So Chrome doesn’t support the API that uBlock Origin could use to block such ads whereas Firefox does (with the user’s permission). [1] One more reason why Chrome will soon be seen as mostly useless for users of ad blocking extensions. Hope Firefox keeps alive the things that make uBlock Origin a necessity for a decent browsing experience.
Once Manifestv3 is rolled-out, Chrome will not support uBlock Origin at all.
arthurfm 1613 days ago [-]
The developer of Nano Adblocker (which is a fork of uBlock Origin) may continue working on a manifest v3 compatible adblocking extension for Chromium-based browsers.
I look it up but I can't see a clear answer of why?
newscracker 1612 days ago [-]
Manifest V3 doesn’t allow requests to be intercepted and modified by extensions, which is something uBlock Origin requires to block ads and elements on a page.
The proposed way for content blocking in Manifest V3 is how Safari on iOS implemented it a few years ago — a declarative list of URLs to be blocked is provided by the extension and the browser engine looks that up and blocks them. The extension doesn’t see the actual page URLs or requests, leave alone block them.
This is a positive for privacy since the browsing behavior of the user is not exposed to malicious extensions. But uBlock Origin is not some-random-extension-that-wants-to-steal-information. Treating uBlock Origin like any other extension isn’t good. Since Google makes money by selling ads, there will likely not be any concessions on this front.
dannyw 1603 days ago [-]
Manifest v3 still allows browser extensions to observe web requests. It just stops web extensions from blocking them.
There is no win for privacy here.
burtonator 1613 days ago [-]
Is anyone working on keeping this functionality within chromium directly, or a fork? Seems like it would be a good way to push back on this.
Try to use Youtube without an ad blocker. It's insane.
dijit 1612 days ago [-]
I've been using qutebrowser (which has a very barebones ad-blocker) for some time. So I can confirm that Youtube is awful without an adblocker;
It's very common to see: "Ad 1 of 2", the first of which is unskippable, the second of which needs 5 seconds to be skipped (if it's skippable at all). Then you get the content which is almost always sponsored and opens with an ad of its own "this video sponsored by squarespace" etc;
A deluge of marketing, and somehow "not profitable". I don't get it.
tnorthcutt 1613 days ago [-]
I switched to Firefox recently, partly because of this issue. I used it for 2-3 months, but eventually went back to Chrome because of poor performance; Firefox frequently lagged on typing input, hung, etc. in situations where Chrome does not. I hope things improve.
Caveat: I was using Firefox Developer Edition... I wonder if "normal" FF would be better.
Fiveplus 1613 days ago [-]
The stable release of Firefox hasn't lagged or given me any troubles. Neither on my work PC nor on my personal 5 year old laptop with mere 4 Gigs of RAM and no SSD.
Disclaimer : I use about 6 privacy focused addons in total.
idonotknowwhy 1613 days ago [-]
Which addons?
I'm currently using Vimium-FF and Ublock Origin.
chopin 1612 days ago [-]
PrivacyBadger, Ublock Origin, UMatrix and lately Toggle Resist Fingerprinting.
sk5t 1613 days ago [-]
Not OP but EFF's Privacy Badger is pretty great.
newscracker 1612 days ago [-]
Privacy Possum is a better fork of Privacy Badger.
Been on FF for a year now. I can say I like it better than chrome. And use it on mobile.
mcdevilkiller 1613 days ago [-]
I use Developer Edition on an 8 y/o PC and it doesn't lag. Even with 500 tabs open (using a tab suspender.
ben_jones 1613 days ago [-]
I wonder if this is just because developers aren't testing or using firefox frequently enough to catch such bugs? I maintain several internal web apps for my current company and am guilty of this, all our users use chrome, all our developers use chrome, so our app unintentionally works best in chrome.
computermagic 1613 days ago [-]
You should try normal cause I have never seen these on the normal release version.
WizardAustralis 1613 days ago [-]
It really depends on your browsing habits I have found, essentially how many tabs you have going at once.
I tend to be very frugal in my use of tabs, maybe 30 at any one time and even then very briefly and I don't have any issues.
To put this in perspective, I'm on a Librebooted T400 machine, so 4GB RAM on a Core 2 Duo and it FF hasn't been a major issue at all. Everyone's mileage may vary.
jonahhorowitz 1613 days ago [-]
I've been running Firefox Nightly for 2 years now and it's consistently as fast as Chrome. I keep Chrome open only so I can access gmail. Everything else is in FF.
thiht 1612 days ago [-]
> I keep Chrome open only so I can access gmail
Why? Doesn't it work with Firefox?
boring_twenties 1612 days ago [-]
It seems to be a little slower, but not (for me at least) by enough to make it worthwhile to run a whole second browser.
scrumbledober 1613 days ago [-]
Is there any way to use firefox with chrome dev tools? I can't bother using a different browser for personal use and work use and can't imagine using anything else for work.
rhizome 1613 days ago [-]
What does Chrome Devtools have that Firefox's doesn't?
Santosh83 1613 days ago [-]
This was always coming. Next we will have unblockable ads delivered through first party and using obfuscated techniques like canvas or webassembly. The endgame will be all/most websites embedding 1st party ads and tracking and the only way to not see them would be to not use the WWW at all. At that point we will have lost.
pdkl95 1613 days ago [-]
> unblockable ads delivered through first party and using obfuscated techniques like canvas or webassembly
When I said basically the same thing 4 years ago[1], most people seemed to think it wasn't a serious concern or could be easily bypassed. However, after observing how certain types of businesses use the World Wide Web over the past 3 decades, it's obvious what they want: to send an opaque binary blob to the user that nobody can investigate or modify, that gives them full control over what the user sees and is allowed to do. Just like TV.
The only safe response to this is to stop allowing documents (or docs with 3270-styole forms) to embed software in a Turing complete language. Add functionality that is used declaritively, or the answer to "should this be blocked" is undecidable. Give them the ability to run a Turing complete language that renders to a canvas, and adblocking becomes a hard image recognition problem (or requires solving the Halting Problem).
I'm not saying no one will try to do this, but YouTube had the technical option of splicing ads directly into the video stream and simply not sending the actual video content for the duration of the ad for several years now. They chose not to do it. Potentially the lost revenue from people not using YouTube as much anymore / migrating to a different platform would be bigger here than the increase in ad traffic.
People who don't want to see ads (i.e. a large part of adblock users) are also more likely to engage in toxic (to advertisers and YouTube) behavior, such as intentionally clicking on ads but never buying anything (or even writing scripts to do that), or intentionally avoiding the advertised product, etc.
plopz 1613 days ago [-]
Twitch does do this with its SureStream ads and its much worse for a livestream than a video since with a video you can resume where you left off after the ad finished whereas for a livestream you just lose what was happening during the ad.
Twitch also removed the ad-free benefit from twitch prime.
OscarTheGrinch 1613 days ago [-]
Such poor behavior creates gaps in the canopy, providing sunlight for other services to grow. If you don't like how a service is treating you, switch to a better one and make the case to your peers why they should do likewise.
A healthy internet is ultimately up to us to build and maintain.
fiddlerwoaroof 1613 days ago [-]
The issue is that an alternate service can only grow in the gaps if it has a viable business model: so far, monetizing internet services for the general public without advertising and tracking is a mostly-unsolved problem, despite interesting efforts like Brave.
jlarocco 1613 days ago [-]
> monetizing internet services for the general public without advertising and tracking is a mostly-unsolved problem
I feel like that's not a real problem. Or, maybe only a problem for services that care more about having a ton of users than being profitable and sustainable.
There are quite a few services (SmugMug, Vimeo, NetFlix, etc.) that charge money, don't have advertisements, and are doing just fine.
It's weird that so many web companies decide to go the sleazy advertisement/tracking/malware route rather than just charge money for the services they provide.
hombre_fatal 1613 days ago [-]
> It's weird that so many web companies decide to go the sleazy advertisement/tracking/malware route rather than just charge money for the services they provide.
You will find very quickly how reluctant people are to pay for anything despite a few cultural-phenomenon-level exceptions like Netflix.
I'm amazed how many people, like my own coworkers making $100k+, listen to Spotify all day every day yet will endure advertisement after advertisement in their stream of music instead of paying $10/month. If someone isn't even going to pay for Spotify despite it being a central part of their day to day experience, GG to your little service.
I think advertising has played a major hand in shepherding us into this position that divorced us from the idea of paying for content we enjoy. There is going to have to be a major cultural change to bring us back into a healthy relationship with content.
One common response to this is "well, maybe everyone should be hobbyists again making content for free," but surely we can find a better middleground than structuring things such that we depend on people toiling away in their freetime to produce the content we happen to want. For example, I'd rather my favorite content providers be able to feed themselves working on this content. We both benefit: I get to enjoy more content. Depending on hobby work doesn't get us there.
jlarocco 1613 days ago [-]
> You will find very quickly how reluctant people are to pay for anything despite a few cultural-phenomenon-level exceptions like Netflix.
That's absolutely not true, though. People buy stuff all the time. Clothing, shoes, sporting goods, dishes, food, housewares, books, DVDs, etc.
The "freemium" approach Spotify takes is a poor example because they're not charging for their real service of music streaming, but instead to get rid of advertisements. They've moved their own goalposts, and the question isn't "Is streaming music worth $10 a month?" but "Is it worth $10 a month to get rid of this commercial?" If the options were "Pay $10 to stream music" or "Listen to nothing," the results might be a lot different.
> One common response to this is "well, maybe everyone should be hobbyists again making content for free," but surely we can find a better middleground than structuring things such that we depend on people toiling away in their freetime to produce the content we happen to want. For example, I'd rather my favorite content providers be able to feed themselves working on this content. We both benefit: I get to enjoy more content. Depending on hobby work doesn't get us there.
I'm not making that argument, and you're setting up a false dichotomy. There's no reason content creators need to use advertisements and can't charge for their content instead. It worked fine for music and movies for over a hundred years, and books have been using that model for hundreds of years before that.
rstupek 1613 days ago [-]
I think the world of consumption has changed though. People expect things (music, games, etc) to be free and balk at paying for them. Why would they when there is likely someone offering something comparable for free but supported by ads?
VRay 1613 days ago [-]
Maybe you could ship them a real item as part of the service somehow
I'd never pay $10 for a character in a game, but I'd happily pay $15 for a plastic toy that coincidentally unlocks something in a game I was enjoying anyway
pcnix 1613 days ago [-]
Nintendo does exactly this with Amiibo, to be clear for the people that didn't catch this reference.
manigandham 1613 days ago [-]
That's not what Spotify is doing. The choice is pay us cash or pay us with your attention by watching ads.
Why go to work, earn cash with your attention, and pay for Spotify when you can directly monetize your attention on-demand in real-time at the rate you consume? That's what advertising allows.
smadurange 1613 days ago [-]
That's a very good observation. I think it's true that having the free option changes the context very much.
There are people who pay for paid password managers when free alternative products available. I myself pay for a number of services (very reasonably priced) when I could have used free alternatives. The difference is the guys I pay don't offer a free edition without ads and nonsense like that. They just build a great software and ask to pay for their effort.
boring_twenties 1612 days ago [-]
It's not just removing advertisements. Spotify Premium lets you listen to any song they have anytime you want. I thought the free version only let you listen to their pregenerated stations?
tripzilch 1611 days ago [-]
> One common response to this is "well, maybe everyone should be hobbyists again making content for free," but surely we can find a better middleground than structuring things such that we depend on people toiling away in their freetime to produce the content we happen to want. For example, I'd rather my favorite content providers be able to feed themselves working on this content.
If you do it as a hobby, it's not toiling. It becomes toiling when you do it as work, especially if you have to please advertisers instead of making the content you love.
manigandham 1613 days ago [-]
People don't like paying and even 2 subscriptions is more than many will care for.
Also lots of people can't afford all the content they consume today, and would much rather have access with ads than nothing all.
BlueTemplar 1612 days ago [-]
If ads didn't exist, the pricing of that content would be quite different...
fiddlerwoaroof 1612 days ago [-]
Or, the content just wouldn't exist
BlueTemplar 1611 days ago [-]
The distribution of content might be quite different - but remember that ads aren't free - they're just another middleman that has to be paid, priced in in the cost of goods, a net drain from the point of view of the consumers (on first approximation at least).
tripzilch 1611 days ago [-]
> Or, the content just wouldn't exist
I mean, on the whole, the vast majority of ad supported content is in fact clickbait trash.
plopz 1613 days ago [-]
Vimeo was so well positioned to beat out youtube back in the day. Stage6 had just shut down and vimeo was offering HD while youtube was stuck with low res. But then they made the mistake of banning video game content for not being artsy enough which led to youtube jumping in popularity.
plopz 1613 days ago [-]
This is actually interesting right now because Microsoft, Google and Facebook all seem to be trying to get into streaming. I would definitely like to see more competition in this space so that Twitch doesn't get complacent.
everdrive 1613 days ago [-]
>Twitch also removed the ad-free benefit from twitch prime.
This seems standard: acquire users, then make the service worse for users. (and better for shareholders and/or advertisers)
lotsofpulp 1613 days ago [-]
Until people stop patronizing businesses that do that, and choose to patronizes businesses that don't do that, things will not change.
everdrive 1613 days ago [-]
It's hard to know until they perform the bait and switch. It's certainly not the only reason that brand loyalty is dead, but it's one that's often on my mind. I don't have any confidence that my trust in a brand will mean anything in the long term. A new service exists? Well, it might be nice right now, but if I let myself rely on it the service will become slightly worse over the years.
Semaphor 1613 days ago [-]
> Twitch does do this with its SureStream ads
Are those special and only run for large streamers? I never see ads on twitch, but the biggest streamer I watch has under 300 viewers.
GlitchMr 1613 days ago [-]
It's the streamer who decides when the ads should show (this is because those ads hide the stream, so they should be used when nothing is happening). If they never tell Twitch to show ads, SureStream ads won't appear.
Semaphor 1613 days ago [-]
I watch at least one streamer who runs ads in her breaks, she is a partner. So does she have a to specifically select those surestream ads? Maybe they only show in certain geographic locations?
pas 1613 days ago [-]
wow. that's absurd. I mean so full circle and more compared to last century TV.
pingyong 1613 days ago [-]
Twitch is running two kinds of ads, one type is "normal" and can be blocked by ublock, the other one is weird - it's definitely not just spliced into the video stream either, as far as I remember (I have Amazon Prime so I don't see ads), but ublock also wasn't able to block it.
However, I would argue that it is not actually worse for several reasons. For one, the streamer decides exactly when and how to play ads - so if the ad timing bothers you, you're going to start watching someone else, which in turn creates an incentive to keep streams ad-free or at least run ads at specific times.
The second reason is that the usage pattern of Twitch is different. I go to twitch (if it's a livestream) to actually watch the content, whereas I use YouTube in many cases like I would use an article, skipping through videos and back and forth looking for a specific part or specific information, and if the information isn't there quickly trying the next video. This workflow gets completely destroyed by ads. To the point where if YouTube would somehow force me to watch ads, I would simply stop using it except for the 2-3 weekly videos I actually plan to watch beforehand.
plopz 1613 days ago [-]
I don't think Twitch Prime has the ad-free benefit anymore, they moved that into Twitch Turbo. The ads are also definitely stitched into the HLS playlist as segments, so even if you were to block them you would see a black screen for the duration of the ad, although Twitch does seem to be doing something where if a segment fails to load it tries to load the next one a few seconds later, so you might only see the black screen for 5s or so.
bscphil 1613 days ago [-]
I've never seen an ad on Twitch with uBlock origin installed. If this technology can't bypass ad blockers, why is there a difference?
You may be ad-free for another reason such as a grandfathered twitch prime that will expire when it next renews, twitch turbo, or a subscription to a channel that opts-in to the ad-free sub benefit. You might also just be in a region or demographic where ads aren't being bought, so you wouldn't get any then.
NoodleIncident 1613 days ago [-]
Weird, I saw the ads get through for a few days but then they stopped again. I watch twitch vods pretty regularly still, but I guess I stick to a few channels and don't jump around; maybe the specific channels I watch didn't enable this type of ad.
bscphil 1613 days ago [-]
Maybe uMatrix is blocking them somehow? I've never seen an ad, even on channels I don't follow or subscribe to. My rulesets are very strict, but you're right, if they really come through the video stream I don't know how I'm blocking it.
JaRail 1613 days ago [-]
Maybe you buy a lot of subscriptions and currency? I bet they avoid annoying their most profitable users. While it might have been coincidental, I never got ads until I unsubbed from the vast majority of streamers I follow. Same for other things like gifted subs. I used to receive a ton of gifted subs until I started lowering my sub count. They are obsessed with performance metrics. Big spenders have a very different experience.
Now, whenever I get an ad, I immediately close twitch and find something on YT/Mixer to watch. I'm training their algorithms to leave me alone.
cehrlich 1613 days ago [-]
I get no ads on Twitch, and I currently don’t have Twitch Prime or any subscriptions. I’ve spent maybe 50 bucks on Twitch in the 3-4 year lifespan of my account. I’m running Vivaldi (which uses Chromium) with uBlock Origin, Ghostery (I know), and HTTPS Everywhere, on MacOS.
I get ads when I use Twitch, with the same account, on a stock installation of Chrome (which I use as my backup browser for when I don’t want to figure out which extension is breaking a website). So it’s not related to my account, location, etc.
bscphil 1613 days ago [-]
I'm guessing that's a coincidence? I have only 1 or 2 subscriptions.
Justsignedup 1613 days ago [-]
This. This is the solution. AdNausium will destroy the ad market. Adblocking users will engage in toxic behaviors if you force them to.
The problem is that sites trying some insane techniques is a bad arms race.
Sites like the wallsteet journal made a adblock-wall, see ads or don't use the site. That's fine. They can do that. And they lost lots of traffic. But they can decide if they like that.
Websites want a have-your-cake-and-eat-it option -- forcibly show ads, no opt out.
UnFleshedOne 1613 days ago [-]
Nothing stops google from banning your account if you are using AdNausium, not only from youtube, but from gmail and all other properties. Joys of SSO. Maybe a TOC change or two. Few public cases like that and AdNausium is dead in the water.
That's why I'm not using it personally, even though I'd love to...
blibble 1613 days ago [-]
could you use FF containers so that your google account
cookies are isolated to google properties?
then you can go mad on everything outside the container
farisjarrah 1613 days ago [-]
Yeah FF containers are definitely not going to stop Google from knowing who you are. Browser fingerprinting is still a thing.
dhimes 1613 days ago [-]
I (and I think I speak for most of us- so this is clarifying for later readers) don't object to ads as long as they are not trackers.
The next anti-tracking technology should include fake tracking.
hk__2 1613 days ago [-]
> I (and I think I speak for most of us- so this is clarifying for later readers)
What makes you say you’re speaking for most of us?
dhimes 1612 days ago [-]
Engaging with these threads for a couple of years. I will say though that there seem to be more people here in the biz of tracking than there used to be.
naniwaduni 1613 days ago [-]
That would be extremely counterintuitive. Ads are visible; they give people reason to object to them even without knowing much about them, because their existence is intentionally intrusive.
Tracking doesn't mean anything to most people.
dhimes 1612 days ago [-]
True; I by "us" I mean HN folks- people who know.
manigandham 1613 days ago [-]
Ad Nauseum is not a threat to any modern ad network. It's easily caught and the results are filtered out.
edoceo 1613 days ago [-]
Where is the source for the traffic loss claim? Their profile on Alexa looks healthy and their rank has improved over time
rndgermandude 1613 days ago [-]
Want to take a guess on where Alexa gets its data from that it then uses to estimate traffic and ranks?
Why ask a vague winky-face question when you can make your assertion instead? Now I have to wait for you to respond just for you to clarify what you were trying to say.
hk__2 1613 days ago [-]
This link is very vague: they only talk about a “global data panel” without saying how it’s constructed. You can’t build a representative sample if you don’t have an idea of what the global traffic might be like. See also https://blog.alexa.com/alexa-panel-increase/:
> our traffic estimates are based on data from our global panel, which is a sample of millions of Internet users using one of many different browser extensions. However, we don’t just rely on browser extensions. We also gather much of our traffic data from direct sources, including sites that have chosen to install the Alexa script and certify their metrics. It is this unique combination of data from our global panel, plus data from directly measured sources, filtered through our advanced statistical models that allow us to provide you with robust and comprehensive metrics.
wazoox 1613 days ago [-]
I remember the first software I tried that automatically removed ads while recording a video stream. It was back in the previous century and then required an SGI workstation, but I suppose the same sort of ad-detection tech could be included into youtube-dl in about 5 minutes....
BlueTemplar 1612 days ago [-]
I think that TiVo does that too?
pbhjpbhj 1613 days ago [-]
With something like YouTube of course the "content" is often ads too, deterring people could kill that part of the ad ecosystem.
ahartmetz 1613 days ago [-]
Possibly it's also self-preservation by the people involved. I imagine that even the YouTube developers and project managers hate watching ads. A solution only for them would probably look bad to the outside.
troydavis 1613 days ago [-]
> I imagine that even the YouTube developers and project managers hate watching ads.
This has existed since 2015, so presumably Google employees have it on their personal accounts.
e_proxus 1613 days ago [-]
I assume they would just all have free Premium accounts if they're working at Google.
snug 1613 days ago [-]
nope
source: ex-googler
Kaiyou 1613 days ago [-]
Isn't that basically Youtube Red?
nickysielicki 1613 days ago [-]
> but YouTube had the technical option of splicing ads directly into the video stream and simply not sending the actual video content for the duration of the ad for several years now
I don't think that's true, video encoding is expensive. This is not trivial to do without investment in hardware.
Google doesn't just sell ads, they sell targeted ads. Yes, YouTube currently does some processing on every video uploaded. But they only do that once.
efreak 1601 days ago [-]
It's trivial to send a different stream, though, and stop sending content for the primary stream for the duration. I believe a comment elsewhere says Twitch is doing this with HLS
You could make an argument that that’s no longer the web, it just happens to run in a browser.
h5erahrgera 1613 days ago [-]
I think this is an unstable equilibrium. YouTube is incentivized to continually recalculate this equation or find new approaches that maximize the number of ad-blocking users forced to give up the ad-blocker without leaving the website. Potentially the new terms of service allow them to use your other Google accounts as leverage to prevent users from using a malicious "Ad-Nauseam" style retaliation.
parliament32 1613 days ago [-]
I've been thinking about this too: it's odd that YouTube doesn't try harder to stop ad blocking. Maybe the low amount of users with adblockers just make it not worth it?
ew6082 1613 days ago [-]
It's far more likely that the data obtained about what videos you watch is far more valuable than the cash value of the ads you're not being served. Youtube videos are a very good early interest indicator for advertising.
JoeSamoa 1613 days ago [-]
Honestly I wish people cared this much. Most people just roll over and deal with the ad or pay for premium so they don't have to see ads.
nirvdrum 1613 days ago [-]
Is paying to remove the ads a big deal? Presumably the content creator wants to earn something for putting the effort into creating something. Ads are one way to support content creation. Directly paying is another. Many advocates to remove ads say they want a direct pay model.
bbarn 1613 days ago [-]
You mean like cable TV, where you paid for premium, commercial free content for years until they realized that they could charge you AND put ads in? Or Twitch Prime? Or any of the dozen other paid services that have done this..
Dylan16807 1613 days ago [-]
Twitch prime doesn't affect the content at all anymore. It gets you a monthly channel subscription and a bunch of video games. Also I'd guess that the vast majority of people with twitch prime didn't go out and buy it either, Amazon just gave it to them.
The thing you can buy a la carte is twitch turbo, and that still removes all ads.
nirvdrum 1613 days ago [-]
No. I mean like what the parent said where paying for premium access removes all ads. If all ads aren't removed, that's a different scenario.
ArtDev 1613 days ago [-]
I paid extra for Hulu without Ads, at one point.
I am was very annoyed when I discovered there was STILL ADS on some content!
kgwxd 1613 days ago [-]
It's fine, until they put ads back in, which has happened everywhere I can think of. I'm counting self-promoting ads like Netflix and HBO do.
catalogia 1613 days ago [-]
Netflix has TONS of ads in the form of product placement.
HBO does product placement too, though they sometimes pretend they don't or pretend it doesn't count when they do it because they do it "pro bono" (The Pope only drinks Coca Cola™ brand Coca Cola Zero™ for purely narrative reasons, and we're going to mention the brand Coca Cola™ explicitly several times by name to drive home the point that the character you enjoy watching enjoys the cool refreshing taste of Coca Cola™ brand Coca Cola Zero™. Don't worry Coca Cola™ hasn't paid us to shill their sugar water, we do it for free! Drink Coca Cola Zero™!)
lotsofpulp 1613 days ago [-]
Then the solution is to stop consuming things with unacceptable levels of advertisements. Unfortunately, given what the situation is on television channels, movies, and social media these days, that level is extremely high for most people.
pmoriarty 1613 days ago [-]
The thing is, that solution will only work if enough people do it, and apparently as it stands not very many people are willing to give up their favorite content to avoid ads.
lotsofpulp 1613 days ago [-]
I can only control what I do, and if I must give up consuming media that will give me a temporary high (but it won't since I'll be annoyed by the ads), then so be it.
jwally 1613 days ago [-]
Agree wholeheartedly.
We have fire tv and Amazon has added more and more advertising to the point it’s nauseating (an ad for Shameless in the middle of a bunch of baby pictures is jarring).
I’d be happy to pay an extra dollar / month to amazon to not see ads there. Actively looking at htpcs that I can put Adblockers on (pihole doesn’t work since ads and content come from same places, I think)
efreak 1601 days ago [-]
Pihole helps with native ads and ads in apps, though. Not as much as a real blocker, but you can't really use one of those in native apps with webviews (if you use bromite webview on android, it might be possible, not sure, but that still doesn't help with true native trackers or with your tv)
malnourish 1612 days ago [-]
Consider shield tv
oselhn 1613 days ago [-]
It is not only about the adds. Even if you pay, they will still spy on you and sell/use this data to show you adds somewhere else on the internet. I will start paying only if they treat me as customer and not as product.
tomc1985 1613 days ago [-]
The original content creators made their content for the love of whatever they're making content about. Giving CCs an easy avenue to getting paid is what got us into this whole mess in the first place.
nirvdrum 1612 days ago [-]
I don't totally follow what you're saying. Are you suggesting content creators should have no expectation of ever earning anything, let alone a living, from creating content?
galangalalgol 1613 days ago [-]
I agree, as long as no ads means really no ads I think premium is something they are doing correctly. If the take downs, demonitizing, and political deplatforming weren't an issue they would be all set. Also, the horrible compression. I takes the same data to binge wath a series on Netflix as to watch a few short computer security or safe firearm maintenance videos, er well it did until those videos all disappeared.
1613 days ago [-]
irrational 1613 days ago [-]
I'm far from an expert, but isn't this what WebAssembly gives them? My understanding is that webassembly is a binary file that is an opaque binary. Why not have webassembly build out the entire page dynamically?
kgwxd 1613 days ago [-]
Can WebAssembly make HTTP request invisible to the browser?
EvanAnderson 1613 days ago [-]
It doesn't need to. Don't think about it as documents being delivered to the browser anymore. Think of it as a binary executing inside the browser. You're not going to have HTTP requests to block, apart from the one that downloads the binary.
austincummings 1613 days ago [-]
A minified JavaScript bundle is just slightly less obscure than a WebAssembly binary though.
EvanAnderson 1613 days ago [-]
Absolutely. I'm not railing against WASM. WASM just has better marketing and tooling than straight Javascript.
Putting a VM into our browsers, along with sufficient API support to make that VM useful, is what spells the eventual end of the document-based web. I think that future arrived a few years ago and it's just not evenly distributed yet.
irrational 1613 days ago [-]
>the eventual end of the document-based web
That sounds like the worst future possible. I love the fact that I can go to any web page and look at all of the HTML, CSS, JS (even if I need to use a tool to un-obfuscate it). Have you never wondered how someone did something and then looked at their code to find out how they did it? I love being able to use curl and wget to grab a web page. How would that work in a non document-based web? I really think this would be a terrible thing if it actually came to fruition. I truly hope I'm retired or dead before it occurs.
BlueTemplar 1612 days ago [-]
That's already an issue with minified JavaScript.
Can we still call minified JavaScript "Web" ? What about non-minified JavaScript?
folkrav 1613 days ago [-]
WASM doesn't have DOM access (yet).
EvanAnderson 1613 days ago [-]
WASM doesn't need DOM access. You can just implement a browser in WASM and target canvas. I'm really surprised somebody hasn't done this already and marketed it as an unblockable ad delivery platform.
Faark 1613 days ago [-]
How many accessibility laws does this violate? Does it work with a screen reader?
EvanAnderson 1613 days ago [-]
You can be certain that, when this does happen, these considerations will be dealt with. I feel very strongly that this is going to happen. The chance to execute arbitrary code on clients will be too alluring for adtech companies to ignore.
folkrav 1613 days ago [-]
"Dealing with it" basically means re-building a browser rendering engine inside the browser renderer.
naniwaduni 1613 days ago [-]
You don't need to build a browser rendering engine, with everything that entails; you only need to render your content. This is a much easier problem.
folkrav 1608 days ago [-]
For accessibility compliance, you _need_ text and a DOM. Screen readers rely on HTML element semantics, ARIA attributes, and text content. The only way to make a canvas element (which is what you'd typically need to render custom UI) accessible is to have a textual fallback.
Outside accessibility there's also the issue of responsive design, huge SEO impacts, rendering performance... I'm probably missing a bunch.
Lifting a sedan with my bare hands is obviously easier than lifting a 10 wheeler, but it's still a massive problem. Rendering stuff is not the biggest issue.
EvanAnderson 1608 days ago [-]
Embed a browser with all that stuff into a page. Whatever APIs are missing to make the "inner browser" unable to fulfill all the requirements that the "outer browser" will eventually be filled-in by well-meaning developers who want the Javascript VM in the "outer browser" to be able to host general purpose applications.
irrational 1613 days ago [-]
How big of a WASM binary would that be? Can we block WASM binaries that are over a certain size in the browser?
EvanAnderson 1613 days ago [-]
You won't be able to block the binary, because the binary will be what renders the content. Your browser is going to act as a VM to run a browser that will display the content. The "inner" browser will be running on your computer, but short of binary reverse engineering, you won't be able to control it.
pdkl95 1613 days ago [-]
> Your browser is going to act as a VM to run a browser that will display the content.
Gary Bernhardt's talk "The Birth & Death of JavaScript"[1] was an ominous portent of a terrifying future. Unfortunately, some people apparently saw it as development roadmap.
You can already do that in JavaScript, what's the difference?
You can even implement a WASM interpreter in JS.
EvanAnderson 1613 days ago [-]
Functionally, nothing. WASM being a compiler target just lowers the bar (although we've had Emscripten for years). The browser developers are working hard to make it performant, too. Sufficiently obfuscated Javascript is as difficult to reverse engineer as a binary, though.
GrayShade 1613 days ago [-]
I don't do web, but I imagine there must be some webpack plugins that make an obfuscated mess out of your code, so the barrier to entry must already be quite low.
WASM at least is standardized, so there will be a whole ecosystem dedicated to it. Think IDA Pro for WASM.
> although we've had Emscripten for years
We did. And I didn't see the "asm.js apocalypse" you seem to fear.
EvanAnderson 1613 days ago [-]
I don't "fear" an "asm.js apocalypse". It's just the next step in the arms race between those who would have the Internet be like television, and those who would prefer it not. I'm one of the people who would have rather had the web stay more like Gopher and less like Java, but that's not the predominant opinion. We're going to lose the document-oriented declarative web because the web is financed by advertising. The spice must flow-- the ads must not be allowed to be blocked.
WASM is different between Emscripten was always a fun curiosity, and WASM is being "marketed" to developers as "get native app performance in a browser". "Modern" Javascript has been able to deliver this future for a few years now, but it lacked the marketing and tooling to make it mainstream. Flash and Java were attempts to move to that future that didn't pan out.
Having IDA Pro for WASM is all well and good, but doing binary reverse engineering on every single website isn't practical.
The web, as it has been, was nice. We're not going to get to keep it. I'm unhappy with it, but I'm resigned to it.
GrayShade 1613 days ago [-]
Take Facebook or Gmail. Last time I looked -- a couple of years ago -- Facebook served some 18 MB of JavaScript. I imagine it's not hand-written, but compiled from ReasonML and whatever other languages they're using. There's nothing nice in that, it's a mess. You can't crack open Developer Tools and figure out how the timeline updates when you scroll. You can't figure out where the ads are inserted into the DOM.
So WASM doesn't take away anything from us, because we haven't had the "nice" you mention for 10 or 15 years. Sites like HN will stay like this, sites like Facebook will get even bigger. It will happen with or without WASM.
But yes, I do see where you're coming from. You want a less bloated Web, and you're worried that WASM is not going to lead to that, which I pretty much agree with. While I'm saying that cat is already out of the bag and WASM at least has the potential to bring performance improvements over JavaScript (which will be promptly negated by the sites getting even more bloated).
EvanAnderson 1613 days ago [-]
The cat absolutely is out of the bag. It has been. I'm not railing against WASM.
I want a declarative web. I wish there wasn't a VM in my browser. I want a web where my user agent, under my control, dictates how documents are interpreted and displayed.
So much of information security relies on not letting third parties execute arbitrary code on your computer. The price to view "mainstream" websites is increasingly becoming "allow third parties to execute arbitrary code on your computer". I can sandbox that code and perhaps limit the impact to my privacy (though thanks to processor microarchitecture "features" that's increasingly difficult), but I lose virtually all ability to control the presentation experience.
To be blunt: The kind of assholes that delighted in using Javascript to block opening context menus, blocking "Paste" into password fields, etc, have won. That pisses me off. Developers with good intentions who wanted to make something "cool" end up being the architects of the tools that will be used turn the web into cable TV.
boring_twenties 1612 days ago [-]
> blocking "Paste" into password fields
Change your `dom.event.clipboardevents.enabled` in about:config to false.
HugoDaniel 1613 days ago [-]
those two would be easy blocks: the canvas showing the ad, and the wasm payload for that to happen
throwaway2048 1613 days ago [-]
Except the content is mixed into the WASM payload...
irrational 1613 days ago [-]
That is interesting. I didn't realize WASM was designed to be so constrained.
matheusmoreira 1613 days ago [-]
> Just like TV.
TVs allow the user to mute the audio, switch channels and fast forward past ads in recorded video. What publishers are doing to the web is like sending a control message that reconfigured the TV and disabled some of its functions. "You can't mute the audio, you're obligated to listen to this. Also, we're turning the volume all the way up in order to reach you even if you leave. You can't turn it off either."
Publishers simply don't want users to have any control over the experience. It's their way or the highway.
stOneskull 1613 days ago [-]
> It's their way or the highway.
or the pirate bay
fireattack 1613 days ago [-]
I'm not sure what you're trying to say. You can also mute your computer/phone.
matheusmoreira 1613 days ago [-]
People sometimes leave the room during commercial breaks. Advertisers realized this and started increasing transmitting much louder audio to make sure the audience can't get away. So I use the mute button and the problem is solved.
What if broadcasting companies sent signals during commercials that told the TV to disable these features? "They've enjoyed the movie, now it's time to make them pay. Don't let them change the channel, mute the audio or lower the volume". How long would it take before TVs that didn't follow these intructions entered the market?
Browsers have features publishers don't want people to have. We can download copies of "their" content. We can delete their ads. We can filter out their user tracking malware. This is possible because the browser serves us, not them.
zo1 1613 days ago [-]
One other thing that's tangentially related to this: Region restrictions on DVD players, and gaming consoles. Those were built right into the hardware/firmware of some of these devices.
fooker 1613 days ago [-]
Why is Turing complete important here?
You can easily generate a static document with ads, doing the heavy lifting on the server.
BlueTemplar 1612 days ago [-]
Scaling costs ?
dspillett 1613 days ago [-]
> The endgame will be all/most websites embedding 1st party ads and tracking
The problem with first party tracking from the PoV of the advertisers is that the feedback they need goes through the site their ad is on so it is possible to be faked: "Yes Mr Advertiser, we really did send x000 ad impressions to {addresses} this day, honest guv'ner."
And from the site's point of view the adverts now become a little more admin to manage beyond just slapping in a reference to 3rd party JS and adding a <div> for that code to target to insert the advert.
tzs 1613 days ago [-]
They could address that by going the other way. Instead of serving the ads from the content provider's server, serve the content from the ad provider's server.
Essentially, the ad providers would also become hosting services.
1_player 1613 days ago [-]
> serve the content from the ad provider's server.
So.. Google AMP?
dspillett 1612 days ago [-]
Many content providers won't like handing over as much control as such a situation may imply though.
It also creates single points of failure that did not exist before. If the ad service is down, your content is (potentially) down too rather than just being served without working ads.
aequitas 1613 days ago [-]
That will be the time we switch from ad-blockers to content-allowers. It can already be seen with distraction free modes.
Maybe there is a market for a proxy that converts any page you visit to bare and functional HTML with just content and navigation. No ad's, distractions, disfunctional scrolling, etc.
kodablah 1613 days ago [-]
There is definitely a market for this and has been an idea I've been toying with for some time. Instead of a proxy per se, it'd be an API on top of a headless browser scraper then a simple web UI that uses that API. It'll have easy-to-update content extraction/interaction scripts for popular sites. Essentially you'll have "craigslist-ified" much of the popular web into an almost AOL like portal. Users will be encouraged to run client side (this won't be hosted, too many legal issues) and while this won't prevent tracking per se (headless browser still tracks), it is an easily exposed web server from your desktop. So you could even expose via Tor (time lost is made up for lack of content) and if you wanted to share, you could. Caching/storage and eager ahead of time loading/scraping of common sites, and it'll perform even better. Anyone can use the API for whatever they want.
Wrap it up with an easy to install bow and easy self updating to keep up with sites (and easy fallback to original sites/links), and I'll never browse the mainstream sites again. There are a couple of things that do this, but none as well as I'd like to see.
megous 1613 days ago [-]
There are certain kinds of websites that usually have category->list->individual image/video that are otherwise obnoxious to use, but all follow this structure, where this is the only way to get reasonable UI. Fetch data and make a simple UI yourself.
Fetching data from such websites is the only thing so far where I've found ES async generators very very useful.
You don't even need a browser. Most of the time simple HTTP requests from node work just fine, and makes tor use safer and more effective since you're not running any foregin JS code, just parsing data. Other thing that improves privacy is that you're downloading everything, so it's hard to see from the service's side what you're actually consuming.
Actually many usual services follow this pattern. List of accounts->list of transactions->transaction details. List of categories->list of articles->article detail. List of product categories->list of products->product detail.
Simple abstraction can get you very far, even with a fairly simple DB schema.
aequitas 1613 days ago [-]
Speaking of browsability, Google Images by far outshines the majority of webshops in search relevancy, SNR ratio, results per page and speed.
ckrailo 1611 days ago [-]
I'd like a locally-hosted IFTTT+Appium type thing that'd use my local hardware/software/applications in place of myself... basically turning all interactions (viewing data, posting data, checking for updates/changes) into an API for accessibility software, home automation software, custom notifications, etc.
efreak 1601 days ago [-]
Brow.sh has nearly this exact functionality already in built-in http server; you can open up basically any website in your browser and get plain html (though rendered in a single font size/style, as it's really intended for console use). It basically runs headless firefox and with a custom stylesheet and scrapes the screen for colors.
vbsteven 1613 days ago [-]
Browsing with no-script is essentially that. In my configuration every page opens with no JS, and I temp enable or whitelist the domains I want scripts to load from.
I’m not sure if it can also enable individual scripts, that might become necessary very soon if this article is an example of what is coming.
userbinator 1613 days ago [-]
Maybe there is a market for a proxy that converts any page you visit to bare and functional HTML with just content and navigation. No ad's, distractions, disfunctional scrolling, etc.
https://en.wikipedia.org/wiki/Proxomitron and other MITM-proxies can do that and more, although the security-paranoid may disapprove (but then again --- what are you more concerned about, what is your threat model, etc.) The recent "security vulturism" and things like DoH and other anti-user ostensibly-privacy things certainly doesn't help.
gbear605 1613 days ago [-]
The reader mode that comes in most browsers is essentially that, although it needs the navigation too.
voidmain 1613 days ago [-]
The next step after that will be machine vision based transformation of the rendered output. I think as long as end users can keep control of the browser and computing device hope is not lost.
There is also the option of actively attacking the business model of the ad and tracking industry. Ad blockers could simulate lots of "fake" traffic to make ad analytics harder (this is another arms race against attempts to filter out the fake traffic)
BlueTemplar 1612 days ago [-]
> as long as end users can keep control of the browser and computing device hope is not lost.
Mandatory : "Why Rosyna Can't Take A Movie Screenshot"
>machine vision based transformation of the rendered output
This would be awesome!
have_faith 1613 days ago [-]
There's no losing if people voted with their attention instead. If the terms of exchanging data are unacceptable then don't accept any data from that source. The digital equivalent of voting with your wallet.
Kind of like climate change, there are actions we all know would help but individually giving up those conveniences is difficult.
cyborgx7 1613 days ago [-]
> The digital equivalent of voting with your wallet.
And like voting with your wallet, it will be completely ineffectual in actually addressing the problem.
> Kind of like climate change
Another area where the need for comprehensive societal solutions gets dumped on the individual instead, rendering it ineffectual.
olalonde 1613 days ago [-]
Alternative theory: there aren't enough people who consider it a problem.
moduspol 1613 days ago [-]
This. I normally just avoid commenting in these threads, but clearly most users don't see this as quite as big of a problem as the HN users that comment in these threads. And maybe, just maybe, they're right.
BlueTemplar 1612 days ago [-]
And maybe, just maybe, they just don't understand the issue in the first place and aren't aware of the implications.
have_faith 1613 days ago [-]
Exactly. In theory they are effectual, if people actually did it...
I'm a big proponent of top down climate change policy to force change as opposed to hoping if we virtue signal enough people will be shamed into driving a bit less etc.
cyborgx7 1613 days ago [-]
I misread your comment then. I assumed you were saying this is the strategy we should adopt on those issues.
have_faith 1613 days ago [-]
With regards to climate change, definitely not. I just wanted to highlight that it's a similar mechanic at play. Perhaps I phrased it oddly.
With regards to Ads I don't take as much a hard line approach as yourself (I remember our last discussion!). I'm very pro ad blocker use but not to go as far as banning them in any way.
Something I've been thinking about is sending a header to websites informing them I'm going to block their ads so they decide not to send me the content if they don't want to. I feel no entitlement to their content as they should not feel any entitlement to what code gets to run on my machine once it reaches me. I might expand on this in a blog post some time soon but it's probably closer to an art project than something actually viable.
cameronbrown 1613 days ago [-]
> Something I've been thinking about is sending a header to websites informing them I'm going to block their ads so they decide not to send me the content if they don't want to. I feel no entitlement to their content as they should not feel any entitlement to what code gets to run on my machine once it reaches me. I might expand on this in a blog post some time soon but it's probably closer to an art project than something actually viable.
An advantage of this is we'd skip the whole ad blocker and anti ad blocker charade and gain a metric ton of performance back.
cyborgx7 1613 days ago [-]
>I remember our last discussion!
I'm impressed. I don't think I ever remember individual usernames.
>Something I've been thinking about is sending a header to websites informing them I'm going to block their ads so they decide not to send me the content if they don't want to.
I've actually played with similar ideas in the past (my more moderate days). But my philosophy at this point is that they can choose to give me the data or not give me the data. And I'm free to do with it as I please as long as I don't distribute it without permission. And I'm even softening up on that limitation.
JoeSamoa 1613 days ago [-]
Thats the spirit.
JoeSamoa 1613 days ago [-]
I like this idea.
cyborgx7 1613 days ago [-]
I wasn't aware putting trackers on subdomains was a working adblocker workaround. Now that I know it, I'm surprised it hasn't been a massive problem since much earlier.
Normal_gaussian 1613 days ago [-]
Essentially most sites are not "owned" by a single technical authority in the business - this is the main reason such a simple workaround goes unused.
The key parts there are:
- single
- technical
- authority
Watching businesses attempt an integration of a line code anywhere to download the third party tool is painfully hilarious.
Getting them to set up a DNS record to point to you is often so far off the table its playing in the forest with the faeries. Having them pull your code and serve it statically alongside their site... I couldn't imagine
cyborgx7 1613 days ago [-]
I believe you, but this still seems strange to me with the overdesigned behemoths, on the verge of toppling over at any moment, most big corporate sites appear to be nowadays.
mobjack 1613 days ago [-]
Websites get bloated because the companies aren't aware of all the tracking going on in the first place.
What usually happens is that the marketing team signs a contract then developers copy and paste a JavaScript snippet to embed on the website and move on.
The work arounds require much more intention and the solutions can be hacky like modifying urls in a minified JS file.
If that tracking is blocked, it is invisible to the company especially if only the third party who has access to the data.
paol 1613 days ago [-]
I agree, but given enough incentive these barriers can be overcome. I thing these are signs that ad-blocking is becoming sufficiently painful to provide that incentive.
celim307 1613 days ago [-]
i actually had this conversation with a friend last night, and we figured the effort put in to serve ads to an audience so vehemently blocking them probably costs way more than the potential revenue, considering if a user is blocking ads they are probably hostile to any messaging anyways. But that's before getting into the rabbit hole of saturation strategy and any press is good press type of theories
Spare_account 1612 days ago [-]
This was probably correct until a couple of years ago. Ad-blocking has now become much more commonplace, hence the advertisers innovating so hard to get around it.
'normal' people are starting to run ad-blockers now, not just tech-savvy users.
It is not, on its own, a workaround. Cookies are still separate, and any foolproof online correlation call must go through the browser and can be blocked.
Not going through the browser is possible but requires trust between organizations; publishers have an incentive to inflate numbers, and trust has so far been lacking (and rightly so). That may change.
walrus01 1613 days ago [-]
Image recognition algorithms client side. Accept and load the ad, render page, replace it with a white square over it.
If you're willing to get cpu/gpu intensive on the page rendering a lot can be done.
vbezhenar 1613 days ago [-]
Ad blocking is supposed to improve performance. If you still need to download ad and then perform additional computations, I, personally, would opt-out from that ad-blocking, it's not hard to ignore ad myself.
Freak_NL 1613 days ago [-]
> it's not hard to ignore ad myself.
It's a constant cognitive drain on your mental resources. That's even ignoring the fact that almost everyone is influenced by ads to varying degrees.
Semaphor 1613 days ago [-]
I’d say it’s not a drain, but even as a long-time ad-blocker, I still am conditioned to ignore things screaming for attention. It’s been very often that I’m looking for something (eg. a link) but I don’t see it because it’s more visible than the rest of the page and my brain is conditioned to filter that out.
dwild 1613 days ago [-]
> It's a constant cognitive drain on your mental resources.
We reached the point that this is the argument to avoid ads... People will go to such a length to justify blocking ads, it's crazy.
qu4z-2 1613 days ago [-]
That's always been my primary reason, honestly.
Yes, I also take the Intel Inside stickers off my laptop.
soraminazuki 1613 days ago [-]
You can ignore ads, but you can't stop these companies from spying against users, which is a much bigger problem.
bloak 1613 days ago [-]
Yes, I think that's the right approach. You just forgot to mention that in order to prevent tracking a new VM is spun up for fetching each page. (Of course this wouldn't be necessary if the browser were implemented by someone who was on the same side as the user.)
psv1 1613 days ago [-]
> You just forgot to mention that in order to prevent tracking a new VM is spun up for fetching each page.
Make sure the travel to a different country between clicks. Just in case.
yjftsjthsd-h 1613 days ago [-]
I mean. I think you're joking, but if you use Tor then you're perfectly welcome to make a new circuit per website or whatever.
HankB99 1613 days ago [-]
The other problem with that is that I don't think it will block malware embedded in the ads.
Every once in a while I get a page that buries a CPU core. It's either bad Javascript (most likely) or something mining cryptocurrency on my PC.
gbanfalvi 1613 days ago [-]
That still wouldn't cover trackers and content running in the background, audible ads, ads that pretend to be content in the article you're reading...
squiggleblaz 1613 days ago [-]
I guess the solution at that point will be to develop a free (foss) internet alternative.
The internet will partition: the corporate internet will be what you say, and the independent internet will be people writing and hosting their own content, like the internet of the olden days. Some of them might interact with corporate services via apis.
The independent internet will be small, but it will be enough. If you want to buy something anonymously, go to a shop and pay cash with your phone turned off.
jjordan 1613 days ago [-]
I'm intrigued by the possibilities offered by decentralized technologies like IPFS and the like. I think whomever can come up with a viable economic model that allows for the sustainable decentralization of web services will change the world.
CuriouslyC 1613 days ago [-]
Nah. That's when we'll start serving scraped, mirrored content over a P2P network.
syshum 1613 days ago [-]
Thank W3C for caving into the Corporations that want to remove the Openness from the web-standards that allow for this kind of nonsense.
Google is the biggest offender after all their entire business is Tracking and Ads but it seems they get a pass as being an "offender" from most people
ekianjo 1613 days ago [-]
> Google is the biggest offender after all their entire business is Tracking and Ads but it seems they get a pass as being an "offender" from most people
Note that "most people" (even individuals) also happily insert Google Analytics snippets on their own blogs or websites. I see that all the time thru uMatrix. So it's far from "Google being a bad actor" alone.
hombre_fatal 1613 days ago [-]
People also pile on Google for Recaptcha when it's actually users like website operators and Cloudflare who are using it to avoid abuse.
Might as while pile on the bad/abusive actors for causing the scenario that makes people use captchas at all.
Quarrelsome 1613 days ago [-]
but this is all we ever asked, wasn't it? That the content creator take direct responsibility for their advertising instead of shipping us off someplace else.
sbarre 1613 days ago [-]
Agreed. If ads are served by the site I'm visiting and don't include cross-site tracking bugs, then I think that should be acceptable to most.
Speaking for myself, I've never been opposed to ads on sites (within reason - popovers are trash), because I understand that creating content costs money, but I don't like all the tracking that comes with them.
cyborgx7 1613 days ago [-]
It's always fun to read comments by people who clearly only read the title and haven't clicked on the link.
sbarre 1613 days ago [-]
I did actually click the link and read the whole Github issue thread, and the discussion here, before commenting.
But I was actually responding to the parent's comment (this is a threaded discussion, yes?) about how actual first-party ads are less objectionable than third-party tracking.
But thanks for adding your thoughts.
jrochkind1 1612 days ago [-]
There's no reason code served from the "first party" can't also participate in cross-site tracking, just by using cross-site API's on the back-end to report user actions to a central tracker.
It is more technically challenging to implement. If it becomes necessary, I'm sure there will be plenty of money invested in making it easier for the content providers to participate in such things.
cyborgx7 1613 days ago [-]
They are still shipping us off someplace else. The fact that they technically put their name in front of it to trick the browser, doesn't change this.
Quarrelsome 1613 days ago [-]
I feel like it at least makes the arrangement explicit and IMO its as much as we could ever ask for. This was always the technological trick that ad-blocking employed.
cyborgx7 1613 days ago [-]
> its as much as we could ever ask for
I can ask for a lot more, don't worry.
Reason077 1613 days ago [-]
It’s still a 3rd party doing the tracking. They are just using DNS tricks to make it look like it’s a 1st-party domain, thus defeating tracker blocking.
zaarn 1613 days ago [-]
WebAssembly can still be detected; the filepath or subdomain can be blocked as normal (would already work) and optionally you can run a fingerprinting method similar to AVs to detect scripts similar to trackers.
Red_Leaves_Flyy 1613 days ago [-]
Exactly. The only way to create a black boxed env on devices outside of the attackers premises is if the attackers built the devices themselves and have thrown decades of iterative development out the window to create equipment resistant to endless physical attacks. Transporting state secrets is a simpler task.
That just moves the goalposts though. People will still deconstruct and reverse engineer the black box, or sniff the lines it uses and attack the traffic. Or anything else. There are countless attack vectors against a device in physical possession. So unless the devices are melting down into slag and can perfectly detect even passive attacks then the advertisers will always lose.
This doesn't stop them from trying. If advertising can be made more expensive then the roi the advertisers will stop. Some will irrationally throw money at the problem way past the point they should've given up but even they will taper off eventually.
JohnBooty 1613 days ago [-]
Yeah, literally no way to stop tracking.
Suppose I have an apache module (or the equivalent in some modern http server) that's (a) injecting the necessary code (b) forwarding the traffic information to my nefarious third-party tracking provider. Or, heck, just a third-party solution that consumes my apache logs. It's doing all of this without using the browser itself as a middleman, like the clumsy CNAME masking discussed in the linked Github discussion.
This could never be stopped client-side since one's web browser would have no say.
Only reason this isn't more widespread already is because a lot of web properties don't have full control over their shared hosting environments.
First-party ads are theoretically kinda sorta maybe blockable via various levels of heuristics, which of course adblockers are already doing to various extents today.
But as far as preventing your information from being forwarded behind the scenes, there's no technical solution. Legislation is the only hope to curb it.
jannes 1613 days ago [-]
As far as I know, Urchin [0] (Google Analytics predecessor) was that third-party solution that consumes Apache logs. However, Google bought and discontinued the product.
Google still has an old help site referencing its log analysis features [1].
> Urchin WebAnalytics Software is discontinued and is no longer supported. All Urchin documentation applies only to the Urchin product as it was at the time of discontinuation, and does not apply to any Google Analytics products or services.
We have lost the WWW since corporate interests took over from personal interest.
Small community sites are still interesting, distributed web technologies may start to rise, or there's always gophernet...
JoeSamoa 1613 days ago [-]
It should be clear at this point the www is a not what it was. Honestly the ads could still be 3rd party, but they would just be stored on the same web server as the site. Then the 3rd party would just collect the info from the site instead of directly through the user.
I'm ready to move on. In my eyes we already lost the www.
worldsayshi 1613 days ago [-]
We could start blacklisting such websites (with opt-in and toggle-able blacklists) and move to search engines that allow such blacklist opt-in features.
I'm already seeing a big use case for having such a (opt-in) domain filtered search engine since there's soo many spammy and SEO-hacking web sites out there.
derefr 1613 days ago [-]
Nah; presuming the page’s real content continues to just be plain HTML, the worst things will get is that you’ll have to browse some sites with JavaScript disabled.
Also, re: “inline” static images, there could totally be client-side ML-model cosmetic filters that recognize and remove known as images, regardless of how they got to the page. The filter could even just throw a floating rectangle over then, so it wouldn’t even have to understand how they’re made in the DOM. This is the “thermonuclear backup plan” we’ve been expecting to need to pull out for a while now, though advertisers have been lazy about getting sneaky enough to necessitate it.
BlueTemplar 1612 days ago [-]
My issue is that while blocking third-party scripts breaks a small part of the "Web", this now requires me to block even the first-party JavaScript, breaking most of the Web !
IvanK_net 1613 days ago [-]
The first thing is, how do you distinguish between the ad and a non-ad? If my friend mentions a famous brand in a chat with me, should there be some entity to remove the name of that brand from the chat, so that I don't see it?
There are many videos on Youtube recommending stuff. You never know if the author has been paid. Even if you try to detect popular ad networks and services, the ad techniques will also evolve.
If ads were the only source of my income, and my content was unique, I would show the user a "quiz" every 5 minutes, asking him to answer, what is shown in the ads at the moment :D and deny the access, if the answer is wrong.
geofft 1613 days ago [-]
The common motivation for ad-blocking is to prevent third-party tracking (the discussion here is about first parties proxying that tracking), JS attack surface, cryptominers, auto-playing videos, etc. - not to prevent advertising per se. Back when Google sold text-only ads, people were quite happy with them for doing it.
hombre_fatal 1613 days ago [-]
> Back when Google sold text-only ads, people were quite happy with them for doing it.
Those are some rose-tinted glasses. People on forums like HN were always annoyed that they looked like navbar links and you were only clicking them out of confusion with actual links.
riffraff 1613 days ago [-]
if canvas become a medium for nasty ad delivery it will go the same way of <object>, I am not too worried.
But as always, it will be an arms race.
userbinator 1613 days ago [-]
There will hopefully always be those personal/ad-free sites that are plain HTML and don't require any JS, but they might get a lot harder to find through the search engines...
mgreenleaf 1613 days ago [-]
Like in security, could work with a "block all" with an explicit whitelist of HTML that can be used. If it needs a canvas to display, then it isn't part of the trusted environment. That would mean you couldn't use sites that required both the ads and the content were in canvas/webassembly, but at that point they aren't really a trusted actor.
t0astbread 1613 days ago [-]
Isn't this just kinda uMatrix already?
kbenson 1613 days ago [-]
Well, if it's first party you've at least mitigated some of the privacy concerns, and it's then about the privacy policy of the company in question.
If they want to make ads extremely hard to block but reduce privacy concerns, I'm all for that. It puts the discussion back on a more even level, and if you don't like the ads, don't use the service. The only reason I'm okay with running an ad blocker now is because of the privacy concerns. If those were eliminated (which isn't the case in this theoretical situation, they're just reduced) then I'm not sure how to justify running an ad-blocker. To my eyes, it's basically stealing cable or satellite service. I understand other people don't see it the same way though.
lma21 1613 days ago [-]
We can surely find ways to block canvas or webassembly from such websites no?
Cthulhu_ 1613 days ago [-]
I don't understand why that isn't already a thing, just set up a proxy on your own domain to the ad / tracking server and you'll already avoid existing blocklists.
pedro_hab 1613 days ago [-]
They also want your sweet 3rd party cookies, 1st party requests don't send those.
Ads need to know what you googled, what you did in the competitors website, 1st party domains are a huge handicap for it.
They either will need excellent fingerprinting or accept subpar tracking.
electrotype 1613 days ago [-]
Cookies could be send to an API of the publisher by the server, and information could then be received back to update the cookie.
pedro_hab 1613 days ago [-]
You can't read 3rd party cookies, neither the browser sends it to the 1st party server.
The max they can do is track you in their website, but that's terrible, they need to know more.
edit: this means the 3rd party server can't know who you are, even if they get your tracking events, they can't know what you did in the other sites.
thats why fingerprinting could fix this, the 3rd party server could find your profile with a good enough fingerprint.
electrotype 1613 days ago [-]
I'm not talking about 3rd party cookies.
I'm talking about a sameSite cookie made for the publisher, via a proxy on the server.
pedro_hab 1613 days ago [-]
I don't think I understood you then, if they send 1st party cookies they won't be able to match you against a 3rd party profile, will they?
electrotype 1613 days ago [-]
You set a cookie "forAdProvider".
When a client send you this cookie (sameSite) your server forward it to the ad provider using a RPC call.
The ad provider replies to this call with new data they want you to add to the cookie.
You set the "forAdProvider" cookie on the client, using the data specified by the ad provider.
pedro_hab 1613 days ago [-]
Ok, so I did understand you correctly before.
I don't think that has much value because the ad provider wouldn't know who you are to begin with.
First time you open said website no cookies would exist for the domain.
Then the ad provider wouldn't know who you are.
Ex: Access foo.com and search for shoes, shoe cookies set for foo.com
Then access bar.com which hits foo.com for the ad suggestions
Now foo.com knows you searched for shoes, since the 3rd party cookies are there.
Now if you do it without 3rd party cookies bar.com wouldn't have any access to the cookies which identify you as a shoe buyer, because those are set for foo.com
electrotype 1613 days ago [-]
Got it, you are right!
Normal_gaussian 1613 days ago [-]
I'm imagining the horror of having to do it with output analysis. An advanced renderer scans the page to identify and plaster over adverts..
cm2187 1613 days ago [-]
Perhaps a solution is for websites to have to request authorization to run javascript/wasm on browsers (enforced by the browser). It will allow legitimate uses of client side code, while eliminating the vast majority of abuses.
I wonder if it is also not how GDPR should have been implemented. Forcing browsers to implement a request for storing tracking data, which would avoid dark patterns in consent forms and would keep websites honest. It would also allow to remember the decision. If you delete cookies when the browser closes, you get asked for the same consent you denied on every visit.
burtonator 1613 days ago [-]
> At that point we will have lost.
I'm actually hoping it paves the way for more independent publishers that focus on quality content and charging.
Ads have ALWAYS sucked and been a horrible solution to funding news, journalism, etc.
The problem is that ads basically cause other users to defect to platforms that are free (but sponsored by ads).
rapind 1613 days ago [-]
I run a SaaS with tens of thousands of users and am not even tempted to run ads or even add third party analytics. Firefox, Safari, and Chrome all work fine on it.
Just because there are a lot of bad actors and massive amounts of advertising doesn't mean the entire internet needs to go down that path.
Good. That means if there's a terrible exploit in the adtech, it will be attacking the host's server instead of my browser.
jimmy2020 1613 days ago [-]
i've seen this in Black Mirror Season-1.
booteille 1613 days ago [-]
The answer must be political.
Hackers have protected users since years. It's time for politicians to protect their citizens.
mihaaly 1613 days ago [-]
well, at least the most bit. to be honest huge portion of pages would not be missed. myself avoiding quite some already, just out of principle. and I am fine without those!
dallasrpi 1613 days ago [-]
Good, me and other content providers attempting to make a living fully applaud this.
maze-le 1613 days ago [-]
You could also try to provide paid content. I am more than willing to pay for content I like, if the price is reasonable and I can avoid ads and tracking -- I already support a number of media-outlets and podcasts with donations.
If you provide paid content AND try to track me or make even more money with me via ads: goodbye...
On the other hand: If you rely on ads only, it is doubtful that your media-outlet is truly neutral -- would you really do analysis and investigations on your highest paying ad clients (?) -- I doubt it...
manigandham 1613 days ago [-]
Ads also pay for the content so without them eventually you'll lose the content too.
nkrisc 1613 days ago [-]
If these first party ads are just showing me some sponsored message, then I'm totally ok with that. It's the tracking and arbitrary execution of third party code that drives me to block ads. And if a site has a truly awful first party ad experience and I can't block it? I'll probably stop using it, because I don't use sites that frustrate me if I don't have to.
Reason077 1613 days ago [-]
The technique described here is still third party tracking. They’re just (mis)using DNS to make it look like you’re talking to the first-party, to defeat tracker blocking.
buboard 1613 days ago [-]
> tracking and arbitrary execution of third party
Those are two separate things. You can track without code, and you can make a page terribly slow without any tracking.
Interestingly, for most people it's primarily the code size and slowness leads them to adblocking, tracking is secondary.
> I can't block it? I'll probably stop using it,
As a publisher I 'd welcome that behaviour. Of course i should be partly responsible for the ads my users see, I actually try to be but it's impossible with today's technology.
It's a total fallacy that the adtech of today is the best we can have. It has become a pissing contest about "who can give you the biggest, most complex analytics dashboard" rather than providing actual value to advertisers. There is also tons of unsold inventory due to the duopolization of ad platforms by google&FB. In that sense, i 'm thankful that adblocking is expanding to upend this ecosystem.
nkrisc 1613 days ago [-]
I'm generally on the same page as you. I don't have an inherent problem with sponsored messages like some folks seem to have (ex. "outlaw advertising"). My primary issues are with the current ad network framework as it exists today. The bloat, the vulnerabilities, and to a lesser extent than most people are concerned, the privacy invasions. That is why I run adblockers. It's why I go through the effort of maintaining a pi-hole setup on my network.
I visit some sites than sell, manage, and host their own ad inventory. I make zero effort to block those ads and will even click on them if they're interesting. Most of the time they're images wrapped in an anchor tag, maybe the occasional SVG animated with CSS. I don't want personalized ads, I'd rather see contextually relevant ads if I have to see any at all.
dangus 1613 days ago [-]
Let me know if I’m not understanding this right, but why does the origin of the ad software (scripts) matter to their undesirability?
Before:
Ad providers tell you to throw an external element in your page to display an ad.
After:
Ad providers tell you to add a library to your code directly that pulls down ads and serves them front the same place your site comes from.
This doesn’t magically make the website selling advertisement space aware of what code they’re running on your browser via those ads.
nkrisc 1613 days ago [-]
No, it doesn't make it magically better, there is no magic. But it does make the site accountable for the content they're serving me, instead of saying, "Oh, that's not our fault you got malware, it was the third-party ad network we use." It may not protect me much more than I am now, but it shifts the accountability to the first party I am dealing with instead of allowing them to pass the buck, because I can block all third party requests if I want to.
Would this change any legal basis? I do not know, I'm not a lawyer, but I sure hope we find out.
JoeSamoa 1613 days ago [-]
This.
losvedir 1613 days ago [-]
Depending on implementation it could make correlated tracking across sites more difficult. With an external element, your same browser could be sending the same cookie to the ad service from many different sites. With first party ads, each request will be site-specific.
close04 1613 days ago [-]
This. If HN decides to put their own sponsored post on the first page that's OK. If they start serving random ads, scripts, and generically crap from who knows what ad (malware) network that's not OK.
close04 1613 days ago [-]
Ok... feels to me like many people on HN don't realize this already happens. The first page does show "sponsored posts" (you'll easily spot them by the fact that there's no upvote arrow) and it's a good way for HN to promote its own stuff without ever delivering any crap to the user's browser.
protomyth 1613 days ago [-]
From the thread: This would require uBO to send browsing history information to a remote server, this is anti-uBO.
This is why I love UBlockOrigin, that basic principled approach is a great thing.
This does sound like “the user decide” indeed. The issue is: allowing that will likely be popular among people who should know better (like me) and it puts uBO into a position to be able to do some shady things that are hard to prove.
They’ve been in that situation before, with the original uBlock, and they’ve learned not to trust their own team.
hnarn 1613 days ago [-]
Tech savvy developers could opt in to send their data and only do so from a controlled environment. If they notice a site misbehaving, open up an incognito window, go into "call home" mode and start collecting useful info. Sure, it's not for "regular people" but this type of reporting never will be if you also want to respect the integrity of your users.
middleload 1613 days ago [-]
Taking care of a server that receives browsing data from lots of users in lots of countries must be a nightmare.
founderling 1613 days ago [-]
1st party ads are not unblockable. They only lack one aspect that helps identify them (the 3rd party hostname). But they still can be dealt with.
One way browsers try to take away that freedom is by limting what extensions can do. If that continues, at one point we would need a new browser to accomplish it.
My favorite vision of the future would be if Debian would provide a version of Chrome or Firefox that: a) is stripped of all tracking and b) gives extensions full access to everything.
saagarjha 1613 days ago [-]
At some point, you’re going to have to apply spam detection techniques rather than whitelist/blacklist ones.
anoncake 1613 days ago [-]
As long (and where) labeling ads is mandatory, there will always be a way to identify them.
ekianjo 1613 days ago [-]
So what is the strategy to deal with legitimate 1st party subdomains and tracking/ads subdomains if they use random strings as identifiers? (I am guessing this is where we will need a combination of crawlers and machine learning algorithms)
bscphil 1613 days ago [-]
Couldn't you blacklist all subdomains of the 1st party and whitelist the few that are actually real?
Or, assuming they have a small list of subdomains that redirect to ad servers, you could generate a list with a script that checks all their subdomains and creates a block list based on that. For example, the site discussed in the OP has all their subdomains listed here: https://crt.sh/?q=%25.liberation.fr
Edit: looking at the OP case, it seems like they only have one ad domain. I'm not sure I see this as a serious issue until multiple sites start rolling out thousands of subdomains, some pointing to back to the real server, others pointing to the ad server. Maybe that will happen but it's a pretty big barrier to entry, and just short of proxying everything through the 1st party.
uxp 1613 days ago [-]
> whitelist the few that are actually real
I'm speculating that the balance is in the reverse favor. Last night I was looking at some file on GitHub which was redirecting to what looked like an S3 bucket subdomain named with a pattern like "github-production-f7e281a2", which I simply presumed to be cache-busting via subdomain instead of appending the hash to the filename. If my assumptions were correct, every time GitHub deploys a new build, you would have to whitelist that subdomain.
XorNot 1613 days ago [-]
Looking for suspiciously high entropy values compared to ones native language would be one way.
TonyTheSlayer 1613 days ago [-]
Devil's advocate: then instead of using subdomains with randomly generated strings, we use words from a dictionary instead.
You would have to block entire wordlists to combat subdomains like that. It would make more sense to whitelist subdomains instead, but it would require much more effort in order to determine what subdomains are required for the website to function. Additionally, if the site in question ever decided to change anything around, someone would have to catch the breaking change and have it corrected on the whitelists for the site to function again.
squiggleblaz 1613 days ago [-]
How do you know what words to block?
ekianjo 1613 days ago [-]
Machine learning by analyzing what displays on the page by blocking different domains. Bots can be automated to do that continuously and update a decentralized database with such information.
philjackson 1613 days ago [-]
Chrome isn't open source, so not much chance of that happening.
Chromium is not Chrome. Chrome is based on code for Chromium, but that’s where the similarities end.
behringer 1613 days ago [-]
Chromium is Chrome with only a few proprietary bits removed. It's essentially Chrome everywhere that it matters to this particular discussion.
geofft 1613 days ago [-]
That's like saying that the Ubuntu kernel is based on code for Linux.
rndgermandude 1613 days ago [-]
Yes, pretty much, except that Canonical is nice enough to open source their patches. And they layer a ton of patches on top of the official kernel trees, mostly backports but also some new features. Their linux_5.0.0-36.39.diff is close to 35MB.
Now, what changes does Google layer on top of chromium to make Chrome? Do you know exactly?
geofft 1613 days ago [-]
Yes, it's pretty easy to disassemble it and find out. It's basically auto-updates, some closed-source extensions like Chromecast (although you can manually download the Chromecast bits for Chromium if you'd like), some branding differences as compile-time #defines. https://chromium.googlesource.com/chromium/src/+/master/docs...
(Do you know that all of Chromium is in fact open source? Have you looked at the source and the build process? Are there any parts in it that are actually precompiled binary blobs?)
colejohnson66 1613 days ago [-]
Does Chromium contain the DRM needed to play sites like Netflix? I know many here are against DRM, but it’s necessary if I want to use my Netflix.
behringer 1613 days ago [-]
Netflix will play a 720p version if you don't have a DRM supported browser. Also netflix distributes native apps to all platforms, which means you don't need chrome to use netflix in full fidelity on any device except maybe linux?
singron 1613 days ago [-]
Widevine is a DLL bundled with Chrome. You can copy it into a Chromium installation and use Netflix. I don't know if this violates TOS/licenses/law.
1613 days ago [-]
epapsiou 1613 days ago [-]
And why would you use chrome instead of chromium?
Stick to Firefox and Chromium.
colejohnson66 1613 days ago [-]
Because one likes the features available only in Chrome? I haven’t check recently and don’t know if this is still accurate, but Chromium used to not have the PDF reader and DRM support (for Netflix, etc.)
behringer 1613 days ago [-]
There are a number of foss and proprietary pdf readers for chromium/chrome. There are also netflix apps outside of chrome. You don't have to use Chrome...
JoeSamoa 1613 days ago [-]
You realize the extensions can track you too?
buraktamturk 1613 days ago [-]
This problem can be solved easily with using an open-source extension that has reproducible builds. Make sure it doesn't have built-in tracker as easy as looking to the source code. And we can make sure the final hash (without software signature blob) of the extension is the same as your built, so it is not tempered before uploaded to the extension store.
cf141q5325 1613 days ago [-]
You can also track people if they install your adware.exe. The emphasis on install. What software you install is an entirely different threat scenario then visiting a website.
ComodoHacker 1613 days ago [-]
As gorhill mentioned in the comments, this isn't really a 1st-party tracking, it's "3rd-party disguised as 1st-party". Tracking URL is on a subdomain of 1st-party domain, but it resolves to 3rd-party IP ang request goes to 3rd-party infrastructure.
jimktrains2 1613 days ago [-]
That doesn't need to be true at all. You could imagine a service that acts as a can and proxy for the 1st party that injects ads into the HTML directly and handles certain urls on the main domain.
Also, 3rd party infrastructure could be something like aws. Are you really going to block all ec2 address ranges?
M2Ys4U 1613 days ago [-]
Forcing people who want to include adware on their sites to run and maintain a proxy is an additional overhead that many won't want to do.
This reduces the attractiveness of adverts, which means they won't be as prevalent, which means tracking concerns are lessened.
That's a win, no?
jrockway 1613 days ago [-]
I doubt we will win anything from this. Some advertising provider will provide an easily-runnable proxy and say "we give you double CPM if you give us the logged-in user's email address". Now you have even less privacy.
Third-party requests with cookies made it easy to start tracking people across sites... but there are other ways if that is made to stop working. Given how much money flows through the advertising industry, I am sure someone will pay for the week or so of engineering to make advertising more invasive.
NullPrefix 1613 days ago [-]
Doesn't this increase the risk of costly GDPR non compliance?
jrockway 1613 days ago [-]
Just georestrict your website to not allow visitors from Europe. What I learned from the whole Blizzard fiasco is that the future is selling products to China. China doesn't really care about the GDPR.
NullPrefix 1613 days ago [-]
Good, at least for Europeans. It's good that malware peddlers self identify themselves.
ryanisnan 1613 days ago [-]
You can hardly call Blizzard a malware peddler...
NullPrefix 1613 days ago [-]
I was referring to the websites, which block access to Europe, because they don't comply with GDPR.
ryanisnan 1610 days ago [-]
Ah, my mistake.
kgwxd 1613 days ago [-]
I feel like it is a win. It forces the 2 companies into a trust relationship with each other instead of using my machine as a intermediary.
jimktrains2 1613 days ago [-]
There are already companies that do this for other thing. It's basically the model cloudflare uses, but they don't have the ad injection part. I believe brandingbrand did the same model for mobile sites.
To the site owner, they're just pointing dns at the ad company and treating it like a cdn.
tyingq 1613 days ago [-]
A good example of why taking away the blocking feature of chrome.webRequest cripples full featured ad blockers. Gorhill shows both a DOM based rule and a CNAME uncloak that kills this tracker. Neither will work post manifest V3.
sheeshkebab 1613 days ago [-]
Chrome is not the only browser out there, and anyone who cares about privacy shouldn’t be using it.
taf2 1613 days ago [-]
I mean this is nothing compared to what you can accomplish with a multi origin cdn or how about a scriptable edge cdn... fastly, cloudflare or cloud front with edge lambda... then you can effectively proxy everything on the same origin with zero ip or domain difference... only content analysis could be effective and even then it’ll become a real arms race
kodablah 1613 days ago [-]
You lose out on cookies from those other origins. When we reach the point where ads served from the same site are the primary problem, a partial victory has been gained.
I already suggest people use these edge workers to anonymize-then-collect analytics (e.g. via [0]) if they can't be bothered to host their own solution. Of course we all prefer self hosted, but even this is better than third party js.
You can do that with any web server, just by serving trackers the same way as all other content.
taf2 1613 days ago [-]
That’s right but small business owner doesn’t know how - this is about ease of deployment
alibert 1613 days ago [-]
Someone made a script that generate a list of first party domain to block. It seems to crawl websites and extract all requests and compare domains with regex of known first party tracker.
I'd love to run this in Docker without manually setting the dependencies up
01acheru 1613 days ago [-]
I've done something like that some years ago to ensure that the tracking we were using on our website worked even if a user had an AdBlock. (it wasn't a tracker as in ad tracker, but a tracker nontheless)
It was fairly trivial: instead of asking for the tracking script directly I put a small service of ours in front of it, so our website asked for foo.mycompany.com/stats.js that fetched the correct script and changed all URLs inside of it from mycomp.mytrack.com to foo.mycompany.com. Our service than acted as a proxy to mycomp.mytrack.com.
A simple solution that worked out for a while, lost by now, in a server, somewhere in Ireland...
kingartur44 1613 days ago [-]
In this way, you are opening a lot of things of your site to the advertizer. They can grab your users session cookies or even intercept everything they send to you
01acheru 1613 days ago [-]
Just to clarify, as I said it was not an ad tracker, all data was ours and ours only. It was 1st party tracking using a 3rd party service that was blocked by ad blockers. Anyway we don't use cookies for *.mycompany.com, and it was a session-less website.
Valmar 1613 days ago [-]
Evil, but clever.
01acheru 1613 days ago [-]
Thanks for the cleverness! As for the evil, it was a tracker whose data wasn't shared with 3rd parties, we needed to gather as much data about our users as possible since we are incredibly understaffed (one handles the business, one sells the product and I do the tech)... it helped us a lot with support requests and customer acquisition
danielrpa 1613 days ago [-]
I can see a future where safe browsing of the web will only be possible through some sort of whitelisting. Search engines or crowdsourced lists will exist to tell you which places you should or shouldn't go in the web based on Ads or tracking features, just like you can find out the relatively few places that serve Vegan or Kosher food.
This isn't exactly a great future but we need to accept that nowadays most people don't care about tracking or ads. This might change one day, but it's the status quo.
I think that anti-ads and anti-tracking, if trying to work alongside the full feature set of the Internet, is fighting a honorable but eventually losing war. Even if someone sorts out this particular issue, you are still tracked by 1) Your ISP and 2) other subtle client fingerprinting technologies. You can use Tor/VPN/disable JS but all of these have downsides.
All we can do is to fight with our time and wallets by not visiting places that don't support our values. This is possible and not different from the world we live in already.
capdeck 1613 days ago [-]
Next step in ad blocking is using local trained AI to figure out what is an ad and what is not based on the content that it shows (regardless of origin).
May be more of a challenge with trackers as they don't to show ads per se, but may be the same technique can be used with "randomly" generated URLs - train an AI to dynamically make a guess whether the sub-domain (even first party) is a tracker or not. There may not be a clear marker, but there is always a pattern...
sails 1613 days ago [-]
Interesting idea, I like the sound of that.
Currently I use uBlock Origin's "Block Element" function to block "non-ad" components of websites that bother me (HN orange top bar for example). Something similar that was "trained" based on my/crowd input would be an interesting start.
jimktrains2 1613 days ago [-]
> whether the sub-domain (even first party)
It need not be a subdomain. Analytics could be proxied from the main domain.
jimktrains2 1613 days ago [-]
> I can see a future where safe browsing of the web will only be possible through some sort of whitelisting.
Which is unfortunate, because it's already started that many places won't even render plain text without javascript.
> I think that anti-blocking and anti-tracking, if trying to work alongside the full feature set of the Internet, is fighting a honorable but eventually losing war.
For me it's less about "tracking" and more about tracking with aggregation. Self-hosted things like AWStat and Matomo (formerly Piwik) are fine in my book. It's bringing together those analytics across different sites which is problematic.
asjw 1613 days ago [-]
That's what IE did in the past with high security enabled
Ironic ain't it?
cm2187 1613 days ago [-]
I don't really have a problem with first party tracking, unless it can correlate my identity across websites. But otherwise I have no problem with website X knowing that I browse website X.
Can first party tracking do this sort of correlation other than through browser fingerprinting?
cyborgx7 1613 days ago [-]
If I'm understanding this correctly, it's only first party tracking in that it comes from a subdomain of the domain of the website you are browsing. But that subdomain points at a third party tracking provider. So this still seems like a single tracking provider on multiple website being able to correlate your browsing.
wongarsu 1613 days ago [-]
You still get full cookie separation because each website has a different subdomain and thus a different cookie. The analytics provider can track you across the internet, but they have to invest work and resources instead of getting it basically free.
squiggleblaz 1613 days ago [-]
Well, I'm hardly about to accept that it's legitimate to spy on me "because they invested work and resources instead of getting it basically for free".
It's like, a peeping Tom who just looks through a window - yuck that's gross. But a peeping Tom who spies by building a microdrone that can fly in the door when it opens and mount itself on the ceiling with suction pads - oh that's perfectly legitimate because of the work and resources Tom invested.
I mean, if it's gross to do something by accident and it's gross to do something without any investment, it's super gross to do it with resources.
It's not all that hard to track someone across the internet. I think many people have demonstrate hacks that steal legitimate functionality and get you there.
I think we'll probably have to go for a containerised internet (separate apps) and just deal with the disadvantages.
cyborgx7 1613 days ago [-]
I agree that this is not an insignificant aspect. But I still don't think it is therefore something that should be tolerated.
cm2187 1613 days ago [-]
But how would the provider track you across the internet with cookie separation (other than through fingerprinting)?
kasey_junk 1613 days ago [-]
The provider a) is the other parts of the internet (think big cdn) and b) they communicate with other data brokers via a side channel instead of via cookie syncing.
This is already happening with large web publishers.
cm2187 1613 days ago [-]
But even if they do that, how can they tell it is the same user on two different domains?
gpvos 1613 days ago [-]
I wouldn't know, but fingerprinting is a thing and is bad enough.
Red_Leaves_Flyy 1613 days ago [-]
Do you have a great way to block every fingerprinting method?
cm2187 1613 days ago [-]
Firefox seems to be on the case. There is really no good reason to give any means for a website to fingerprint a browser.
input_sh 1613 days ago [-]
uBlock origin (more specifically, EasyPrivacy list) blocks 1st party tracking as well.
For example, you could spin up an instance of Matomo (formerly Piwik) for your own website and still see no traffic from adblock users by default.
ddtaylor 1613 days ago [-]
This is also why if you're using Matamo you should have it parse your access logs instead.
beagle3 1613 days ago [-]
Google and Facebook have been adding gclid and fbclid arguments to outgoing links for a while. Click one of those, and the linked site can conspire with googbook to correlate identities.
More sites could do that.
This is generally better than 3rd partyies because the sites would have to actually conspire, cooperate and trust each other, which is a huge hurdle.
And if the trust is actually there, they could correlate offline without any indication. Facebook already does that (with credit records, likely phone records and medical records as well) and I wouldn’t be surprised if others don’t.
Correlation is less than perfect this way - but e.g. zip, gender and age are enough to give a pretty good correlation, and name makes it almost perfect - if you have an account somewhere, you probably gave these details.
jedimastert 1613 days ago [-]
> Google and Facebook have been adding gclid and fbclid arguments to outgoing links for a while.
Can you you send me an example of both of those please?
Hello71 1613 days ago [-]
gclid seems to be for adwords only. imo, if you're already the type to click on ads, you shouldn't object to tracking of which site you came from. fbclid on the other hand applies to all links from facebook. it was a major story on HN: https://hn.algolia.com/?query=fbclid
stilisstuk 1613 days ago [-]
Yes. E.g. Danish newspapers are working in a joint effort to do just that, via 1st party tracking.
Think of this as SSR for adverts/trackers. The harvested data is still going to 3rd parties, even if your browser connection(s) aren't.
pdkl95 1613 days ago [-]
This is about 3rd party trackers masquerading as the 1st party by asking the hosting page to provide a CNAME under their own domain. With the tracker hosted under the 1st party's domain, they work around people that deny 3rd party cookies.
The example at the top of the thread: https://www.liberation.fr/ has a tracker from f7ds.liberation.fr, which is really part of tracking provider Eulerian.
f7ds.liberation.fr. 3599 IN CNAME liberation.eulerian.net.
TL;DR - the entire point of this is to let 3rd parties continue to correlate your identity by hiding as part of the 1st party.
throwaway6845 1613 days ago [-]
I agree. I have a big problem with UBO etc. blocking self-hosted, single-site Piwik. It feels like being penalised for doing the right thing.
account42 1613 days ago [-]
> It feels like being penalised for doing the right thing.
Just because there are worse things to do does not make Piwik the right thing. The right thing is not to collect the data at all.
throwaway6845 1613 days ago [-]
What's wrong with finding out how people use my site, so I can write more of the content they like, and make it easier for them to navigate through?
ekianjo 1613 days ago [-]
In the world of tracking a self hosted, self-owned tracking solution would probably be by far the exception rather than the rule.
Iv 1613 days ago [-]
Browser and IP fingerprinting are already good enough to pinpoint you.
danShumway 1613 days ago [-]
One takeaway from this[0]:
> Can't this be "emulated" in Chromium by resolving the hostnames using DNS over HTTPS in JSON format?
> - This would require uBO to send browsing history information to a remote server, this is anti-uBO.
> - Chromium does not support non-blocking webRequest.onBeforeRequest listeners, so this can't work reliably when the result depends on an asynchronous operation such as a DNS lookup.
> - Chromium's webRequest.onBeforeRequest blocking ability is being deprecated with Manifest V3, so even without the above issues, this would be wasted development efforts.
I suspect (and suspected) that Ublock Origin may eventually be deprecated for Chrome after the V3 changes shipped the same way it was deprecated for Safari, although to the best of my knowledge Gorhill hasn't made any kind of official announcement about that -- so I want to be clear that it's purely conjecture on my end.
This thread reinforces that suspicion. I don't know if Gorhill has explicit plans to do anything with Chrome, but I suspect that in the future it will become more and more annoying to support the browser.
I also previously made a prediction[1] that within 2 years, Firefox would have clearly better tracker-blocking extensions than Chrome (65% likelyhood). This is roughly in line with what I would expect to see with that prediction -- a few rare fringe-case scenarios that creators can quickly address in Firefox, but that require more extensive work and conversations around Chrome. If this kind of issue becomes more common in the future, then I'll feel more confident about that prediction.
One possibly good outcome would be if Chrome's embrace of V3 is the catalyst that causes Firefox usage to shoot up again. By most measures, around 40% of users use ad blockers.
freeAgent 1613 days ago [-]
I would be surprised if uBlock Origin continues to be published/available for Chrome at all in its current form. In order to comply with the new restrictions Google are placing on it, it would have to be severely neutered. They are not giving uBO an option to continue support. Any post-Manifest V3 ad blocker would essentially be a different product.
cobbzilla 1613 days ago [-]
Can’t an ad blocker do the CNAME resolution and then not load the URL if it resolves to a 3rd-party hostname?
Using an A/AAAA record would be harder, you’d need to have an IP blacklist, and the trackers would probably be constantly shifting IPs, using a low TTL on the record.
This might require giving your tracker programmatic access to your DNS, not sure if many first parties are ready to go there.
cyborgx7 1613 days ago [-]
That is one of the proposed solutions in that thread. I think somewhat to that effect is what will have to happen. Though it seems like it's possible, in some browsers, for the adblocker with the right permissions to inject itself in the original DNS resolution process and just stop the process when it encounters a blocked domain.
saagarjha 1613 days ago [-]
I have CNAME record for my website that points at GitHub. Would your suggestion block this?
cobbzilla 1613 days ago [-]
Not likely — only if “github.com” was classified as an ad-tracker by the ad blocker.
SeanMacConMara 1613 days ago [-]
im happy to just block/not visit those entire domains
there comes a point when the content is just not worth it
doesnt scale obviously
we're headed back to the "golden age" of TV advertising except via http instead of radio waves/cable
1613 days ago [-]
zerocrates 1613 days ago [-]
Web advertising is, and long has been, far worse and more intrusive than TV ads.
SeanMacConMara 1613 days ago [-]
i was referring to the "golden age" of captive eyeballs ie eveyone watched lots of TV and mostly could not avoid seeing most of the ads.
at least we've had ad blockser on browsers that work well up to now
the tracking of web ads obviously vastly overshadows what happened with TV.
they obviously want the best of both worlds "avoidable ads" and "extreme tracking"
xiphias2 1613 days ago [-]
The problem is that the links to these sites already grab my attention. If ads can't be blocked on a web site, links to the web site should be blocked, so I never see them in the first place.
lazypenguin 1613 days ago [-]
I’ve installed an addon to filter duckduckgo and google searches to avoid hide the SEO spammy websites. Maybe you would be interested.
Same, I've been avoiding domains that I know will just show me an unacceptable banner (on mobile) or paywall (desktop). It's funny that I've trained myself to avoid them. I wouldn't really mind them being blocked in these lists, as long as I can optionally disable/enable the domains, or whitelist them if I want (there are some news websites I've paid for)
floatingatoll 1613 days ago [-]
WebKit Intelligent Tracking Protection 2.0 and later seem to treat all subdomain as equal for tracking purposes.
No. ITP captures statistics and applies its rules for the effective top-level domain plus one, or eTLD+1. An eTLD is .com or .co.uk so an example of an eTLD+1 would be social.co.uk but not sub.social.co.uk (eTLD+2) or just co.uk (eTLD).
ITP 2.3 counteracts this by downgrading document.referrer to the referrer’s eTLD+1 if the referrer has link decoration and the user was navigated from a classified domain. Say the user is navigated from social.example to website.example and the referrer is https://sub.social.example/some/path/?clickID=0123456789. When social.example’s script on website.example reads document.referrer to retrieve and store the click ID, ITP will make sure only https://social.example is returned.
scoutt 1613 days ago [-]
I am glad to see that websites are struggling to ruthlessly track users for showing ads. It means that the efforts so far are working. They have our attention.
Now it's time for standards creators to be responsible and to do something in favor of their users: the user should have the final decision about being tracked/shown ads.
But when the most used web browser is in the hands of the biggest ad vendor, then there is little hope...
I guess we can only expect for web pages to turn into a sort of dynamically-generated JPEG that cannot be parsed/analyzed.
JakaJancar 1613 days ago [-]
I don't see the problem.
If the publisher develops an analytics, user profile or whatever solution themselves, then it's 1st party - OK.
But outsource the development or hosting to someone, and suddenly it's a problem? How is this different to using AWS?
Now if the data from their different clients is merged to build a unified view of what you do on the web, that's different, but the place to prevent that is in the browser using cookie partitioning, not by caring about the tracker developer/hosting provider.
sigwinch28 1613 days ago [-]
> If the publisher develops an analytics, user profile or whatever solution themselves, then it's 1st party - OK.
How have you reached the conclusion that this is okay?
iramiller 1613 days ago [-]
So what we need is a DNS service that takes in all of the DNS record updates per normal DNS replication and flags these CNAME record entries into an easily consumable blocklist.
EvanAnderson 1613 days ago [-]
DNS-based filtering will be useless once DNS-over-HTTPS and pinned certificates are the norm. That will come to embedded devices first, but it'll come to consumer OS's too.
iramiller 1612 days ago [-]
Right. But it is still possible to run a DNS resolver and dump those domains in a address based blacklist at the firewall.
novaRom 1613 days ago [-]
If me as a human can identify ads easily, Machine Learning and Computer Vision could be used instead of black-listing domains like in this case.
SaturateDK 1613 days ago [-]
At what point does spamming the tracking endpoint with crap data become the next tool?
Maybe it's just the circles I move in, but I feel like there are enough users who don't want to be tracked and enough websites that don't want to track that maybe some sort of code of ethics would work.
Sign up, promise not to track your users and be open to lawsuits if you're found to be lying.
Granted, it would just be another whack in the game of whack a mole, but we have to keep whacking.
hombre_fatal 1613 days ago [-]
People will care about that as much as they care about ceasing to use websites that are hostile towards them: pretty much not at all.
The entire ad-blocking concept shows that people will do anything to continue visiting a website they are desperate to consume no matter how user-hostile it might be.
Also, this "No-Tracking" pledge seems like a thought experiment that only considers the rare website with more or less drop-in alternatives. So, maybe just general news and some brochure info sites?
cookie_monsta 1613 days ago [-]
I guess it's possible at any moment in history to say that nothing will change because nobody cares. There will always be some truth to that.
But I feel like we're reaching some sort of tipping point. 200k+ people just signed up to a new social network whose only real usp is no tracking.
I don't know what a drop in alternative is so I can't answer your question, but if your assertion is that generally speaking sites need to allow their users to be tracked I would disagree.
djsumdog 1613 days ago [-]
You get the GDPR and a ton of little banners people click through or a disable button no one sees where, if you click it, you get confusing sliders that you can't tell if they're on or off (intentionally).
cookie_monsta 1613 days ago [-]
No. You sign up, you don't track. You get caught, you get sued.
The UI has nothing to do with this.
6gvONxR4sf7o 1613 days ago [-]
For what it's worth, I hardly see ads anymore because I use a browser extension that disables javascript on a site by site basis. You can have javascript be opt-in or opt-out. With opt-in, you get such a better web browsing experience on 95% of sites, and for the others, you just click a little button next to the address bar to make it work.
No pop ups, fewer paywalls, less tracking, no videos (except the video site I whitelisted, like youtube). What should be static content actually stays static content. The web is a much better place when you disable javascript where there doesn't need to be javascript.
Combine it with cookie auto-delete and whitelisting, and disabled third party everything, and the web is mostly nice again.
> Libération (French: [li.be.ʁa.sjɔ̃]), popularly known as Libé ([li.be]), is a daily newspaper in France, founded in Paris by Jean-Paul Sartre and Serge July in 1973 in the wake of the protest movements of May 1968.
> For its first six or seven years it was a uniquely vibrant and pluralist publication and hugely influential. This
> was mainly due to its refusal to take paid advertising which meant there was no direct or indirect pressure from advertisers.
Seems they're now helping to push boundaries of pushing advertising since their founding.
mehdix 1613 days ago [-]
If a webpage does not render correctly in Firefox, I close the tab and support an alternative. It doesn't work for every case, but nevertheless it makes a difference. I also use and support Firefox everywhere, at home, at work, and on mobile.
Pxtl 1613 days ago [-]
It occurs to me - doesn't this mean that the ad company will have access to the users' session cookies? That seems like a terrifying security risk.
hombre_fatal 1613 days ago [-]
By default, cookies are limited to [subdomain.]example.com not *.example.com.
Pxtl 1613 days ago [-]
Still, sharing cookies across subdomains is a pretty common workflow.
rmsaksida 1613 days ago [-]
uBlock Origin aside, it feels like browsers should have built-in support for dealing with this technique (I'm thinking of Safari content blockers and Chrome declarative net requests). Otherwise it's all too easy for trackers to get around browser protections, rendering content blocking APIs almost useless. You should be able to block the resolved domain for a CNAME, not just the source domain...
account42 1613 days ago [-]
CNAME is a red herring - it would not take that much more effort to delegate the subdomain to a name server controlled by the tracking service or just dynamically update the A/AAAA records yourself.
tilolebo 1613 days ago [-]
Naive question: if media.liberation.fr is a CNAME to a 3rd party ad tracker, why not simply add liberation.fr to the uBO list?
lpellis 1613 days ago [-]
liberation.fr is the site you want to access, blocking it will kinda defeat the purpose.
Blocking *.liberation.fr also is not really an option as it contains some legitimate subdomains.
You would have to look up the CNAME for every subdomain and block those on the fly (it seems to randomly rotate)
neilv 1613 days ago [-]
I mentioned non-same-origin subdomain problems a while ago, while suggesting a feature that would help with my particular approach:
Does anyone know if pihole could help here? If not now, does pihole work on blocking 1st party trackers?
gowthamgts12 1613 days ago [-]
A possible solution proposed for this problem is to do DNS checks, which is already done by PiHole. So, yes if you have the 3rd party in your filter, it will be blocked.
manigandham 1613 days ago [-]
What exactly is the problem with first-party ads? This is what the general consensus was - to move towards ads that were delivered directly by the publisher that you had a connection to instead of 3rd-party networks.
At some point, you have to admit that you just want the content for free.
disintegore 1613 days ago [-]
> What exactly is the problem with first-party ads?
The problem is that they're ads.
> At some point, you have to admit that you just want the content for free.
I understand it's a bit of an ethical conundrum. Quality content and/or service requires compensation. At the same time, advertisement is a form of harassment and intellectual terrorism and they make content undemocratic by nature. Altering your own software in order to see NO ads of any kind under any circumstances is perfectly justifiable.
With that said, I don't buy the myth of the struggling internet entrepreneur being unable to make ends meet because of the selfish adblock users. I think that's as ridiculous a notion as the idea that Napster could kill independent musicians. Fact of the matter is that ads are a form of revenue and there are healthy alternatives out there.
For instance, instead of giving away an infinitesimal fraction of our mental health to every single internet business, we can instead enter a social contract in which everything is free, and consumers are expected to pay into the channels and services that they like best. This is, for instance, how many Podcasts and non-advertiser-friendly Youtube channels work.
Nadge 1612 days ago [-]
I agree with what you said in this comment and the conversation below. Everyone already pays for access to the internet, either to their ISP or via a mobile data plan (with the majority probably paying for both).
In the early days of the internet, there was no expectation to be paid for creating content - people simply created it out of their own goodwill or because it's their passion.
If I set up a personal website, I expect that to be a sunk cost; people pay for my content with their attention. Obviously, attention doesn't put food on the table, but it's saddening to see the contrast between what the Internet could be, and what it is currently.
manigandham 1613 days ago [-]
"Intellectual terrorism"? This makes no sense. Using this kind of extremist language doesn't help.
> "healthy alternatives out there"
That's the real myth. You either pay for content up front (by going to work, getting paid in cash, and using that cash) or you see some ads (which convert your attention to payments in real-time on demand for exactly what you're consuming). For billions of people, ads are faster, easier, more passive and more fair.
Donations are not a scalable business. Podcasts are in an advertiser boom and are making record amounts of money from ads so I'm not sure why you used that example. Very few (if any) channels of size are completely user-supported.
disintegore 1613 days ago [-]
"Intellectual terrorism" is indeed pretty extreme, and the term only applies to some segments of the industry. However that's exactly how I would describe the effect that fashion & beauty advertising have on women and men to a lesser extent.
None of the podcasts I listen to contain any kind of advertisement of any kind. This is not difficult to explain; prudent businesses typically do not stray very far outside the Overton window. This form of media exists - flourishes - because of listener patronage.
> Donations are not a scalable business.
True, but it's a viable business model. If you want something that scales as high as your entrepreneurial ambitions, consider that 100 million people pay Spotify in order to not have to listen to ads.
manigandham 1613 days ago [-]
The vast majority of content is not free and is either directly paid for or subsidized by ads. Content which is given away freely or supported by user patronage is a tiny fraction.
Spotify has made a profit a total of 2 quarters out of 10 years, and that's an example of direct payment as I described, which nobody has a problem with. Donations as you're talking about are completely different. There is no free and pay what you want with spotify.
disintegore 1613 days ago [-]
It's not the most popular way to generate revenue given that it's fairly young and offers a poor guarantee. That doesn't change the fact that it's a demonstrably viable way to have generate revenue without relying on visual and auditory poison. Given time it may supplant ads just as ads supplanted commercial licenses. I don't know either way and I'm not in the business of making predictions.
The fact of the matter is that I have control over what my browser renders. If you provide it for free "with ads" then I am going to access it for free without ads; you are putting it out there free of charge and hoping to get kickbacks. If you escalate the ad-blocker arms race, I am going to lose interest in whatever crap you are peddling. You do not automatically enter a mutual agreement with me upon publishing it and you will not succeed in guilt tripping me into watching vapid and manipulative corporate material.
If you want any of my money, use one of the crowdfunding platforms out there, or sell it upfront.
manigandham 1613 days ago [-]
That's an extremist perspective against advertising (and seemingly only online ads) while ignoring the economics behind it. Call it what you want, but you know and understand the implicit agreement is ads in exchange for content. Clearly you're getting plenty of value otherwise you wouldn't be accessing the content in the first place.
But sure, some will have this position and it's relatively minor across the population, but you're starting to see more things behind subscriptions and paywalls as a result.
disintegore 1612 days ago [-]
This is going to sound like a contrived argument but abolitionism was an extremist stance against slavery. The word "extremist" is not synonym with "excessive" or "bad".
I don't see which part of this thread implies that I'm only against online ads.
> Call it what you want, but you know and understand the implicit agreement is ads in exchange for content.
You don't seem to get it. There are no terms other than what's on the table, which is to say the content and the ads, and both are optional. We are not legally or ethically bound by any "implicit agreement".
> but you're starting to see more things behind subscriptions and paywalls as a result.
Subscriptions and paywalls are markedly better than advertisements, for the consumer at least.
manigandham 1612 days ago [-]
> "Subscriptions and paywalls are markedly better than advertisements, for the consumer at least."
Except the ones that don't or can't pay for it. People want more options for access, not less. The extremist position is saying all advertising is bad while ignoring the economic impact and the fact that almost all businesses grow because of it.
sigwinch28 1613 days ago [-]
The way I read it, the discussion is about third-party ads which are disguised as first-party ads by using CNAME DNS records, so that `totallyfirstpartyads.mywebsite.com` is actually just referring to `serveads.thirdpartyadcompany.com`.
More than that, random subdomains are used to subvert adblockers.
To me, it seems that the discussion is about third-party ads which are masquerading as first-party content. It's not about first-party ads or whether the content should be free, but about third-party advertisers pretending to be first-party.
manigandham 1613 days ago [-]
There's no such thing as pretending to be first-party. All ads are going to be served through a service/software provider the same way sites run on Wordpress or use a CDN.
The data relationship changes with first-party serving because it's now isolated to that site.
sigwinch28 1613 days ago [-]
> The data relationship changes with first-party serving because it's now isolated to that site.
Except that when you decide to point to someone else's domain via a DNS CNAME on your own domain, you open the door to cookies, referrer information, and more being leaked to the third party.
Whether it's intentional or not, I think it's a bad thing to do.
Oh, and opens the door for malicious cross-domain scripting if the CDN you're CNAME'ing gets compromised.
manigandham 1613 days ago [-]
That's the same as the ISP, CDN, CMS, and plenty of other software and vendors in the middle getting access to that information. There's a difference between a service provider and data ownership.
sigwinch28 1613 days ago [-]
> That's the same as the ISP, CDN, CMS, and plenty of other software and vendors in the middle getting access to that information.
I don't think it's the same.
At least with HTTPS (or even the use of VPNs, DNS over HTTPS, and the upcoming/proposed encrypted SNI), the ISPs won't have any metadata except the IP headers, which I think is a good rebalancing.
There's no requirement for the CMS to be hosted by a third party. Joomla, Drupal, Wordpress, etc. are all popular self-hosted solutions.
The CDN typically does not have all the information, either: a CDN's job is (often, but not always) to deliver media assets (images, videos, audio), large files (e.g. ISOs, executables), or to deliver things like fonts or javascript libraries. These things are (again, often, but not always) supplied from a different domain.
My browser, for example, doesn't send referer headers when dealing with these sites, and it definitely doesn't send any cookies which aren't set for the CDN's domain explicitly.
Different amounts of information leak when you CNAME to a CDN on your own domain, or you load third party advertising scripts in a page.
To me, at least, there's a difference between a third party (such as a CDN or ISP) knowing what domain I was on, versus third-party advertising scripts getting their hands on my detailed browser information by (ab)using JavaScript APIs and extensive fingerprinting.
> There's a difference between a service provider and data ownership.
Can you elaborate? I don't think I understand this point.
For example, under the GDPR where I live, I have rights to data which I produced, regardless of the service provider or the domain it's delivered on.
manigandham 1613 days ago [-]
Those are all vendors that get access to cookies and traffic. The point is that data flows through plenty of companies are various levels and providing a CMS or CDN is no different than providing ad serving.
The real issue is whether your data is more protected, and with first-party serving (and all the other anti-tracking restrictions), it's isolated to each domain instead of the cross-site tracking we had before. It's basically a user-to-site connection only now, regardless of the backend tech they use.
Any serious privacy change would require regulation as you noted, GDPR and CCPA in the US will provide the real protections soon enough.
ATsch 1613 days ago [-]
They aren't, though. It's simply a CNAME alias to a third party ad and tracking provider.
manigandham 1613 days ago [-]
Publishers aren't going to build their own ad software. This is no different than running wordpress.
The issue is data and privacy, and first-party means it's a much more direct relationship with the site you're on.
drawkbox 1613 days ago [-]
Hosting ads server side rather than served from client side javascript networks has always been around though.
Originally ad networks were something you rendered out on server side hitting their APIs from the server, and in some cases dns via subdomain. Content hosts were more careful of the content of the ads because it hits their main host ranking.
First party / server side ads are actually preferred if you have to choose as you can limit the ads server side and rogue ads can be dealt with.
Ad networks from the late 90s to early 2000s were this way. Once popup ads took off they started making ad networks client side to not impact rendering on the server and ads could show progressively when inlined into the layout/script.
Today the ads/trackers are almost all client side as it is easier to integrate as more of a widget and less resources used on the server. The ad networks and trackers of today want to own all the data and not share it with content providers, plus being client-side it makes it easy to link data without the need for integration in each endpoint backend just the third party endpoints. Additionally third party ad networks may not trust that page views are organic with the api calls being implemented first-party server side, so they went client-side where they can validate actual page renders and lots of other time/click based metrics.
Ultimately sponsor ads that show up on sites/blogs/portals are usually first party server-side ads still. So as long as there aren't rogue ad networks on the server side or via DNS/subdomain then it may improve ads overall. Since first party ads are server side, unless routed via DNS to the ad network, at least the content provider incurs some cost from hosting it at least in bandwidth. If it is a subdomain that goes to an ad network that is full of dark patterns, that is not so great but it will still impact the host reputation in ranking.
Right now ads are a mess for a few reasons: so much tracking, taking up screen real estate and the marketing team pushing people to subscribe making the free content experience painful. Email/subscribe and ad popups are more prevalent than the behind the browser popups in the early days, very bad experiences.
I sometimes think the days of server side/first party ads and popups from the early internet are preferable to today's inline ads with videos that follow you down and autoplay nightmares all over the page with dozens of trackers and networks all in one. At least first party server side ads that are served up from a backend API hit to a third party or sponsors doesn't cause excessive connections, it also puts an upper limit on the amount of ads that can be shown before it hits costs of hosting and rogue ad networks impact the url reputation so the content hoster may be more of a curating check on ad quality.
isostatic 1613 days ago [-]
The ads I ran in the 90s were cut and paste html along the lines of
I never ran puch the monkey stuff, but I think that was something like <object src='http://hell.com/argh'>
bronlund 1613 days ago [-]
Stop visiting those sites already!
Valmar 1613 days ago [-]
Eventually, more and more sites will push these things on users, so it will not be enough to not visit these sites.
1613 days ago [-]
pessamistic_dev 1613 days ago [-]
So here's the thing. It's easy for any first-party to circumvent any of these attempts with a simple node proxy on aws lambda that passes data between the web browser and the tracking service.
juskrey 1613 days ago [-]
Maybe finally let's adopt, you know, the best strategy: stop visiting distracting sites?
sashimy 1613 days ago [-]
Websites that are involved are french news papers, french Amazon like marketplace and a french mobile provider.
I don't think you can categorise those as "distracting".
squiggleblaz 1613 days ago [-]
A website with unblockable ads is surely distracting. I mean, isn't the entire point of an ad to be distracting? "Instead of paying attention to what you want to pay attention to, remember that I have bridge to sell you at basement bargain rates just buy my kettle for 20 euros"
1613 days ago [-]
djsumdog 1613 days ago [-]
If this is a French company/website, doesn't this violate the GDPR?
shdon 1613 days ago [-]
The GDPR doesn't outlaw tracking. It outlaws tracking without consent.
People will allow the tracking pretty much whenever they have to when not doing so is an obstacle to accessing a website (Or simply because they get annoyed at the popup or it doesn't allow opting out).
uBO (in the common case) prevents tracking even when consent has been given. Subverting that is not against the GDPR because for the law, the consent is the only thing that matters.
cornedor 1613 days ago [-]
Those pop-ups should be privacy first, if not, they are still violating the GDPR
yason 1613 days ago [-]
It's fun to see the contrast to paper magazines.
Advertisements in magazines are often somewhat interesting, well-made to be entertaining, or even useful. I used to read ads in magazines and I still sometimes do. It doesn't give me a bad feeling, at worst/best I'll just emit an indifferent "huh", and proceed to the next page.
And I've never, ever seen a single internet advertisement that wouldn't make me irritated and start gradually boiling my blood. Early Google-style ad boxes were closest to bearable so far but I still never read them nor showed any slightest interest in them. They were just kind enough to not irritate that much but merely be mentally blocked right off the bat.
I can't stand a web page with ads yet I would find a magazine boring without them. I don't think it's the ads: I think it's the presentation and the media that differs between paper and web. My eyes can wander to an ad and then back to text quite easily on paper, but my browser can't fit several columns of the article and a full-page ad on the same screen. This either-or proposition interrupts my reading and causes agitation. On paper I'm in control, on web I'm not.
mumblemumble 1613 days ago [-]
There are a very few sites where I haven't minded the ads.
Chief among them was Ravelry, a social site for knitters and crocheters. At least as of the last time I used the site (which was admittedly years and years ago) they just one banner ad at the top of every page, hosted first-party rather than through an ad network.
The ads were far better targeted than anything I've ever seen come out of an ad network, because they were typically relevant to my interests, and also generally caught me at a time when I was already thinking about buying something like what the ad was trying to sell. Admittedly, it was an easy job that could be done with only a light application of tensor algebra, but still. I clicked on those ads. Often. And I always at least glanced at them. It was a lot like what you were describing with magazine ads.
The thing that gets me about modern Internet ads is that I really don't think they're the spiritual successors to magazine and newspaper ads, not even when they're hosted on magazine and newspaper websites. They're more comparable, in all but the most cosmetic of ways, to junk mail and telemarketing.
johnpowell 1613 days ago [-]
You should check out the "flow" to place an ad on Ravelry. I looked into placing a ad for my woodworking stuff and figured my ad would not get approved so I stopped. As a person that generally hates ads I am alright with this. I make stuff out of wood, they like yarn and don't want my ad and I am cool with that.
rusk 1613 days ago [-]
It’s to do with editorial. Annoying ads in print media simply won’t be run if they compromise the content (as a rule, there are of course exceptions).
Typically web doesnt have the same kind of control and advertisers have more or less free rein to do what they want.
palerdot 1613 days ago [-]
Not to mention that platforms are having a free rein over gathering sensitive information and turning it over to advertisers so that they can 'target' people as they please ...
yason 1612 days ago [-]
This suggests that there's a huge void in the market for websites and magazines who would go the length to curate their advertisements to make them relevant and not annoying.
rusk 1611 days ago [-]
there is, but the push for the network-based advertising is too strong, because in addition to mere advertising it also delivers market insight, which is arguably more valuable
glitcher 1613 days ago [-]
I tend to agree with you, but for me personally I think the difference comes down to intent.
When I open a magazine, even if I have a specific article in mind I want to read, I will slowly turn through the pages happy to browse through other random content. It is a very leisurely, less focused interaction.
When I go to a website it is almost always for a very specific purpose. My mindset is goal oriented - I want exactly the content I came here for, nothing more (with rare exception, like HN). And probably years of navigating through horrible websites has helped shape that mindset in me, but I have to wonder, if websites delivered curated content and ads at the level of a magazine, would I even care?
yason 1612 days ago [-]
I thought of the same but realised that I have contradicting examples from myself alone.
I sometimes go to a magazine to read about something specific yet I might eyeball the ads while I'm around the target content. If it's a long multi-page article that I'm interested in specifically, or a single page thing, I still might pop out of the text into an advertisement occasionally.
Conversely I do browsing (in the traditional sense) on the web as well: I often find myself looking around some website, reading this and that around here and there, trying to figure out how much of the stuff is interesting vs boring, and generally not diving deep on anything and thus I'm theoretically quite open to subject myself to advertising but I still don't look at ads, and I'm still not interested.
I sometimes wonder how would it be if web had started with good ads and I had conditioned myself from the start to expect interesting stuff in the ads.
It's just that the web went the opposite way, innocently starting with a <blink>, and going to JavaScript, Flash, and cookie-infested ad networks and whatnot to deliver involuntary injections of striking advertisements, and now I'm practically allergic to anything that moves or stands out.
jnellis 1613 days ago [-]
> Advertisements in magazines are often somewhat interesting, well-made to be entertaining, or even useful. I used to read ads in magazines and I still sometimes do.
"Believe it or not!" but magazines like Creative Computing, Compute!, BYTE, Run, and other 1980's PC magazines used to be all about the ads. There was often no other way of knowing what new software or hardware was available to buy, especially for smaller companies. You would open these magazines up, and look at the ads, each ad had copy that was either inspiring enough to dream about or cryptic enough to try to envision how it was being done. You were going to buy the magazine anyway so it didn't really matter if the articles were good. A good issue was one that had both. Rarely did you find the stock photo inanity that is beautiful people in a boardroom, all super interested at a whiteboard with arrows that go up, up, up.
hoistbypetard 1613 days ago [-]
I used to like (and click) ads from The Deck[1]. They were simple and usually for interesting things related to the sites that hosted them.
I also don't mind the ones on readthedocs-hosted content[2].
It's probably worth noting that neither of those are/were blocked by privacy badger, which I use on my desktop instead of an ad blocker.
I’ve purchased SaaS from his use of Deck in the past, or learned of and purchased deals from that placement this past year.
ergothus 1613 days ago [-]
> Advertisements in magazines are often somewhat interesting, well-made to be entertaining, or even useful.
Really? I find them interrupting, manipulative, and vapid, as a general rule. If my magazine was "boring without them", I'd need to find a different magazine. Ads are at best blockers to the content I wanted to get, and at worst manipulative and deceptive, be that in print or on screen. (Note: There are always exceptions - ads that are entertaining, be that in print, on screen, or on TV, but those are the exceptions that prove the rule for me, and something I'd happily sacrifice to have ad-free content)
Different strokes, I suppose.
Roark66 1613 days ago [-]
What about youtube ads, do you consider them pretty bad too?
Personally I think they are the most tolerable. There isn't that many of them displayed for me (maybe one ad per 3-4 10-15min videos). One can skip it after 5s and around half the time those ads are fairly well matched.
Contrast this with web page ads that obscure the entire content until you find a tiny x in the corner to close them or worse require you to click some stupid button to disappear. With websites that display the content, but then obscure it within a split second I realised a pretty quick way to get rid of them is to right click on the ad/element-> Inspect in Chrome then hit delete removing DOM elements that obscure the main content until you can see the content.
veilrap 1613 days ago [-]
For me personally, I find Youtube ads tied with peak annoyance. Ads which jarringly interrupt my audio, like Youtube ads inevitably do, are the worst.
Usually, audio ads are an ignore-able abomination, fortunately my audio is muted most of the time. However, if I'm watching a Youtube video, then my audio is almost certainly NOT muted, hence the terribleness of the ads.
Often an ad interrupting whatever content I'm watching on Youtube is enough to make me reconsider whether it's worth bothering finishing the actual video.
yason 1612 days ago [-]
YouTube could have good ads but their interface is horrible.
The ad interrupts the video, and I don't just mean it cuts in the middle of something. The problem is two timelines, the video and the ad. The ads make jumping around difficult because you switch between these timelines. Sometimes you always trigger an ad at around the same point. And you can't forward over the ads so if you're jumping forward and backward in the video, looking for something, the whole experience is choppy.
Obviously, the video creator could be asked to set N points in the video where ads would fit more naturally. Maybe they already do this, I don't know, but definitely a lot or most of video creators don't use that feature.
YouTube ads might be all right if they were just part of the video timeline, just like a tv episode with ads recorded on VHS.
I might not bother to j/l and left/right over short ads but watch them instead. And if I were seeking back and forth looking for interesting bits of the video I would spend time seeking back and forth over the ads as well which would be a point of contact to make me stop for a while and finish watching the ad too, if it seemed good.
Magazine ads don't force me to watch them for 5 seconds either, and they're worth paying money for. YouTube could very well do the same and I'd welcome a more streamlined, linear watching experience instead.
bluGill 1613 days ago [-]
YouTube are the worst. With TV they find a break to pause for messages - it might be a cliff hanger, to ensure I don't go away, but at least it is a pause. YouTube breaks in right in randomly in the middle of a sentence which means it is difficult to follow the thought across the ad break. (YouTube breaks in at deterministic times, but they have no relation to the program so it counts as random)
anonymfus 1613 days ago [-]
> There isn't that many of them displayed for me (maybe one ad per 3-4 10-15min videos). One can skip it after 5s and around half the time those ads are fairly well matched.
How many ads you see highly varies by person. Recalling Tom Scot's explanation that I fail to find, imagine when you play a video an auction is going where advertisers bid to buy your time from Google and winner shows you an ad, but Google also sets a minimum bid, so you don't see ads if nobody bids that minimum.
q_andrew 1613 days ago [-]
Sometimes video ads can get my attention in a good way, they have to just be really well made. I remember scrolling through an Instagram ad that looked like a "safe suburban" style video. I almost dismissed it when a weird glitch effect began the transition into a Borderlands 3 advertisement. The dog in the backyard was suddenly a mutated feral dog, and his owner was a wasteland junkyard rat. I thought, "damn, I wish every ad was this good. Then I wouldn't hate them so much."
takeda 1613 days ago [-]
You're right, but this is not always true. I saw magazines where the actual content was 1/8 of it or even less (this is usually common with magazines that you see in waiting rooms, I guess it kind of makes sense :). At that point the experience is not great, or at least I hated it.
Terretta 1613 days ago [-]
The content is the ads, it’s the “shopping experience” in paper form.
_delirium 1613 days ago [-]
One model where I sometimes found the ads interesting was the old Kuro5hin. You had to be a site member to buy ads, so they were usually from someone you recognized as part of the community, and usually somewhat relevant to the community.
codegladiator 1613 days ago [-]
you aren,t in control either in web or in paper. the only differnce in my opinion is that they track your view to other viewes..
yason 1612 days ago [-]
I am in perfect control of my reading experience when I have a magazine in my hand. I can either look at the ads or skip them, or I can just glance at one and decide which way to go.
This is in contrast to web where I'll have to start by choosing a set of ad-blocking plugins to allow me back even some of that control even before I've read a single article online.
I don't particularly even care that much about ad networks tracking me, that's more like a philosophical / ethical question that is invisible in the daily life. Web ads aren't bad because of tracking, it's just that they're mostly bad ads.
Iv 1613 days ago [-]
Forbid advertisements.
We can't solve a political problem with purely technical solutions. We can provide workarounds for 5 to 10 years but the core problem has to be shut down at one point.
rmsaksida 1613 days ago [-]
That would be great, but realistically I think that's never going to happen.
Legislation-wise, I think the best the web can hope for is forcing websites to label ads. It doesn't sound unobtainable, especially as similar legislation already exists for political ads in many places. For example, legislation could require websites to label all ads with some kind of strictly defined watermark. In addition, some kind of software-readable indication would be required for accessibility purposes. Could be a special HTML tag or attribute. That would make ad blocking much easier.
CharlesColeman 1613 days ago [-]
> legislation could require websites to label all ads with some kind of strictly defined watermark. In addition, some kind of software-readable indication would be required for accessibility purposes. Could be a special HTML tag or attribute. That would make ad blocking much easier.
The legislation would have to be very explicit about the format of the label and that it be machine readable, otherwise you'll get obfuscation like Facebook is doing:
> This is not the first time Facebook has changed its code in a way that has broken our tool. For example, all ads are supposed to contain the word “sponsored” as part of a mandatory disclosure, so users can distinguish between ads and their friends’ posts. Our tool recognized ads by searching for that word. Last year, Facebook added invisible letters to the HTML code of the site. So, to a computer, the word registered as “SpSonSsoSredS.” Later, it also added an invisible “Sponsored” disclosure to posts from your friends. Many of the participants in our project noticed the effects of this change because it caused some menus to pop open unexpectedly or the page to scroll to the top repeatedly. Nowadays, the disclosure says “SpSpSononSsosoSredredSSS.” Some of these changes were likely also intended to thwart ad blockers.
cyborgx7 1613 days ago [-]
> some kind of software-readable indication would be required for accessibility purposes. Could be a special HTML tag or attribute. That would make ad blocking much easier.
I don't share your pessimism about the feasability of politically banning all advertising, but I agree that something like this would be the next best thing, and a great step.
topkai22 1613 days ago [-]
In the US at least there is rightfully a free speech issue. It would take some serious constitutional wrangling to get a ban in place.
Tracking technology and terrible analytics platforms that slow everything down are much lower hanging fruit.
clarry 1613 days ago [-]
As much as I hate ads and would like to see them go, I don't want lawmakers telling me how to build my websites.
tpxl 1613 days ago [-]
Lawmakers already tell you how to build websites.
fwn 1613 days ago [-]
Your comment is not opposing your parents stated preferences.
It's like:
A: I don't like rain.
B: It's already raining.
kuzimoto 1613 days ago [-]
Can you refer to specific laws on restrictions to building a website?
The only one I could find was related to the Americans with Disabilities Act (ADA) and of course GDPR, but that's related to handling of personal data.
tpxl 1613 days ago [-]
ADA was what I specifically had in mind, but in the EU also the cookie law and similar.
clarry 1612 days ago [-]
I think the cookie law is a bit misguided. The problem (that they should want to solve) is privacy invasion and tracking, but instead of saying that, they flipped it around and allowed an exception for a vaguely defined category of "strictly necessary" cookies. I believe their intent was entirely good.
If they said what they wanted to say, the law would essentially say "don't violate privacy without explicit consent." I'm relatively OK with that; that's not telling me how to build websites, that's just making certain harmful activities illegal. It wouldn't be very different from saying "don't distribute malware that attacks your users."
In its current form, I'm not too thrilled with the cookie law. And I sure as hell don't want lawmakers adding more, worse, laws on top of that. Go too far in that direction and they're turning software into nagware (I loathe cookie popups, I loathe google's "privacy reminder", I loathe applications that blast me with notifications and hints, I loathe permission dialogs, I like Unix's Rule of Silence) while making its development a legal minefield.
I want to be able to write FLOSS software (or websites) with a user interface that pleases me, and EU is looking for ways to make that illegal. In a manner of speaking, I hope they do just that, then people who want pleasant software have more reason to organize an underground software liberation movement where no fucks about shit laws are given.
tpxl 1612 days ago [-]
I disagree with the cookie law as well.
>EU is looking for ways to make that illegal
I'm sorry, but what are you smoking? Willy nilly data collection is illegal, they don't say much about UI.
cyborgx7 1613 days ago [-]
>Forbid advertisements.
I'm glad I'm not the only one saying it in a thread, for once.
> We can't solve a political problem with purely technical solutions.
This is something that is sometimes hard to accept for the hacker mindset, but it's absolutely true and an important thing to realize.
Frondo 1613 days ago [-]
The hacker seeking a technical solution is, I think, at least in part a consequence of the individualism that's so much a part of especially the Silicon Valley hacking era; along with the libertarian leanings of especially early hacker culture.
Seeking change at a societal level is the exact opposite of the hacker's free-wheeling individualism, but it's the only way to actually accomplish change at a societal level.
You're right, we'll never change advertising just by running individual ad blockers, and we'll never change privacy controls by trying to mask our identities; that has to happen through laws and larger society. We have to have a right to privacy and freedom from advertising be a thing that everyone wants, the bus driver, the butcher, hair stylist, etc., not just what we can foist on our immediate family and social circle.
SkyBelow 1613 days ago [-]
I think the catch is that a hacker mindset can easily come up with 3 different laws that people would try to pass and then 4 different hacks to each of those laws. It enables easily seeing how to exploit the very poor quality of code (and yes, while many of those exploits are forbidden by judges who don't take kindly to them, others are deemed acceptable and some lawyers specialize in).
Iv 1612 days ago [-]
Then hack this: from now on, saying good things about a product or a brand in exchange of a retribution will be classified as corruption.
beefield 1613 days ago [-]
> Forbid advertisements
But... Ads are useful. I remember once maybe ten years ago when I noticed an ad about an event in a nearby library that was absolutely amazing and without ads I would not have been there.
(This is sarcasm. There is no reason why manipulating other people to do things should not be regulated heavily.)
hakanensari 1613 days ago [-]
Printed media can have ads. So should digital media?
That said, I wish digital media stopped wholesale delegating the work of serving ads to third parties and had proper control over experience and privacy—what is delivered how and who tracks whom.
II2II 1613 days ago [-]
The difference between printed, radio, and television ads is that they are tracking distribution rather than people. (I realize that this is not strictly true, but people had to opt-in to tracking with traditional media.)
The web has taken an industry that already had reputation for deceptive tactics and have handed them tremendous powers through data collection.
Should advertising be banned because of that? I doubt that it would be effective since the advertising industry has created an environment where tracking people is the norm. Banning advertising would simply shift the focus of that data collection so that it is less visible.
It would also be incredibly difficult to ban advertising. Legislation would have to create a clear definition of what advertising is and deal with a medium and business world that crosses national borders. If you don't consider the former, such legislation would have unintended consequences of the freedom of speech. In the case of the latter, it would be far more difficult to reach international agreements than with other online regulations (regulations that are already difficult to enforce) since advertising is considered legitimate in many cases while standards for advertising will differ.
cf141q5325 1613 days ago [-]
Require a strictly unconditional opt-in you can revoke at any time and the problem of data collection solves itself. None of these business models would work if they required meaningful consent. The missunderstanding about who is allowed to use my data is at the core of this problem. We tend to talk a lot of the lawless west that (was) the internet, but we somehow fail to mention an industry who has exploited missing regulations on private data. Just because they werent banned from exploiting this until now, doesnt mean it should continue any longer.
everdrive 1613 days ago [-]
Because the digital ads are something else entirely. They're often an order of magnitude larger (in MB), they contain tracking, they sell my information whether I want them to or not, they often contain malware. Maybe of them play audio or video.
Iv 1613 days ago [-]
I'm in favor of banning ads everywhere. I think they provide a negative overall value on the economy by distorting competition and consumers' perception.
donatj 1613 days ago [-]
Why is it a “problem”? Outlawing ads seems hugely regressive for society as a whole.
Without ads there would be basically no free content online, and those who cannot afford content would simply go without. Consider how much better the world has become due to easy access to information. To yank that away seems like bringing a dark age.
DJHenk 1613 days ago [-]
> Without ads there would be basically no free content online
Citation needed. I don't believe that for one moment. Already people are producing far more content for free each second than one person could ever consume in a lifetime on sites like Youtube and Instagram. The urge is there, even without any monetary reward.
> Consider how much better the world has become due to easy access to information.
Now consider how much worse the world has become due to the incentive to hide wanted information behind commercial information. Simple example: there was a time before adblockers when it was not a rare sight to have a page with 80% advertising and 20% actual content. Think unskippable ads before videos. Think of the mountains of useless content that SEO spam produces that hide the interesting pages in search engines.
Marketing does not give access to information. On the contrary, it takes it away.
1613 days ago [-]
donatj 1613 days ago [-]
Firstly, I honestly don’t believe citation is needed on “people don’t work for free”.
We’re seeing it already. Many if not most news sites are pay gating their once free content. Cite: Wall Street Journal, New York Times, The New Yorker. All charge for access. All we’re free before the proliferation of ad blockers.
Yes there would be hobbyist information for free, but WebMD? News sites in general? Any sort of resource that takes money to pay people to maintain? It will all be pay gated.
As someone who does not use an adblocker, I have genuinely no problems finding the content I’m looking for.
Iv 1613 days ago [-]
> We’re seeing it already. Many if not most news sites are pay gating their once free content. Cite: Wall Street Journal, New York Times, The New Yorker. All charge for access. All we’re free before the proliferation of ad blockers.
See? They found a way to put content online without relying on ads.
manigandham 1613 days ago [-]
Most of the free content is generally crap outside of a few channels/sites. Almost all popular content on youtube/web is made with the intent to profit.
dallasrpi 1613 days ago [-]
People can't make content for free on Youtube and Instagram without those platforms existing because of ads.
hombre_fatal 1613 days ago [-]
Yeah, what a weird example. Youtube and Instagram only gave bandwidth and storage away for free because they wanted to grow and be able to eventually monetize. They weren't charities one day that suddenly went "evil".
DJHenk 1613 days ago [-]
I meant to say that a lot of people are willing to do this "work" for free. That is not just content creators, but also system administrators e.d. I would be perfectly willing to run a forum for a group of like-minded people for free, but I'm not going to bother if there is already a subreddit for it.
Before Youtube, Facebook and the like, internet service providers included basic means of publication. Mail/mailing lists, homepages/blogs with RSS. They could do that again.
But, even if the barrier to publishing became higher and only 1/50th of the video's were put up on Youtube, it would still be far more than anyone could ever consume.
normalnorm 1613 days ago [-]
> Without ads there would be basically no free content online, and those who cannot afford content would simply go without.
There was plenty of free content online before ads, in fact I claim that the web was better before ads arrived, and it is getting worse by the day. Marketeers ruined it.
It happens over and over. YouTube had plenty of great content for free before monetization. Now it is becoming worse by the day, because everything is ad-related. "Influencers", etc.
> Consider how much better the world has become due to easy access to information. To yank that away seems like bringing a dark age.
Easy access to information is a consequence of the Internet and then the Web, both technologies having been developed by government-funded programs, respectively in the US and in the EU.
Ads brought us re-centraliztion, targeting and erosion of democracy through extreme polarization and fake news.
I know this is hard to believe for a lot of people here, but human beings are motivated by many things other than monetary profit.
manigandham 1613 days ago [-]
No there wasn't. The commercial internet is a trillion times bigger than anything that came before and services billions of users around the world, many for free, paid for by ads.
This is a tired old myth that everything was somehow better in the good old days but that's all it is.
normalnorm 1613 days ago [-]
> No there wasn't.
Yes there was. Go to archive.org and check for yourself.
> The commercial internet is a trillion times bigger than anything that came before and services billions of users around the world, many for free, paid for by ads.
Bigger doesn't mean better. The web is now flooded with malicious and manipulative content. The ads pay for that content, while taxpayers and consumers pay for the infrastructure that actually makes the Internet possible. Ads pay to keep the web centralized, they don't pay for what makes the web possible.
> This is a tired old myth that everything was somehow better in the good old days but that's all it is.
There is indeed, but notice that I did not say that "everything was somehow better in the good old days". I made a very specific comment about a very specific topic. My comment: there was plenty of quality content on the web before ads arrived. Ads made the web worse. Argue against this if you like, but not about things I did not claim.
manigandham 1613 days ago [-]
What does internet infrastructure have to do with ads? We're talking about content, and ads are the subsidy that lets billions consume for free.
That there's more content for more people across more channels is objectively true, and advertising pays for much of it. You seem to be conflating ad UX with economics.
normalnorm 1613 days ago [-]
> What does internet infrastructure have to do with ads?
It is the medium that makes the ads possible, and it is payed by you and me.
> We're talking about content, and ads are the subsidy that lets billions consume for free.
And I have been telling you every step of the way that there was good content before the ads arrived.
> That there's more content for more people across more channels is objectively true,
That is hardly surprising. There was no moment in the history of the web when the total amount of content available was not increasing. This was already the case before the ads.
Did it grown more than it would have without ads? Maybe. Is it better? I don't think so.
> and advertising pays for much of it.
And yet here you are, consuming content that someone created for free (me) in a platform without ads (Hacker News). So it doesn't pay for all of it, and even you, at least sometimes, seem to prefer the non-ad-funded corner.
> You seem to be conflating ad UX with economics.
Sorry, I have no idea what you mean by this.
apostate111 1613 days ago [-]
Yes, there was. The Internet was most interesting from 1999-2005, there were plenty of good searchable websites from private individuals or universities.
Literally the only site that is better now than back then is YouTube with an ad-blocker.
Everything else has deteriorated: Google (search) is worse, Ebay is worse, Amazon is worse, banking sites are worse.
Heck, even Java stock tickers from 2000 were better than now.
The art of presenting information in a meaningful way has been lost entirely.
normalnorm 1608 days ago [-]
Exactly, but most people here are unwilling to listen to any of this, because their salaries are funded by the very thing that has ruined the web - advertisement.
lameiam 1613 days ago [-]
If there are ads, then the content is not free.
donatj 1613 days ago [-]
I am given valuable content and did not give money. For all reasonalble intents and purposes it’s free. For as far as any person without means cares, it is free.
dordoka 1613 days ago [-]
It might be free as in gratis (free beer), but it's not free at all. Your behaviour, your profile, your data: you are the one giving that away in exchange. That data of yours is valuable.
FreedomFreedom 1613 days ago [-]
And IMHO even more importantly, with advertising the dynamic between content provider and user completely changes. The user no longer primarily is a customer, but rather becomes the product for the advertisers.
The content provider no longer only has to cater to the user, but also to the advertiser, with the conflicts of interest that can bring (e.g. unpopularity of critical product reviews).
Restricting the legality of advertisements in general might have the nice effect of leveling the playing field, by making it harder for content providers to benefit by-generally covertly-selling out their users (or their users' interests) to such third parties.
tapland 1613 days ago [-]
It isn't free as in speech without ads either. You give up your behavior, profile, data no matter the site showing ads or not. What you wrote sounds like a pro-ad argument when thought about for a second.
dordoka 1606 days ago [-]
I agree with your first two sentences, not the last one though. I didn't even mention ads in my comment :)
n0rbwah 1613 days ago [-]
You give them some of your brain time which they're reselling to the highest bidder.
manigandham 1613 days ago [-]
You either use that brain time to generate income at work and then hand over that money, or use it in real-time to pay for the content. Ads are much faster and easier in that regard.
matz1 1613 days ago [-]
Which is not money, thus its free.
Iv 1612 days ago [-]
The most important and informative website on the internet, Wikipedia, is free of advertisements.
Before Youtube, we were sharing files directly. There was far more content online!
Blaiz0r 1613 days ago [-]
The dark age was the best age.
kashug 1613 days ago [-]
With the current trend in EU I think it could happen that they regulate web-advertisement if it becomes too much of an issue. But there's loads of money in the market - so I would expect loads of lobbyism.
chongli 1613 days ago [-]
With the style of regulation preferred by the EU, I’m afraid the end result will be the death of independent websites and the establishment of a handful of de facto official websites that have the resources to follow all of the regulations, just like TV.
This may just be some inevitable fact about humanity. We’ve seen this sort of regulation and ultimate centralization of every single communications medium going back to the printing press. When I was younger, I legitimately believed the web would be different. I thought it would be a decentralizing, democratizing force for peace in the world. Now it seems destined to be the opposite of those things: a centralized tool for polarization and control.
anoncake 1613 days ago [-]
The money isn't even the main issue here. Political parties rely on ad agencies for their campaigns.
cyborgx7 1613 days ago [-]
It seems like if all advertising gets banned, no political party individually would be put at a dissadvantage to the others.
ZiiS 1613 days ago [-]
Political parties are not optimising for fair. They want to preserve the advantage rich and powerful parties currently enjoy.
cyborgx7 1613 days ago [-]
This is why when people say they don't take money from big corporations or rich donors, it's such an important factor. It's not just that you as a political party are incentivized to what they want so they will keep giving you money. Even if you donÄt directly succumb to their demands, you are incentivized to keep them rich so they will keep having all that money to give you.
1613 days ago [-]
anoncake 1613 days ago [-]
No, but the political party that wants to ban advertising will have a hard time finding an advertising agency.
dooglius 1613 days ago [-]
They could just carve out an exception for themselves
dangus 1613 days ago [-]
At what point in human history have advertisements not existed?
There are even advertisements in North Korea (for the ruling party).
This idea isn’t realistic.
Iv 1612 days ago [-]
For a bit longer than slavery or smallpox has existed.
Saying a thing always existed is a pretty bad argument to keep it alive.
SkyBelow 1613 days ago [-]
I don't see how this could be done without strongly impacting free speech and even some other freedoms.
For example, where is the difference between me talking about a game I like to play and someone talking about a game they like to pay that they were given a free copy to play?
I think looking at forbidding tracking is a better path to pursue. Or maybe making someone legally responsible for their ad codes as if they knowingly placed it there.
cf141q5325 1613 days ago [-]
You getting paid is the difference. Its the same way most corruption regulations work.
colejohnson66 1613 days ago [-]
But how do we handle that pesky First Amendment? Without either a new amendment or the Supreme Court ruling ads aren’t protected speech, we’re stuck.
Iv 1612 days ago [-]
Don't forbid to say good things about a product, forbid paying someone to do it. I don't mind Apple fanboys saying why they think Steve Jobs was a genius. I mind the big fucking 5m ads they put on historical monuments.
colejohnson66 1612 days ago [-]
Paying someone is speech. See Citizen United v. FEC.[0]
And before you claim it’s a bad ruling, think about all the times you’ve used your money. Are you not supporting the EFF in some form of speech by donating to them? Are you not supporting a product in some form by buying it? I don’t like it as it allows money in politics, but it’s a ruling that makes sense.
It is a bad ruling that is often used in EU to show how fucked up the US system is.
No, "speech" is something, that you can argue extend to written declarations and publications, but "paying someone to support their actions" is something different. It is something that can be used to promote a political expression and it makes some sense to protect some form of it but certainly not on the same grounds as protecting free speech.
Paying someone to put forward an opinion has other names: corruption, lobbying and, yes, advertisement. None of them should be practice protected under freedom of expression laws.
See, why is freedom of expression good? Because of the core philosophical belief that truth and good opinion emerge from the confrontation of different point of views. Alvin tells me why we should not bomb Eastasia, Barbara tells me why we should. Charles comes with additional facts. Daniele points out some lies and incoherence in some of the past arguments. They all make their points, then I think for myself to make my opinion.
This is how opinions of voters but also lawmakers, leaders, journalists, magistrates, citizens are supposed to be formed.
In no way would this process be helped by paying the person that is forming their opinion. Quite the contrary.
So yes, this ruling was bad. Incredibly bad. It is bad for philosophical, moral, practical reasons.
The fact that I should be allowed to donate to EFF does not rely on the 2nd amendment. And in fact I do want the law to forbid me to give 10 millions to the EFF to drop a lawsuit that would go against my interests.
manigandham 1613 days ago [-]
Advertising is everywhere, and a core driver of economic growth for companies. Everyone with a job is working for a company that advertises to some degree and grows because of it.
Some bad or annoying ads on the web is not cause to forbid advertisements and completely misses all the content that it pays for.
realusername 1613 days ago [-]
> We can't solve a political problem with purely technical solutions.
I hear that a lot but historically, we've seen a lot of the opposite, a lot of political problems were solved with technical solutions. Technology so far had an even bigger impact than politics on society.
onethought 1613 days ago [-]
Could you qualify that statement... politics encompasses most conflicts throughout history. Short of the moon landing... technology hasn’t really featured.
Demiurge 1613 days ago [-]
I would venture to say Moon landing is a bit below nuclear weapons.
onethought 1606 days ago [-]
You mean those things we've only used once (twice) and the rest has been politics?
Iv 1613 days ago [-]
They keyword is "purely".
Technology can enable a political will and can create an opportunity for change, but if the political will goes in one direction, no amount of tech will be able to resist it forever.
We could ban ads easily with a law. It would not need any tech. Scrubbing all the ads while there are incentives to develop them, however, is a lost fight.
vthriller 1613 days ago [-]
> Forbid advertisements.
How would one formalize what's an ad and what's not? And what about sneaky things like sponsored content or, say, amazon reviews? It's hard sometimes to tell whether a review is legitimate or an ad in disguise.
Iv 1613 days ago [-]
I think ads are very close to corruption.
"Did you receive compensation to say good things about this product?"
Yes: corruption.
No: you're clear.
1613 days ago [-]
1613 days ago [-]
eqtn 1613 days ago [-]
Banning targeted ads can be the first step here.
brnt 1613 days ago [-]
"We have noticed that you are using an unsupported browser. Please install Google Chrome."
This is why using Firefox is so important. We are not there yet, or at least most sites still work fine with FF, but once that changes Google will essentially own the web. There are multiple browsers that also use Blink engine, but they basically just a Chrome with a different skin.
I also really miss that Opera gave up on their Presto engine and at the same time decided to not open source it. Yes, the source code leaked, but without license no one will touch it.
nielsole 1613 days ago [-]
I hate it when sites block based on user agent (looking at you, Microsoft teams) so I have to use user agent switcher. This way they never have a chance to find out how many Firefox users they really have and support for Firefox never gets priority.
thenewnewguy 1613 days ago [-]
> looking at you, Microsoft teams
Teams definitely doesn't block Firefox for me?
nielsole 1613 days ago [-]
"for the best meeting experience, open the link in Google chrome" with no button to proceed with Firefox.
1613 days ago [-]
Nullabillity 1613 days ago [-]
Teams doesn't even work in Chromium for me.
fesoliveira 1612 days ago [-]
Weird, I use Chromium at work and Teams seems to work fine for me.
aitchnyu 1612 days ago [-]
Yup, I spoofed Chrome on Chromium to make it work.
madisfun 1612 days ago [-]
Teams on Firefox enters in a loop of infinite logins.
westmeal 1613 days ago [-]
Have you tried spoofing the user agent string to chrome
jlgaddis 1612 days ago [-]
Have you tried reading the comment you replied to?
disiplus 1613 days ago [-]
i use firefox on android, mostly because of adblocking, and the number of broken websites on firefox is not small, the menu on the mobile website of my bank does not work in firefox.
it's shit and i consider changing banks because of that (and other things).
sam_goody 1613 days ago [-]
I only use firefox (for work, will test in Safari and Brave), have been doing so for years, and waste waaaay too much time browsing.
I almost never have issues, so maybe it is your plugins that are causing issues (or maybe android ff is different than ff for Mac?)
Chirael 1613 days ago [-]
I got a new laptop about 6 months ago and have refused to install Chrome on it.
For the few cases where I need anything Google related, I use Edge. Basically, Edge gets all my Google related tabs, and Firefox with uBlock Origin gets the rest of my browsing.
I did have to train myself not to control-click links in Gmail though, and instead copy-link, paste-into-Firefox.
jay_kyburz 1613 days ago [-]
I found that Firefox doesn't want to support the same scaling features as Safari and Chrome. I could never get this to work anyhow.
That shit is for lazy devs. Nobody should be forced to use pinch zoom on a platform designed to reflow text.
1613 days ago [-]
pteraspidomorph 1613 days ago [-]
Tell them. I had a similar problem a couple of years ago, I logged a complaint and they eventually fixed it. It took a few months, IIRC, but they replied and confirmed that it was fixed.
cpeterso 1613 days ago [-]
You can also file a bug report with Mozilla's Web Compat team:
They diagnose websites broken in Firefox and reach out to website developers, fix Firefox bugs, add Firefox UA overrides (see Firefox's about:compat page), and start discussions to resolve ambiguities in web standards. For example, what should happen for a broken image without an alt value?
it's related to adblocker, i eventually disabled adblock for that website, but without disabling it it wont work. i know it's not directly a firefox issue, but with mobile chrome not having adblocking it kinda is in that they don't care. it honestly took me to long to figure it because i could not believe that a multi national bank would have this broken website (and that is with new 2018-19 redesign). it's not the first website to not work without js, but you would assume that the bank website would be done in a way where if analytics is not loaded the rest of the webpage would continue to work.
sambull 1612 days ago [-]
weird. I've used firefox for years. I can't recall broken stuff really, unless the developer tried to purposefully not let me use it based on user agent (work around available for most). But random crashes did plague me for a bit earlier on.
boring_twenties 1612 days ago [-]
Did you contact them about it?
Binance.com had the same problem, I emailed them about it and it was fixed the next week.
zamadatix 1613 days ago [-]
It's so bad nowadays that I even get "your browser isn't supported" on Chromium based browsers because detection is "is useragent Chrome?".
brnt 1613 days ago [-]
I'm worried that Firefox being the sole browser supporting such ad intercept will only make it more likely for UA sniffers to just outright block it.
abawany 1613 days ago [-]
With Chromebooks becoming more than a fringe platform, it will be harder to escape the well of Chrome's gravity; the Android support on Chromebooks still leaves a lot to be desired IME making the use of Firefox/Android on such a devices feel a bit of a sacrifice.
kmerrol 1613 days ago [-]
I run a PixelBook running Firefox for Debian with ublock and other privacy settings on high. Not stuck with Chrome on a chromebook that can run Linux apps.
abawany 1613 days ago [-]
I presume you mean in Crostini? Sure, that works but there are limitations:
1) the use of the on-screen keyboard in tablet mode is iffy with Crostini apps: https://bugs.chromium.org/p/chromium/issues/detail?id=826614 . On my HP X2, I wanted to use Thunderbird to get my email while using the device as a tablet: in addition to scaling issues, the inability to enter text made it impossible for me. It seems that Google seems to be abandoning the idea of detachable Chromebooks replacing the nearly-dead Android tablet market so maybe the expectation of a hardware keyboard is not outrageous.
2) On my machine, the performance of Crostini apps does not even come close to the performance of the native Chrome browser.
That's just my experience though. Edit: FYI, my default browser on the device is Firefox/Android but again, its performance does not come close to the native Chrome plus the latter passive-aggressively brings up a 'choose browser' dialog for any pages I happen to be browsing in it. It really has been an extremely unpleasant experience but I haven't found anything better yet for my specific use case.
aledalgrande 1613 days ago [-]
And then they will be able to charge an even higher rent to business who want visibility.
bigbugbag 1612 days ago [-]
Why would I use firefox when mozilla has repeatedly lied to me, pretended to care for privacy while making moves to invade it, removed support for features I relied upon, refused to consider linux as worth their time, forced telemetry surveillance upon those who specifically disabled it, dropped what made firefox useful in an attempt to be more chrome-like, etc.
The list goes on and on, mozilla has a terrible record and proved multiple times that it should not be trusted.
After the pulseaudio debacle and after being a supporter since its first steps, I quit firefox and removed it from all computers I maintain to never return. There is no thing mozilla can say or do that will make me go back to firefox, apart from acknowledging their role and taking responsibility by resigning and releasing firefox to the world.
chmod775 1612 days ago [-]
Well I hope you're not using Google's browser then, because it is everything you listed, but way worse.
Jamwinner 1612 days ago [-]
Whataboutism does not help progress on either front. Both mozilla and google have been acting in bad faith more than any of us would like to admit. Both deserve to be called out, not just accepeted as 'not as bad'.
BlueTemplar 1612 days ago [-]
Well, one does have to use some browser if one wants Web access?
chmod775 1612 days ago [-]
> Whataboutism does not help progress on either front.
You are completely missing the point. At the end of the day you have to pick a browser, and so it matters a great deal which one is worse, even if neither is perfect.
Personally I still trust Mozilla above any other major browser vendor. They're not even in the same ballpark.
om3n 1612 days ago [-]
What browser do you use now?
bloblaw 1613 days ago [-]
Reminds me of the "Best viewed with Internet Explorer" tags. When is Chrome going to reinvent Active-X (which only works in Chrome)???
The major differences being that P/NaCL was:
1. An open standard/implementation
2. Used regular OSS code
3. Was actually written to be secure
The effort spurred ASM.js & eventually the WebAssembly standard because of the discomfort of deploying a cutting edge research to billions of people on the web (the initial NaCL implementation was very large & eventually turned out to have security holes, the original research was improved upon but by then the industry had spoken).
Nowadays if a site does this I simply don't visit it. If it's a really important site (which often does support FF anyway), I just use Edge. Chrome is now like an absolute last resort.
_jal 1613 days ago [-]
I convinced a vendor they needed to stop being Chrome-only. The sales guy was sitting next to me, I loaded the page in FF, and turned to him and said, "Seriously, you want us to install a browser we otherwise refuse to use for this?"
It was fixed that week. Unfortunately, this trick does not work very well on non-enterprisey sites or after you cut them a check.
tus88 1613 days ago [-]
"I notice you are an unsupported website, goodbye".
teawrecks 1613 days ago [-]
For sites that make all their money from ads, this is the preferred response.
tejtm 1613 days ago [-]
hmmm perhaps we can do better than just leaving,
after all we do have these robots to do our bidding.
stiray 1613 days ago [-]
In this case and when website works poorly on firefox: "I have noticed, you are developing unsupported website. I will find my content elsewhere."
Already doing that. You can call it "voting with my wallet".
fmihaila 1613 days ago [-]
I have transitioned to Brave [1] a few days ago and never looked back. Brilliant browser for my use case.
Ad blocking seems to be a perfect use case for machine learning. Ads can usually be trivially spotted by humans. Why not have the ad blocker "look at" the web page before you see it and decide what it thinks are ads regardless of where they come from or how they got onto the page.
ojosilva 1613 days ago [-]
Very hard to do. Humans get tricked into ads all the time, so imagine AI. Besides, an AI trying to understand the intentions and meaning of a Turing-complete system from a slice of its code and data is like a brain trying to guess another brain's intentions from looking at partial imaging of its neurons.
Actually think about the problem the other way around, as it seems easier to do the opposite in most cases (or at least for news/articles sites such as liberation.fr): a page readability extraction plugin, sometimes called summarization. It identifies the "meat" (ie. the main article or video), extracts it and gives it to the user bare bones. No ads, no tracking.
At least that's what I'd prefer once everything else fails, and that's why I'm using Firefox's reader mode and Pocket a lot these days, and if ads take over again like in 1998 that's were I'll be surfing the readable web.
davidhyde 1613 days ago [-]
This is true. Those "Download Now" ads on download pages are case in point.
We're reaching the end of the golden era of ad-blockers where we thought we were ad-free by just blocking a banner ad.
CharlesColeman 1613 days ago [-]
The issue here is tracking, not ad-blocking.
Tracking does not need to provide any visual indication to the user.
davidhyde 1613 days ago [-]
I see. To keep tracking under control I have my browser delete all cookies on exit except a couple of whitelisted sites I wish to remain logged into. I use the firefox CookieBro plugin for this. I also run the firefox "I don't care about cookies" plugin to stop those nuisance banners you get when you visit a site for the first time. Lastly, I use ublock origin to clean things up.
buboard 1613 days ago [-]
Don't worry though, google is safe. They 'll strongarm people to use AMP and Signed HTTP Exchanges for first party access.
I think however it's time to grow up and stop playing this cat-and-mouse game. Advertising is crucial to the web and should be allowed. We should be shifting towards ideas that decentralize the tracking itself (like Brave does) or allow users to completely control and explicitly switch their advertising tracking identities
going_to_800 1613 days ago [-]
uBlock is too aggresive, I stopped using it. As an example it's blocking live-chat widgets like Intercom. Also, as a website owner, I don't see how web can work without any sort of tracking like uBlock suggests, simply you won't see any high quality services if all tracking, even safe one is blocked. You can't optimize a service from both technical and business perspective if you are blind/have no data to base your assumptions on.
vesinisa 1613 days ago [-]
The issue is not with uBlock itself but the filter set you are using.
Also, 95% of the time the live-chat functions on websites are obnoxious. If I have a concern, I am happy to open a dedicated chat page. Having a chat widget on every single page is annoying and unnecessary. But that's just my opinion.
Are you sure you are not able to do your website performance analytics from your server logs? More often than not, user agent side analytics end up collecting lots of unnecessary sensitive data, and sharing it with third parties like Google.
going_to_800 1613 days ago [-]
It's not about having access to server logs, you need tools to make business and technical decisions and no tool will use server logs to show you how users interact on your app or website.
What's the privacy concern if I'm tracking on what pages my users visit? I'm not sharing those with anyone.
Small business owners like myself are hurt by these things, I can't afford to pay 4-5 figures to a developer to build a tool to analyze my server logs and won't give even 5% of the quality of data analysis Google Analytics or Mixpanel gives.
vesinisa 1613 days ago [-]
> What's the privacy concern if I'm tracking on what pages my users visit?
You can get this very easily on the backend side.
> I can't afford to pay 4-5 figures to a developer to build a tool to analyze my server logs
No need to bother, there are tons of easy SaaS tools like Splunk in that marketplace already.
nkrisc 1613 days ago [-]
> You can't optimize a service from both technical and business perspective if you are blind/have no data to base your assumptions on.
Frankly, that's your problem, not mine as a consumer. If I want to give you feedback, I'll let you know. You could always ask me, too.
going_to_800 1613 days ago [-]
It doesn't work like that. Feedback doesn't provide you usage patterns for ex. so i can make that feature easier to use.
Individually maybe it's not your problem, but taking that as a larger group becomes a big problem.
nkrisc 1613 days ago [-]
I understand well. If it becomes a problem then perhaps ask your users to allow tracking on your site, and tell them why you want to. Then they can make an informed decision.
SmellyGeekBoy 1613 days ago [-]
One of my ecommerce clients has grown from absolutely nothing to the biggest online retailer in their market segment in 6 years (£10million+ turnover) - and we don't track users at all.
yjftsjthsd-h 1613 days ago [-]
Don't worry, no client can block safe tracking. You will always have access logs on the server.
kup0 1613 days ago [-]
The more live-chat widgets are blocked, the better. Most of the time they're just as annoying, unwanted, and intrusive on the page as ads.
Rendered at 22:06:20 GMT+0000 (Coordinated Universal Time) with Vercel.
[1]: https://github.com/uBlockOrigin/uBlock-issues/issues/780#iss...
https://github.com/NanoAdblocker/NanoCore/issues/238
The proposed way for content blocking in Manifest V3 is how Safari on iOS implemented it a few years ago — a declarative list of URLs to be blocked is provided by the extension and the browser engine looks that up and blocks them. The extension doesn’t see the actual page URLs or requests, leave alone block them.
This is a positive for privacy since the browsing behavior of the user is not exposed to malicious extensions. But uBlock Origin is not some-random-extension-that-wants-to-steal-information. Treating uBlock Origin like any other extension isn’t good. Since Google makes money by selling ads, there will likely not be any concessions on this front.
There is no win for privacy here.
Try to use Youtube without an ad blocker. It's insane.
It's very common to see: "Ad 1 of 2", the first of which is unskippable, the second of which needs 5 seconds to be skipped (if it's skippable at all). Then you get the content which is almost always sponsored and opens with an ad of its own "this video sponsored by squarespace" etc;
A deluge of marketing, and somehow "not profitable". I don't get it.
Caveat: I was using Firefox Developer Edition... I wonder if "normal" FF would be better.
Disclaimer : I use about 6 privacy focused addons in total.
I tend to be very frugal in my use of tabs, maybe 30 at any one time and even then very briefly and I don't have any issues.
To put this in perspective, I'm on a Librebooted T400 machine, so 4GB RAM on a Core 2 Duo and it FF hasn't been a major issue at all. Everyone's mileage may vary.
Why? Doesn't it work with Firefox?
When I said basically the same thing 4 years ago[1], most people seemed to think it wasn't a serious concern or could be easily bypassed. However, after observing how certain types of businesses use the World Wide Web over the past 3 decades, it's obvious what they want: to send an opaque binary blob to the user that nobody can investigate or modify, that gives them full control over what the user sees and is allowed to do. Just like TV.
The only safe response to this is to stop allowing documents (or docs with 3270-styole forms) to embed software in a Turing complete language. Add functionality that is used declaritively, or the answer to "should this be blocked" is undecidable. Give them the ability to run a Turing complete language that renders to a canvas, and adblocking becomes a hard image recognition problem (or requires solving the Halting Problem).
[1] https://news.ycombinator.com/item?id=10211050
People who don't want to see ads (i.e. a large part of adblock users) are also more likely to engage in toxic (to advertisers and YouTube) behavior, such as intentionally clicking on ads but never buying anything (or even writing scripts to do that), or intentionally avoiding the advertised product, etc.
Twitch also removed the ad-free benefit from twitch prime.
A healthy internet is ultimately up to us to build and maintain.
I feel like that's not a real problem. Or, maybe only a problem for services that care more about having a ton of users than being profitable and sustainable.
There are quite a few services (SmugMug, Vimeo, NetFlix, etc.) that charge money, don't have advertisements, and are doing just fine.
It's weird that so many web companies decide to go the sleazy advertisement/tracking/malware route rather than just charge money for the services they provide.
You will find very quickly how reluctant people are to pay for anything despite a few cultural-phenomenon-level exceptions like Netflix.
I'm amazed how many people, like my own coworkers making $100k+, listen to Spotify all day every day yet will endure advertisement after advertisement in their stream of music instead of paying $10/month. If someone isn't even going to pay for Spotify despite it being a central part of their day to day experience, GG to your little service.
I think advertising has played a major hand in shepherding us into this position that divorced us from the idea of paying for content we enjoy. There is going to have to be a major cultural change to bring us back into a healthy relationship with content.
One common response to this is "well, maybe everyone should be hobbyists again making content for free," but surely we can find a better middleground than structuring things such that we depend on people toiling away in their freetime to produce the content we happen to want. For example, I'd rather my favorite content providers be able to feed themselves working on this content. We both benefit: I get to enjoy more content. Depending on hobby work doesn't get us there.
That's absolutely not true, though. People buy stuff all the time. Clothing, shoes, sporting goods, dishes, food, housewares, books, DVDs, etc.
The "freemium" approach Spotify takes is a poor example because they're not charging for their real service of music streaming, but instead to get rid of advertisements. They've moved their own goalposts, and the question isn't "Is streaming music worth $10 a month?" but "Is it worth $10 a month to get rid of this commercial?" If the options were "Pay $10 to stream music" or "Listen to nothing," the results might be a lot different.
> One common response to this is "well, maybe everyone should be hobbyists again making content for free," but surely we can find a better middleground than structuring things such that we depend on people toiling away in their freetime to produce the content we happen to want. For example, I'd rather my favorite content providers be able to feed themselves working on this content. We both benefit: I get to enjoy more content. Depending on hobby work doesn't get us there.
I'm not making that argument, and you're setting up a false dichotomy. There's no reason content creators need to use advertisements and can't charge for their content instead. It worked fine for music and movies for over a hundred years, and books have been using that model for hundreds of years before that.
I'd never pay $10 for a character in a game, but I'd happily pay $15 for a plastic toy that coincidentally unlocks something in a game I was enjoying anyway
Why go to work, earn cash with your attention, and pay for Spotify when you can directly monetize your attention on-demand in real-time at the rate you consume? That's what advertising allows.
There are people who pay for paid password managers when free alternative products available. I myself pay for a number of services (very reasonably priced) when I could have used free alternatives. The difference is the guys I pay don't offer a free edition without ads and nonsense like that. They just build a great software and ask to pay for their effort.
If you do it as a hobby, it's not toiling. It becomes toiling when you do it as work, especially if you have to please advertisers instead of making the content you love.
Also lots of people can't afford all the content they consume today, and would much rather have access with ads than nothing all.
I mean, on the whole, the vast majority of ad supported content is in fact clickbait trash.
This seems standard: acquire users, then make the service worse for users. (and better for shareholders and/or advertisers)
Are those special and only run for large streamers? I never see ads on twitch, but the biggest streamer I watch has under 300 viewers.
However, I would argue that it is not actually worse for several reasons. For one, the streamer decides exactly when and how to play ads - so if the ad timing bothers you, you're going to start watching someone else, which in turn creates an incentive to keep streams ad-free or at least run ads at specific times.
The second reason is that the usage pattern of Twitch is different. I go to twitch (if it's a livestream) to actually watch the content, whereas I use YouTube in many cases like I would use an article, skipping through videos and back and forth looking for a specific part or specific information, and if the information isn't there quickly trying the next video. This workflow gets completely destroyed by ads. To the point where if YouTube would somehow force me to watch ads, I would simply stop using it except for the 2-3 weekly videos I actually plan to watch beforehand.
You may be ad-free for another reason such as a grandfathered twitch prime that will expire when it next renews, twitch turbo, or a subscription to a channel that opts-in to the ad-free sub benefit. You might also just be in a region or demographic where ads aren't being bought, so you wouldn't get any then.
Now, whenever I get an ad, I immediately close twitch and find something on YT/Mixer to watch. I'm training their algorithms to leave me alone.
I get ads when I use Twitch, with the same account, on a stock installation of Chrome (which I use as my backup browser for when I don’t want to figure out which extension is breaking a website). So it’s not related to my account, location, etc.
The problem is that sites trying some insane techniques is a bad arms race.
Sites like the wallsteet journal made a adblock-wall, see ads or don't use the site. That's fine. They can do that. And they lost lots of traffic. But they can decide if they like that.
Websites want a have-your-cake-and-eat-it option -- forcibly show ads, no opt out.
That's why I'm not using it personally, even though I'd love to...
then you can go mad on everything outside the container
The next anti-tracking technology should include fake tracking.
What makes you say you’re speaking for most of us?
Tracking doesn't mean anything to most people.
https://support.alexa.com/hc/en-us/articles/200449744-How-ar...
Why ask a vague winky-face question when you can make your assertion instead? Now I have to wait for you to respond just for you to clarify what you were trying to say.
> our traffic estimates are based on data from our global panel, which is a sample of millions of Internet users using one of many different browser extensions. However, we don’t just rely on browser extensions. We also gather much of our traffic data from direct sources, including sites that have chosen to install the Alexa script and certify their metrics. It is this unique combination of data from our global panel, plus data from directly measured sources, filtered through our advanced statistical models that allow us to provide you with robust and comprehensive metrics.
In most countries, any YouTube user can pay a subscription fee to disable ads. It's called YouTube Premium: https://support.google.com/youtube/answer/6308116?hl=en
This has existed since 2015, so presumably Google employees have it on their personal accounts.
source: ex-googler
I don't think that's true, video encoding is expensive. This is not trivial to do without investment in hardware.
Google doesn't just sell ads, they sell targeted ads. Yes, YouTube currently does some processing on every video uploaded. But they only do that once.
The thing you can buy a la carte is twitch turbo, and that still removes all ads.
HBO does product placement too, though they sometimes pretend they don't or pretend it doesn't count when they do it because they do it "pro bono" (The Pope only drinks Coca Cola™ brand Coca Cola Zero™ for purely narrative reasons, and we're going to mention the brand Coca Cola™ explicitly several times by name to drive home the point that the character you enjoy watching enjoys the cool refreshing taste of Coca Cola™ brand Coca Cola Zero™. Don't worry Coca Cola™ hasn't paid us to shill their sugar water, we do it for free! Drink Coca Cola Zero™!)
We have fire tv and Amazon has added more and more advertising to the point it’s nauseating (an ad for Shameless in the middle of a bunch of baby pictures is jarring).
I’d be happy to pay an extra dollar / month to amazon to not see ads there. Actively looking at htpcs that I can put Adblockers on (pihole doesn’t work since ads and content come from same places, I think)
Putting a VM into our browsers, along with sufficient API support to make that VM useful, is what spells the eventual end of the document-based web. I think that future arrived a few years ago and it's just not evenly distributed yet.
That sounds like the worst future possible. I love the fact that I can go to any web page and look at all of the HTML, CSS, JS (even if I need to use a tool to un-obfuscate it). Have you never wondered how someone did something and then looked at their code to find out how they did it? I love being able to use curl and wget to grab a web page. How would that work in a non document-based web? I really think this would be a terrible thing if it actually came to fruition. I truly hope I'm retired or dead before it occurs.
Outside accessibility there's also the issue of responsive design, huge SEO impacts, rendering performance... I'm probably missing a bunch.
Lifting a sedan with my bare hands is obviously easier than lifting a 10 wheeler, but it's still a massive problem. Rendering stuff is not the biggest issue.
Gary Bernhardt's talk "The Birth & Death of JavaScript"[1] was an ominous portent of a terrifying future. Unfortunately, some people apparently saw it as development roadmap.
[1] https://www.destroyallsoftware.com/talks/the-birth-and-death...
You can even implement a WASM interpreter in JS.
WASM at least is standardized, so there will be a whole ecosystem dedicated to it. Think IDA Pro for WASM.
> although we've had Emscripten for years
We did. And I didn't see the "asm.js apocalypse" you seem to fear.
WASM is different between Emscripten was always a fun curiosity, and WASM is being "marketed" to developers as "get native app performance in a browser". "Modern" Javascript has been able to deliver this future for a few years now, but it lacked the marketing and tooling to make it mainstream. Flash and Java were attempts to move to that future that didn't pan out.
Having IDA Pro for WASM is all well and good, but doing binary reverse engineering on every single website isn't practical.
The web, as it has been, was nice. We're not going to get to keep it. I'm unhappy with it, but I'm resigned to it.
So WASM doesn't take away anything from us, because we haven't had the "nice" you mention for 10 or 15 years. Sites like HN will stay like this, sites like Facebook will get even bigger. It will happen with or without WASM.
But yes, I do see where you're coming from. You want a less bloated Web, and you're worried that WASM is not going to lead to that, which I pretty much agree with. While I'm saying that cat is already out of the bag and WASM at least has the potential to bring performance improvements over JavaScript (which will be promptly negated by the sites getting even more bloated).
I want a declarative web. I wish there wasn't a VM in my browser. I want a web where my user agent, under my control, dictates how documents are interpreted and displayed.
So much of information security relies on not letting third parties execute arbitrary code on your computer. The price to view "mainstream" websites is increasingly becoming "allow third parties to execute arbitrary code on your computer". I can sandbox that code and perhaps limit the impact to my privacy (though thanks to processor microarchitecture "features" that's increasingly difficult), but I lose virtually all ability to control the presentation experience.
To be blunt: The kind of assholes that delighted in using Javascript to block opening context menus, blocking "Paste" into password fields, etc, have won. That pisses me off. Developers with good intentions who wanted to make something "cool" end up being the architects of the tools that will be used turn the web into cable TV.
Change your `dom.event.clipboardevents.enabled` in about:config to false.
TVs allow the user to mute the audio, switch channels and fast forward past ads in recorded video. What publishers are doing to the web is like sending a control message that reconfigured the TV and disabled some of its functions. "You can't mute the audio, you're obligated to listen to this. Also, we're turning the volume all the way up in order to reach you even if you leave. You can't turn it off either."
Publishers simply don't want users to have any control over the experience. It's their way or the highway.
What if broadcasting companies sent signals during commercials that told the TV to disable these features? "They've enjoyed the movie, now it's time to make them pay. Don't let them change the channel, mute the audio or lower the volume". How long would it take before TVs that didn't follow these intructions entered the market?
Browsers have features publishers don't want people to have. We can download copies of "their" content. We can delete their ads. We can filter out their user tracking malware. This is possible because the browser serves us, not them.
You can easily generate a static document with ads, doing the heavy lifting on the server.
The problem with first party tracking from the PoV of the advertisers is that the feedback they need goes through the site their ad is on so it is possible to be faked: "Yes Mr Advertiser, we really did send x000 ad impressions to {addresses} this day, honest guv'ner."
And from the site's point of view the adverts now become a little more admin to manage beyond just slapping in a reference to 3rd party JS and adding a <div> for that code to target to insert the advert.
Essentially, the ad providers would also become hosting services.
So.. Google AMP?
It also creates single points of failure that did not exist before. If the ad service is down, your content is (potentially) down too rather than just being served without working ads.
Maybe there is a market for a proxy that converts any page you visit to bare and functional HTML with just content and navigation. No ad's, distractions, disfunctional scrolling, etc.
Wrap it up with an easy to install bow and easy self updating to keep up with sites (and easy fallback to original sites/links), and I'll never browse the mainstream sites again. There are a couple of things that do this, but none as well as I'd like to see.
Fetching data from such websites is the only thing so far where I've found ES async generators very very useful.
You don't even need a browser. Most of the time simple HTTP requests from node work just fine, and makes tor use safer and more effective since you're not running any foregin JS code, just parsing data. Other thing that improves privacy is that you're downloading everything, so it's hard to see from the service's side what you're actually consuming.
Actually many usual services follow this pattern. List of accounts->list of transactions->transaction details. List of categories->list of articles->article detail. List of product categories->list of products->product detail.
Simple abstraction can get you very far, even with a fairly simple DB schema.
I’m not sure if it can also enable individual scripts, that might become necessary very soon if this article is an example of what is coming.
https://en.wikipedia.org/wiki/Proxomitron and other MITM-proxies can do that and more, although the security-paranoid may disapprove (but then again --- what are you more concerned about, what is your threat model, etc.) The recent "security vulturism" and things like DoH and other anti-user ostensibly-privacy things certainly doesn't help.
There is also the option of actively attacking the business model of the ad and tracking industry. Ad blockers could simulate lots of "fake" traffic to make ad analytics harder (this is another arms race against attempts to filter out the fake traffic)
Mandatory : "Why Rosyna Can't Take A Movie Screenshot"
http://web.archive.org/web/20180919021829/https://www.alexra...
This would be awesome!
Kind of like climate change, there are actions we all know would help but individually giving up those conveniences is difficult.
And like voting with your wallet, it will be completely ineffectual in actually addressing the problem.
> Kind of like climate change
Another area where the need for comprehensive societal solutions gets dumped on the individual instead, rendering it ineffectual.
I'm a big proponent of top down climate change policy to force change as opposed to hoping if we virtue signal enough people will be shamed into driving a bit less etc.
With regards to Ads I don't take as much a hard line approach as yourself (I remember our last discussion!). I'm very pro ad blocker use but not to go as far as banning them in any way.
Something I've been thinking about is sending a header to websites informing them I'm going to block their ads so they decide not to send me the content if they don't want to. I feel no entitlement to their content as they should not feel any entitlement to what code gets to run on my machine once it reaches me. I might expand on this in a blog post some time soon but it's probably closer to an art project than something actually viable.
An advantage of this is we'd skip the whole ad blocker and anti ad blocker charade and gain a metric ton of performance back.
I'm impressed. I don't think I ever remember individual usernames.
>Something I've been thinking about is sending a header to websites informing them I'm going to block their ads so they decide not to send me the content if they don't want to.
I've actually played with similar ideas in the past (my more moderate days). But my philosophy at this point is that they can choose to give me the data or not give me the data. And I'm free to do with it as I please as long as I don't distribute it without permission. And I'm even softening up on that limitation.
The key parts there are: - single - technical - authority
Watching businesses attempt an integration of a line code anywhere to download the third party tool is painfully hilarious.
Getting them to set up a DNS record to point to you is often so far off the table its playing in the forest with the faeries. Having them pull your code and serve it statically alongside their site... I couldn't imagine
What usually happens is that the marketing team signs a contract then developers copy and paste a JavaScript snippet to embed on the website and move on.
The work arounds require much more intention and the solutions can be hacky like modifying urls in a minified JS file.
If that tracking is blocked, it is invisible to the company especially if only the third party who has access to the data.
'normal' people are starting to run ad-blockers now, not just tech-savvy users.
https://www.emarketer.com/content/ad-blocking-in-the-uk-2018
https://www.socialmediatoday.com/news/global-ad-blocking-beh...
Not going through the browser is possible but requires trust between organizations; publishers have an incentive to inflate numbers, and trust has so far been lacking (and rightly so). That may change.
If you're willing to get cpu/gpu intensive on the page rendering a lot can be done.
It's a constant cognitive drain on your mental resources. That's even ignoring the fact that almost everyone is influenced by ads to varying degrees.
We reached the point that this is the argument to avoid ads... People will go to such a length to justify blocking ads, it's crazy.
Yes, I also take the Intel Inside stickers off my laptop.
Make sure the travel to a different country between clicks. Just in case.
Every once in a while I get a page that buries a CPU core. It's either bad Javascript (most likely) or something mining cryptocurrency on my PC.
The internet will partition: the corporate internet will be what you say, and the independent internet will be people writing and hosting their own content, like the internet of the olden days. Some of them might interact with corporate services via apis.
The independent internet will be small, but it will be enough. If you want to buy something anonymously, go to a shop and pay cash with your phone turned off.
Google is the biggest offender after all their entire business is Tracking and Ads but it seems they get a pass as being an "offender" from most people
Note that "most people" (even individuals) also happily insert Google Analytics snippets on their own blogs or websites. I see that all the time thru uMatrix. So it's far from "Google being a bad actor" alone.
Might as while pile on the bad/abusive actors for causing the scenario that makes people use captchas at all.
Speaking for myself, I've never been opposed to ads on sites (within reason - popovers are trash), because I understand that creating content costs money, but I don't like all the tracking that comes with them.
But I was actually responding to the parent's comment (this is a threaded discussion, yes?) about how actual first-party ads are less objectionable than third-party tracking.
But thanks for adding your thoughts.
It is more technically challenging to implement. If it becomes necessary, I'm sure there will be plenty of money invested in making it easier for the content providers to participate in such things.
I can ask for a lot more, don't worry.
That just moves the goalposts though. People will still deconstruct and reverse engineer the black box, or sniff the lines it uses and attack the traffic. Or anything else. There are countless attack vectors against a device in physical possession. So unless the devices are melting down into slag and can perfectly detect even passive attacks then the advertisers will always lose.
This doesn't stop them from trying. If advertising can be made more expensive then the roi the advertisers will stop. Some will irrationally throw money at the problem way past the point they should've given up but even they will taper off eventually.
Suppose I have an apache module (or the equivalent in some modern http server) that's (a) injecting the necessary code (b) forwarding the traffic information to my nefarious third-party tracking provider. Or, heck, just a third-party solution that consumes my apache logs. It's doing all of this without using the browser itself as a middleman, like the clumsy CNAME masking discussed in the linked Github discussion.
This could never be stopped client-side since one's web browser would have no say.
Only reason this isn't more widespread already is because a lot of web properties don't have full control over their shared hosting environments.
First-party ads are theoretically kinda sorta maybe blockable via various levels of heuristics, which of course adblockers are already doing to various extents today.
But as far as preventing your information from being forwarded behind the scenes, there's no technical solution. Legislation is the only hope to curb it.
Google still has an old help site referencing its log analysis features [1].
> Urchin WebAnalytics Software is discontinued and is no longer supported. All Urchin documentation applies only to the Urchin product as it was at the time of discontinuation, and does not apply to any Google Analytics products or services.
[0]: https://en.wikipedia.org/wiki/Urchin_(software)
[1]: https://support.google.com/urchin/answer/28570
Small community sites are still interesting, distributed web technologies may start to rise, or there's always gophernet...
I'm ready to move on. In my eyes we already lost the www.
I'm already seeing a big use case for having such a (opt-in) domain filtered search engine since there's soo many spammy and SEO-hacking web sites out there.
Also, re: “inline” static images, there could totally be client-side ML-model cosmetic filters that recognize and remove known as images, regardless of how they got to the page. The filter could even just throw a floating rectangle over then, so it wouldn’t even have to understand how they’re made in the DOM. This is the “thermonuclear backup plan” we’ve been expecting to need to pull out for a while now, though advertisers have been lazy about getting sneaky enough to necessitate it.
There are many videos on Youtube recommending stuff. You never know if the author has been paid. Even if you try to detect popular ad networks and services, the ad techniques will also evolve.
If ads were the only source of my income, and my content was unique, I would show the user a "quiz" every 5 minutes, asking him to answer, what is shown in the ads at the moment :D and deny the access, if the answer is wrong.
Those are some rose-tinted glasses. People on forums like HN were always annoyed that they looked like navbar links and you were only clicking them out of confusion with actual links.
If they want to make ads extremely hard to block but reduce privacy concerns, I'm all for that. It puts the discussion back on a more even level, and if you don't like the ads, don't use the service. The only reason I'm okay with running an ad blocker now is because of the privacy concerns. If those were eliminated (which isn't the case in this theoretical situation, they're just reduced) then I'm not sure how to justify running an ad-blocker. To my eyes, it's basically stealing cable or satellite service. I understand other people don't see it the same way though.
Ads need to know what you googled, what you did in the competitors website, 1st party domains are a huge handicap for it.
They either will need excellent fingerprinting or accept subpar tracking.
The max they can do is track you in their website, but that's terrible, they need to know more.
edit: this means the 3rd party server can't know who you are, even if they get your tracking events, they can't know what you did in the other sites.
thats why fingerprinting could fix this, the 3rd party server could find your profile with a good enough fingerprint.
I'm talking about a sameSite cookie made for the publisher, via a proxy on the server.
When a client send you this cookie (sameSite) your server forward it to the ad provider using a RPC call.
The ad provider replies to this call with new data they want you to add to the cookie.
You set the "forAdProvider" cookie on the client, using the data specified by the ad provider.
I don't think that has much value because the ad provider wouldn't know who you are to begin with.
First time you open said website no cookies would exist for the domain.
Then the ad provider wouldn't know who you are.
Ex: Access foo.com and search for shoes, shoe cookies set for foo.com Then access bar.com which hits foo.com for the ad suggestions Now foo.com knows you searched for shoes, since the 3rd party cookies are there.
Now if you do it without 3rd party cookies bar.com wouldn't have any access to the cookies which identify you as a shoe buyer, because those are set for foo.com
I wonder if it is also not how GDPR should have been implemented. Forcing browsers to implement a request for storing tracking data, which would avoid dark patterns in consent forms and would keep websites honest. It would also allow to remember the decision. If you delete cookies when the browser closes, you get asked for the same consent you denied on every visit.
I'm actually hoping it paves the way for more independent publishers that focus on quality content and charging.
Ads have ALWAYS sucked and been a horrible solution to funding news, journalism, etc.
The problem is that ads basically cause other users to defect to platforms that are free (but sponsored by ads).
Just because there are a lot of bad actors and massive amounts of advertising doesn't mean the entire internet needs to go down that path.
Hackers have protected users since years. It's time for politicians to protect their citizens.
If you provide paid content AND try to track me or make even more money with me via ads: goodbye...
On the other hand: If you rely on ads only, it is doubtful that your media-outlet is truly neutral -- would you really do analysis and investigations on your highest paying ad clients (?) -- I doubt it...
Those are two separate things. You can track without code, and you can make a page terribly slow without any tracking.
Interestingly, for most people it's primarily the code size and slowness leads them to adblocking, tracking is secondary.
> I can't block it? I'll probably stop using it,
As a publisher I 'd welcome that behaviour. Of course i should be partly responsible for the ads my users see, I actually try to be but it's impossible with today's technology.
It's a total fallacy that the adtech of today is the best we can have. It has become a pissing contest about "who can give you the biggest, most complex analytics dashboard" rather than providing actual value to advertisers. There is also tons of unsold inventory due to the duopolization of ad platforms by google&FB. In that sense, i 'm thankful that adblocking is expanding to upend this ecosystem.
I visit some sites than sell, manage, and host their own ad inventory. I make zero effort to block those ads and will even click on them if they're interesting. Most of the time they're images wrapped in an anchor tag, maybe the occasional SVG animated with CSS. I don't want personalized ads, I'd rather see contextually relevant ads if I have to see any at all.
Before:
Ad providers tell you to throw an external element in your page to display an ad.
After:
Ad providers tell you to add a library to your code directly that pulls down ads and serves them front the same place your site comes from.
This doesn’t magically make the website selling advertisement space aware of what code they’re running on your browser via those ads.
Would this change any legal basis? I do not know, I'm not a lawyer, but I sure hope we find out.
This is why I love UBlockOrigin, that basic principled approach is a great thing.
They’ve been in that situation before, with the original uBlock, and they’ve learned not to trust their own team.
One way browsers try to take away that freedom is by limting what extensions can do. If that continues, at one point we would need a new browser to accomplish it.
My favorite vision of the future would be if Debian would provide a version of Chrome or Firefox that: a) is stripped of all tracking and b) gives extensions full access to everything.
Or, assuming they have a small list of subdomains that redirect to ad servers, you could generate a list with a script that checks all their subdomains and creates a block list based on that. For example, the site discussed in the OP has all their subdomains listed here: https://crt.sh/?q=%25.liberation.fr
Edit: looking at the OP case, it seems like they only have one ad domain. I'm not sure I see this as a serious issue until multiple sites start rolling out thousands of subdomains, some pointing to back to the real server, others pointing to the ad server. Maybe that will happen but it's a pretty big barrier to entry, and just short of proxying everything through the 1st party.
I'm speculating that the balance is in the reverse favor. Last night I was looking at some file on GitHub which was redirecting to what looked like an S3 bucket subdomain named with a pattern like "github-production-f7e281a2", which I simply presumed to be cache-busting via subdomain instead of appending the hash to the filename. If my assumptions were correct, every time GitHub deploys a new build, you would have to whitelist that subdomain.
And remember the time when Debian layered some changes on top of openssl? http://faq.caslavka.cz/attachments/196/randomness.png
Now, what changes does Google layer on top of chromium to make Chrome? Do you know exactly?
(Do you know that all of Chromium is in fact open source? Have you looked at the source and the build process? Are there any parts in it that are actually precompiled binary blobs?)
Also, 3rd party infrastructure could be something like aws. Are you really going to block all ec2 address ranges?
This reduces the attractiveness of adverts, which means they won't be as prevalent, which means tracking concerns are lessened.
That's a win, no?
Third-party requests with cookies made it easy to start tracking people across sites... but there are other ways if that is made to stop working. Given how much money flows through the advertising industry, I am sure someone will pay for the week or so of engineering to make advertising more invasive.
To the site owner, they're just pointing dns at the ad company and treating it like a cdn.
I already suggest people use these edge workers to anonymize-then-collect analytics (e.g. via [0]) if they can't be bothered to host their own solution. Of course we all prefer self hosted, but even this is better than third party js.
0 - https://developers.google.com/analytics/devguides/collection...
https://git.frogeye.fr/geoffrey/eulaurarien (for running your own script)
https://hostfiles.frogeye.fr/firstparty-only-trackers-hosts.... (to be imported in your adblocker)
It was fairly trivial: instead of asking for the tracking script directly I put a small service of ours in front of it, so our website asked for foo.mycompany.com/stats.js that fetched the correct script and changed all URLs inside of it from mycomp.mytrack.com to foo.mycompany.com. Our service than acted as a proxy to mycomp.mytrack.com.
A simple solution that worked out for a while, lost by now, in a server, somewhere in Ireland...
This isn't exactly a great future but we need to accept that nowadays most people don't care about tracking or ads. This might change one day, but it's the status quo.
I think that anti-ads and anti-tracking, if trying to work alongside the full feature set of the Internet, is fighting a honorable but eventually losing war. Even if someone sorts out this particular issue, you are still tracked by 1) Your ISP and 2) other subtle client fingerprinting technologies. You can use Tor/VPN/disable JS but all of these have downsides.
All we can do is to fight with our time and wallets by not visiting places that don't support our values. This is possible and not different from the world we live in already.
May be more of a challenge with trackers as they don't to show ads per se, but may be the same technique can be used with "randomly" generated URLs - train an AI to dynamically make a guess whether the sub-domain (even first party) is a tracker or not. There may not be a clear marker, but there is always a pattern...
It need not be a subdomain. Analytics could be proxied from the main domain.
Which is unfortunate, because it's already started that many places won't even render plain text without javascript.
> I think that anti-blocking and anti-tracking, if trying to work alongside the full feature set of the Internet, is fighting a honorable but eventually losing war.
For me it's less about "tracking" and more about tracking with aggregation. Self-hosted things like AWStat and Matomo (formerly Piwik) are fine in my book. It's bringing together those analytics across different sites which is problematic.
Ironic ain't it?
Can first party tracking do this sort of correlation other than through browser fingerprinting?
It's like, a peeping Tom who just looks through a window - yuck that's gross. But a peeping Tom who spies by building a microdrone that can fly in the door when it opens and mount itself on the ceiling with suction pads - oh that's perfectly legitimate because of the work and resources Tom invested.
I mean, if it's gross to do something by accident and it's gross to do something without any investment, it's super gross to do it with resources.
It's not all that hard to track someone across the internet. I think many people have demonstrate hacks that steal legitimate functionality and get you there.
I think we'll probably have to go for a containerised internet (separate apps) and just deal with the disadvantages.
This is already happening with large web publishers.
For example, you could spin up an instance of Matomo (formerly Piwik) for your own website and still see no traffic from adblock users by default.
More sites could do that.
This is generally better than 3rd partyies because the sites would have to actually conspire, cooperate and trust each other, which is a huge hurdle.
And if the trust is actually there, they could correlate offline without any indication. Facebook already does that (with credit records, likely phone records and medical records as well) and I wouldn’t be surprised if others don’t.
Correlation is less than perfect this way - but e.g. zip, gender and age are enough to give a pretty good correlation, and name makes it almost perfect - if you have an account somewhere, you probably gave these details.
Can you you send me an example of both of those please?
https://translate.googleusercontent.com/translate_c?depth=1&...
The example at the top of the thread: https://www.liberation.fr/ has a tracker from f7ds.liberation.fr, which is really part of tracking provider Eulerian.
TL;DR - the entire point of this is to let 3rd parties continue to correlate your identity by hiding as part of the 1st party.Just because there are worse things to do does not make Piwik the right thing. The right thing is not to collect the data at all.
> Can't this be "emulated" in Chromium by resolving the hostnames using DNS over HTTPS in JSON format?
> - This would require uBO to send browsing history information to a remote server, this is anti-uBO.
> - Chromium does not support non-blocking webRequest.onBeforeRequest listeners, so this can't work reliably when the result depends on an asynchronous operation such as a DNS lookup.
> - Chromium's webRequest.onBeforeRequest blocking ability is being deprecated with Manifest V3, so even without the above issues, this would be wasted development efforts.
I suspect (and suspected) that Ublock Origin may eventually be deprecated for Chrome after the V3 changes shipped the same way it was deprecated for Safari, although to the best of my knowledge Gorhill hasn't made any kind of official announcement about that -- so I want to be clear that it's purely conjecture on my end.
This thread reinforces that suspicion. I don't know if Gorhill has explicit plans to do anything with Chrome, but I suspect that in the future it will become more and more annoying to support the browser.
I also previously made a prediction[1] that within 2 years, Firefox would have clearly better tracker-blocking extensions than Chrome (65% likelyhood). This is roughly in line with what I would expect to see with that prediction -- a few rare fringe-case scenarios that creators can quickly address in Firefox, but that require more extensive work and conversations around Chrome. If this kind of issue becomes more common in the future, then I'll feel more confident about that prediction.
[0]: https://github.com/uBlockOrigin/uBlock-issues/issues/780#iss...
[1]: https://news.ycombinator.com/item?id=21506330
Using an A/AAAA record would be harder, you’d need to have an IP blacklist, and the trackers would probably be constantly shifting IPs, using a low TTL on the record.
This might require giving your tracker programmatic access to your DNS, not sure if many first parties are ready to go there.
there comes a point when the content is just not worth it
doesnt scale obviously
we're headed back to the "golden age" of TV advertising except via http instead of radio waves/cable
at least we've had ad blockser on browsers that work well up to now
the tracking of web ads obviously vastly overshadows what happened with TV.
they obviously want the best of both worlds "avoidable ads" and "extreme tracking"
https://addons.mozilla.org/en-US/firefox/addon/hohser/?src=s...
Does Safari recognize these trackers?
https://webkit.org/blog/8311/intelligent-tracking-prevention...
> Does ITP differentiate between my subdomains?
No. ITP captures statistics and applies its rules for the effective top-level domain plus one, or eTLD+1. An eTLD is .com or .co.uk so an example of an eTLD+1 would be social.co.uk but not sub.social.co.uk (eTLD+2) or just co.uk (eTLD).
https://webkit.org/blog/9521/intelligent-tracking-prevention...
ITP 2.3 counteracts this by downgrading document.referrer to the referrer’s eTLD+1 if the referrer has link decoration and the user was navigated from a classified domain. Say the user is navigated from social.example to website.example and the referrer is https://sub.social.example/some/path/?clickID=0123456789. When social.example’s script on website.example reads document.referrer to retrieve and store the click ID, ITP will make sure only https://social.example is returned.
Now it's time for standards creators to be responsible and to do something in favor of their users: the user should have the final decision about being tracked/shown ads.
But when the most used web browser is in the hands of the biggest ad vendor, then there is little hope...
I guess we can only expect for web pages to turn into a sort of dynamically-generated JPEG that cannot be parsed/analyzed.
If the publisher develops an analytics, user profile or whatever solution themselves, then it's 1st party - OK.
But outsource the development or hosting to someone, and suddenly it's a problem? How is this different to using AWS?
Now if the data from their different clients is merged to build a unified view of what you do on the web, that's different, but the place to prevent that is in the browser using cookie partitioning, not by caring about the tracker developer/hosting provider.
How have you reached the conclusion that this is okay?
Sign up, promise not to track your users and be open to lawsuits if you're found to be lying.
Granted, it would just be another whack in the game of whack a mole, but we have to keep whacking.
The entire ad-blocking concept shows that people will do anything to continue visiting a website they are desperate to consume no matter how user-hostile it might be.
Also, this "No-Tracking" pledge seems like a thought experiment that only considers the rare website with more or less drop-in alternatives. So, maybe just general news and some brochure info sites?
But I feel like we're reaching some sort of tipping point. 200k+ people just signed up to a new social network whose only real usp is no tracking.
I don't know what a drop in alternative is so I can't answer your question, but if your assertion is that generally speaking sites need to allow their users to be tracked I would disagree.
The UI has nothing to do with this.
No pop ups, fewer paywalls, less tracking, no videos (except the video site I whitelisted, like youtube). What should be static content actually stays static content. The web is a much better place when you disable javascript where there doesn't need to be javascript.
Combine it with cookie auto-delete and whitelisting, and disabled third party everything, and the web is mostly nice again.
> Libération (French: [li.be.ʁa.sjɔ̃]), popularly known as Libé ([li.be]), is a daily newspaper in France, founded in Paris by Jean-Paul Sartre and Serge July in 1973 in the wake of the protest movements of May 1968.
> For its first six or seven years it was a uniquely vibrant and pluralist publication and hugely influential. This > was mainly due to its refusal to take paid advertising which meant there was no direct or indirect pressure from advertisers.
Seems they're now helping to push boundaries of pushing advertising since their founding.
https://github.com/uBlockOrigin/uBlock-issues/issues/44
At some point, you have to admit that you just want the content for free.
The problem is that they're ads.
> At some point, you have to admit that you just want the content for free.
I understand it's a bit of an ethical conundrum. Quality content and/or service requires compensation. At the same time, advertisement is a form of harassment and intellectual terrorism and they make content undemocratic by nature. Altering your own software in order to see NO ads of any kind under any circumstances is perfectly justifiable.
With that said, I don't buy the myth of the struggling internet entrepreneur being unable to make ends meet because of the selfish adblock users. I think that's as ridiculous a notion as the idea that Napster could kill independent musicians. Fact of the matter is that ads are a form of revenue and there are healthy alternatives out there.
For instance, instead of giving away an infinitesimal fraction of our mental health to every single internet business, we can instead enter a social contract in which everything is free, and consumers are expected to pay into the channels and services that they like best. This is, for instance, how many Podcasts and non-advertiser-friendly Youtube channels work.
In the early days of the internet, there was no expectation to be paid for creating content - people simply created it out of their own goodwill or because it's their passion.
If I set up a personal website, I expect that to be a sunk cost; people pay for my content with their attention. Obviously, attention doesn't put food on the table, but it's saddening to see the contrast between what the Internet could be, and what it is currently.
> "healthy alternatives out there"
That's the real myth. You either pay for content up front (by going to work, getting paid in cash, and using that cash) or you see some ads (which convert your attention to payments in real-time on demand for exactly what you're consuming). For billions of people, ads are faster, easier, more passive and more fair.
Donations are not a scalable business. Podcasts are in an advertiser boom and are making record amounts of money from ads so I'm not sure why you used that example. Very few (if any) channels of size are completely user-supported.
None of the podcasts I listen to contain any kind of advertisement of any kind. This is not difficult to explain; prudent businesses typically do not stray very far outside the Overton window. This form of media exists - flourishes - because of listener patronage.
> Donations are not a scalable business.
True, but it's a viable business model. If you want something that scales as high as your entrepreneurial ambitions, consider that 100 million people pay Spotify in order to not have to listen to ads.
Spotify has made a profit a total of 2 quarters out of 10 years, and that's an example of direct payment as I described, which nobody has a problem with. Donations as you're talking about are completely different. There is no free and pay what you want with spotify.
The fact of the matter is that I have control over what my browser renders. If you provide it for free "with ads" then I am going to access it for free without ads; you are putting it out there free of charge and hoping to get kickbacks. If you escalate the ad-blocker arms race, I am going to lose interest in whatever crap you are peddling. You do not automatically enter a mutual agreement with me upon publishing it and you will not succeed in guilt tripping me into watching vapid and manipulative corporate material.
If you want any of my money, use one of the crowdfunding platforms out there, or sell it upfront.
But sure, some will have this position and it's relatively minor across the population, but you're starting to see more things behind subscriptions and paywalls as a result.
I don't see which part of this thread implies that I'm only against online ads.
> Call it what you want, but you know and understand the implicit agreement is ads in exchange for content.
You don't seem to get it. There are no terms other than what's on the table, which is to say the content and the ads, and both are optional. We are not legally or ethically bound by any "implicit agreement".
> but you're starting to see more things behind subscriptions and paywalls as a result.
Subscriptions and paywalls are markedly better than advertisements, for the consumer at least.
Except the ones that don't or can't pay for it. People want more options for access, not less. The extremist position is saying all advertising is bad while ignoring the economic impact and the fact that almost all businesses grow because of it.
More than that, random subdomains are used to subvert adblockers.
To me, it seems that the discussion is about third-party ads which are masquerading as first-party content. It's not about first-party ads or whether the content should be free, but about third-party advertisers pretending to be first-party.
The data relationship changes with first-party serving because it's now isolated to that site.
Except that when you decide to point to someone else's domain via a DNS CNAME on your own domain, you open the door to cookies, referrer information, and more being leaked to the third party.
Whether it's intentional or not, I think it's a bad thing to do.
Oh, and opens the door for malicious cross-domain scripting if the CDN you're CNAME'ing gets compromised.
I don't think it's the same.
At least with HTTPS (or even the use of VPNs, DNS over HTTPS, and the upcoming/proposed encrypted SNI), the ISPs won't have any metadata except the IP headers, which I think is a good rebalancing.
There's no requirement for the CMS to be hosted by a third party. Joomla, Drupal, Wordpress, etc. are all popular self-hosted solutions.
The CDN typically does not have all the information, either: a CDN's job is (often, but not always) to deliver media assets (images, videos, audio), large files (e.g. ISOs, executables), or to deliver things like fonts or javascript libraries. These things are (again, often, but not always) supplied from a different domain.
My browser, for example, doesn't send referer headers when dealing with these sites, and it definitely doesn't send any cookies which aren't set for the CDN's domain explicitly. Different amounts of information leak when you CNAME to a CDN on your own domain, or you load third party advertising scripts in a page.
To me, at least, there's a difference between a third party (such as a CDN or ISP) knowing what domain I was on, versus third-party advertising scripts getting their hands on my detailed browser information by (ab)using JavaScript APIs and extensive fingerprinting.
> There's a difference between a service provider and data ownership.
Can you elaborate? I don't think I understand this point. For example, under the GDPR where I live, I have rights to data which I produced, regardless of the service provider or the domain it's delivered on.
The real issue is whether your data is more protected, and with first-party serving (and all the other anti-tracking restrictions), it's isolated to each domain instead of the cross-site tracking we had before. It's basically a user-to-site connection only now, regardless of the backend tech they use.
Any serious privacy change would require regulation as you noted, GDPR and CCPA in the US will provide the real protections soon enough.
The issue is data and privacy, and first-party means it's a much more direct relationship with the site you're on.
Originally ad networks were something you rendered out on server side hitting their APIs from the server, and in some cases dns via subdomain. Content hosts were more careful of the content of the ads because it hits their main host ranking.
First party / server side ads are actually preferred if you have to choose as you can limit the ads server side and rogue ads can be dealt with.
Ad networks from the late 90s to early 2000s were this way. Once popup ads took off they started making ad networks client side to not impact rendering on the server and ads could show progressively when inlined into the layout/script.
Today the ads/trackers are almost all client side as it is easier to integrate as more of a widget and less resources used on the server. The ad networks and trackers of today want to own all the data and not share it with content providers, plus being client-side it makes it easy to link data without the need for integration in each endpoint backend just the third party endpoints. Additionally third party ad networks may not trust that page views are organic with the api calls being implemented first-party server side, so they went client-side where they can validate actual page renders and lots of other time/click based metrics.
Ultimately sponsor ads that show up on sites/blogs/portals are usually first party server-side ads still. So as long as there aren't rogue ad networks on the server side or via DNS/subdomain then it may improve ads overall. Since first party ads are server side, unless routed via DNS to the ad network, at least the content provider incurs some cost from hosting it at least in bandwidth. If it is a subdomain that goes to an ad network that is full of dark patterns, that is not so great but it will still impact the host reputation in ranking.
Right now ads are a mess for a few reasons: so much tracking, taking up screen real estate and the marketing team pushing people to subscribe making the free content experience painful. Email/subscribe and ad popups are more prevalent than the behind the browser popups in the early days, very bad experiences.
I sometimes think the days of server side/first party ads and popups from the early internet are preferable to today's inline ads with videos that follow you down and autoplay nightmares all over the page with dozens of trackers and networks all in one. At least first party server side ads that are served up from a backend API hit to a third party or sponsors doesn't cause excessive connections, it also puts an upper limit on the amount of ads that can be shown before it hits costs of hosting and rogue ad networks impact the url reputation so the content hoster may be more of a curating check on ad quality.
<a href='http://doubleclick/adid'><img src='http://doubleclick/ad.jpg</a>
I never ran puch the monkey stuff, but I think that was something like <object src='http://hell.com/argh'>
I don't think you can categorise those as "distracting".
People will allow the tracking pretty much whenever they have to when not doing so is an obstacle to accessing a website (Or simply because they get annoyed at the popup or it doesn't allow opting out).
uBO (in the common case) prevents tracking even when consent has been given. Subverting that is not against the GDPR because for the law, the consent is the only thing that matters.
Advertisements in magazines are often somewhat interesting, well-made to be entertaining, or even useful. I used to read ads in magazines and I still sometimes do. It doesn't give me a bad feeling, at worst/best I'll just emit an indifferent "huh", and proceed to the next page.
And I've never, ever seen a single internet advertisement that wouldn't make me irritated and start gradually boiling my blood. Early Google-style ad boxes were closest to bearable so far but I still never read them nor showed any slightest interest in them. They were just kind enough to not irritate that much but merely be mentally blocked right off the bat.
I can't stand a web page with ads yet I would find a magazine boring without them. I don't think it's the ads: I think it's the presentation and the media that differs between paper and web. My eyes can wander to an ad and then back to text quite easily on paper, but my browser can't fit several columns of the article and a full-page ad on the same screen. This either-or proposition interrupts my reading and causes agitation. On paper I'm in control, on web I'm not.
Chief among them was Ravelry, a social site for knitters and crocheters. At least as of the last time I used the site (which was admittedly years and years ago) they just one banner ad at the top of every page, hosted first-party rather than through an ad network.
The ads were far better targeted than anything I've ever seen come out of an ad network, because they were typically relevant to my interests, and also generally caught me at a time when I was already thinking about buying something like what the ad was trying to sell. Admittedly, it was an easy job that could be done with only a light application of tensor algebra, but still. I clicked on those ads. Often. And I always at least glanced at them. It was a lot like what you were describing with magazine ads.
The thing that gets me about modern Internet ads is that I really don't think they're the spiritual successors to magazine and newspaper ads, not even when they're hosted on magazine and newspaper websites. They're more comparable, in all but the most cosmetic of ways, to junk mail and telemarketing.
Typically web doesnt have the same kind of control and advertisers have more or less free rein to do what they want.
When I open a magazine, even if I have a specific article in mind I want to read, I will slowly turn through the pages happy to browse through other random content. It is a very leisurely, less focused interaction.
When I go to a website it is almost always for a very specific purpose. My mindset is goal oriented - I want exactly the content I came here for, nothing more (with rare exception, like HN). And probably years of navigating through horrible websites has helped shape that mindset in me, but I have to wonder, if websites delivered curated content and ads at the level of a magazine, would I even care?
I sometimes go to a magazine to read about something specific yet I might eyeball the ads while I'm around the target content. If it's a long multi-page article that I'm interested in specifically, or a single page thing, I still might pop out of the text into an advertisement occasionally.
Conversely I do browsing (in the traditional sense) on the web as well: I often find myself looking around some website, reading this and that around here and there, trying to figure out how much of the stuff is interesting vs boring, and generally not diving deep on anything and thus I'm theoretically quite open to subject myself to advertising but I still don't look at ads, and I'm still not interested.
I sometimes wonder how would it be if web had started with good ads and I had conditioned myself from the start to expect interesting stuff in the ads.
It's just that the web went the opposite way, innocently starting with a <blink>, and going to JavaScript, Flash, and cookie-infested ad networks and whatnot to deliver involuntary injections of striking advertisements, and now I'm practically allergic to anything that moves or stands out.
"Believe it or not!" but magazines like Creative Computing, Compute!, BYTE, Run, and other 1980's PC magazines used to be all about the ads. There was often no other way of knowing what new software or hardware was available to buy, especially for smaller companies. You would open these magazines up, and look at the ads, each ad had copy that was either inspiring enough to dream about or cryptic enough to try to envision how it was being done. You were going to buy the magazine anyway so it didn't really matter if the articles were good. A good issue was one that had both. Rarely did you find the stock photo inanity that is beautiful people in a boardroom, all super interested at a whiteboard with arrows that go up, up, up.
I also don't mind the ones on readthedocs-hosted content[2].
It's probably worth noting that neither of those are/were blocked by privacy badger, which I use on my desktop instead of an ad blocker.
[1]: https://techcrunch.com/2017/03/29/r-i-p-the-deck/
[2]: https://docs.readthedocs.io/en/latest/advertising/ethical-ad...
https://daringfireball.net/
I’ve purchased SaaS from his use of Deck in the past, or learned of and purchased deals from that placement this past year.
Really? I find them interrupting, manipulative, and vapid, as a general rule. If my magazine was "boring without them", I'd need to find a different magazine. Ads are at best blockers to the content I wanted to get, and at worst manipulative and deceptive, be that in print or on screen. (Note: There are always exceptions - ads that are entertaining, be that in print, on screen, or on TV, but those are the exceptions that prove the rule for me, and something I'd happily sacrifice to have ad-free content)
Different strokes, I suppose.
Personally I think they are the most tolerable. There isn't that many of them displayed for me (maybe one ad per 3-4 10-15min videos). One can skip it after 5s and around half the time those ads are fairly well matched.
Contrast this with web page ads that obscure the entire content until you find a tiny x in the corner to close them or worse require you to click some stupid button to disappear. With websites that display the content, but then obscure it within a split second I realised a pretty quick way to get rid of them is to right click on the ad/element-> Inspect in Chrome then hit delete removing DOM elements that obscure the main content until you can see the content.
Usually, audio ads are an ignore-able abomination, fortunately my audio is muted most of the time. However, if I'm watching a Youtube video, then my audio is almost certainly NOT muted, hence the terribleness of the ads.
Often an ad interrupting whatever content I'm watching on Youtube is enough to make me reconsider whether it's worth bothering finishing the actual video.
The ad interrupts the video, and I don't just mean it cuts in the middle of something. The problem is two timelines, the video and the ad. The ads make jumping around difficult because you switch between these timelines. Sometimes you always trigger an ad at around the same point. And you can't forward over the ads so if you're jumping forward and backward in the video, looking for something, the whole experience is choppy.
Obviously, the video creator could be asked to set N points in the video where ads would fit more naturally. Maybe they already do this, I don't know, but definitely a lot or most of video creators don't use that feature.
YouTube ads might be all right if they were just part of the video timeline, just like a tv episode with ads recorded on VHS.
I might not bother to j/l and left/right over short ads but watch them instead. And if I were seeking back and forth looking for interesting bits of the video I would spend time seeking back and forth over the ads as well which would be a point of contact to make me stop for a while and finish watching the ad too, if it seemed good.
Magazine ads don't force me to watch them for 5 seconds either, and they're worth paying money for. YouTube could very well do the same and I'd welcome a more streamlined, linear watching experience instead.
How many ads you see highly varies by person. Recalling Tom Scot's explanation that I fail to find, imagine when you play a video an auction is going where advertisers bid to buy your time from Google and winner shows you an ad, but Google also sets a minimum bid, so you don't see ads if nobody bids that minimum.
This is in contrast to web where I'll have to start by choosing a set of ad-blocking plugins to allow me back even some of that control even before I've read a single article online.
I don't particularly even care that much about ad networks tracking me, that's more like a philosophical / ethical question that is invisible in the daily life. Web ads aren't bad because of tracking, it's just that they're mostly bad ads.
We can't solve a political problem with purely technical solutions. We can provide workarounds for 5 to 10 years but the core problem has to be shut down at one point.
Legislation-wise, I think the best the web can hope for is forcing websites to label ads. It doesn't sound unobtainable, especially as similar legislation already exists for political ads in many places. For example, legislation could require websites to label all ads with some kind of strictly defined watermark. In addition, some kind of software-readable indication would be required for accessibility purposes. Could be a special HTML tag or attribute. That would make ad blocking much easier.
The legislation would have to be very explicit about the format of the label and that it be machine readable, otherwise you'll get obfuscation like Facebook is doing:
https://www.propublica.org/article/facebook-blocks-ad-transp...:
> This is not the first time Facebook has changed its code in a way that has broken our tool. For example, all ads are supposed to contain the word “sponsored” as part of a mandatory disclosure, so users can distinguish between ads and their friends’ posts. Our tool recognized ads by searching for that word. Last year, Facebook added invisible letters to the HTML code of the site. So, to a computer, the word registered as “SpSonSsoSredS.” Later, it also added an invisible “Sponsored” disclosure to posts from your friends. Many of the participants in our project noticed the effects of this change because it caused some menus to pop open unexpectedly or the page to scroll to the top repeatedly. Nowadays, the disclosure says “SpSpSononSsosoSredredSSS.” Some of these changes were likely also intended to thwart ad blockers.
I don't share your pessimism about the feasability of politically banning all advertising, but I agree that something like this would be the next best thing, and a great step.
Tracking technology and terrible analytics platforms that slow everything down are much lower hanging fruit.
It's like:
The only one I could find was related to the Americans with Disabilities Act (ADA) and of course GDPR, but that's related to handling of personal data.
If they said what they wanted to say, the law would essentially say "don't violate privacy without explicit consent." I'm relatively OK with that; that's not telling me how to build websites, that's just making certain harmful activities illegal. It wouldn't be very different from saying "don't distribute malware that attacks your users."
In its current form, I'm not too thrilled with the cookie law. And I sure as hell don't want lawmakers adding more, worse, laws on top of that. Go too far in that direction and they're turning software into nagware (I loathe cookie popups, I loathe google's "privacy reminder", I loathe applications that blast me with notifications and hints, I loathe permission dialogs, I like Unix's Rule of Silence) while making its development a legal minefield.
I want to be able to write FLOSS software (or websites) with a user interface that pleases me, and EU is looking for ways to make that illegal. In a manner of speaking, I hope they do just that, then people who want pleasant software have more reason to organize an underground software liberation movement where no fucks about shit laws are given.
>EU is looking for ways to make that illegal
I'm sorry, but what are you smoking? Willy nilly data collection is illegal, they don't say much about UI.
I'm glad I'm not the only one saying it in a thread, for once.
> We can't solve a political problem with purely technical solutions.
This is something that is sometimes hard to accept for the hacker mindset, but it's absolutely true and an important thing to realize.
Seeking change at a societal level is the exact opposite of the hacker's free-wheeling individualism, but it's the only way to actually accomplish change at a societal level.
You're right, we'll never change advertising just by running individual ad blockers, and we'll never change privacy controls by trying to mask our identities; that has to happen through laws and larger society. We have to have a right to privacy and freedom from advertising be a thing that everyone wants, the bus driver, the butcher, hair stylist, etc., not just what we can foist on our immediate family and social circle.
But... Ads are useful. I remember once maybe ten years ago when I noticed an ad about an event in a nearby library that was absolutely amazing and without ads I would not have been there.
(This is sarcasm. There is no reason why manipulating other people to do things should not be regulated heavily.)
That said, I wish digital media stopped wholesale delegating the work of serving ads to third parties and had proper control over experience and privacy—what is delivered how and who tracks whom.
The web has taken an industry that already had reputation for deceptive tactics and have handed them tremendous powers through data collection.
Should advertising be banned because of that? I doubt that it would be effective since the advertising industry has created an environment where tracking people is the norm. Banning advertising would simply shift the focus of that data collection so that it is less visible.
It would also be incredibly difficult to ban advertising. Legislation would have to create a clear definition of what advertising is and deal with a medium and business world that crosses national borders. If you don't consider the former, such legislation would have unintended consequences of the freedom of speech. In the case of the latter, it would be far more difficult to reach international agreements than with other online regulations (regulations that are already difficult to enforce) since advertising is considered legitimate in many cases while standards for advertising will differ.
Without ads there would be basically no free content online, and those who cannot afford content would simply go without. Consider how much better the world has become due to easy access to information. To yank that away seems like bringing a dark age.
Citation needed. I don't believe that for one moment. Already people are producing far more content for free each second than one person could ever consume in a lifetime on sites like Youtube and Instagram. The urge is there, even without any monetary reward.
> Consider how much better the world has become due to easy access to information.
Now consider how much worse the world has become due to the incentive to hide wanted information behind commercial information. Simple example: there was a time before adblockers when it was not a rare sight to have a page with 80% advertising and 20% actual content. Think unskippable ads before videos. Think of the mountains of useless content that SEO spam produces that hide the interesting pages in search engines.
Marketing does not give access to information. On the contrary, it takes it away.
We’re seeing it already. Many if not most news sites are pay gating their once free content. Cite: Wall Street Journal, New York Times, The New Yorker. All charge for access. All we’re free before the proliferation of ad blockers.
Yes there would be hobbyist information for free, but WebMD? News sites in general? Any sort of resource that takes money to pay people to maintain? It will all be pay gated.
As someone who does not use an adblocker, I have genuinely no problems finding the content I’m looking for.
See? They found a way to put content online without relying on ads.
Before Youtube, Facebook and the like, internet service providers included basic means of publication. Mail/mailing lists, homepages/blogs with RSS. They could do that again.
But, even if the barrier to publishing became higher and only 1/50th of the video's were put up on Youtube, it would still be far more than anyone could ever consume.
There was plenty of free content online before ads, in fact I claim that the web was better before ads arrived, and it is getting worse by the day. Marketeers ruined it.
It happens over and over. YouTube had plenty of great content for free before monetization. Now it is becoming worse by the day, because everything is ad-related. "Influencers", etc.
> Consider how much better the world has become due to easy access to information. To yank that away seems like bringing a dark age.
Easy access to information is a consequence of the Internet and then the Web, both technologies having been developed by government-funded programs, respectively in the US and in the EU.
Ads brought us re-centraliztion, targeting and erosion of democracy through extreme polarization and fake news.
I know this is hard to believe for a lot of people here, but human beings are motivated by many things other than monetary profit.
This is a tired old myth that everything was somehow better in the good old days but that's all it is.
Yes there was. Go to archive.org and check for yourself.
> The commercial internet is a trillion times bigger than anything that came before and services billions of users around the world, many for free, paid for by ads.
Bigger doesn't mean better. The web is now flooded with malicious and manipulative content. The ads pay for that content, while taxpayers and consumers pay for the infrastructure that actually makes the Internet possible. Ads pay to keep the web centralized, they don't pay for what makes the web possible.
> This is a tired old myth that everything was somehow better in the good old days but that's all it is.
There is indeed, but notice that I did not say that "everything was somehow better in the good old days". I made a very specific comment about a very specific topic. My comment: there was plenty of quality content on the web before ads arrived. Ads made the web worse. Argue against this if you like, but not about things I did not claim.
That there's more content for more people across more channels is objectively true, and advertising pays for much of it. You seem to be conflating ad UX with economics.
It is the medium that makes the ads possible, and it is payed by you and me.
> We're talking about content, and ads are the subsidy that lets billions consume for free.
And I have been telling you every step of the way that there was good content before the ads arrived.
> That there's more content for more people across more channels is objectively true,
That is hardly surprising. There was no moment in the history of the web when the total amount of content available was not increasing. This was already the case before the ads.
Did it grown more than it would have without ads? Maybe. Is it better? I don't think so.
> and advertising pays for much of it.
And yet here you are, consuming content that someone created for free (me) in a platform without ads (Hacker News). So it doesn't pay for all of it, and even you, at least sometimes, seem to prefer the non-ad-funded corner.
> You seem to be conflating ad UX with economics.
Sorry, I have no idea what you mean by this.
Literally the only site that is better now than back then is YouTube with an ad-blocker.
Everything else has deteriorated: Google (search) is worse, Ebay is worse, Amazon is worse, banking sites are worse.
Heck, even Java stock tickers from 2000 were better than now.
The art of presenting information in a meaningful way has been lost entirely.
Restricting the legality of advertisements in general might have the nice effect of leveling the playing field, by making it harder for content providers to benefit by-generally covertly-selling out their users (or their users' interests) to such third parties.
Before Youtube, we were sharing files directly. There was far more content online!
This may just be some inevitable fact about humanity. We’ve seen this sort of regulation and ultimate centralization of every single communications medium going back to the printing press. When I was younger, I legitimately believed the web would be different. I thought it would be a decentralizing, democratizing force for peace in the world. Now it seems destined to be the opposite of those things: a centralized tool for polarization and control.
There are even advertisements in North Korea (for the ruling party).
This idea isn’t realistic.
Saying a thing always existed is a pretty bad argument to keep it alive.
For example, where is the difference between me talking about a game I like to play and someone talking about a game they like to pay that they were given a free copy to play?
I think looking at forbidding tracking is a better path to pursue. Or maybe making someone legally responsible for their ad codes as if they knowingly placed it there.
And before you claim it’s a bad ruling, think about all the times you’ve used your money. Are you not supporting the EFF in some form of speech by donating to them? Are you not supporting a product in some form by buying it? I don’t like it as it allows money in politics, but it’s a ruling that makes sense.
[0]: https://en.wikipedia.org/wiki/Citizens_United_v._FEC
No, "speech" is something, that you can argue extend to written declarations and publications, but "paying someone to support their actions" is something different. It is something that can be used to promote a political expression and it makes some sense to protect some form of it but certainly not on the same grounds as protecting free speech.
Paying someone to put forward an opinion has other names: corruption, lobbying and, yes, advertisement. None of them should be practice protected under freedom of expression laws.
See, why is freedom of expression good? Because of the core philosophical belief that truth and good opinion emerge from the confrontation of different point of views. Alvin tells me why we should not bomb Eastasia, Barbara tells me why we should. Charles comes with additional facts. Daniele points out some lies and incoherence in some of the past arguments. They all make their points, then I think for myself to make my opinion.
This is how opinions of voters but also lawmakers, leaders, journalists, magistrates, citizens are supposed to be formed.
In no way would this process be helped by paying the person that is forming their opinion. Quite the contrary.
So yes, this ruling was bad. Incredibly bad. It is bad for philosophical, moral, practical reasons.
The fact that I should be allowed to donate to EFF does not rely on the 2nd amendment. And in fact I do want the law to forbid me to give 10 millions to the EFF to drop a lawsuit that would go against my interests.
Some bad or annoying ads on the web is not cause to forbid advertisements and completely misses all the content that it pays for.
I hear that a lot but historically, we've seen a lot of the opposite, a lot of political problems were solved with technical solutions. Technology so far had an even bigger impact than politics on society.
Technology can enable a political will and can create an opportunity for change, but if the political will goes in one direction, no amount of tech will be able to resist it forever.
We could ban ads easily with a law. It would not need any tech. Scrubbing all the ads while there are incentives to develop them, however, is a lost fight.
How would one formalize what's an ad and what's not? And what about sneaky things like sponsored content or, say, amazon reviews? It's hard sometimes to tell whether a review is legitimate or an ad in disguise.
"Did you receive compensation to say good things about this product?"
Yes: corruption.
No: you're clear.
I also really miss that Opera gave up on their Presto engine and at the same time decided to not open source it. Yes, the source code leaked, but without license no one will touch it.
Teams definitely doesn't block Firefox for me?
it's shit and i consider changing banks because of that (and other things).
I almost never have issues, so maybe it is your plugins that are causing issues (or maybe android ff is different than ff for Mac?)
For the few cases where I need anything Google related, I use Edge. Basically, Edge gets all my Google related tabs, and Firefox with uBlock Origin gets the rest of my browsing.
I did have to train myself not to control-click links in Gmail though, and instead copy-link, paste-into-Firefox.
https://webcompat.com/
They diagnose websites broken in Firefox and reach out to website developers, fix Firefox bugs, add Firefox UA overrides (see Firefox's about:compat page), and start discussions to resolve ambiguities in web standards. For example, what should happen for a broken image without an alt value?
https://webcompat.com/issues/44353#issuecomment-555793736
Binance.com had the same problem, I emailed them about it and it was fixed the next week.
1) the use of the on-screen keyboard in tablet mode is iffy with Crostini apps: https://bugs.chromium.org/p/chromium/issues/detail?id=826614 . On my HP X2, I wanted to use Thunderbird to get my email while using the device as a tablet: in addition to scaling issues, the inability to enter text made it impossible for me. It seems that Google seems to be abandoning the idea of detachable Chromebooks replacing the nearly-dead Android tablet market so maybe the expectation of a hardware keyboard is not outrageous.
2) On my machine, the performance of Crostini apps does not even come close to the performance of the native Chrome browser.
That's just my experience though. Edit: FYI, my default browser on the device is Firefox/Android but again, its performance does not come close to the native Chrome plus the latter passive-aggressively brings up a 'choose browser' dialog for any pages I happen to be browsing in it. It really has been an extremely unpleasant experience but I haven't found anything better yet for my specific use case.
The list goes on and on, mozilla has a terrible record and proved multiple times that it should not be trusted.
After the pulseaudio debacle and after being a supporter since its first steps, I quit firefox and removed it from all computers I maintain to never return. There is no thing mozilla can say or do that will make me go back to firefox, apart from acknowledging their role and taking responsibility by resigning and releasing firefox to the world.
You are completely missing the point. At the end of the day you have to pick a browser, and so it matters a great deal which one is worse, even if neither is perfect.
Personally I still trust Mozilla above any other major browser vendor. They're not even in the same ballpark.
https://en.wikipedia.org/wiki/Google_Native_Client
The effort spurred ASM.js & eventually the WebAssembly standard because of the discomfort of deploying a cutting edge research to billions of people on the web (the initial NaCL implementation was very large & eventually turned out to have security holes, the original research was improved upon but by then the industry had spoken).
https://en.m.wikipedia.org/wiki/Gears_(software)
It was fixed that week. Unfortunately, this trick does not work very well on non-enterprisey sites or after you cut them a check.
Already doing that. You can call it "voting with my wallet".
[1] https://brave.com/
Actually think about the problem the other way around, as it seems easier to do the opposite in most cases (or at least for news/articles sites such as liberation.fr): a page readability extraction plugin, sometimes called summarization. It identifies the "meat" (ie. the main article or video), extracts it and gives it to the user bare bones. No ads, no tracking.
At least that's what I'd prefer once everything else fails, and that's why I'm using Firefox's reader mode and Pocket a lot these days, and if ads take over again like in 1998 that's were I'll be surfing the readable web.
We're reaching the end of the golden era of ad-blockers where we thought we were ad-free by just blocking a banner ad.
Tracking does not need to provide any visual indication to the user.
I think however it's time to grow up and stop playing this cat-and-mouse game. Advertising is crucial to the web and should be allowed. We should be shifting towards ideas that decentralize the tracking itself (like Brave does) or allow users to completely control and explicitly switch their advertising tracking identities
Also, 95% of the time the live-chat functions on websites are obnoxious. If I have a concern, I am happy to open a dedicated chat page. Having a chat widget on every single page is annoying and unnecessary. But that's just my opinion.
Are you sure you are not able to do your website performance analytics from your server logs? More often than not, user agent side analytics end up collecting lots of unnecessary sensitive data, and sharing it with third parties like Google.
What's the privacy concern if I'm tracking on what pages my users visit? I'm not sharing those with anyone.
Small business owners like myself are hurt by these things, I can't afford to pay 4-5 figures to a developer to build a tool to analyze my server logs and won't give even 5% of the quality of data analysis Google Analytics or Mixpanel gives.
You can get this very easily on the backend side.
> I can't afford to pay 4-5 figures to a developer to build a tool to analyze my server logs
No need to bother, there are tons of easy SaaS tools like Splunk in that marketplace already.
Frankly, that's your problem, not mine as a consumer. If I want to give you feedback, I'll let you know. You could always ask me, too.
Individually maybe it's not your problem, but taking that as a larger group becomes a big problem.