SoylentNews is people
SoylentNews
It's being reported on HackerNews that the Pale Moon Browser is blocking the AdNauseum extension, an ad blocking extension designed to obfuscate browsing data and protect users from tracking by advertising networks.
The main story link is to the Pale Moon Forum which summarises the issue as follows:
After investigating the AdNauseam extension's behavior and the results for web publishers, the extension has been added to the Pale Moon blocklist with a severity level of 2 (meaning you won't be able to enable it unless you increase the blocking level in about:config to 3). For those unfamiliar with this extension: it generates false ad "clicks" to ad servers in an attempt to generate "noise" for the ad networks in a protest against the advertising network system as a whole.
While the premise behind this is similar to poisoning trackers with false fingerprints (which we are proponents of, ourselves), and we normally let users decide for themselves what they want to do with their browser, we are strictly against allowing extensions that cause direct damage (including damage to third parties). There is a subtle but important difference between blocking content and generating fake user interaction.
[...] Because this extension causes direct and indirect economic damage to website owners, it is classified as malware, and as such blocked.
From the forum threads this decision has been slightly controversial with some users.
If you're not familiar with Pale Moon, it is an Open Source web browser, forked from a mature Mozilla code release, and has been covered on SN before.
[Update: Added text re: blocking level; bolded text that was bold in the original posting. --martyb]
(Score: 5, Insightful) by Anonymous Coward on Monday August 28 2017, @04:43PM (41 children)
It doesn't matter if it's a "hard" block or a "soft" block. That's an irrelevant distinction.
If you read the rest of the discussion you will see that the problem is that this blocking is being done not for practical reasons, but for ideological ones.
It turns out that a lot of Pale Moon's users don't agree with ideologically-driven software development. That's why many of them moved away from Firefox in the first place!
(Score: 3, Disagree) by arcz on Monday August 28 2017, @04:46PM (30 children)
I think the main reason this is controvesial enough to block is that what this browser extension is doing is arguably illegal.
(Score: 5, Insightful) by crafoo on Monday August 28 2017, @04:50PM (20 children)
Oh bullshit. If a site operator can send a random selection of ads to my browser I can send a random selection of nonsense information right back at them. How these fuckers process it or assign value to it IS THEIR FUCKING PROBLEM. If site operators are not compelled to operate in good faith (malware ads, sending unsolicited information, wasting my bandwidth) they should not expect that from the other side of the exchange. Fuck them.
(Score: 4, Interesting) by FatPhil on Monday August 28 2017, @05:47PM (19 children)
Did you know, for example, that removing the 'whatever.html' from the end of a URL, and particularly removing a '/directoryname/', in order to browse around a website is illegal according to some US courts (it's hacking, or "illegal access to a computer resource" in their terms or some bullshit like that)?
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Informative) by driven on Monday August 28 2017, @06:21PM
Then consider this civil disobedience.
(Score: 1, Touché) by Anonymous Coward on Monday August 28 2017, @06:34PM (2 children)
Can you provide a link?
I want to know which places to avoid (besides the obvious answer of "the entire US").
(Score: 2) by FatPhil on Tuesday August 29 2017, @12:02AM (1 child)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @05:25AM
The Tsunami Case: 'a system penetration and software tester' uses his credit card etc on a site and then goes 'oh noes, this might be dodgy, let's see if I can do a 'directory traversal' on it to see what's going on'..and then the fun begins.
The main act of stupidity in this case was that the 'system penetration and software tester' lied to the 'PC plod' he must have though they sent to interview him, pity that, the 'plod' actually knew his subject and caught him out, so the CPS went ahead with a prosecution based on his 'sketchy' behaviour.
The Domestic and General Case: Disgruntled ex-employee mailbombs his old company and gets away with it.
The main act of stupidity in that case being that the CPS chose the wrong bit of legislation to prosecute the bugger with, so the court had no option but let him walk free on points of law.
Oh sure, stupidity abounds here in Britain, and there's legal trickery out there written in such a manner as to make almost anything a prosecutable offence, I know that there's a good chance that some of my antics manipulating URLs to bypass limitations of borkedly 'coded' websites could be regarded as offences under the old Computer Misuse Act here in the UK, and the CPS and Procurators Fiscal would write up the charges in such a manner as to try and guarantee a conviction.
I run Linux on most of my desktop machines, for some reason this seems to lead to...weirdness when browsing a number of web sites (e.g. a local bus company's timetables are downloadable as pdfs from their site, but this only works on windows boxes, both Macs and Linux boxes fail to download them).
Even at work where I use a windows box we have Firefox installed as well as Chrome for those sites which seem to fail to load properly on one or t'other, and for the seriously stupid sites which still insist on it, there's always IE... (there's at least one site that our admin staff need to use on a daily basis which borks horribly on anything other than IE, I shit thee not)
(Score: 2) by DannyB on Monday August 28 2017, @06:35PM (5 children)
I seem to remember Linked In recently losing a court case where Linked In is making information public, but trying to manufacture some kind of legal means to say it is NOT public information. The court flatly rejected that. The court's analysis that the line between public and non public was a password or some kind of authentication, IIRC.
If removing /whatever.html from the end of a URL reveals something, then it is indeed public. Just like if changing &id=587372 reveals a different customer's personal information, and then enumerating all the possible "ids" reveals a lot of customers' personal info, it is still public information. The problem is that the web site operator is making the information quite public. So public that some school children could access this public information. The real burden is on the web site operator not to make the info public in the first place.
It's like if someone frequently stands nude in front of a large plate glass window visible to lots of people. If others take photos or simply look, the person can hardly complain about privacy. They made the exposure of themselves quite public whether intentionally or not. And it would be hard to argue unintentionally, just as with the example of changing the &id=587372.
The lower I set my standards the more accomplishments I have.
(Score: 2) by FatPhil on Monday August 28 2017, @11:57PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by dry on Tuesday August 29 2017, @12:44AM (3 children)
If leave my car unlocked and the keys in the ashtray, it does not make it legal to take my car. If I don't have a lock on my front door, it does not make it legal to enter my house, even if a 6 year old could easily walk in. If my luggage has 1-2-3-4 as the combination and even if I forget to randomize it, it is still illegal to go through my luggage.
The argument that if something is unlocked, it is free for the taking/using is pretty simple and often wrong.
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @01:32AM
Idiotic analogies are idiotic.
(Score: 2) by DannyB on Tuesday August 29 2017, @01:27PM
That is why I used an analogy of you making something public and then trying to claim it is not public.
The lower I set my standards the more accomplishments I have.
(Score: 2) by urza9814 on Tuesday August 29 2017, @03:12PM
So if you have an website only accessible on your LAN, and it has a password prompt but the password is just the return key, then that's still not public. Yup, I've got no problem with that.
But if you invite the general public into your front yard (ie, have a public website) and your home has no doors (ie, no attempt at authentication when loading the pages that aren't supposed to be public) and someone walks inside...I kinda doubt a court would call that trespassing.
(Score: 0) by Anonymous Coward on Monday August 28 2017, @06:36PM (1 child)
Please cite the case(s) you're referring to.
(Score: 2, Informative) by Anonymous Coward on Monday August 28 2017, @07:19PM
Literally just editing an url "hack", 41 months [arstechnica.com]. Even if were unrelatedly deserved for being a despicable troll and a jerk.
(Score: 1) by crafoo on Monday August 28 2017, @11:59PM (3 children)
But you're wrong. It's not. It's not illegal with respect to any written law. It has been ruled illegal in cases where global corporations have demanded it.
In those particular cases it was a citizen "circumventing" a corporation's website. I think the URL case in particular was someone pulling a customer list from AT&T or Verizon just by changing the address. Clearly this was all public information accessible without any security measures what so ever.
This action was ruled illegal because a citizen took an action a corporation deemed not in the corporation's interest. And so the courts ruled according to the actual power structure of the USA. It doesn't make the action illegal. It just means their is no rule of law.
(Score: 2) by FatPhil on Tuesday August 29 2017, @12:37AM (1 child)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @03:08PM
A US court decision is only binding upon lower courts. Weev was convicted in federal court and the conviction was subsequently vacated on appeal in the third circuit (due to improper venue). The only binding precedent here is in the third circuit, as set by the third circuit court of appeal, applying to the issue of venue. This is normal -- the appeals court generally won't make any ruling on the merits of the case when the decision can be established on something more basic, such as improper venue.
However, a federal court looking at a similar case would also find that the third circuit court of appeal did not have a high opinion of the merits of the prosecution's case, either.
Nevertheless, the CFAA has to go.
(Score: 2) by KGIII on Tuesday August 29 2017, @06:50AM
That's not actually how laws work. You know that, right?
"So long and thanks for all the fish."
(Score: 2) by Runaway1956 on Tuesday August 29 2017, @12:11AM (1 child)
I seldom argue even the most obvious legalities. But, that's so stupid, it sounds right. Bottom line, if you run a publicly facing server, and you put stuff on that server, you KNOW people are going to use it however they want. Drop the directory off the end of a URL? I started doing stuff like that twenty freaking years ago, and don't plan to quit.
(Score: 2) by edIII on Tuesday August 29 2017, @12:48AM
That's no longer true with some of the newer platforms. It's not about delivering pages through a hierarchy of files and directories, but more of an API used in some sort of MVC.
One of the projects I worked on the url was literally turned into functions. /ping /grep /ls or /ping?ip=127.0.0.1 (I don't mean those commands literally, but just an example)
In those cases your not traversing directory structure anymore, but API structure instead. With posted API requests and nothing on the URL line. Work on the site for three hours and the URL never changes. Not even an additional page load.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @08:54AM
Funny thing about that...
Want to show ads on my computer? Pay me for access to show ads. Anyone ads that I don't get paid for are unauthorized access to a computer system.
(Score: 2, Insightful) by Anonymous Coward on Monday August 28 2017, @05:05PM
I'm not a lawyer and I'm not going to speculate about the legality of this extension.
But I will say that, as a non-lawyer, the reasoning being given for this decision is very imprecise.
The justification given for the blocking is
This is a very vague set of criteria that could apply to many different extensions and browser configurations.
Are all ad-blocking extensions considered unacceptable now, because blocking ads could cause "direct and indirect economic damage to website owners" by not allowing ads to be viewed or clicked?
Is using the browser with HTTP compression disabled considered unacceptable now, because transferring more data could cause "direct and indirect economic damage to website owners" since there could be a cost associated with data transfer?
Is disabling JavaScript considered unacceptable now, because it could prevent some ads from being shown, which could cause "direct and indirect economic damage to website owners" since such ads couldn't be viewed or clicked?
Is using a User-Agent value that contains the Pale Moon name and version info considered unacceptable now, because it results in a few more bytes of data transfer, which could cause "direct and indirect economic damage to website owners" since there could be a cost associated with data transfer?
It sounds to me like the leadership of the Pale Moon project is saying that any sort of browser behavior that might cause web server owners to incur any sort of an economic cost should now be considered unacceptable!
(Score: 3, Insightful) by frojack on Monday August 28 2017, @05:05PM (6 children)
Seriously?
What law criminalizes clicking on an advertising link but refusing to look as the advertising?
The problem with the plug in is that it DOSes the users own machine, chewing up bandwidth and exposing the user's to ip address allows unwanted tracking.
It would be objectionable simply because it works counter to the user's own interests,
No, you are mistaken. I've always had this sig.
(Score: 2, Flamebait) by FatPhil on Monday August 28 2017, @05:56PM (4 children)
The reason it's considered bad is in the original post to the forum, and they are resonable arguments. There seem to be no actual valid responses to those arguments in the top couple of pages. Most who oppose the block seem to be pretty damn stupid. Some can be summarised as "it's disgusting that I have to do something to get this extension installed" not realising that they had to do something (namely install it) in order to get it installed anyway. Idiots such as that can be safely ignored. They add nothing of value.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by Joe Desertrat on Monday August 28 2017, @09:24PM
While they may add nothing of value, they do seem capable of causing a great deal of damage.
(Score: 3, Informative) by frojack on Monday August 28 2017, @11:07PM (2 children)
Check your facts:
See https://adnauseam.io/ [adnauseam.io]
No, you are mistaken. I've always had this sig.
(Score: 3, Informative) by FatPhil on Monday August 28 2017, @11:20PM (1 child)
It doesn't click anything, it can't. It submits http requests, as if the user has clicked, that's all, that doesn't mean there was anything to click on, or anything clicking on these nonexistent things. We can see inside the chinese room, stop pretending we can't.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @11:35AM
Phil, give it up. You were wrong. Just admit it.
(Score: 2) by KGIII on Tuesday August 29 2017, @06:53AM
Possibly covered by Intent to Defraud. Possibly...
"So long and thanks for all the fish."
(Score: 1) by khallow on Monday August 28 2017, @09:55PM
(Score: 4, Insightful) by Runaway1956 on Monday August 28 2017, @05:02PM (8 children)
People have opinions. People support different things, because they have different ideas of "right" and "wrong". In this case, I think that Moonchild's opinion is a valid opinion - but he is over reacting. And, those who are upset with him are also over reacting. Is there hard code in the browser which will set your machine afire if you insist on installing the extension? No. It's just a default configuration. Don't like the default? Change it.
People can still get along, if they try.
Besides - what are you going to move to? Chrome? Safari? IE/Edge? There aren't a lot of other browsers to choose from. Iron was good, the last time I looked at it. The philosophy was very much the same as Pale Moon: strip out the superflous bullshit. But, if the community is this upset over a silly little soft block, then something is going to happen over at Iron to get everyone pissed off too.
https://en.wikipedia.org/wiki/Make_a_mountain_out_of_a_molehill [wikipedia.org]
The idiom is found in Nicholas Udall's translation of The first tome or volume of the Paraphrase of Erasmus vpon the newe testamente (1548) in the statement that "The Sophistes of Grece coulde through their copiousness make an Elephant of a flye, and a mountaine of a mollehill."
(Score: 5, Insightful) by Anonymous Coward on Monday August 28 2017, @05:24PM (1 child)
The problem isn't that Moonchild has an opinion.
The problem isn't that Moonchild's opinion differs from the opinions held by many Pale Moon users.
The problem is that Moonchild is using Moonchild's position of authority to impose Moonchild's opinion on Pale Moon users who don't share Moonchild's opinion.
If Moonchild doesn't want to use this extension with Moonchild's own installation of Pale Moon, then that's fine.
But Pale Moon users feel that Moonchild shouldn't be using Moonchild's authority within the project to control (to whatever degree) what extensions Pale Moon's users can use.
And I don't think that the Pale Moon users are "over reacting". After seeing how similar unilateral decrees caused so many problems with Firefox, these users should rightfully be very worried.
(Score: 2) by FatPhil on Tuesday August 29 2017, @07:11PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1) by khallow on Monday August 28 2017, @10:01PM (5 children)
(Score: 3, Insightful) by Runaway1956 on Monday August 28 2017, @11:10PM (2 children)
In that case, then the users current response will be justified. Drop the browser, and move on to something else.
(Score: 2) by HiThere on Tuesday August 29 2017, @12:59AM (1 child)
That's a lot easier if you get disgusted enough to start looking for something else ahead of time.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Tuesday August 29 2017, @07:05AM
Right, so get back to me on which browsers currently respect the user's freedom more than Pale Moon:
Chrome? Firefox? Safari? Vivaldi? Brave? Hah!
(Score: 2) by FatPhil on Tuesday August 29 2017, @07:14PM (1 child)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1) by khallow on Tuesday August 29 2017, @10:59PM
Here's how it's not a fallacy:
1) The people in control of Pale Moon can do a lot more than they have to this point. There's no clear limitations on what they can do to restrict use of particular extensions, but they clearly have the capability to block use of extensions.
2) It's not an extreme position to suppose that the extension may eventually be blocked using the same reasoning that led to this obstruction of its use.
3) My slippery slope is not presented as inevitable.
(Score: 0) by Anonymous Coward on Monday August 28 2017, @08:39PM
I read the discussion too, and what people are crying about is that they have to actually enable the feature if they want to install it.
People are stating they dont want to have to change anything.
It's like whining that 1-click ordering stopped working. The extension still works, you just have to make another few changes to the settings to allow it to function!
I am guessing the people complaining are the same types that that would use geforce experience or raptr or something when their brand new high end gpus are not working right because they have so much money they don't know how anything works unless it's click next to continue complexity.