Linked by Thom Holwerda on Sat 19th Sep 2015 14:37 UTC
Internet & Networking

Let's talk ad-blocking.

With the arrival of iOS 9, ad-blocking is coming to mobile in a big way, and it's causing a lot of talk all over the web. It is highlighting the internal struggle some feel about the practice, but also the hypocrisy of some of its staunchest proponents. So far, it seems like the real 'bloodbath' isn't taking place where people thought it would be - namely, publishers - but among personalities.

Thread beginning with comment 617994
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: My position on ads is simple
by Beta on Sat 19th Sep 2015 15:58 UTC in reply to "RE: My position on ads is simple"
Beta
Member since:
2005-07-06

Disable flash. Html5 ads cannot contain malware, since by design, Html/Javascript can't access anything on your pc/phone.

Except when then can: exploiting browser security issues. tracking cookies. crashing your device from webgl exploits. poking holes through https→http. Writing large content to localStorage. etc.

The only way an advert avoids being malware is not needing to run code on your device.

Reply Parent Score: 8

dgoemans Member since:
2008-08-23

sure, but then you should stay off the internet completely. Most browser vendors - and if you value your security, you're not using IE - are constantly patching browser issues. Most of these issues might allow you to be tracked, or crash your browser, but almost all of them can't install malware. That's different.

Reply Parent Score: 1

WereCatf Member since:
2006-02-15

sure, but then you should stay off the internet completely.


What a stupid exaggeration. There is nothing wrong with wishing to reduce the footprint attackers may use against you, and ad networks are a very, very attractive target for attackers because then you can reach a much larger audience than you could if you attacked a single, specific website -- ergo, reducing or disabling access from ad networks is a perfectly valid security-measure.

Reply Parent Score: 5

Beta Member since:
2005-07-06

sure, but then you should stay off the internet completely. Most browser vendors - and if you value your security, you're not using IE - are constantly patching browser issues. Most of these issues might allow you to be tracked, or crash your browser, but almost all of them can't install malware. That's different.


I rather like using the Web (nee Internet) though, and due to understanding most of the Web stack, yes, I will run NoScript and block most third party scripts. Why?

A few examples recently off the top of my head:
* A user on Steam wrote a XSS malware on their Steam profile, whenever you visited a profile infected with the script it would replicate (and it would leave a cute message on the originators profile). See a reply to my tweet for a screengrab https://twitter.com/johndrinkwater/status/574261118039891968
* Twitch had to ask all their users to reset passwords because an advert was found to contain cred sniffing http://www.cnet.com/uk/news/amazons-twitch-hacked-some-user-account...
* Visiting http://a/%%30%30 in latest Chrome crashes it. This doesn’t need to be a user-action, but can be triggered by an iframe or HTTP Location https://twitter.com/bl4sty/status/645320346934099968
* Firefox for Android accidentally let scripts read from the SD card… http://securityaffairs.co/wordpress/18270/hacking/android-firefox-b...
Do I need to continue?

You see, even using the latest up-to-date browser, you will be exposed to exploits that steal login details, your wallet, or crash your browser. The more access you allow to your system, the increase in likelihood of this happening. And no, I don’t trust advertising companies to just serve pretty adverts. They haven’t so far.

Apologies if this seems all RMS to you, but this even isn’t going that far into what ifs.

Reply Parent Score: 6