additional permissions, or did it zealously ask for more than it needed originally, if its function did not legitimately call for that sort of access?


I had installed a Safari extension that was designed to let me auto-reload a tab on a sechedule. I never really used it. I can't think of the name.

One day it updated itself and started replacing IAB sized HTML containers with ads. I only noticed because I was doing testing with Safari and the player I expected to be loading was being replaced by an ad.


I'd be completely comfortable with calling that malware.


I was also using YAGBE. From what I can tell yah they hit a critical mass and decided to add in ads. No permission changes as far as I can tell. I think I filed a ticket with Google a while ago... it seems like a serious security flaw to me.


I used YAGBE (Yet Another Google Bookmarks Extension) and it was really nice until it pulled this trick. No additional permissions were asked for IIRC, so it probably asked for what it needed at first.


Couldn't that Chrome extension be considered malware if it serves ads and the user is not aware of this behavior before they install?


I hope that was a rhetorical question.


I had a few confused minutes the other day after noticing a persistent affiliate tag when browsing Amazon. Seemed to overwrite my having come through a friend's affiliate link (testing). Worried that it was malware until I realised it was the monetisation scheme of clea.nr (YouTube/Amazon simplifier which is otherwise fairly good).


I noticed this same thing when viewing YouTube on my daughter's laptop. Oddly spammy ads where there normally were no ads.

I guess the new model for adware/malware is to try to integrate so seamlessly that a normal person doesn't even realize they are seeing someone else's ads.


Doesn't this sort of parallel real-world infections? Something too obviously virulent in real life will kill the host before it gets to reproduce; so it makes sense to be as innocuous as possible while still reproducing/bringing profit.


The worst are the adds with a picture of some guy called Jimmy and another one with long hair. Both asking for money. It takes up the whole top of the page.


I can't believe this comment is being upvoted. Do you somehow feel it's wrong that Wikipedia asks for donations?


I also can't believe it was upvoted, mainly because it was a silly bit of sarcasm.


Would you prefer it if wikipedia just ran a line of ads all the time?

This is a serious question. It's open to others to.


I think the real answer is it doesn't really matter. Especially for those of us with adblock.


I agree and hence if it means more profit for Wikimedia organization, from people who do not use or do not know about adblock, then it is definitely a better choice than the current donation model.


As long as they were clearly marked as Ads and small text-based ads, then yes.

I'd like to see sponsored pages.


I wish more ads were like Wikipedia's: relevant, temporary and of great consequence. I don't see how they qualify for being "the worst".


they're the worst because they're the best. normal ads i can ignore. wikipedia's ads are not only visually hard to ignore, they're morally hard to ignore (and they don't go away after you donate)



Read the NYTimes blog post.

"Revenue eXtraction Gateway" (RG)

They tried calling the RG helpdesk, and the RG people hung up.

Classic.

Encrypting all internet traffic would put a swift end to this problem.


For what it's worth, I don't think it's strictly fair to call all plugins that inject ads onto pages "malware."

If the app -- suppose it's a toolbar or something -- gives the user valuable (to them) functionality, and it was installed legitimately, I think it's perfectly acceptable to monetize that way.

So the measure of the malware should be based on the app itself, and how it got onto the computer, and not the apps monetization.

While I can sympathize with site owners who could have their reputations tarnished by users seeing ads and assuming they came from the website, I also feel that if I, as a user, want an app and "pay" for it by accepting ads injected into my browsing activity, that strikes me as something I should be allowed to do.


> For what it's worth, I don't think it's strictly fair to call all plugins that inject ads onto pages "malware."

Quite a bit of malware runs with user "consent", and purports to provide some value to the user. However, "malware" does often has the connotation of something that exploited a security vulnerability to end up on the system, hence terms like "adware" to cover software that introduces advertisements and often gets installed along with some other software package the user actually wanted. And given the extensive tracking associated with most advertising, pretty much any adware will also qualify as spyware, though not to the same degree as software like keyloggers and similar.

Some people have also introduced broader terms like "badware" to encompass many different categories (https://stopbadware.org/), but that term hasn't caught on nearly as much as "malware", "spyware", and "adware".

If a user truly did intentionally install a piece of software that explicitly said it would add advertising to arbitrary websites, and the software installed with the full knowledge and consent of the user, then by all means let the user annoy themselves. But for every user somehow simultaneously knowledgeable enough to figure that out and yet not knowledgeable enough to avoid it, there exist several million users with unwanted adware, spyware, and malware on their systems.

(And in many cases, such a "choice" affects more than just that one user; most spam comes from infected systems, for instance, since that has a lot more "value" than just spamming the user of the infected system.)


> Quite a bit of malware runs with user "consent", and purports to provide some value to the user.

You're right, but merely injecting ads on a page doesn't malware make. Period.


Sure it does. Malware, from wikipedia: "Malware is a general term used to describe any kind of software or code specifically designed to exploit a computer, or the data it contains, without consent."

User consent is typically given to yield some kind of functionality not to inject ads on pages the functionality is just bait.

That's just misdirection, it's not even clever it is simply bad. And whether we're talking about data in transit or stored on the computer is bickering over details.


By that definition, websites that advertise are themselves malware.

If I make a toolbar that, I dunno, provides human-edited translations of Wikipedia articles that's active when you're on Wikipedia.com, and I monetize that by putting ads on the page, and a user downloaded and installed the app (as opposed to me paying to bundle it with another app) that is not malware.

Look, to the generally-non-technical audience that the original Wikipedia article had to write for, I think it's fair to cast a wide net and name all offending apps malware.

But here, amongst professionals in this industry, it's absurd to me to not see the nuance.


> If I make a toolbar that, I dunno, provides human-edited translations of Wikipedia articles that's active when you're on Wikipedia.com, and I monetize that by putting ads on the page, and a user downloaded and installed the app (as opposed to me paying to bundle it with another app) that is not malware.

I agree that in that particular case it wouldn't necessarily qualify as malware, if you've made it clear to the user what you're doing. I would certainly call it adware, though.

And as you suggest, if you snuck it in along with some other application where the user didn't necessarily give clear and well-informed consent to install it, then I would absolutely call that malware.


As long as the plugin explicitly warns you that this is happening, I don't see it as being any worse than running AdBlock.


Publishers might disagree with you. Not only are they denied the income of their work, someone else profits from it.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: