Why Blocking Ads is About Security, and Always Has Been
I have long held the view that blocking ads in a web browser is a basic and standard part of web security. You should be blocking ads for the exact same reasons you should use a firewall, malware scanners, and antivirus:it keeps malicious actors out of your computer.
Writing over at O’Reilly, Mike Loukides explains why:
I’m not whitelisting anyone. I don’t have any fundamental problem with advertising; I wish ads weren’t as intrusive, and I believe advertisers would be better served by advertisements that had more respect for their viewers. But that’s not really why I use an ad blocker.
The real problem with ads is that they’re a vector for malware. It’s relatively easy to fold malware into otherwise-innocent advertisements, and that malware executes even if you don’t click on the ads. I’ve received malware from sites as otherwise legitimate as the BBC, and there are reports of malware from virtually every major online publisher—including sites like Forbes that won’t let you in if you don’t whitelist them. The New York Times, Reuters, MSN, and many others have all spread malware.
And no one takes responsibility for the advertisements or the damage they cause. The publishers just say “hey, we don’t control the ads; that’s the ad placement company.” The advertisers similarly say “hey, our ads come from a marketing firm, and they use some kind of web contractor to do the coding.” And the ad placement companies and marketing firms? All you get from them is the sound of silence.
That is the problem in a nutshell, and Mike is right in that this is a universal problem that cuts across all sites.
This didn’t get a lot of coverage at the time, but late last year a bunch of sites (including BBC and Techcrunch) were serving their mobile visitors a malicious pop-up ad. And in 2016 the Guardian reported that the NYTimes, AOL, NFL, and the BBC all displayed ads that attempted to install ransomware on visitor’s computers.
So basically this is what security-conscious users are thinking right now:
News orgs: Please turn off adblockers.
Reader: An ad on your site infected my PC w/ ransomware. Will you pay to get my data back?
— Christopher Soghoian (@csoghoian) March 16, 2016
The online ad industry is one where the customers (advertisers and malware makers) are paying for the privilege of annoying the audience. That is an inherently unsustainable model, and no amount of fighting against ad blockers will change that simple fact.