Ask Slashdot: Best Way To Block Web Content?

First time accepted submitter willoughby writes "Many routers today have the capability to block web content. And you all know about browser addons like noscript & adblock. But where is the 'proper' place for such content blocking? Is it best to have the router only route packets & do the content blocking on each machine? If using the content blocking feature in the router, will performance degrade if the list of blocked content grows large? Where is the best place to filter/block web content?"

Nice Try China!

[eldavojohn]

I'd suggest paying a lot of money to Blue Coat to do deep packet inspection so none of that content sneaks by.

Or, perhaps, sitting down with your users and discussing with them how to surf intelligently and safely.

And you all know about browser addons like noscript & adblock. But where is the 'proper' place for such content blocking?

If you're talking about adblocking, the 'proper' place is at your visual cortex where images are processed -- and I know I'm alone in that unpopular view. Blocking ads is like throwing a soda can out a car window in that if one person does it, it's not a problem and it appears to benefit them modestly. But if everyone does it, it ruins the very thing you're enjoying. I can understand why you'd do it if the ad was a massive flash blob but many ads by Google or just images aren't resource intensive.

I've clicked on ads and purchased something twice in my life from ads on a site. Once it was cheap shirts with funny designs on them (I needed new gym shirts) and the other was an eBay auction with a Buy It Now price lower than what I was looking at on that site (not sure how that works). I consider myself a pretty sophisticated person who is "above" advertising but anecdote-wise it's worked on me twice that I can think of. Removing that rare occurrence completely ruins the revenue model.

Re:Nice Try China!

[FireFury03]

I can understand why you'd do it if the ad was a massive flash blob but many ads by Google or just images aren't resource intensive.

I agree with you that the standard Google adsense ads are ok, blocking them is counterproductive (because websites need income). However, Youtube ads (also operated by Google) have gone way over the line and are way too intrusive; also far too many websites still shove floating divs and the like in your face (in fact, thats something that seems to be increasing), and manually blocking only the intrusive ads becomes far too much effort so invariably all ads get blocked.

Re:Nice Try China!

[Razed+By+TV]

I respect your argument advocating ad revenue to support the sites you visit. This is one of the things the internet was built upon. I do feel bad about the sites I like not getting the money keep things running.

On the other hand, you have:
ads that track you
annoying popups
popups masquerading as windows messages that have faux buttons to close them, cancel them, or remove viruses that the popup supposedly just detected
ads that flash, flicker, or have a lot of motion/activity in them (which I find to be particularly distracting)
ads that play sound

I'm not saying I wouldn't adblock if you got rid of the above ads, but currently there are too many reasons for me to even consider getting rid of adblock.

Re:Nice Try China!

[BasilBrush]

If you're talking about adblocking, the 'proper' place is at your visual cortex where images are processed -- and I know I'm alone in that unpopular view. Blocking ads is like throwing a soda can out a car window in that if one person does it, it's not a problem and it appears to benefit them modestly.

You are certainly in the minority. Most people's view of that analogy would be that the can being thrown out of the window is the advert, and that the spoiled environment that is the result is like the spoiled web that is a result of heavy advertising.

I do not accept that the internet needs third party advertising. Nor that the internet without it (and thus a loss of revenue for some site operators) would be worse.

There was an internet before widespread advertising. Some people run a site as a hobby. Some organisations run sites because they want to spread an idea, or need to get information out there. Commercial organisations will still want to run their own web-sites, whether they sell from them, or just as a communications tool. There are lots of reasons why the internet won't die without advertising.

A lot of sites with heavy advertising don't even have good content. They are only there to make money from adverts, so they steal content, or just link to what other sites have put out, or publish PR verbatim.

There's absolutely nothing to stop people trying to make money with third party advertising, and I wouldn't want any official body trying to outlaw them. But equally I see nothing wrong with blocking them so that I don't have to see them, or waste bandwidth on them. If the result is that there are less people that can make a profit from selling advertising, then I say "hurray!"

Re:Nice Try China!

[Jah-Wren+Ryel]

Removing that rare occurrence completely ruins the revenue model.

GOOD! That revenue model is the single largest driver of the internet surveillance state. It is difficult to imagine an funding model for the internet with worse social costs. The sooner it dies, opening the door to replacement systems that are less invasive the better off we all are.

Re:Nice Try China!

I agree with you that the standard Google adsense ads are ok,

so, google tracking your every move all over the internet, matching up that history with your email, youtube, search, blogger, pics/picasa, documents, map usage, google wallet, serp clickthroughs, and everything else they own, operate, control or place ads on (in the past, present and future), and storing that data forever is ok, too?

i think not.

Re:Nice Try China!

[X0563511]

Lets not forget:
ads from compromised servers shoving malware/payloads down your throat

I could live without adblocking... but that last one there is a no-go. If that's not fixed, I am not willing.

Re:Nice Try China!

[fast+turtle]

and that's exactly why I use noscript and not block ads. Of course I follow the "DENY ALL" policy and only add those few sites to the whitelist that I actually use and guess what, this blocks 95+ percent of the stinking ads online while still allowing me to use the net. Otherwise it's to the point that I'll simply drop my ISP/Cable and Phone services since I don't use them and 911 calls are paid for by the 911 taxe/surcharge by everyone (mandantory service). Only thing I even use the phone for anymore as I simply don't give a damn about talking to anyone when I'm home.

Re:Nice Try China!

[just_a_monkey]

Now I am thinking what if an ad-blocker would download the ads - so that the websites can sell all eyeballs to their advertisers - but then silently threw them away instead of showing them to the user, who is not interested anyway?

Re:At the proxy.

[drinkypoo]

This is the right answer. There's nothing wrong with ad blocking on the client, but if you want to block content for a whole bunch of users, a proxy is the answer. squid really is easy to set up.

DNS

[craigminah]

I use OpenDNS...works well and works regardless sof browser.

Re:At the proxy.

[drinkypoo]

Why do you want to block content for a whole bunch of users? Do you run a dictatorship?

The most obvious example which does not support your jerking knee or twisted panties is keeping known malware off of a corporate network.

Content blocking should be done on the client because it's the only place where the user has control over the blocking.

If it's your computer, sure. (That includes those which are owned by the state but which you have access to, e.g. at the library.) If it's not your computer, fuck off. It's not your computer.

Re:Best way to filter web content:

[PlusFiveTroll]

To add on to this, it is good to block all DNS except a few trusted servers anyway. If someone gets a 'DNSChanger' style virus it will show up on the firewall pretty quick.

Re:Best way to filter web content:

Unplug your modem. Internet is now filtered. Enjoy your day!

This is an appropriate response given the bullshit question.

There are different approaches for blocking content, depending on if you're running an ISP, a large Enterprise, a small business, or are just a home user. There are different approaches depending on what TYPE of content you're trying to block, and WHY you're blocking it.
There is no simple, single answer to the question other than "well it all depends".

Adblock is a user-friendly plugin which is, put simply, nothing more than a blacklist of various hosts which serve advertising content. The security aspects of this approach are incidental- it's not a security program it's for avoiding ads.
If you're running an Enterprise or are a more tech-savvy user it's usually better to maintain your own blacklist, either at the edge router or via a hosts file on the local machine (depending on network size and complexity, and capability of your edge routers). If you're just a plain Joe Average, it's probably better to do it per-machine, especially if you're using a laptop which you're going to use in different locations.

NoScript is not, by design, an ad-blocker. It is a script-blocker, and is a security program- ad blocking is incidental. It has the added advantage of operating on a whitelist, so new sources of threats will be caught by default. It blocks a variety of scripting languages from any location you have not specifically allowed, in addition to several other types of browser exploit vectors. For the technical user it is vastly superior to Adblock, but for people who are not so "internet savvy" it can be confusing and frustrating to have to maintain your own whitelist.

Perhaps if the submitter would give us something more specific as to his needs, he'd get better answers.