China will ban all software and hardware that blocks Internet advertisements:
In a document published by China's Commerce Bureau [in Chinese], the People's Republic of China laid out the framework for a new Internet policy advertising law that will take effect September 1. This new Internet policy contains some radical changes to China's existing Internet guidelines, such as a blanket ban on ad-blocking. The new policy also pushes significantly stricter advertising guidelines, however, which could make it more beneficial to both users and companies.
Under China's new Internet Policy article XVI, all software and hardware that intercepts, filters, covers, fast-forwards or in any way prevents an advertisement from being viewed is prohibited. The policy explicitly points out that ad-block capability in email clients is also prohibited, as is network-level hardware that that may contain ad-block features. In our reading of the document, it would appear China is doing this to encourage what it would consider fair economic development of the Internet.
The new advertising laws do make some attempts to protect individual users from certain types of advertisements. For example, advertisements for prescription drugs and tobacco products are banned, and any products designed for pharmaceutical purposes must be reviewed by China's advertising agency before they can be put online. Advertisements are also required to be clearly marked, and they cannot be disguised as other content in an attempt to trick users into clicking them. Pop-up ads will be restricted to clearly display their location, and they must contain a clearly marked close button so as not to trick users.
This is good news for anybody seeking to hack Chinese Internet users.
(Score: 3, Interesting) by Capt. Obvious on Friday July 22 2016, @11:57PM
I mean, it seems pretty trivial to make an ad-blocker that's undetectable to things beyond the client.
(Score: 0) by Anonymous Coward on Saturday July 23 2016, @12:22AM
The way forbes.com would enforce it, if they had thousands of PLA cadres under their command. The prices of organ transplants are about to plummet.
(Score: 2) by JNCF on Saturday July 23 2016, @12:51AM
Think about the current Red Queen's race between ad blockers and the ad makers that are trying to evade them, but with any detection of ad blocking resulting in criminal charges. It's a nightmare. A basic example of detection would be if the element that an ad image was nested in was periodically having its width checked to see if it was as large as you would expect with a loaded ad, and if it's not that large it phones home to report that the ad was prevented from showing up. You can come up with a simple work around to that, but when you're constantly having to play catch-up with ad companies and it only takes one successful detection of ad blocking software to get a conviction, ad blocking might become a crazy option for most citizens to pursue even if the ad blockers are usually ahead in the race.
(Score: 2) by jcross on Sunday July 24 2016, @09:16PM
The comment below explains why this might not matter, but it's interesting to think about solutions. One is to have a "shadow browser" that renders to an offscreen buffer or a mock renderer, from which data is extracted for the page view being presented to the user. For a simple-ish implementation, imagine you have a minimized browser being controlled via Selenium or similar from a maximized browser that has access to the other browser's response data or potentially its DOM. Of course you're still going to pay the bandwidth cost of downloading all that junk, but at least you wouldn't have to look at it.
(Score: 2) by JNCF on Sunday July 24 2016, @11:05PM
There are just so many tricky things you can do with the DOM. If somebody makes an ad that blocks the user from accessing parts of the screen, has multiple ways of confirming whether or not the ad is still playing, and considers interaction with parts of the interface that should be blocked while the ad is still known to have not closed itself properly to be a sign of ad blocking, then you have to find and fool every mechanism they've made for determining whether the ad is up... and hope they don't make more while you're not looking (they will).
Oh, that ad element still has a width of X? Then how did you click the submit button, citizen? You weren't using an illegal user agent, were you? (I assume Lynx will be banned, since it "blocks" most ads.)
The ad doesn't have a width of X, even though less than 45 seconds have passed since the page loaded? To the gulags!
Again, these are really simplistic examples. Convuluted ones would be harder to find and circumvent.
(Score: 2) by jcross on Monday July 25 2016, @12:43AM
How can this be distinguished from clicking the link and leaving the browser unattended from that point? I can see how it gets sticky with page interaction, but real user data is noisy, and the simulated circumstances wouldn't be that rare for non-modified browsers.
(Score: 2) by JNCF on Monday July 25 2016, @02:59AM
How can this be distinguished from clicking the link and leaving the browser unattended from that point?
I'm not sure which one of us is misunderstanding the other. I was suggesting a situation in which an ad is blocking access to a button when the page loads, and the ad becomes hidden after a certain period of time. I'm not sure what point you're suggesting we leave the browser unattended from. Are you saying we delay the user interaction until after we think that no other elements should be blocking the button, perhaps?
I can see how it gets sticky with page interaction, but real user data is noisy, and the simulated circumstances wouldn't be that rare for non-modified browsers.
With a lot of modern websites, I agree that there are strange cases where the button would be visible from the beginning anyway. But if you really cared, you could deliver your markup with non-working buttons and only make them trigger the functions you want after the page has already completed first render and the positions of certain elements can be checked, so you know that your ads are where they should be.
(Score: 2) by jcross on Monday July 25 2016, @01:49PM
Ah, I think I see what you're getting at. If the site detects that you've clicked the button behind the ad before the ad should have disappeared, it looks like something fishy must be going on. This type of mechanism could be tricked by artificially advancing the system clock available to the JS code, but of course you can't fool the server if not enough time has elapsed between page load and form submit or whatever. Even more problematic would be an ad that forces you to take an action before seeing the page because no clock tricks would work on that. So, I agree the site could be made arbitrarily difficult to fool, but on the other hand many of these measures would have a cost for law-abiding users who are not trying to block ads.
To clarify, I was thinking specifically about news sites which in my experience are the most egregious users of intrusive ads (or were before I started using an ad blocker). What I imagine would happen in my "shadow browser" scenario is that the page would come up blocked by an ad, with the content loaded behind it. In the visible browser, I could read the content while the ad rolls on the shadow browser. By the time I get around to clicking a button, the ad is gone and it just looks like I'm impatient or a fast reader. Now obviously the site could defeat this by not loading the content until the ad completes, but then the user might have to wait between the ad and the content, and google will definitely not like it.
Actually that's probably the main factor that will make this setup hard to defeat. Google can and will punish you for putting content on your site that the user can't see, because it looks like a deceptive SEO technique. If the content is only loaded via JS, the bot will probably not see it at all which will kill the page's search relevancy. I think they also don't like it when you deliver different content to their bot than you do to a real user. Any ad-supported site must depend on eyeballs, and they can't afford to piss off the primary source of them. In that respect Google is like Walmart: bordering on evil in many cases, but also using their power to police and improve the market. I'm thinking specifically here about Walmart's campaign to reduce product packaging, which seems to have worked.
(Score: 3, Informative) by JNCF on Monday July 25 2016, @02:36PM
So, I agree the site could be made arbitrarily difficult to fool, but on the other hand many of these measures would have a cost for law-abiding users who are not trying to block ads.
But given how intrusive ads already are, and how much they slow down the page by doing sketchy shit in the background to track users, does this really seem like a huge barrier?
Google can and will punish you for putting content on your site that the user can't see, because it looks like a deceptive SEO technique. If the content is only loaded via JS, the bot will probably not see it at all which will kill the page's search relevancy.
This isn't the case anymore. You can deliver empty markup and have your JavaScript throw some text in after first render, and Google will still index it. It's bad form, but you can do it and Google will play ball. Here's a 2015 article talking about it. [searchengineland.com]
(Score: 3, Informative) by JNCF on Monday July 25 2016, @02:55PM
Also, Google at least allows the New York Times to let their bots past ads without fussing. [ghacks.net] Note that some people recommend not following the linked articles advice, because some sites will ban your IP if you claim to be a googlebot but your IP doesn't belong to Google.
(Score: 2) by jcross on Monday July 25 2016, @09:28PM
Well shit, I guess we're really screwed then. There's basically nothing stopping the web from becoming almost 100% executable and not a collection of documents at all.
(Score: 3, Informative) by urza9814 on Monday July 25 2016, @06:54PM
Last time I checked, Google wasn't particularly popular in China. So if the Google rankings of the popular Chinese sites start tanking, I expect that would mostly hurt Google. I'm sure Baidu will make sure they're playing ball with the advertisers as necessary.
(Score: 2) by Capt. Obvious on Monday July 25 2016, @03:25PM
I often, when leaving ads on on a site I like, have to manually remove elements from the DOM to click buttons/read content. Maybe if I left JS on, they would go away. But there's a big difference between "I will let you show me an ad" and "I will run your code"
It never occured to me that because of that, they were registering me as an ad blocker. Oh well, I guess if I'll be counted like that, I may as well block the ad.
(Score: 1, Informative) by Anonymous Coward on Saturday July 23 2016, @10:38AM
They're not criminalizing ad-blocking so much as they're criminalizing ad-blockers.
So yeah, it's easy enough to make an ad-blocker that's undetectable when used, but it can't be offered anywhere within the Great Firewall of China. Sure some people may end up finding and using it, but the vast majority of Chinese citizens won't be able to get their hands on it.
(Score: 5, Insightful) by PinkyGigglebrain on Saturday July 23 2016, @12:06AM
This also enables them tracking you.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 0) by Anonymous Coward on Saturday July 23 2016, @12:26AM
Vive la différence.
(Score: 2) by Scruffy Beard 2 on Saturday July 23 2016, @04:39AM
I suspect that is what it is really about.
Privacy Badger stops ads by sabotaging the real-time bidding process.
(Score: 2) by fido_dogstoyevsky on Saturday July 23 2016, @06:50AM
This also enables them tracking you.
Isn't that the whole point of most ads?
It's NOT a conspiracy... it's a plot.
(Score: 3, Insightful) by maxwell demon on Saturday July 23 2016, @07:26AM
No, the whole point of most ads is to make money. Tracking is just a means to this end.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by SomeGuy on Saturday July 23 2016, @12:14AM
Really, I'm kind of surprised that the big US corps have not already purchased a law to forbid ad blocking. Of course the way things are going sites are increasingly using truckloads of fancy, non bypassable, scripting just so you can see 1k of damn text. They will probably find some way to involve encryption, making ad blockers fall afoul of the DMCA.
Well, that one won't get off the ground as long as Microsoft is around. :P BTW, your Windows 10 upgrade is ready :P
(Score: 0) by Anonymous Coward on Saturday July 23 2016, @01:05AM
the DMCA
You've answered your own question. The law is in place, all that's missing is the will to enforce it.
(Score: 2) by TheGratefulNet on Saturday July 23 2016, @02:57AM
it would not take long before suitable 'firewall' code was written as a defense against this.
what does it need to see, from the source, to think we are 'behaving'?
then, just echo back what it wants to see. and you do what you need to, with no ACK-backs allowed directly.
technically, its probably not very hard. once you model what they trigger on, that is.
I bet the chinese will have an actual chip that can defeat this, in 3-4 weeks time. and fakes of the fake a few more weeks later ;)
"It is now safe to switch off your computer."
(Score: 2) by el_oscuro on Saturday July 23 2016, @12:33AM
Can't you just block them with /etc/hosts?
SoylentNews is Bacon! [nueskes.com]
(Score: 0) by Anonymous Coward on Saturday July 23 2016, @01:07AM
And then they come for you...if you're in the PRC that is.
(Score: 2) by DECbot on Saturday July 23 2016, @01:02AM
I block JavaScript. If not by browser extensions then by browser (lynx). If ad companies cannot serve ads without JavaScript, am I liable for blocking them?
cats~$ sudo chown -R us /home/base
(Score: 0) by Anonymous Coward on Saturday July 23 2016, @01:42AM
You'd probably get flagged and investigated in China. One would hope that a browser choice couldn't land you in trouble, but hey we'll find out! Or not, depends how good they are at silencing dissent...
(Score: 2) by TheGratefulNet on Saturday July 23 2016, @02:59AM
yeah, mr. DEC guy, my vaxstation runs such an old version of mosaic, I just don't see ads anymore.
I'm all set. sounds like you are, too.
lol
"It is now safe to switch off your computer."
(Score: 2) by Reziac on Saturday July 23 2016, @04:15AM
Same here. No adblocker, but I use NoScript and HOSTS, and the effect is much the same.
But now I'm wondering if there's a way to make websites think JS is active when it's not.
And there is no Alkibiades to come back and save us from ourselves.
(Score: 3, Insightful) by TheGratefulNet on Saturday July 23 2016, @02:41AM
its to remotely install malware.
I am 99% certain this is their motivation. of course, I can't prove a damned thing. but I have a hunch this is what they have in mind.
malware comes in thru ads these days.
wow. we're back to the old days where china really IS worse than the US. thank god we still are better than they are in some ways (lol).
then again, I wonder if our own spies are stroking their beards and thinking this is a great idea for the US, too.
what spy agency would not love to force you to accept their malware?
"It is now safe to switch off your computer."
(Score: 2) by Nerdfest on Saturday July 23 2016, @04:02AM
Pretty sad when the spy agencies are there to spy on their own people of course. China worse than the US? Sounds like they came up with a better solution first in this case.
(Score: 1) by dadical on Saturday July 23 2016, @04:16AM
Why don't you just ban ads?
(Score: 2, Interesting) by anubi on Saturday July 23 2016, @04:38AM
Why don't you just ban ads?
For the very same reason ad-blocker bans won't work either.
The thing that puzzles me so is why do governments get off passing law that only encourages people to disregard it?
The first step to anarchy is to train people to disregard law.
If one is going to pass law, it better be one the public supports.
This one makes as much sense as passing a law forbidding swatting mosquitoes.
Makes one wonder just how far lawmakers are disconnected from reality... and just how badly they need a reality check.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 0) by Anonymous Coward on Saturday July 23 2016, @08:26PM
It's really simple, have a law that everybody breaks and then you can selectively enforce it to get rid of undesired elements in your society.
(Score: 1) by anubi on Monday July 25 2016, @05:26AM
It's really simple, have a law that everybody breaks and then you can selectively enforce it to get rid of undesired elements in your society.
It sure seems that is what "they" are up to. Make us all violators of law, then punish those who "they" please.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Interesting) by number6 on Saturday July 23 2016, @03:32PM
If you use the BSD operating system and you diligently configure its native firewall ipfw as part of your everyday security administration,
is this now considered breaking the law in the eyes of the Chinese !!!!????
-----------------------------------------------------------------------------
Some nice reading material on system firewalling:
Authority Netblock Blacklist - Telecomix Crypto Munitions Bureau
.https://cryptoanarchy.freed0m4all.net/wiki/Authority_Netblock_Blacklist
On these pages we will try to gather the netblocks of as many authorities as possible, making it possible to firewall them. ..........No authorities in our lives; no authorities in our machines! ..........IP ranges / blocklist (NOTE: this list has been assembled from various sources, mainly file sharing blocklists. .......7.0.0.0/8 #Defense Information Systems Agency, VA ........Central Intelligence Agency CIA:162.45.0.0-162.45.255.255 .........$IPTABLES -m iprange --src-range 6.0.0.0-6.255.255.255 $ACTION $COMMENT "Army\ Information\ Systems\ Center"
firewalling: Windows equivalent of iptables - QA, Server Fault, Nov 2010
.http://serverfault.com/questions/207620/windows-equivalent-of-iptables
how can I accomplish on Windows what I can accomplish via iptables? Just looking for basic firewall functionality (e.g. blocking certain IP addresses). ......................One way would be with the netsh command. ......................WIPFW (.http://wipfw.sourceforge.net/) looks very promising, especially if you're after that iptables rule creation flavor on a Windows box.
-----------------------------------------------------------------------------
I'm on Windows XP, and WIPFW mentioned at the ServerFault thread perked my curiosity ...
So I downloaded 'wipfw' and had a look at the README.TXT, and saw this line:
"""this port based on .http://info.iet.unipi.it/~luigi/dummynet"""
so I visited that webpage to see who is this 'luigi' guy.
I discovered that 'luigi' is 'Luigi Rizzo', and he is one of the pioneering contributors to the BSD networking subsystem.
At his home page (.http://info.iet.unipi.it/~luigi/) he mentions:
"""My email address happens to be in the RELNOTES.HTM file which is part of the Windows XP distribution, because of some software that i wrote and that apparently Microsoft used."""
WOW!!! this guys networking code was taken by Microsoft and used in Windows XP.
this perked my curiosity to find a copy of RELNOTES.HTM and actually read it; all these years of using WinXP, not once did I ever bother reading its release docs.
I found an online copy of RELNOTES.HTM here:(.ftp://mx2.daveg.no/Repair/Programs/Microsoft/Windows/Wndows%20XP/Pro%20EN/DOCS/RELNOTES.HTM).
After reading it, I was fascinated by my discovery of just how many people like 'Luigi Rizzo' had their code taken by Microsoft and included in Windows XP.!
I was shocked; I thought Microsoft was an original software creator, but after reading those Release Notes I am coming to the conclusion they are not much more than plagiarists and copy-cats.!
If I was a billionaire, I would love to pump millions and millions of dollars into the development of ReactOS and see MS-Windows fade away into obscurity.
The only time closed-source makes any sense is when it comes to little programs and utilities written by one author, like this guy for example:(.http://users.telenet.be/littlegems/MySoft/Index.html).
For complex systems, no fucking way should things be allowed to evolve in a closed-source fashion; they will end up swallowing all the fruits of human achievement, destroying the common good.
(Score: 1, Insightful) by Anonymous Coward on Saturday July 23 2016, @06:06PM
It is well-known that Microsoft took the network code for the NT kernel from BSD. Some of the more obvious indicator are verbatim strings, that they went from a minimal noncompliance implementation to a full raw socket supporting Berkeley socket implementation in a matter of months, and that the hosts file and other network configuration files are in a directory called "etc" and are basically the only things in there with other drivers using a different directory hierarchy.