Probably the norm going forward to thwart ad-blockers. Also ads will most likely be generated server-side and served from the main domain in the future. I'm surprised this hasn't happened already TBH. I guess the ad-networks like their JS on user's pages enough to slow the progress?
It's literally just 'reddit.com' though, surely if that were the case (not that you didn't want people to block it) you would use `/metrics` or whatever path.
Isn't that the goal, though? The best arguments I've heard for casual ad-blocking is that you can't trust the code running through ad networks. If we take the ad networks out of the equation (first-party analytics and ads), I'm much more okay with that.
I suspect many of these become “first party domain hosting a proxy [or using CDN config] which serves the same third-party code as today” which is no more trustworthy in practice though some users might feel better about it.
The future of adblocking is an AI-based system that detects already loaded ads visually and simply masks them from you on the client side. Such an approach (sans AI) has been used in the past, but it fell out of favor due to bandwidth and CPU usage concerns. Since then, bandwidth and computing power have grown exponentially, such that the disincentive of the load-and-hide approach will continue to diminish over time.
There are plenty of people who misuse the word "exponential", but in this case, assuming much of the period in question was during Moore's Law growth, "doubling every N months for many years on end" is genuinely exponential.
At higher numbers it is very hard for any whole number exponent >1 to be reached
In any case what year was AI adblock attempted so we can check if this is one of the narrow use cases where exponential performance improvements occurred within computing
“Orders of magnitude” will be more frequently correct and also include “exponential”, whereas “exponential” will be less frequently correct
That approach (sans AI) hasn't fallen out of favor. Ad blockers still do it, they just also support blocking them from loading. There's no benefit to loading an ad if you're going to hide it, it's always wasteful. Growing computing power and bandwidth doesn't change that.
Yes! An AI that looks at the ads for us and just filters them out. Now it doesn't matter what they do to circumvent the blocker since the AI works by recognizing the brands and ads themselves instead of relying on page structure.
Imagine having smart glasses which seamlessly filter out product placement in movies, sporting events, even the ads in the real world. It's a dream come true. Our reality can finally be clean again.
There will be some new anti-ad tech becoming popular if first-party ads become a thing. For instance, I could think of some browser plugin that looks for visible DOM elements that change between refreshes. To deal with false positives it could grey them out initially but offer a button to really block/allow for future refreshes.
Ads are a form of brainwashing if you ask me. I've been able to avoid most of them for years by ad blocking and staying clear of TV. Just looking at the shit regular television watchers buy and consume, it really seems like ads warped their sense of reality. They do it by normalizing a lifestyle that fits their product, and through constant exposure people start believing it. Filling the subconsciousness with lingering desires for fake experiences. Its ridiculous and harmful.
Completely agree. I saw someone here describe ads as mindhacking and I loved it. These advertisers are attempting to literally hack our minds, modify our thoughts and behavior patterns, create associations between brands, images, ideas. They present zero information to the reader, you can't trust anything they say due to conflicts of interest.
I would like to say "then pay!" however the ad machines Google and Facebook built are so powerful, that a paid system doesn't seem to really work ... and even paid sources add ads. Annoying world.
Yeah. The only way to win this is to get every user to block ads. Just install uBlock Origin by default on every browser. Drive the advertiser return on investment as close to zero as possible.
The ad networks will likely provide a framework to serve and cache those on the first-party server, so you'll probably see the same level of untrustworthiness in the code.
And no, these are not their own ads, they proxy the requests from their own domain to the Yandex Direct ad network. Even worse, there is some evil javascript that tries even different non-sensical HTML element names to try to get past the blockers.
Actually, it makes me wonder what's keeping these companies that want to serve ads generate JS dynamically server side and include the code for ads in the same file as the main application logic. Then, when you'd block the entire file from downloading because of it containing ad logic, the site would break, so viewing ads would be required to use the functionality.
I do feel thankful that toolchains like that don't seem to be in widespread use yet.
> Actually, it makes me wonder what's keeping these companies that want to serve ads generate JS dynamically server side and include the code for ads in the same file as the main application logic.
First reason is the lack of trust. Or limited trust, if you prefer. That is, SomeCompany may trust AdProvider enough to include their ads in its website, but then again not trust them enough to bundle random external code with their own. Letting the user's browser load from different origins does give you some separation.
Then there's the separation of responsibilities. Say something does break -and not because of blocking-, having the code bundled together makes it very easy to start a game of passing the blame. "It works for us", "We're not doing anything weird", etc. And not only that. There's also the question of who pays for that downtime. SomeCompany is kept from earning money, will AdProvider compensate them? SomeCompany'll probably need to provide evidence that the problem comes from AdProvider.
On the other hand, some websites may already be doing a very similar thing... though it's likely just accidental. I mean, I have experienced a fair number of websites breaking when googleanalytics is blocked and I'd bet it's not intentional, just bad programming.
> ads will most likely be generated server-side and served from the main domain in the future
Well one thing webmasters can do is place wrap an image in an <A> element and the URL is some affiliate link that they control. Good luck blocking that since the image is the first party domain. It's a tactic I've been using for years now, and I've gotten thousands of referrals and confirmed purchases of products.
> Probably the norm going forward to thwart ad-blockers. Also ads will most likely be generated server-side and served from the main domain in the future.
That sounds great to me; it means getting cross-domain tracking to work would be much harder. Hopefully that means we'll also get ads that are actually relevant to the page instead of random unrelated stuff.
With how I've seen ad tech evolve so far, I am sure they would include cross-domain tracking in their payloads and you would need to turn it off via a good ad blocker.
Until companies begin just sharing specific parts of their server side logging. I can see a future where all the tracking happens in a fully server-side network of companies just sharing data back and forth or between a central database.
It is easier to do a complete block of an ad serving domain, but in terms of ad blockers it doesn't really matter if the ad is coming from the front or back end. The ad blocker can remove the content on the page holding the ad based on some CSS selectors.
I use teddit and have generally refused to use reddit ever since they made the mobile experience unusable with the constant "Please download our shitty app" screens.
I'd be curious to hear from someone that feels strongly about blocking first-party front end tracking. I generally assume that whatever website I am on would have a good sense of what I am up to just based on server side logs. Sure, if I block 1p logging they might not have a down to the second understanding of how long I am impressing on something, but overall I feel the point is moot.
Yeah, this take on "I also try to block first party tracking" is just weird in my opinion, or at least impossible (beyond just normal cookie blocking tools).
The ways most sites utilize AJAX and JS, there is just no consistent way to block "tracking calls" vs. blocking requests needed for particular pieces of functionality and data.
Exactly, there is a lot of trust involved, even without executing JavaScript, but especially when so. This is why I stay away from sites I don't find trustworthy.
I also close the tab if I'm presented with a paywall, a modal newsletter subscription prompt, impossible cookie banners, etc.
I think of it as a "the medium is the message" type of thing, and if the medium is tainted then the message can't be any better, so why read it?
> there is just no consistent way to block "tracking calls" vs. blocking requests needed for particular pieces of functionality and data
At some point, browsers will gain firewalls and packet inspection and filtering capabilities.
We should be able to inspect the data sites are sending and receiving asynchronously via Javascript. We should be able to automatically delete or redact private information from JSON payloads. What if uBlock Origin could automatically anonymize unique identifiers that some Javascript code is trying to exfiltrate?
I would expect to see ad/tracker blocking technology to advance as the users encounter more invasive types of tracking. But what if the server requires that information as part of a request to serve content in it's response?
This will always be a cat and mouse issue, and unfortunately right now most of the authority is on the server side. The data-driven web that TimBL envisions is just not profitable enough and content has to be heavily intertwined with distractions and trackers to monetise us cattle. See RSS.
I think there is a certain amount of implied trust when visiting a site, especially with JavaScript.
Just like if I visit someone's house, I trust them to not look through my bag while I'm not looking, even though they easily can.
And when that trust is gone, it's pretty much gone for good, just like if I go to a venue and find out they rummaged through my coat pockets, I'm not going back.
Maybe not everyone thinks this way, but I sure do. I consider an untrustworthy website to be tainted. It is unlikely to produce enough benefit to outweigh whatever they may be getting up to, whatever it may be. And the sooner I cease investing time in it, the quicker I can find a new alternative and begin building trust with them.
DNS-based content blocking was always trivial for trackers to bypass. Deeply integrated plugins like uBlockOrigin in Firefox are the only way out. With "Manifestv3", Chrome's making sure that even that level of integration may not be enough. 70%+ of the 4.5B internet users use Chrome.
For mobile apps... well, the writing is already on the wall.
It's tracking. All tracking should be blocked on principle. I don't want them to have any data about me at all. Failing that, I want them to have as little data as possible. And I want whatever little data they have to be useless to them.
> I generally assume that whatever website I am on would have a good sense of what I am up to just based on server side logs.
True. We can't stop the site from logging HTTP requests.
Maybe we can find a way to poison that data set though. What if we had a custom reddit client that generated random traffic to random subreddits in the background? Maybe that would pollute their logs enough that they can no longer build an accurate profile out of it.
> if I block 1p logging they might not have a down to the second understanding of how long I am impressing on something
Good. I don't want them to know. They should remain in perpetual uncertainty about whether their mindhacking methods are working.
I guess I'm surprised anyone is surprised by this.
Using a third party for analytics is only a convenience. Given enough effort, any system can build in their own analytics.
It's probably just a proxy to something like Segment.
Yeah I am old enough to remember setting up various analytics tools in early 2000s. Most people ran them on subdomains but some ran them in on same domain. Also we had tons of server-side tools like webalyzer.
Back when we were trying to do smart things with Apache logs. And so when JS was prevalent enough and Google (+ others) started handing out snippets to get great macro data about visitors, we were all about it.
It wasn't until that data became intricate user interactions that were bought and sold, did we worry.
edit: So I guess that gets to where my surprise comes from. I expect first parties to gather all kinds of info about how I use their service. It's even fine. I literally signed up for it.
The next step is to examine the TOS (in this case: Reddit) and see what I agreed they're allowed to then do with that data. ie. sell it so others can sell to me.
62 comments
[ 2.0 ms ] story [ 125 ms ] threadnot exponentially
Say it with me so we can normalize this usage
In any case what year was AI adblock attempted so we can check if this is one of the narrow use cases where exponential performance improvements occurred within computing
“Orders of magnitude” will be more frequently correct and also include “exponential”, whereas “exponential” will be less frequently correct
We don't know that the growth was n^x and not x^n.
Imagine having smart glasses which seamlessly filter out product placement in movies, sporting events, even the ads in the real world. It's a dream come true. Our reality can finally be clean again.
When I sometimes come across ads anyway, they seem like children stories or cartoons...
I don't want them to succeed. I want them gone.
Only then will the web change.
Nothing wrong with simply not wanting to see ads either. They're noise, to be filtered out.
And no, these are not their own ads, they proxy the requests from their own domain to the Yandex Direct ad network. Even worse, there is some evil javascript that tries even different non-sensical HTML element names to try to get past the blockers.
McDonald's ad? Replace it with a McD's Roach Sandwich ad. Facebook ad? Replace it with "Zuck causes Genocide".
We can fight back.
Visible impact on page: empty right sidebar
Blocked requests:
Actually, it makes me wonder what's keeping these companies that want to serve ads generate JS dynamically server side and include the code for ads in the same file as the main application logic. Then, when you'd block the entire file from downloading because of it containing ad logic, the site would break, so viewing ads would be required to use the functionality.I do feel thankful that toolchains like that don't seem to be in widespread use yet.
First reason is the lack of trust. Or limited trust, if you prefer. That is, SomeCompany may trust AdProvider enough to include their ads in its website, but then again not trust them enough to bundle random external code with their own. Letting the user's browser load from different origins does give you some separation.
Then there's the separation of responsibilities. Say something does break -and not because of blocking-, having the code bundled together makes it very easy to start a game of passing the blame. "It works for us", "We're not doing anything weird", etc. And not only that. There's also the question of who pays for that downtime. SomeCompany is kept from earning money, will AdProvider compensate them? SomeCompany'll probably need to provide evidence that the problem comes from AdProvider.
On the other hand, some websites may already be doing a very similar thing... though it's likely just accidental. I mean, I have experienced a fair number of websites breaking when googleanalytics is blocked and I'd bet it's not intentional, just bad programming.
Well one thing webmasters can do is place wrap an image in an <A> element and the URL is some affiliate link that they control. Good luck blocking that since the image is the first party domain. It's a tactic I've been using for years now, and I've gotten thousands of referrals and confirmed purchases of products.
What website(s) do you run so I can make sure never to visit them?
Of course, my adblocker will still block it, using the block element feature (also useful with nag bars etc).
That sounds great to me; it means getting cross-domain tracking to work would be much harder. Hopefully that means we'll also get ads that are actually relevant to the page instead of random unrelated stuff.
https://teddit.net/
The ways most sites utilize AJAX and JS, there is just no consistent way to block "tracking calls" vs. blocking requests needed for particular pieces of functionality and data.
I also close the tab if I'm presented with a paywall, a modal newsletter subscription prompt, impossible cookie banners, etc.
I think of it as a "the medium is the message" type of thing, and if the medium is tainted then the message can't be any better, so why read it?
At some point, browsers will gain firewalls and packet inspection and filtering capabilities.
We should be able to inspect the data sites are sending and receiving asynchronously via Javascript. We should be able to automatically delete or redact private information from JSON payloads. What if uBlock Origin could automatically anonymize unique identifiers that some Javascript code is trying to exfiltrate?
This will always be a cat and mouse issue, and unfortunately right now most of the authority is on the server side. The data-driven web that TimBL envisions is just not profitable enough and content has to be heavily intertwined with distractions and trackers to monetise us cattle. See RSS.
Just like if I visit someone's house, I trust them to not look through my bag while I'm not looking, even though they easily can.
And when that trust is gone, it's pretty much gone for good, just like if I go to a venue and find out they rummaged through my coat pockets, I'm not going back.
Maybe not everyone thinks this way, but I sure do. I consider an untrustworthy website to be tainted. It is unlikely to produce enough benefit to outweigh whatever they may be getting up to, whatever it may be. And the sooner I cease investing time in it, the quicker I can find a new alternative and begin building trust with them.
3p tracking masquerading as 1p is here already. Ex A: https://github.com/SukkaW/cloudflare-workers-async-google-an...
DNS-based content blocking was always trivial for trackers to bypass. Deeply integrated plugins like uBlockOrigin in Firefox are the only way out. With "Manifestv3", Chrome's making sure that even that level of integration may not be enough. 70%+ of the 4.5B internet users use Chrome.
For mobile apps... well, the writing is already on the wall.
> I generally assume that whatever website I am on would have a good sense of what I am up to just based on server side logs.
True. We can't stop the site from logging HTTP requests.
Maybe we can find a way to poison that data set though. What if we had a custom reddit client that generated random traffic to random subreddits in the background? Maybe that would pollute their logs enough that they can no longer build an accurate profile out of it.
> if I block 1p logging they might not have a down to the second understanding of how long I am impressing on something
Good. I don't want them to know. They should remain in perpetual uncertainty about whether their mindhacking methods are working.
Using a third party for analytics is only a convenience. Given enough effort, any system can build in their own analytics. It's probably just a proxy to something like Segment.
It wasn't until that data became intricate user interactions that were bought and sold, did we worry.
edit: So I guess that gets to where my surprise comes from. I expect first parties to gather all kinds of info about how I use their service. It's even fine. I literally signed up for it.
The next step is to examine the TOS (in this case: Reddit) and see what I agreed they're allowed to then do with that data. ie. sell it so others can sell to me.
Honestly a lot of analytics for an app can be done serverside and client side is just icing on the cake to make the data richer.