Why Blocking Ads is About Security, and Always Has Been

Why Blocking Ads is About Security, and Always Has Been Advertising

I have long held the view that blocking ads in a web browser is a basic and standard part of web security. You should be blocking ads for the exact same reasons you should use a firewall, malware scanners, and antivirus:it keeps malicious actors out of your computer.

Writing over at O'Reilly, Mike Loukides explains why:

I’m not whitelisting anyone. I don’t have any fundamental problem with advertising; I wish ads weren’t as intrusive, and I believe advertisers would be better served by advertisements that had more respect for their viewers. But that’s not really why I use an ad blocker.

The real problem with ads is that they’re a vector for malware. It’s relatively easy to fold malware into otherwise-innocent advertisements, and that malware executes even if you don’t click on the ads. I’ve received malware from sites as otherwise legitimate as the BBC, and there are reports of malware from virtually every major online publisher—including sites like Forbes that won’t let you in if you don’t whitelist them. The New York Times, Reuters, MSN, and many others have all spread malware.

And no one takes responsibility for the advertisements or the damage they cause. The publishers just say “hey, we don’t control the ads; that’s the ad placement company.” The advertisers similarly say “hey, our ads come from a marketing firm, and they use some kind of web contractor to do the coding.” And the ad placement companies and marketing firms? All you get from them is the sound of silence.

That is the problem in a nutshell, and Mike is right in that this is a universal problem that cuts across all sites.

This didn't get a lot of coverage at the time, but late last year a bunch of sites (including BBC and Techcrunch) were serving their mobile visitors a malicious pop-up ad. And in 2016 the Guardian reported that the NYTimes, AOL, NFL, and the BBC all displayed ads that attempted to install ransomware on visitor's computers.

So basically this is what security-conscious users are thinking right now:

https://twitter.com/csoghoian/status/710137698032476160

The online ad industry is one where the customers (advertisers and malware makers) are paying for the privilege of annoying the audience. That is an inherently unsustainable model, and no amount of fighting against ad blockers will change that simple fact.

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

4 Comments

  1. Randy Lea5 February, 2018

    I totally agree with the comments about ads, but I’d ad a bit.

    How hard would it be for ads to migrate to a model where the information is stored in a JPEG image served by the visited website, where you go to the advertiser’s website when you click on the image? Or simply use text, with a link?

    But that isn’t what ads are about. Today’s ads are huge, with all kinds of tracking tools and other nefarious content.

    I think its not really the ads that are it issue, its all the other stuff, tracking, potentially malware, etc., that is the problem. I don’t care if there is a small ad on web pages, nothing but an image to click, but I don’t want anything with Javascript.

    Reply
  2. Cole Mak5 February, 2018

    I always say, “They’re not ‘ad blockers,’ they’re ‘HTML firewalls.'”

    That always tends to reframe the arguments.

    Reply
  3. Jon Wolf6 February, 2018

    And then there are the adds that have animation and even sound. So you get really intrusive ads that should be be intrusive. Also, there are ads that pace trackers and other cookies on the computer. And there was one forum I used that got blocked by Google because of a malicious ad. So until ads can be proven to be safe and unobtrusive, I will continue to block them.

    Reply
  4. […] almost an ironic twist on the material cost of online advertising, Salon now wants readers who run security extensions, err, block ads, to lend Salon their CPUs so that the publisher can mine […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top