Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Sunday November 06 2016, @03:21PM   Printer-friendly
from the only-show-me-what-I-wanna-see dept.

[Ed Note: This reads a little like a Soylvertisement, but the concept that the blog is talking about regarding using WebSocket to send the advertising (and the tool he uses to see the traffic) is interesting. The "How It Works" section of the blog article (not posted here) is worth a read.]

Pornhub Bypasses Ad Blockers With WebSockets

TLDR: Watch the BugReplay Recording of Pornhub dodging AdBlock

(NSFW level: medium)

We tried to find the most PG page on MindGeek's network to use as an example- it wasn't easy.


When I was building the prototype for BugReplay, I was evaluating different methods of capturing and analyzing network traffic from Chrome. One of the first things I saw that looked promising was the chrome.webRequest API.

From the docs: "Use the chrome.webRequest API to observe and analyze traffic and to intercept, block, or modify requests in-flight."

That seemed to be exactly what I needed.

After experimenting with the Chrome webRequest API, I quickly realized there was a big problem. It didn't allow me to analyze any WebSocket traffic, something I really wanted to support.

As I was searching the web trying to see if I was misreading the documentation or was looking in the wrong spot, I found a relevant bug report from 2012: "chrome.webRequest.onBeforeRequest doesn't intercept WebSocket requests." In the bug report, users were complaining that without the ability to block WebSockets, websites could get around ad blockers fairly easily. If WebSocket data was not visible to Chrome extensions via the webRequest API, they could not be blocked without some heavy duty hacks.

Initially, the risks to ad blockers seemed theoretical; the examples of sites that were employing this technique were very obscure. Then in August 2016, an employee of the company that owns Pornhub.com (MindGeek) started arguing against adding the WebSocket blocking capabilities to the Chrome API. Pornhub is the 63rd most visited site on the Internet according to Alexa. I checked out a few of MindGeek's sites and sure enough, I could see ads coming through even though I had Adblock Plus on. The ads on Pornhub are marked 'By Traffic Junky,' which is an ad network owned by MindGeek.

In the screenshot below, you can see a banner at the top of the page announcing that the site is aware that the user is using an Ad Blocker, with an invitation to subscribe to a premium ads free version of the site. On the right side of the page you can see an advertisement.

http://blog.bugreplay.com/post/152579164219/pornhubdodgesadblockersusingwebsockets

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by Celestial on Sunday November 06 2016, @05:05PM

    by Celestial (4891) on Sunday November 06 2016, @05:05PM (#423166) Journal

    gorhill (the developer of uBlock Origin, an ad block extension for Google Chrome, Mozilla Firefox, and Opera), discovered a little while ago that more and more advertisers are using WebSockets to get around ad blocking in Google Chrome and Google Chrome based browsers, so he added a companion extension to uBlock Origin, called uBlock Origin WebSockets [google.com] oddly enough. It allows uBlock Origin to filter WebSockets. You need both extensions if you plan on using it, just FYI.

    If one ad block extension developer can do it, I'm sure other ad block extensions will do it in time as well.

    Starting Score:    1  point
    Moderation   +3  
       Informative=3, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 2) by edIII on Sunday November 06 2016, @06:02PM

    by edIII (791) on Sunday November 06 2016, @06:02PM (#423192)

    Thank you, and blocking websockets outright is the answer I think.

    I'm looking into programming with it myself, but that would be a fully logged and authenticated portal to get work done, not be advertised too. So as long as the website isn't being paid $20+/mo to perform services for me needing websockets and an API, I sure as hell as don't need to be enabling websockets for everyday browsing.

    For everyday browswing, I'm using phpproxy out of out Europe stripping everything from the pages. I might need to upgrade that and make sure the websockets hole is closed.

    It's always something with those irredeemable bastards isn't it?

    --
    Technically, lunchtime is at any moment. It's just a wave function.
  • (Score: 1) by Bethany.Saint on Monday November 07 2016, @05:32PM

    by Bethany.Saint (5900) on Monday November 07 2016, @05:32PM (#423624)

    For anyone using uBlock Origin (like myself) you probably don't need this extension anymore. From the description:

    UPDATE: since this companion extension was published, uBlock Origin has itself gained the ability to blanket-block all websocket connection attempts for specific sites using a new filter syntax. For example, the filter "*$websocket,domain=example.com" will block *all* websocket connection attempts for web pages from "example.com". EasyList now supports this syntax, and contains such filters.[3]