Snowden Says It's Your Duty To Use an Ad Blocker

AmiMoJo writes: In a long interview about reclaiming your privacy online, ex-NSA whistleblower Edward Snowden states that it's not just a good idea to use ad blocking software, it's your duty: "Everybody should be running adblock software, if only from a safety perspective. We've seen internet providers like Comcast, AT&T, or whoever it is, insert their own ads into your plaintext http connections. As long as service providers are serving ads with active content that require the use of JavaScript to display, that have some kind of active content like Flash embedded in it, anything that can be a vector for attack in your web browser — you should be actively trying to block these. Because if the service provider is not working to protect the sanctity of the relationship between reader and publisher, you have not just a right but a duty to take every effort to protect yourself in response." Other recommendations include encrypting your hard drive and using Tor to keep your internet use private.

Well then

[The+Real+Dr+John]

at least one person thinks I'm not a bad person because I don't want to see flashing ads and videos while I am trying to read a story.

Re:Well then

[gstoddart]

What do you care about what the people who want to show you ads think about your decision to block them?

Flash is a security hole, because Flash has always been a security hole, and it always will be a security hole -- I don't even have it enabled in any browser I control. Letting 10-20 external entities on a web site track you on every page is stupid (there's 10 on Slashdot as I type this, all of which I block). Letting any random website run javascript is also stupid, because you have no idea if you can trust them and all their partners.

If a website wants to serve its own ads, I probably won't go to great lengths to block them.

But double click, and score card research, and the literally dozens and dozens of other entities embedded into so many webpages ... those are entities I don't trust, don't have a voluntary relationship with, and do not benefit from being spied on.

Those I ruthlessly block with privacy extensions, or adding exclusions directly to my browser. Because it's all crap which wants to violate my privacy. Same goes for Facebook and Twitter -- sorry your business model says you want to track me on every site I go to. But I don't care.

So, boo hoo, say the site owners ... too bad say I. If your revenue involves selling my privacy for your gain, then I will not participate in your revenue. If you get to the point of outright stopping me, then I'll just block your entire site and not come back.

The fact of the matter is, we simply cannot trust the ad companies to vet the ads, or give a damn about our privacy and security. Which means we need to treat the ad companies as hostile entities and block the shit out of them.

The longer I run several privacy addons in all my browsers, the more I see on a daily basis how some sites can have 20+ external call-outs, none of which actually add any value to me. Which means I don't give a crap about them.

In fact, I will do everything I can to block them completely.

Re:Well then

[MyAlternateID]

at least one person thinks I'm not a bad person because I don't want to see flashing ads and videos while I am trying to read a story.

If the sociopaths who run most marketing corporations complain about what kind of person you are, you're probably doing something right.

Re:Well then

[Opportunist]

I doubt anyone but the marketing sociopaths would consider you a bad person. And bluntly, I don't give a fuck about what mentally unstable people think about my morality.

Re:Well then

[gstoddart]

On the other hand, I propose that all media cites refuse to serve to people who block ads, as I don't want your assholishness to force me into a pay-first subscription model for content on the internet

Too fucking bad for you.

If you think my privacy and security is a fair price so you can have free stuff ... you're the asshole in this scenario.

Sites are free to take measures to block me because I use an ad blocker. In fact, a few do and I just permanently block them. Same for the ones which won't let me in without javascript. No big loss to me.

But if you think the rest of the world should give up privacy and security so you can have free web sites, you're a moron.

Re:Well then

[tepples]

What you should be recommending is that people use a white-list based general Script Blocker. This will prevent all scripts, and in most cases other vulnerabilities like CSS exploits, on all sites unless YOU specifically allow it.

In principle, I think you might be right. But in practice, how should a web application that depends on scripts go about gaining the trust of each user in order to allow scripts on that site? Or should every web application, without exception, instead have either a fallback mode that operates entirely without scripts or a native app on all fourteen platforms?

in 2015

[sirber]

running an adblocker is almost like running an antivirus...

Re:in 2015

[RabidReindeer]

Not really. An antivirus program will consume more of your computer's resources than the actual working apps do.

An adblocker prevents even MORE slop from consuming network, cpu, graphics and audio resources.

Most websites are funded by advertisements

I don't want to kill the funding of my favorite sites by blocking advertisements.

Re:Most websites are funded by advertisements

[stevez67]

Having decided to employ an intrusive and obnoxious marketing method in their business plan is not my problem.

Re:Most websites are funded by advertisements

[Flavianoep]

Turn off ad blocker for them.

Re:Most websites are funded by advertisements

[Opportunist]

It's trivial to turn your adblocker off for the few pages that deserve it.

Re:Most websites are funded by advertisements

[gstoddart]

Well, if they server their own ads, fine ... but if it's the same list of companies I wouldn't trust as far as I could throw their CEO off a cliff, then there is no way in hell.

As soon as you start adding the oily bastards and tracking companies into the mix, no matter for what website, it defeats the purpose entirely of blocking them.

So, while you might think Spanky's House of Leather is a deserving site, if they pull in a dozen or so tracking companies that you would otherwise block ... what the hell is the point of enabling ads for them?

It's the 3rd parties we can't trust. Temporarily pretending we can trust them because we like the site they're on is a terrible idea.

Let companies get back to serving their own ads, from their own servers, using their own bandwidth and maybe we won't block them. But I won't pretend like I trust any of these ad companies for that one site. Not now not ever. Because to do that you have to let the very sites you know you don't trust run.

The problem is these ad companies and tracking sites are everywhere. Which means you pretty much should trust them nowhere.

The whole mess can't be trusted. And that's the problem.

Re:Most websites are funded by advertisements

[Vokkyt]

And most people don't want malware on their computers from malicious advertisements that slip through ad rings.

Advertising is currently positioned in such a way so as to be beneficial to the content creators and the advertisers, but not the users. You don't even really need to get into conversations about morality, ethics, intrusiveness, privacy, and so on when advertisements are a major means for malicious software to get on computers. With how fast the malware changes and evolves, most antivirus and anti-malware products can only respond after the fact, and these same products also are pretty bad about removing even relatively simple malware in its entirety.

Content creators should get funding; I don't think too many people truly disagree with that. But should you have to put your computer at risk to do so? Content creators are caught up in an arms race between the users and the advertisers, and as long as the creators are using the advertisers, the advertisers have no real incentive to listen to the consumers. Adblocking didn't come as a result of "man fuck ads in general", it came about as a result of ads getting overbearing, obnoxious, and dangerous. Advertisers' responses to this wasn't "oh, let's clean this up", it was "you thought that was bad? wait till you see this" and then they made ads even worse. It seems to me that advertisers are very clear that they don't care about what the user concerns.

Creators, on the other hand, are in a unique position to influence advertisers, and if they want to continue to have users visit as they do now, they will need to begin to publicly be advocates for users and work to change the status quo.

Malicious Ads

[Fire_Wraith]

I concur, and I run adblockers primarily for this reason. At present, malicious ads/malicious content delivered through ad networks is probably the most likely thing to infect the average user, and there's no more effective defense than simply blocking the content.

Why block it? Why block random content from unknown third parties, coming across content networks that have proven, time and again, that they don't give a rat's ass about vetting the people they're selling ad space to, let alone the content that those people are sending - and we're not even getting into all the constant invasive tracking attempts that come with that.

I don't mind reasonable ads, especially native ones that belong to the page I'm actually visiting. I mind the fact that there's been no real consequences for the rampant bad or negligent behavior on the part of the ad networks - so, like all content that I view as inherently suspicious/possibly malicious, I'm going to block it by default. The fact that there's no real value to me in it just makes it easier to not worry about that.

Re:Ahem

[MyAlternateID]

I think APK might disagree with you, sir.

In my opinion, APK is a (sometimes amusing) pest and likely psychotic, routinely manifesting signs of potential obsessive compulsive behavior and a tremendous need to appear clever and "right" in the eyes of others, to the point of routinely patting himself on the back and celebrating "victories" regarding matters of preference and opinion.

One could speculate that his parents (or other caregivers) failed to give him the level of affection and validation he required when growing up and he is forever trying to fill this hole in his soul by spamming, acting obnoxious, seeking agreement, and making other pleas for attention. It would explain a lot. I assume he'll continue to follow my posts and respond to each one of them for a while (again), now that I've said this. He clearly has a lot of rage and has difficulty simply disagreeing with someone. Instead, he has to stalk them for days, long after a normal well-adjusted person would have let the matter go, because he really cannot stand it when someone makes a point he cannot easily rebut. Like I said, I believe he may have psychological problems and should seek the help of a qualified therapist.

Anyway, a more reasonable person uses hosts files when they are the correct tool for the job, frequently combining them with a good ad blocker in order to gain the multiple layers that good security demands. A more reasonable person does not treat this as a religious issue. A reasonable person plans for anticipated threat scenarios, decides what level of risk is acceptable, selects the right tools for the job, and uses them in combination to produce the desired result. No spamming or obsession is needed.

When you have idiots like Lauren Weinstein ...

[UnknownSoldier]

... making excuses for for ad blockers:

Jul 19, 2015 - For the record, I don't run any ad blockers. Basically, I consider them unethical (the full explanation is longer, but that's the thumbnail).ï

and when someone points out his stupidity:

So going to the bathroom when an ad appears is "unethical" ??? What about going to kitchen?? Because using technology to block ads has the exact same effect. It is not my job to support your broken business model. Furthermore, the last time I checked, my eyes belong to me so kindly fuck off with your bullshit "ethics" justifications.

TL:DR; I guess only stupid people watch ads -- the rest of us are too busy doing something else.

... only to get get censored then this issue is far from settled.

Even Mozilla has this stupid mindset WRT Do Not Track:

The Do Not Track feature is turned off by default. /blockquote

Re:No Worries

[Opportunist]

Actually, the advertising industry identified it as a problem exactly because more and more people start using adblockers. What they fail to understand is that they themselves are the reason why people do it.

There were always the "on principle" blockers. People who'd block any and all ads "on principle" because, well, because because. But that was an insignificant number of people. It barely registered. Most of us, I dare say, didn't block ads right from the start. At least for me it was a "fair vs fair" business. You give me content, I let you display your ad to fund you. And hey, if you managed to be topical, I'd even click that ad!

But then greed set in. That was not enough. Too few people clicked the ads. Advertisers wanted more. And, used to users that can't defend against ads from their times on radio and TV, they had zero qualms about getting obnoxious. Ads started to flicker and strobe that would warrant epilepsy warnings. But people didn't click them either (hey, be honest, I barely could stand looking at them, let alone click them!). So full page pop-ups, pop-unders and pop-inyourfuckingface became usual. Along with eye-popping flickering and eardrum bursting blaring.

And then came Adobe Flash. And the ad bozos went into full blown overdrive banana mode.

And then something odd happened. Something that I didn't deem possible at all. Something so outlandish that, if anyone had told me about it 15 years ago, I would have told him that it's a nice dream but it will never, ever happen: The Joe Randomsurfers got fed up enough with ads that they started to reach for ad blockers.

Do you have a faint idea what feat this is?

We are talking about a group of people who don't want to deal with their computer, who don't really care how it works and who want to spend as little time as possible administrating it. The kind of people who willingly deal with 20 popups from some malware that piggybacked on freeware every single time they switch on their computer. The kind of people who deal with enough browser bars that the main window is barely visible anymore rather than finding out how to uninstall or at least deactivate them. The kind of people who have a bigger malware collection than the average anti virus researcher before finally deciding that it might be necessary to maybe start reinstalling their OS.

Can you even possibly imagine just HOW MUCH you have to piss such a person off with your ads that they start finding out how to get rid of them.

And that group of people is now blocking ads. And there is no way back. None. Can you imagine what herculean effort it would take? Nothing, absolutely nothing, the ad industry could do would even remotely get those people to move their asses again to uninstall that ad blocker.

Completely Agree

[TheCarp]

Absolutely. I don't block ads, but ads get blocked, because my browser security package (noscript+requestpolicy) just doesn't load anything from a 3rd party site unless I approve it, and then doesn't run javascript unless I approve it.

Its generally a bit annoying but.... I put up with it for the same reason I wouldn't have sex with someone I just met without condoms. However, that isn't really even an apt comparison....because sex with a random person is, mostly a pretty rare event, even if you are trying.

Browsing the web is like.... if we replaced the social custom of saying "hello" with anal sex, and browsing a website is like going to a dinner party with your friend, and 20 of his friends that he brought along; and they are all anxious to greet you, and quite offended that you even brought up the word condom.

Re:Completely Agree

[Red_Chaos1]

I used to use NoScript + RequestPolicy myself, but I got tired of having to regex some sites to work, etc. The way websites are now makes it such a monumental hassle. I still use NoScript but I use it along with Privacy Badger. Still pretty good blocking/protection, but not nearly as much regex chicanery like RP required.

Re:But... but.... SANDBOXING!

[vtcodger]

If you don't allow Javascript, you do lose some stuff like spellchecking most (all?) mapping services. OTOH, the idea that I can trust web sites I know nothing about to download and run safely obscure little programs on my computer has always struck me as demented.

One thing about Snowden's recommendations though. There does need to be some balance between security and pragmatism. If, for example, all your financial information is on your hard drive (and its backups -- you Do have backups, right?) and you are squashed like a bug in a freeway crash, your executor is going to have one hell of a problem probating your estate if he or she doesn't know your password(s).

Re:No Worries

[PeterM+from+Berkeley]

If you're right, then the web advertising business has screwed itself royally and irrevocably, until Joe User gets a new computer.

Seems like their only hope of coming back is to:
1) Stop being offensive
2) Deal with the fact that the market's shrunk for the next few years at least

and if they ever want me to disable my ad blocker:
3) Sanitize ads and pay for cleanup if they deliver malware.

Because the sad fact is that I was willing to put up with annoying, but I am NOT willing to put up with security risk. The same day that it registered with me that I could protect my computer's security by blocking ads, that's the day I put in an ad blocker.

--PM

Screw security

[U2xhc2hkb3QgU3Vja3M]

I do it because even without Flash, the ads are now javascript + canvas + video + audio + animation.

1. My bandwidth is limited, I only have a 5 Mbps connection. And at the rates the only ISP in town has, I'm not interested in paying for a higher speed.
2. I have a monthly data quota which is below 50GB. Again, we only have one ISP in town so I'm stuck with them.
3. I have an older computer with a Core 2 Duo CPU. When there's a few ads using javascript, canvas, etc. it slows down my browsing and takes seconds before a page becomes responsive enough to be able to scroll it.
4. Using Activity Monitor, I see my CPU usage spike up when there's ads. Without ads I'm averaging about 5% CPU usage. With ads it can go to 50~80%.

Non-static ads cost me bandwidth and electricity, they slow down my browsing and my computer and they just plain fucking annoy me while trying to shove their unwanted products in my face.

We also have those "hover your mouse cursor to expand" ads, which means you can't even leave your cursor anywhere now, you have to move it to the right to make sure you won't trigger those damn things.

Instead of trying to data-mine every single fucking website we visit, which inevitably gives them false data - I don't care about product category XYZ, I only viewed a website once because I was looking for something not related to category XYZ - how about letting us tell you what we're interested in?

You are more tolerant than me

[sjbe]

3) Sanitize ads and pay for cleanup if they deliver malware.

See I'm not willing to even take a chance on the malware delivery. If there is even a remote chance of malware delivery then their ad will remain blocked until the end of time. I don't care if they are willing to pay for cleanup or not.

Because the sad fact is that I was willing to put up with annoying, but I am NOT willing to put up with security risk

You are more generous than I am. I'm not willing to put up with annoying OR with a security risk OR with tracking. If they want to pay me with cold hard cash, then and only then will I consider the limited circumstances under which I'm willing to be watched. Under no circumstances will I countenance a security risk or any irritation from advertisements.

Re:Obligatory

[U2xhc2hkb3QgU3Vja3M]

https://pineight.com/mw/?title...

Re:Block Them All!

[gstoddart]

I strongly suggest adding Request Policy, No Script, and Ghostery to that mix on Firefox. ABP covers some, but doesn't cover all of it. You still have scripts and 3rd party beacons and other crap you're not blocking and not even aware of.

If you need multiple browsers, with Chrome I reccomend: Script Safe, Ghostery, HTTP Switchboard, and Disconnect. Some of these are also available for Opera.

The sheer amount of crap in the average web page isn't something you can even see until you are actively blocking it. And then it's alarming just how much junk there is.

One millionth of an aggression

[tepples]

Assuming the author is male constitutes a microagression.

If that's the first microaggression, it'll take 999,999 more of them before there's even one real problem.

Re:How to find advertisers without a network?

[gstoddart]

This is not my problem. This has never been my problem. This never will be my problem.

If your revenue model depends on me allowing third party assholes to set cookies, track me, run scripts, install software, call out to 5 other sites ... then you have no hope in hell of me using your site.

So, you can put up a tip jar, you can charge membership, or you can starve and close your website.

These are problems with your business model. And if your business model relies on me being stupid enough to trust your advertisers ... then I'm afraid your business model is your damned problem.

Not letting the parasites, trackers, and other advertising assholes infest my computer is my problem. I assure you, I only care about my part of this equation.

So you are free to not give a shit if I stop using your site. You are free to block me from using your site if I don't let you set cookies or run javascript.

And I am free to block your advertisers, and eventually block you. But I don't owe you a damned thing, especially if it's at the expense of my privacy and security.

Prime example ... the link you provided embeds references to Facebook. My browser blocks all traffic to Facebook, because I do not consent to the assholes at Facebook tracking me everywhere I go. The same goes for the dozens of other ad companies I outright block.

Re:How to find advertisers without a network?

[gstoddart]

It will become your problem once more and more of the sites on which you rely make the decision to "charge membership" or "starve and close your website".

Possibly. But a lot of sites I only ever visit once because they showed up in a search. Their ads aren't my problem. If I have to sign up for a membership to see if I care, I definitely won't be back. So, New York Times is a site I'll never visit again. And under no circumstances will I enable ad sites I don't trust just for a site I'm mildly interested in.

Without cookies, how would you post as gstoddart rather than Anonymous Coward?

See, not every site am I choosing to log in .. or use a shopping cart .. or participate in discussions. For those sites, I have no need for you to set cookies -- in fact, those sites have no reason whatsoever to know anything about me at all. And I sure as shit don't need your advertisers to set 3rd party cookies or load a web bug just because I visited your site -- something which they all seem to want to do. So shit like scorecard research will always be blocked.

Some sites that I like can set cookies, and run scripts (there's probably fewer than 20)... but only them and not 3rd parties. The rest, nope. Not even a little. They just get blocked from doing it.

I've encountered sites which immediately put up the instructions to enable cookies and javascript. Sorry, but I have no reason to care or trust you. Which means I'll block your site, click the back button, and write you off as a non-entity. That would cover several Australian news agencies who demand cookies and scripts. Oh, sorry, don't give a fuck, not my problem.

I wonder: How could an online whiteboard or browser game work without JavaScript?

Don't know, don't care, don't use either. If I am required to use something for work, or ultimately choose that I wish to use it, I will whitelist. But I need a good reason. I don't look at every shiny bauble on the internet and decide that I give a damn,

But on first visit to your site, no way in hell you get to run scripts, or set cookies.

As I said, business models not my concern, my privacy is. Sites I choose to use get to do a limited set of things, nobody ever gets to run plugins or Flash, EVER. The rest, I simply don't feel the need to use.

Life is too short to give a crap about, or trust, the vast majority of the internet; it's an endless pile of pointless junk. When you remember that, it's a whole lot easier to be fairly ruthless in what you block.