The next logical step is an ad 'blocker' that simulates ordinary user behavior by still downloading the ads, in the background without displaying them, and added random walks by simulated 'clicks' on advertisement. This allows all the creepy tracking that comes with loading the spyware, but if done right has the potential of disrupting the already disgusting mind-manipulation while silently giving back to the content publishers.
The step after that is to create artificial humans that surf the web just like real ones, build up marketing profiles just like real ones, "view" ads just like real ones - but aren't actually people. And then computers can market things to other computers. We might even get a shadow economy where it's computers all the way down, sorta like how 75% of Twitter traffic is (used to be?) bots.
I looked up the summary on Wikipedia[1]. It sounds like an interesting read. It was released under a Creative Commons license, so it can be read online for free.
Definitely a way to go. Some browsers already have the "reading mode" feature which accurately distills useful content for display while the page is rendered in background. But it would be really nice if advertisers considered making ads more tolerable.
That's how I browse, using NoScript. I enable JS for specific sites when they do something I care about, but it's easy to leave all the background analytics crap disabled.
Nah. For a long time after AJAX was birthed as a concept, people actually believed in progressive enhancement.
It's only somewhere in the last 5 years the SPA trend seems to have reached critical mass and instead of starting from the idea of meeting user needs by serving reasonable media types from resource endpoints (and then building up interactivity on top of that), people want to treat browsers as just another cross-platform runtime (an inferior one, naturally) that happened to win out instead of Java or Flash or Silverlight.
That's because industry analytics showed that approximately 1% of visitors lack JavaScript. AJAX and things like jQuery are ubiquitous and powerful, and it can be ludicrously expensive to build a site that looks nice and works well for that extra 1% of visitors who've deliberately crippled their browsers.
Pros for expecting JavaScript to be enabled:
- Cheaper development because you can assume a common, featureful baseline. That leads to less code complexity on both the client and the server because you don't have to implement parallel code paths.
- Freedom to add features that would be difficult or impossible to emulate with traditional static pages
Cons for expecting JavaScript to be enabled:
- The site won't look and act right for the 1% of visitors who are used to every other site also not looking and acting right
There are lots of reasons to use JavaScript in the browser and almost no reasons not to, so everyone collectively decided to stop hamstringing themselves to cater to a teensy portion of users.
> it can be ludicrously expensive to build a site that looks nice and works well for that extra 1% of visitors who've deliberately crippled their browsers.
Huh.
If you think that one of the advantages of JS-required SPA-style applications is that they will help you avoid things getting expensive somehow... I'm not sure where to start, actually. Maybe the situation here is kindof like the old saw about mediation: you should do it for 20 minutes a day, unless you don't have time, then you should do it for an hour a day.
My experience is that sites that start with the focus on their shiny new JavaScript framework and their app-like UI tend to devolve into architectures with overspecific and mixed concerns pretty quickly. If you want to keep things from getting complex and expensive, start by keeping discipline involved in conceiving of the app in terms of plain HTTP and different media representations of the same relevant resources/data. For back ends already producing well-modeled JSON documents, producing equivalent HTML representations should be easy. If it's not, something is likely wrong (and if you're already producing well-modeled HTML documents, it's exceptionally rare that producing good JSON docs with the essential content is anything other than trivial).
Now it's true that some apps just aren't about resources and media types, and you need the browser-as-runtime instead of the browser as document/media viewer. It's nice that the browser keeps growing in capabilities here. But let's be honestly: most of the JS-required apps we're seeing out there these days aren't even close to meeting this bar. And the "extra costs" you're invoking of supporting clients without JS are, in those cases, self-inflicted.
> That's because industry analytics showed that approximately 1% of visitors lack JavaScript.
And I bet those same analytics probably showed even fewer visitors without JS after they used those stats to require it -- problem solved!
"The publisher can also choose to circumvent the ad-blocking program and still present the ad."
"'if users opt-in to having advertising subsidizing the experience, we can serve that ad, [and if an ad blocker continues to block the ads] then that would be illegal'"
Wouldn't unauthorized use of my browser to download content over my ISP, against my wishes and for the benefit of someone else, be a federal crime?
In the scenario you just described (ie opting in to seeing ads)? I don't see how it would be. You could make the same argument in the following scenario: I buy a product with my credit (or debit) card and then ask my card issuer to not let the transaction go through (while not claiming fraud or anything). If the resolution was that the transaction was legitimate and is fulfilled, isn't that "unauthorized use of your account against your wishes for the benefit of another party"? Do you think that would be a crime (theft)?
When you're a grownup, when you agree to pay for a product (again, this scenario is opt in, by contrast to a lot of current content delivery), it's not a crime or unauthorized to enforce your end of the transaction that you agreed to. I never thought I'd have to explain that to someone over the age of ten.
That's not the scenario I was referring to. The second quote was just to show the hypocrisy (of the scenario in the first quote).
What you're describing is covered by contract law I guess. Contracts can also be trumped by law. E.g., if you reply to this comment and don't click this link for a free iPad, http://www.vanderbilt.edu/innervu/news/win-a-free-ipad , then you owe me $100.
If a site wants to detect an ad blocker and block their own page too, fine. But if they want to circumvent it and silently download whatever resources they want and thwart all countermeasures they encounter, then that's cyber crime IMO.
If you opted in to having advertising subsidize the experience, you are consenting, so no.
This is also not an entirely sensible question, as it works the other way around, too:
"Wouldn't unauthorized downloading of content, using your ISP, and then deliberately extracting certain parts of it, against the publishers wishes, and for your own benefit, be a federal crime?"
(Note: The question of whether this is copyright infringement, which is the common claim, is separate from the question of whether it may fall under some crime)
FWIW: I don't believe option 4 is illegal under any current criminal law i'm aware of.
Also, even if option 4 happened after the opt-in, you may get bound to a TOS or something that allows them to do it, etc.
Note also that all of this may run afoul of various civil codes, of course (it's hard to say, a lot of them are pretty vague, so until someone tries it, it's not easy to say what the actual end result would be)
It’s been solved in court in the past (and some horrible misdecisions were made, like saying that if no one links to something, it isn’t public), but in general: if you make something available for me, I can ALWAYS for private-only use remix it as much as I want. I can copy my CD collection a thousand times, I can burn a hundred clones of a videogame – for private use.
Which is the case here.
The publisher has no right to expect that users actually see ads. Even with TV, all recording devices since the time of VCR skip recording ads completely. And with live TV, people switch the channel.
No, it actually hasn't, at least not to the degree you think.
For example, the main ruling in favor of your argument, the Hopper ruling, turned on this:
"commercial-skipping does not implicate Fox’s copyright interest because Fox owns the copyrights to the television programs, not to the ads aired in the commercial breaks."
Not on some more general right to commercial skipping.
The only thing won on appeal so far is the preliminary injunction. Dish may in fact, still lose :)
Even if they don't, unlike TV shows, publishers will likely be able to claim compilation and collective copyrights on the work as displayed to the user. Plus, it's not time-shifting. Plus you have website terms of use that may bind you.
You may not want this to change the result. It probably changes the result.
"The publisher has no right to expect that users actually see ads. Even with TV, all recording devices since the time of VCR skip recording ads completely. And with live TV, people switch the channel."
This is 100% not the same as what is being described here.
Those are time shifting devices. This is not. It is not "fast forwarding" the ads on the computer. People are also not switching to different tabs to avoid the ads. You also have another serious problem in websites: Terms of use. Unlike TV, which doesn't bind you to anything, on the web you can be bound to terms of use (plenty of website terms of use have been held valid and binding, it's usually a mixed question of fact and law). Expecting precedent to come out the same given all this seems .. a dubious line of argumentation. It may, it may not. Acting as if this is a solved question is incredibly premature.
Additionally, the only court in your favor has not ruled that
Ad skipping is generally okay, it ruled that Fox can't complain about it because they don't own the copyright rights to the ads".
You do realize this means the ad owners* may be able to complain, right?
Anyway, if you believe otherwise, i'd love to see some case law.
(Because the case law i've found doesn't support your argument at all :P)
(Note, since i got a private email about it: I actually don't have strong feelings one way or the other as to whether it should be legal/etc, i'm just trying to express an view as to whether it is)
I'm just guessing about how they work, but my guess is that they track the HTTP requests that should come from an article, if all the ads load correctly. If a critical percentage of requests never come through, they report back to the customer, who changes the article's text to encourage you to remove the AdBlock software. Your HOSTS file would look exactly like an ad-blocker to this software, and would get similar treatment.
Ultimately I think the problem is that most publications aren't worth reading anymore, and so "never do business with the company that uses your tech ever again" may be an appropriate solution.
How does that change the request pattern for a web page? You still have to request the page and the page's resources regardless of your IP or whether you use a VPN.
The scheme described is presumably blacklisting by IP. (It could also be cookies, but that's even easier to get around).
Unless the server actually doesn't send the content until the ads are loaded; but that would slow down page loading for everyone (and still easily bypassed by sending requests and dropping the incoming packets).
Blacklisting the server by IP and then changing your client IP are completely orthogonal. I can't imagine how changing a client IP or a client using a VPN has any bearing on how a site decides whether that client had downloaded their ads.
Are you suggesting changing the client IP address between every request for every asset in a web page? Technically doable, but unbearably impractical. The new TCP handshakes, the new TLS negotiations ...
This is basically what TOR does. You can certainly do it, but as anyone who has browsed the web through TOR could tell you, the experience is significantly degraded. It's a lot slower, and many larger sites will ban you because you trigger their scraper/DDOS protections.
On Tor your exit IP address does not change for every request you make. Your address does indeed change periodically, but not constantly. The reason Tor is slow is because you're passing through many routers on smaller pipes (people's home DSL, for example) and sharing that with others using those routers.
No, I'm suggesting changing IP every time you get blocked.
If there was a large need for it there would be extensions that do it automatically (and with IPv6, you would have no shortage of addresses, which makes it easier to obtain new ones).
On Windows, Microsoft Security Essentials warns when a hosts file change is detected. Fortunately it's a simple click to decline any further action. Related, I've witnessed AdBlock Plus spontaneously removed from Firefox, I assume due to anti-virus software, but possibly also due to MSE.
Hosts files are a relatively obsolete way of blocking ads — it seems to be only because ad companies insist on serving ads and JS from their own domains. If a content site was sufficiently motivated enough, they'd serve ads exactly as content and include javascript within the content page itself to ensure they load.
Thankfully, I haven't seen anyone go "thermonuclear" on ad blockers yet except for executive-level decisions and lamentations — but as a technological-level problem it's theoretically straightforward to subvert given the rudimentary nature of ad blockers.
I've seen one person go thermonuclear trying to prevent ad blocking, and it seriously sucks. Randomly generated content classes and IDs, shifting DOM elements around to avoid them being targeted that way, and later on just completely removing all the divs from the area and manually painting large advertisements with primitives. Made scraping substantially more difficult, but of course not impossible.
One site that still has me beat dynamically loads all of the content and code through a websocket, and various bits are so heavily obfuscated that they look like brainfuck. Finding tools to tamper with SSL websockets is a challenge enough in its own right (Chrome has nicer tools now though).
One is screen scraping, one is attempting to find out how a product actually works. Neither goal has a monetary incentive so it is likely that people have got there before me.
Ad companies want to serve from their domains because they can then correlate traffic across sites and in theory serve up more targeted ads. If every content site served ads directly, that gets more complicated.
And isn't HTTP/2 telling people to stream content from a single server instead of opening multiple connections? I can see HTTP/2 accelerators speeding up traffic by multiplexing requests to the application, CDN, affiliates, etc into a single connection.
It will only multiplex requests to a single host— the layer at which it operates means it will need to connect to both contentprovider.com and ad.networks.com over distinct TCP connections.
Right. The accelerator accepts the connection from the client as a proxy but connects to the myriad backends. The downstream side only sees one multiplexed stream with the responses from the multiple servers.
I don't know about this startup, but others simply serve the files from the domain, where the content lives. If you block that, you won't be able to see the content, which is what the publishers want.
"The publisher could tell users that ads pay for content, and encourage them to either enable ads, subscribe to a site to enjoy the content for free, or view a certain number of ads to unblock stories."
They will allow users to pay a subscription price instead of seeing ads if you prefer that. Are you just against companies that make money? If everyone uses an ad blocker and pays no money to the sites, most sites just won't exist.
I'm actually pretty OK with this. I doubt it will happen, though. There must be a better way.
For example (and this is just an example from my own life), right now, the only thing I can do is block everything, there is no way for me to communicate my actual preferences to site owners. I used to white list sites I really enjoyed to give them some revenue, but with every ad network creepily tracking me, I don't do that any more. No matter how much I trust the site and respect the site, I can't trust their ad network.
What if you could approve ads, but block tracking? I'll allow you to insert some content into my pages that advertises to me, but I won't let you execute JavaScript to do it. The ad is less valuable, but it is better than nothing. If I allow tracking, I see fewer ads (but get tracked), if I just allow ads, I see more ads, but don't get tracked.
> What if you could approve ads, but block tracking? I'll allow you to insert some content into my pages that advertises to me, but I won't let you execute JavaScript to do it.
If advertising is not an agreeable business model to you, you should have already stopped doing business with companies that use it, not waited until you lost an arms race.
The whole fight about adblocking won't be solved in the court, but with a technical arms race. In the end startups like this one will probably win, just because there is a real, monetary gain for them. And then visitors of the sites using technology like this will have to choose: Either don't see ads, but also no (or not as much) content or content, but with ads or a payment. In my opinion this will lead to a better "contract" between users and the site, where everyones cards are on the table.
The counter for this of course is snake-oil. Look at the history of facial recognition, which has never worked in any environment outside of tiny-sampleset applications and yet is an almost-$3B/year industry.
"Monetary gain" can be realized in more forms than those implied by the perfect accomplishment of a goal, of "winning," which adblock-blocking most surely will not, just as adblocking will never be perfect.
I do this on principle, especially with mobile where ad-blocking is less available. If a page is especially egregious (full page ads, poor loading, etc), I will just close the entire tab ASAP. There's very little I need to read that badly, and hopefully it will show up in some tracking metrics.
People block ads not because they do not like them, but because ads are just lazy.
I am being currently "re-advertised to" by Converse. They and a few ecommerce keep showing the products I browsed, and I find that to be not annoying at all. In fact there is a small chance I would drop them a quarter to keep reminding me for some time.
Sounds like snake oil - anyone have examples of their tech in action?
BI gave an example of The Guardian in it's article, but that is visible for me.
Instead of addressing the root cause, ad tech will further hurt publishers by chasing more traffic away. How difficult is it for the ad world to get the UX issues that are at stake?
Publishers need to invest in UX - not tracking, malvert, bandwidth consuming tech that has forced users to go out of their way to install ad blockers in the first place. No, it's not theft. It's common sense and basic security.
Sorry for the rant ... Just looking for customer examples for what Sourcepoint is doing.
67 comments
[ 0.17 ms ] story [ 134 ms ] threadHappy arms race.
Skynet, here we come.
+2
[1] https://en.wikipedia.org/wiki/Accelerando_%28novel%29
It's only somewhere in the last 5 years the SPA trend seems to have reached critical mass and instead of starting from the idea of meeting user needs by serving reasonable media types from resource endpoints (and then building up interactivity on top of that), people want to treat browsers as just another cross-platform runtime (an inferior one, naturally) that happened to win out instead of Java or Flash or Silverlight.
Pros for expecting JavaScript to be enabled:
- Cheaper development because you can assume a common, featureful baseline. That leads to less code complexity on both the client and the server because you don't have to implement parallel code paths.
- Freedom to add features that would be difficult or impossible to emulate with traditional static pages
Cons for expecting JavaScript to be enabled:
- The site won't look and act right for the 1% of visitors who are used to every other site also not looking and acting right
There are lots of reasons to use JavaScript in the browser and almost no reasons not to, so everyone collectively decided to stop hamstringing themselves to cater to a teensy portion of users.
Huh.
If you think that one of the advantages of JS-required SPA-style applications is that they will help you avoid things getting expensive somehow... I'm not sure where to start, actually. Maybe the situation here is kindof like the old saw about mediation: you should do it for 20 minutes a day, unless you don't have time, then you should do it for an hour a day.
My experience is that sites that start with the focus on their shiny new JavaScript framework and their app-like UI tend to devolve into architectures with overspecific and mixed concerns pretty quickly. If you want to keep things from getting complex and expensive, start by keeping discipline involved in conceiving of the app in terms of plain HTTP and different media representations of the same relevant resources/data. For back ends already producing well-modeled JSON documents, producing equivalent HTML representations should be easy. If it's not, something is likely wrong (and if you're already producing well-modeled HTML documents, it's exceptionally rare that producing good JSON docs with the essential content is anything other than trivial).
Now it's true that some apps just aren't about resources and media types, and you need the browser-as-runtime instead of the browser as document/media viewer. It's nice that the browser keeps growing in capabilities here. But let's be honestly: most of the JS-required apps we're seeing out there these days aren't even close to meeting this bar. And the "extra costs" you're invoking of supporting clients without JS are, in those cases, self-inflicted.
> That's because industry analytics showed that approximately 1% of visitors lack JavaScript.
And I bet those same analytics probably showed even fewer visitors without JS after they used those stats to require it -- problem solved!
"'if users opt-in to having advertising subsidizing the experience, we can serve that ad, [and if an ad blocker continues to block the ads] then that would be illegal'"
Wouldn't unauthorized use of my browser to download content over my ISP, against my wishes and for the benefit of someone else, be a federal crime?
When you're a grownup, when you agree to pay for a product (again, this scenario is opt in, by contrast to a lot of current content delivery), it's not a crime or unauthorized to enforce your end of the transaction that you agreed to. I never thought I'd have to explain that to someone over the age of ten.
That is not opting-in. That's the publisher forcing ads on the user without their permission.
What you're describing is covered by contract law I guess. Contracts can also be trumped by law. E.g., if you reply to this comment and don't click this link for a free iPad, http://www.vanderbilt.edu/innervu/news/win-a-free-ipad , then you owe me $100.
If a site wants to detect an ad blocker and block their own page too, fine. But if they want to circumvent it and silently download whatever resources they want and thwart all countermeasures they encounter, then that's cyber crime IMO.
This is also not an entirely sensible question, as it works the other way around, too: "Wouldn't unauthorized downloading of content, using your ISP, and then deliberately extracting certain parts of it, against the publishers wishes, and for your own benefit, be a federal crime?"
(Note: The question of whether this is copyright infringement, which is the common claim, is separate from the question of whether it may fall under some crime)
1. encourage users to enable ads on publisher's site
2. register an account with the publisher for free
3. view certain number of ads to unblock publisher's site
4. publishers can also circumvent the ad-blocking
I assume the opt-in would happen in option 2. It's option 4 that I think is illegal.
Also, even if option 4 happened after the opt-in, you may get bound to a TOS or something that allows them to do it, etc.
Note also that all of this may run afoul of various civil codes, of course (it's hard to say, a lot of them are pretty vague, so until someone tries it, it's not easy to say what the actual end result would be)
It’s been solved in court in the past (and some horrible misdecisions were made, like saying that if no one links to something, it isn’t public), but in general: if you make something available for me, I can ALWAYS for private-only use remix it as much as I want. I can copy my CD collection a thousand times, I can burn a hundred clones of a videogame – for private use.
Which is the case here.
The publisher has no right to expect that users actually see ads. Even with TV, all recording devices since the time of VCR skip recording ads completely. And with live TV, people switch the channel.
No, it actually hasn't, at least not to the degree you think.
For example, the main ruling in favor of your argument, the Hopper ruling, turned on this: "commercial-skipping does not implicate Fox’s copyright interest because Fox owns the copyrights to the television programs, not to the ads aired in the commercial breaks."
Not on some more general right to commercial skipping.
The only thing won on appeal so far is the preliminary injunction. Dish may in fact, still lose :)
Even if they don't, unlike TV shows, publishers will likely be able to claim compilation and collective copyrights on the work as displayed to the user. Plus, it's not time-shifting. Plus you have website terms of use that may bind you.
You may not want this to change the result. It probably changes the result.
"The publisher has no right to expect that users actually see ads. Even with TV, all recording devices since the time of VCR skip recording ads completely. And with live TV, people switch the channel."
This is 100% not the same as what is being described here. Those are time shifting devices. This is not. It is not "fast forwarding" the ads on the computer. People are also not switching to different tabs to avoid the ads. You also have another serious problem in websites: Terms of use. Unlike TV, which doesn't bind you to anything, on the web you can be bound to terms of use (plenty of website terms of use have been held valid and binding, it's usually a mixed question of fact and law). Expecting precedent to come out the same given all this seems .. a dubious line of argumentation. It may, it may not. Acting as if this is a solved question is incredibly premature.
Additionally, the only court in your favor has not ruled that Ad skipping is generally okay, it ruled that Fox can't complain about it because they don't own the copyright rights to the ads".
You do realize this means the ad owners* may be able to complain, right?
Anyway, if you believe otherwise, i'd love to see some case law. (Because the case law i've found doesn't support your argument at all :P)
(Note, since i got a private email about it: I actually don't have strong feelings one way or the other as to whether it should be legal/etc, i'm just trying to express an view as to whether it is)
Anyway, under German law, you can always make a copy or compilation of any product you can use or have a license to use for personal use.
As an adblocker is only personal remixing, it is totally legal - just like ripping a CD, or mixing two songs I downloaded from iTunes.
Additionally, there are personal rights which can not be signed away by a ToS or even a contract, including the right of remixing.
Bring it.
Ultimately I think the problem is that most publications aren't worth reading anymore, and so "never do business with the company that uses your tech ever again" may be an appropriate solution.
Unless the server actually doesn't send the content until the ads are loaded; but that would slow down page loading for everyone (and still easily bypassed by sending requests and dropping the incoming packets).
If there was a large need for it there would be extensions that do it automatically (and with IPv6, you would have no shortage of addresses, which makes it easier to obtain new ones).
Thankfully, I haven't seen anyone go "thermonuclear" on ad blockers yet except for executive-level decisions and lamentations — but as a technological-level problem it's theoretically straightforward to subvert given the rudimentary nature of ad blockers.
One site that still has me beat dynamically loads all of the content and code through a websocket, and various bits are so heavily obfuscated that they look like brainfuck. Finding tools to tamper with SSL websockets is a challenge enough in its own right (Chrome has nicer tools now though).
In reality, the simplest answer is to just not view the content.
If advertisers want to have a technical arms race against their users, all they do is piss us off. That is a stupid, stupid approach to business.
They will allow users to pay a subscription price instead of seeing ads if you prefer that. Are you just against companies that make money? If everyone uses an ad blocker and pays no money to the sites, most sites just won't exist.
I'm actually pretty OK with this. I doubt it will happen, though. There must be a better way.
For example (and this is just an example from my own life), right now, the only thing I can do is block everything, there is no way for me to communicate my actual preferences to site owners. I used to white list sites I really enjoyed to give them some revenue, but with every ad network creepily tracking me, I don't do that any more. No matter how much I trust the site and respect the site, I can't trust their ad network.
What if you could approve ads, but block tracking? I'll allow you to insert some content into my pages that advertises to me, but I won't let you execute JavaScript to do it. The ad is less valuable, but it is better than nothing. If I allow tracking, I see fewer ads (but get tracked), if I just allow ads, I see more ads, but don't get tracked.
There are surely other, better ideas as well.
<img style="display:none" src="//some.ad-domain.com/pixel">
The original tracking 'technology'. JavaScript free.
http://www.marketsandmarkets.com/PressReleases/facial-recogn...
"Monetary gain" can be realized in more forms than those implied by the perfect accomplishment of a goal, of "winning," which adblock-blocking most surely will not, just as adblocking will never be perfect.
I am being currently "re-advertised to" by Converse. They and a few ecommerce keep showing the products I browsed, and I find that to be not annoying at all. In fact there is a small chance I would drop them a quarter to keep reminding me for some time.
BI gave an example of The Guardian in it's article, but that is visible for me.
Instead of addressing the root cause, ad tech will further hurt publishers by chasing more traffic away. How difficult is it for the ad world to get the UX issues that are at stake?
Publishers need to invest in UX - not tracking, malvert, bandwidth consuming tech that has forced users to go out of their way to install ad blockers in the first place. No, it's not theft. It's common sense and basic security.
Sorry for the rant ... Just looking for customer examples for what Sourcepoint is doing.