104 comments

[ 0.23 ms ] story [ 156 ms ] thread
As one of the developers (dhowe) commented:

> we are aware and preparing a statement and some workaround info to be released in a few hours (though, as you probably know, there is not much the average user can do in this case)

I guess, they are going to post it on HN too.

Anyway, thanks for the heads-up. AdNauseam is definitely an interesting extension.

Why is it not in plugin store?
Presumably because Google would not allow it.
Google removed it. Their main source of income is ads and they don't want something that disrupts their main source of revenue in their store. AdNauseam is much more disruptive for ad networks than your average ad blocker.

There's still a (broken) link on the project's GitHub page: https://chrome.google.com/webstore/detail/adnauseam/hgfaciee....

So why are these still listed? uBlock, uBlock Origin, TruBlock, AdBlock Plus, etc
Those just block ads, do not cause mess in Googles data. Lack of data is better than unpredictable and fake data.
Good. This will give AdNauseam visibility. And remind everyone what Google's game is.
I think everyone know's what's google's game is.

Google hurriedly announced Chrome when back in the days Microsoft was thinking of blocking ads.

Then they gave the user a never seen before simple to use User Experience/User Interface. Started marketing aggressively. Recently on iOS when using Gmail app and opening a link, it suggests me to install Google Chrome.

Google's game has always been user data.

(comment deleted)
Another reason not to use Chrome
I like the anarchy of AdNauseam.

But it doesn't make sense, why try and reduce the revenue of websites further than the personal non contribution of using an adblocker (which improves personal experience)

Do people really think websites will be able to run off donations, are people that naive?

Why not subscriptions ?
Search 'paywall' on HN comments.
The "issue" is that for subscriptions to work, you'd have to provide a worse service, because you'd have to require people to login. I honestly don't mind pay for some sites, but I do mind that I have to login.

Currently I believe that the people who don't mind dealing with ads are getting a better service, than the people paying for subscriptions directly.

"you'd have to require people to login"

I can't imagine it being that much of a problem in days of password managers and cookies...

"Currently I believe that the people who don't mind dealing with ads are getting a better service, than the people paying for subscriptions directly."

I subscribe to a bunch of newspapers (and I'm a 20-something tech guy), I don't really mind logging once when I'm on a new computer/phone/whatever, it's the same issue as google / facebook / twitter / ...

It's not just about money, it's about tracking.

From the AdNauseam website:

> AdNauseam serves as a means of amplifying users' discontent with advertising networks that disregard privacy and facilitate bulk surveillance agendas.

> In light of the industry's failure to self-regulate or otherwise address the excesses of network tracking, AdNauseam allows individual users to take matters into their own hands, fighting back against unilateral surveillance.

AdNauseam's developers want to break the current Big data/surveillance-based advertising model. That is not the only possible model for advertising. Something like The Deck model, where there's no tracking or flashing jumping Punch the Monkey, just a static image link to the advertiser landing page, is a possibility.

I think the websites actually increase the revenue. Instead of not clicking on any ads (as in uBlock)- the browser clicks on all of them.
Yeah, that's my impression too. And exposing the actually pretty fragile business model of Google and others. All they can do is hope that major browsers don't build these features into their browsers; it'd risk wreaking havoc on ad click valuation / ad pricing.
But it earns them revenue in the same way that setting your house on fire will warm you up.
I'm already using uBlock Origin. Why should I use this instead?
It's an artistic take on uBlock Origin. I am using it and I find it funny.
It seems that AdNauseum clicks on the ads then hides them, whereas normal extensions simply block them.

I'm not entirely sure how I feel about that.

Didn't know about it. Just installed on firefox, it seems only fair.
Being realistic, of course they'd block it. Why would they allow an extension that costs them money by faking ad clicks (edit: harms their business model by making advertisers mad that they're getting fake ad clicks)? I'm happy simply blocking ads; I don't want to directly cost anyone money that way. Whatever you think about ads, isn't automated random faking of ad clicks arguably fraud?

Being optimistic, the conflict of interest over ad clicks may not be the only reason for this decision. Blindly and randomly following ad links seems like it would assist exploitation of browser vulnerabilities.

I'm not going to downvote you. But it's in no way shape or form fraud.

It's just like sending back business reply mail if you're not interested in the product. It's not fraud.

I can see a case for it being a bit like a DDOS attack. But I can't see a case for it being fraud.

I'm not so sure.

1. The authors of the extension clearly intend to harm the ad industry. There's no expectation that anyone will look at any one fake ad click and say, "oh, that person's sick of ads... maybe we should change our strategy." There's no business-side interaction with fake clicks like there is with empty returned prepaid envelopes. The only impact anyone intends or expects from this extension is financial. The intent is to get advertisers to pay more for fewer sales.

2. This is automated, and by distributing an extension, automated on a (potentially) mass scale.

I hate ads and I'm the kind of person who would use that extension if I weren't already happy with ublock origin, regardless of whether it might be considered fraud. However, I think there's at least a passable argument that it could be. If the main reason for this removal is that Google views the extension as fraud, then banning the extension from the Chrome web store is fairly decent of Google compared to suing the developers.

> The authors of the extension clearly intend to harm the ad industry

Not at all, it is just trying to prevent tracking and profiling by obfuscating genuine clicks with noise. It is explicitly a reaction to ad firms ignoring do-not-track.

> The only impact anyone intends or expects from this extension is financial.

Financial disruption is the tool used by most forms of direct action[1]. The power imbalance between large businesses and the people affected by those businesses usually leads to problems being ignored for the sake of profit. When money is the metric that influences decisions, the only way to effect change is to disrupt the source of revenue.

[1] https://en.wikipedia.org/wiki/Direct_action

Logged in just so that I could upvote this.
> It's just like sending back business reply mail if you're not interested in the product.

Without going into fraud-or-not, this is the opposite of how it works. It responds to every single business "I'm interested in all your products". This potentially generates some costs for the business which sees a new interest on latest products and makes misguided related investments.

yeah, and I'm allowed to do it. It's not against the law to be an asshole.

I'm even doing it on the phone, for the companies that keep calling me despite me telling them not to: I make them lose as much time and money as I can, by scheduling fake appointment with their salespeople

In some cases it is against the law. Spam only wastes our time and tiny fraction of money - it's literally just companies being assholes. And it's been declared illegal. Same for phone spam.
> It responds to every single business "I'm interested in all your products".

This is unwarranted wishful thinking. Clicking an ad doesn't necessarily imply interest.

> generates some costs

Yes. Hitting businesses in their profits is one of the only communication methods some businesses listen to.

> Clicking an ad doesn't necessarily imply interest.

I believe this is actually the only thing that a real honest click on the ad indicates. What else would it do?

> Hitting businesses in their profits

It's also illegal in other ways. Racketeering idea would potentially apply here - you're making the company pay to get rid of problem (meaningless clicks) which wouldn't exist if you didn't run the extension.

>Racketeering idea would potentially apply here - you're making the company pay to get rid of problem (meaningless clicks) which wouldn't exist if you didn't run the extension.

As I understand it, racketeering requires that a company is offering a (paid) solution to a problem they are responsible for - so it'd be racketeering if the makers of the extension sold a product to detect and filter out the fake clicks, for example.

>I believe this is actually the only thing that a real honest click on the ad indicates. What else would it do? Most of my clicks on ads are mistakes. Ads that finish rendering after I've started reading the page, causing the window to jump around, resulting in a misplaced click. Or ads that have such a tiny "Close" button that it's impossible to click on a phone. Those are all honest, non fraudulent clicks that do not indicate interest on my part. I don't feel bad at all if this gives the advertiser the wrong idea.
> you're making the company pay to get rid of problem (meaningless clicks) which wouldn't exist if you didn't run the extension.

The company that chose to display ads in the first place? Who is the root cause of the problem here, exactly?

But it's in no way shape or form fraud.

If I "accidentally" visit my own website while I have this extension active it'll cause any adverts to be clicked and I'll earn money from them. Unless the plugin has a way to block the action on adverts that the browser user receives money from it's indistinguishable from deliberate click fraud - all Google knows is that the browser used a programmatic event instead of a user initiated click.

To that end I can see why Google might want to disabled it. I hope they'll also reach out to the developers to come up with a workable solution rather than just blocking it permanently though. Google have an opportunity to show they do actually care about privacy on the web here.

Just don’t have ads on your website. Easy as pie.
So, in some cases, you're advocating just closing up shop?
If your website costs so much that you need income to support it and provides so little value that people are unwilling to pay for those costs, then, yes, you should probably shut it down.
You do realize that both YouTube and Google make their money entirely off of ads, right? If you had your way, we wouldn't have the largest search engine on the internet nor any of their spawned products.
Presumably in the short run it makes Google money - a great deal of those blocked ads are AdSense ads and Google gets cash for every click.

Though that obviously isn't sustainable when advertisers realise what's going on.

Why would they allow an extension

Is Chrome the user's agent, or is it Google's agent.

i to think its going to far. as somebody that had to block aws range because there is i assume fake clicks as a service, this is not great, but i think it could be product of a anti anti block that many are implementing now.
I don't think this is fraud.

Either there is no law on the Internet - It seems be the reality of Internet being global and hardly enforceable - and in this case you do whatever you want and advertisers do whatever they want.

Or there is laws on the Internet, and advertisers are not respecting them. Privacy, damaging your devices via malware, not separation of contents vs. ads, EU laws being very protective, illegal targeting, etc. So, defending yourself against this is not fraud.

How is it fraud? I never wanted the ads. How is it any different than me manually clicking the ads myself because I don't like ad networks and want to see them lose revenue?

Serving me malware laden ads that ransom my PC, now that's criminal.

> I never wanted the ads. How is it any different than me manually clicking the ads myself because I don't like ad networks and want to see them lose revenue?

Scale and rapidity is the difference, in dollar terms, robo-clicking will cost them at least an order of magnitude more. I also don't think advertisers mind that you clicked on their ad in anger - as long as you saw it and it registered.

Do I understand correctly that Google Chrome is uninstalling software that the user has deliberately chosen to (not tricked into) install?

This feels worse than simply pulling the extension from the Chrome Web Store. Google certainly isn't obligated to host this thing, but outright uninstalling it against my will seems like crossing a line.

There was a lot of hand-wringing when Chrome was released with automatic updates enabled by default, because it seemed reckless to grant Google the power to install (or uninstall) new software on our computers at their whim. Chickens might be roosting.

If 99.9% of software installed outside of the chrome web store were installed by adware would you feel differently? Your black and white view of the world bores me.
I think they have been doing the same on Windows for a while. Linux users are still allowed to install what extensions we want.
Why is this a bad thing? If average Joe had unsigned extensions (without dev mode enabled) it was most likely installed by adware to spy on him.
I see the idealism in your post and I agree with you 100%. 100%!

But every time I got to my grandmother's she has a thousand "default search ad engine this" and "ad injection improvement that" extensions that I need to remove. Those search engines have exactly the same homepage as google, to the colours, except the logo is square, not round. There is no way she can know.

It might just be they ran the numbers and my grandmother's not the only one.

I think maybe, just this once, reality should trump idealism. Let's keep a very close eye on them. But for now, "I'll allow it."

Ps: I know that "if there are unsigned extensions on your computer, you have bigger problems", but it's my grandmother. Security is a moving target, this is the step we take in Jan 2017. If it keeps her safe for a month, that's fine with me. We'll see how the malware adapts in Feb, and react accordingly.

Fuck your grandmother

Why should I suffer because of her incompetence?

My grandmother is emblematic of "the typical user." It's easy to forget about them, the silent majority. But make no mistake about it: if you work in tech, you owe your life to them. They pay our salaries. We must not forsake them, for they have made us who we are.

For every opsec genius such as yourself, there are a thousand opsec impaired such as my grandmother. It is up to us to provide them with a system they can use without having a MSc in computer science.

To drive this point home: the real problem in my grandmother's case is not all her grandchildren are adults. They don't understand what "don't download games" means. What is she to do? Not let them use the computer? That would defeat the entire purpose of having one. When the best we can do to make our users use our products safely is to have them not use it at all, you know something is fundamentally wrong. And it's our job to fix that.

(comment deleted)
Oh yeah, we here in computer land are soooo sophiscated, even our scare arguments aren't 'think of the children but are 'think of grandma' instead.

Hey guess what, whenever a monolithic entity thinks they know best than millions of individuals it stinks of moral exceptionalism, you may consider recalibrating.

Totally with you. With my grandparents and even my smart, successful sister they simply live in a different world then we do. They are being tricked (or are too lazy to care or notice) and these moves do help them. We see more and more technology companies doing things to help these users. (Like Apple with the new MBP by girlfriend says it's her favorite computer she has ever owned all of 15 seconds after turning it on).

But here if you have developer mode on they should never be allowed to do this. It's one thing to do it to a normal user (though if they really cared they would check to see if the extension was a normal non-spam extensions like this) but when a user as clicked that they are capable of understanding what extensions they have on then Google is in the wrong.

Sadly we are on HN are not the majority user of the products we love to discuss.

The argument I've read before regarding this is that configuration switch the user can set to permanently suppress this behaviour, malware can also set.
> Do I understand correctly that Google Chrome is uninstalling software that the user has deliberately chosen to (not tricked into) install?

How would Chrome discern deliberately installed extensions from extensions the user has been tricked into installing?

Ask the user?
How do you make sure it's the user responding and not the installer that tricked the user that's sending keystrokes?
I don't think Chrome extensions are omnipotent. They can't set arbitrary Chrome settings, for example, can they?
No. But the installer that wrapped around the thing the user actually wanted certainly can.

You know. These adware "downloaders" that completely hose your browser unless you find the correc checkbox full of double negatives to check.

> But the installer that wrapped around the thing the user actually wanted certainly can.

Then you're not talking about Chrome extensions and none of this applies.

Chrome extensions can be installed in many ways. Does a chrome extension need to be sourced from the chrome web store in order to be considered an chrome extension?

One method to install an extension is the chrome web store.. the other methods are typically only used by developers (hence all the dev mode comments) and malware (hence all the "I can live with this" comments)

In this case, I think, because the user had to go into dev mode to install it.
(comment deleted)
The user can be also tricked into enabling the dev mode and installing a malicious addon. Granted, that would make it more suspicious but there will be people who would do that or have done that already.
Keep in mind that to Google's ad fraud department, this would be considered ad fraud by creating a bot that clicks on it's own ads. If you were in Google's ad fraud department, what would you do? Would you say "yes, this extension is ok to be distributed by us"?
Google isn't distributing the extension.

Chrome is uninstalling a manually-installed extension.

This situation is somewhat akin to OS X uninstalling Spotify.

> This situation is somewhat akin to OS X uninstalling Spotify.

Yes, Spotify and AdNauseum disrupt iTunes and Google, but I don't think it's a fair comparison because Spotify is a competitor (in that it provides music) whereas AdNauseum doesn't compete with any Google products, but just disrupts them.

It would be more akin to uninstalling an itunes app that just requests hundreds of random streams from itunes servers even though the user isn't listening to them.
You are right, that's my goof. However, the basic premise is the same. It's not as if they just do not like the people who made it, the extension literally commits "ad fraud" through fake clicks on ads.
Title is misleading, it's not just this extension being blocked, it's all non-store extensions
The title wasn't misleading, because Google just removed their extension from the store on 1/1. It's unfortunate that the title was changed, because the fact that google blocks non-store extensions is not news, leading people to misunderstand the relevance of the submission.

FTA:

"Earlier this week, on Jan 1st 2017, we were informed by our users that Google had banned AdNauseam from its Chrome Web Store."

(comment deleted)
No, that's not true. I have several non-store extensions installed (mostly stuff I wrote myself) on the exact same configuration, and I have never experienced this behavior. Chrome will remind me on browser startup that I have dev mode extensions installed, but won't do anything to them unless I click the "disable" button on the popup.
Chrome has been going this route for a while now as it was getting so much flak for poor performance, security issues, etc. that was actually because of maliciously installed extensions. Their only option was to only allow extensions installed from their store which allows them to review the code and sign it before allowing it to be installed in the browser. All the other browsers (Firefox, Edge, etc.) are going the same/similar routes too (Firefox allows you to install from outside the store, but it has to be signed by going through a review process).

And they've been progressively making the developer mode harder to use as a backdoor for malicious extensions to install themselves, by only allowing them to run for the duration of the session. Firefox was actually the first to do this. And this is why the Extension is being 'removed' between sessions.

What is more interesting is why this particular extension was removed from the Chrome Web Store - It looks to be a fork of uBlock and lots of other Ad Blockers are still available in the store. So why is this particular one not allowed?

The only reason I know of that extensions have been removed from the store is if they violate the Single Purpose policy (https://developer.chrome.com/extensions/single_purpose) and normally only if they are doing something malicious (e.g. Claiming to be an extension that blocks ads, but actually also scraping data, injecting ads, or something like that). I know this extension is open source, but has anyone actually reviewed the code to make sure it isn't doing something malicious under the hood?

Edit: I looked at what AdNauseam does differently to normal Ad Blockers and I think where it is running afoul of the Single Purpose Policy is that it both blocks Ads AND clicks all the Ads. Now Google could be banning it from the store because it does 2 things and they should split those out into 2 separate extensions, or they are banning it because it is basically a means to commit Ad Fraud (fake clicks is a massive problem in the Ad industry). And blindly clicking every ad on a page doesn't seem like a safe thing to do personally...

Other ad blockers "block ads" and "block annoying eu cookie notices". Should they be removed?

I just visited the Chrome store and chose the first extension: https://chrome.google.com/webstore/detail/office-online/ndjp... It makes word documents AND spreadsheets?!

Hopefully you can see where I'm going... whatever's written in the policy is difficult to enforce literally. Someone has to make the distinction based upon the intent of that policy. A person has to draw the line. If Google have made the decision based on that policy, well that's their decision.

Reading https://developer.chrome.com/extensions/single_purpose (part 4) makes me thinking "disrupting ad networks" could be that single purpose. Then it'd cover blocking & clicking. Just like "Office Online"'s "edit office documents" covering both "word processing" and "spreadsheets".

Yeah, I'm just speculating on the reason it was removed from the store - But that's the more interesting question. Why was this particular extension removed?

There are loads of other Ad Blockers that do what this extension claims to do and they are all still available in the store - so all the conspiracy theories in this thread about google blocking it because it hurts their ad revenue seem bogus.

As I said, I've only seen extensions removed from the store that were doing something malicious - Something the person who installed the extension wouldn't reasonably expect it to be doing.

When Firefox did this I eventually stopped using it altogether and switched to Pale Moon. That's been a good experience, FYI.
Let's cut the bullshit. Dropping AdNauseam from the store is a clear sign from Google that their ad-supported revenue model is more important than user experience and choice, even in non-ad-focused products (do no evil indeed).

Given this fact, why would I want to use any Google product in the future or recommend Google to anyone? How can anyone trust Google Home or the Google self-driving car to not make similar compromises to usability and choice in the name of propping up Google's other business?

I'm a bit out of the loop here. Why did AdNauseam get banned and not uBlock Origin, ABP, etc?

Edit: Nevermind, figured it out:

> As online advertising becomes ever more ubiquitous and unsanctioned, AdNauseam works to complete the cycle by automating Ad clicks universally and blindly on behalf of its users.

It doesn't just block ads, it also pretends to click them.

This is obviously very problematic for advertising networks which use a pay-per-click model, where sites are paid based on how many users click the ads. In fact, this behavior is very similar to a common type of fraud in the advertising world known as click fraud, which exploits the pay-per-click model to extract money from advertisers with "fake clicks" from bots.

Even though in this case it's being done not to defraud advertisers but to instead prevent ad networks from tracking what ads a user did click, I can see why Google might object.

> why would I want to use any Google product in the future or recommend Google to anyone?

because the world isn't black and white. i don't agree with every decision google makes, but i don't think there's a single company for which i agree with every decision.

i think its really a stretch to say that this single decision means that all google products are going to be terrible. google prioritizes its ad revenue over user experience sometimes. but if it still produces a product superior to its competitors, i'll choose that product. and if it produces an inferior one, i probably won't choose it.

I just had a picture of a Google self driving car taking you to your destination via "sponsored routes", past businesses who have "paid per view".
> compromises to usability

explain how preventing non-Chrome Store extensions from being installed is a compromise on usability? If anything, usability is improved for most of the Chrome using population.

AdNauseum getting dropped from the Chrome store was the right move as it is a bot that commits click fraud. Advertisers pay good money for a targeted audience. If you don't want to see advertisement nor to be tracked, there are ways maintain privacy without being retaliatory.

Unrelated, but I find it funny how people used the name macOS instead of OS X for like 2 weeks after Apple changed the name, then just reverted back. I guess you can't make people stop using a name that's been around so long.
How ironic that Windows is the only major platform that doesn't try to force its way between you and your computer. Still, I bet someone inside MS is dreaming up plans to install a toll booth on Windows eventually.
Does OSX? All the mobile operating systems certainly do, but nothing makes you use the OSX app store, and you have root access
I understand the point of AdNauseam, but is it really a great idea to install an extension that clicks every ad? Seems like a good way to waste bandwidth/CPU resources, expose your browser to malware, end up on lists of various sorts, etc.
Ever wanted to quickly hack together your own homebrewed extension for Chrome? You've now lost the ability to do so unless you publish to the wretched Chrome Web Store, which allows only for a princely maximum of 20 extensions by default [1] and has a nebulous review process [2].

Hopefully, this restriction doesn't exist in Chromium.

[1] https://developer.chrome.com/webstore/faq#faq-gen-29

[2] https://developer.chrome.com/webstore/faq#faq-listing-08

I do use my own extensions, that I don't distribute, for many everyday conveniences during browsing. I've reluctantly, given lack of good alternatives, stuck with Chrome for a long time; but this is the change that finally forced me to switch to Firefox. It's not perfect, but it definitely is the least evil.
First advertisers try to guilt people with the content blocking is stealing mantra, now they want to call this click fraud, instead of taking a look in the mirror. It is a great way to destroy user trust, I can only see this going one way.