Skip to main content

Why Blocking Ads is About Security, and Always Has Been

I have long held the view that blocking ads in a web browser is a basic and standard part of web security. You should be blocking ads for the exact same reasons you should use a firewall, malware scanners, and antivirus:it keeps malicious actors out of your computer.

Writing over at O’Reilly, Mike Loukides explains why:

I’m not whitelisting anyone. I don’t have any fundamental problem with advertising; I wish ads weren’t as intrusive, and I believe advertisers would be better served by advertisements that had more respect for their viewers. But that’s not really why I use an ad blocker.

The real problem with ads is that they’re a vector for malware. It’s relatively easy to fold malware into otherwise-innocent advertisements, and that malware executes even if you don’t click on the ads. I’ve received malware from sites as otherwise legitimate as the BBC, and there are reports of malware from virtually every major online publisher—including sites like Forbes that won’t let you in if you don’t whitelist them. The New York Times, Reuters, MSN, and many others have all spread malware.

And no one takes responsibility for the advertisements or the damage they cause. The publishers just say “hey, we don’t control the ads; that’s the ad placement company.” The advertisers similarly say “hey, our ads come from a marketing firm, and they use some kind of web contractor to do the coding.” And the ad placement companies and marketing firms? All you get from them is the sound of silence.

That is the problem in a nutshell, and Mike is right in that this is a universal problem that cuts across all sites.

This didn’t get a lot of coverage at the time, but late last year a bunch of sites (including BBC and Techcrunch) were serving their mobile visitors a malicious pop-up ad. And in 2016 the Guardian reported that the NYTimes, AOL, NFL, and the BBC all displayed ads that attempted to install ransomware on visitor’s computers.

So basically this is what security-conscious users are thinking right now:

The online ad industry is one where the customers (advertisers and malware makers) are paying for the privilege of annoying the audience. That is an inherently unsustainable model, and no amount of fighting against ad blockers will change that simple fact.

Similar Articles


Randy Lea February 5, 2018 um 11:53 am

I totally agree with the comments about ads, but I’d ad a bit.

How hard would it be for ads to migrate to a model where the information is stored in a JPEG image served by the visited website, where you go to the advertiser’s website when you click on the image? Or simply use text, with a link?

But that isn’t what ads are about. Today’s ads are huge, with all kinds of tracking tools and other nefarious content.

I think its not really the ads that are it issue, its all the other stuff, tracking, potentially malware, etc., that is the problem. I don’t care if there is a small ad on web pages, nothing but an image to click, but I don’t want anything with Javascript.

Cole Mak February 5, 2018 um 5:20 pm

I always say, "They’re not 'ad blockers,' they’re 'HTML firewalls.'"

That always tends to reframe the arguments.

Jon Wolf February 6, 2018 um 9:50 am

And then there are the adds that have animation and even sound. So you get really intrusive ads that should be be intrusive. Also, there are ads that pace trackers and other cookies on the computer. And there was one forum I used that got blocked by Google because of a malicious ad. So until ads can be proven to be safe and unobtrusive, I will continue to block them. No Longer Lets You Read Stories for Free – Wants to Use Ad-Blocking Readers' CPUs to Mine Bitcoin | The Digital Reader February 13, 2018 um 10:20 am

[…] almost an ironic twist on the material cost of online advertising, Salon now wants readers who run security extensions, err, block ads, to lend Salon their CPUs so that the publisher can mine […]

Write a Comment