SoylentNews is people
SoylentNews
... or so some web pages are now saying according to an article published by El Reg:
The Jeff Bezos-owned Washington Post has become the largest newspaper to refuse to serve readers who filter out advertisments.
The Post described it as "a short test" to gauge what users who use blocked blockers will do next. "Often, we run tests like this not in reaction to a problem, but to learn," said the paper in a statement.
Last week, Google also began to nuke the filters used to block preroll ads on its YouTube service. For extra punishment, YouTube viewers using AdBlock Plus had to sit through the full ad, by disabling the 'Skip Ad' button.
Around one in seven surfers use ad-blocking software, although the proportion rises when the demographic mix skews towards middle class and wealthy, and young and male, according to the latest annual PageFair report... into ad filters.
There is a reason why people use ad blockers. Sometimes it's for purposes of sanity, to avoid the very annoying auto-playing ads that more and more web sites now host. Others block them for security purposes, limiting one's exposure to the nastiness that can sometimes come from unscrupulous advertisers. Still others block them to reduce the draw on their precious bandwidth, especially those who get throttled if they use their monthly limit. Perhaps the Washington Post should be more careful with who they sell advertising to and more strictly limit the format of the adverts their sponsors pay them to publish instead of punishing those who block all of them.
(Score: 2) by frojack on Thursday September 17 2015, @03:52PM
Really??
How does that work?
Simply downloading a file (any file) and discarding the bytes as they arrive presents no exposure to malware.
No, you are mistaken. I've always had this sig.
(Score: 2) by etherscythe on Thursday September 17 2015, @05:30PM
Depends. If the code is parsed at any point along the way, you're still vulnerable to zero-day unpatched holes, even if the data is dumped before being displayed or, worse yet, as a secondary pass after being initially rendered. Not that it actually works like that now, but the arms race may end up going in that direction at certain levels of sophistication.
I'd like to assume that the ad info will never get loaded, but given the state of software in general, I'm not willing to make any bets on it.
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 2) by frojack on Thursday September 17 2015, @06:09PM
If you are fetching something simply to satisfy a server-side fetch request, why would the "code" be be parsed at any point along the way?
And assuming it was parsed at some point "along the way", but not in your machines, since you are going to /dev/nul all bytes that come across that socket, what would it matter?
Other than saturating your connection, (DOS), bytes received on a socket can only hurt you if you do something with them. If you refuse to even store them, you are safe. You simply read the socket in conveniently sized small buffers, tossing everything that arrives until socket is unreadable (empty), and then you close it. Your application (Ad-blocker, or what ever) simply has to know that the fetch was for an ad, and it should never do anything with the data.
No, you are mistaken. I've always had this sig.
(Score: 0) by Anonymous Coward on Thursday September 17 2015, @08:36PM
Please illuminate me and explain how I can configure $FAVORITE_BROWSER so that 'good' bytes run through $FAVORITE_BROWSER's rendering pipeline but ad-bytes and them alone go to /dev/null.
I think you are confusing "it could be done by rewriting a shit-ton of code and compiling it into your own custom version of $FAVORITE_OSS_BROWSER" with "it can be done with a simple configuration".
I'll be over here, waiting for your detailed explanation...
(Score: 3, Informative) by frojack on Thursday September 17 2015, @08:57PM
Please illuminate me and explain how I can configure $FAVORITE_BROWSER so that 'good' bytes run through $FAVORITE_BROWSER's rendering pipeline but ad-bytes and them alone go to /dev/null.
Its easy.
Adblock Plus sees this html to fetch the ad, and strips it out as usual. (You do know that is how ABP works, don't you? Because If not, this discussion is pointless).
Then, for those ads that ABP has learned or has been configured to know must be fetched, it creates a http request, on its own socket, cloning the browser's Id string. But since it knows this is just a necessary fetch, it does nothing but dump the returned data.
As advertisers get smarter, they will return the url of the actual content appended to the end of the ad. ABP takes the next step in the arms race and finds that URL and pastes it into the page. (This would impose some risk as ABP would actually have to process the ad's data stream).
No, you are mistaken. I've always had this sig.
(Score: 2) by etherscythe on Friday September 18 2015, @01:23PM
See, that last part is exactly what I am talking about. That blocker code has to be bulletproof, otherwise we're back to square one, with an even bigger attack surface.
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 0) by Anonymous Coward on Sunday September 20 2015, @11:42AM
HTML to fetch ads? We aren't still living in the 90s.
Unfortunately most ad networks use Javascript. If you want to see how prevalent it is, install NoScript and turn off your ad blocker, unless you then explicitly allow the ad network's code to run you'll still not see 99% of ads. To spoof the ad views your ad blocker or most likely your browser on behalf of the ad blocker will need to run the Javascript to get the output that tell it what ads should be viewed.
(Score: 2) by hash14 on Friday September 18 2015, @03:05AM
Use the evil bit [wikipedia.org].
(Score: 0) by Anonymous Coward on Monday September 21 2015, @03:29PM
I'm not sure whether the point has been that this is doable by joe average or by someone knowledgeable with reasonable effort in free time.
Anyway, for the latter case, there's this magical little device that almost every browser on earth supports which is called a proxy. Writing one of those from scratch is about a million times smaller effort than writing a whole browser. This is where I would start. (In fact, I have done it before..)
(Score: 1) by Pino P on Friday September 18 2015, @04:41AM
Simply downloading a file (any file) and discarding the bytes as they arrive presents no exposure to malware.
True.
However, it still exposes your account with your ISP to a risk of overage. And if the file fails to report to the server that it has executed, the server has the right not to serve more than the first paragraph of the article.