Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attackers Abuse Legitimate EU Cookie Law Notices In Clickjacking Campaign (malwarebytes.org)

Posted by Soulskill on from the everyone-start-using-screen-readers dept.

An anonymous reader writes: Hackers have set up a clever new clickjacking campaign taking advantage of pop-up alerts that European users are (by now) accustomed to see: the "EU Cookie Law" notifications. The criminals are placing a legitimate ad banner on top of the warning message via an iframe. The trick is to make the ad invisible by setting its opacity to zero. So, each time a user clicks anywhere on the legitimate message, he or she clicks also on the hidden ad.

84 comments

  1. Block 'em all. by Anonymous Coward · · Score: 2, Insightful

    Blockity blockity blockity. When the advertisers clean their own house, then I'll stop blocking them.

    I'm not holding my breath here.

    AC

  2. Ffs by liqu1d · · Score: 4, Interesting

    The people running these spammy practises don't help themselves. All they're achieving is pushing more people to ad blocking software hurting the rest of us who don't run spammy ads and keep them as unobtrusive as possible. Bravo fuckwits.

    1. Re:Ffs by cfalcon · · Score: 1, Troll

      All ads are bad. These ads are worse. But all ads are bad.

    2. Re:Ffs by Threni · · Score: 2

      They are helping themselves; they're making money from advertisers. Advertiser don't like it, but the spammers don't care. And I don't care, as run adblocking software on every device I own. What's hurting advertisers is adverts, which nobody ever wants to see. Yes, you can argue it's how sites make money. I don't care about that either. I'd rather pay a (micro)subscription than have random companies getting in my face trying to sell me shit I don't want or need.

    3. Re:Ffs by rtb61 · · Score: 1

      Some advertisements are OK, as long as they are truthful, informative, not overly intrusive and in more non jarring fashion aligned to the content that delivers them. Those ads are fine, drop outside of that and those web sites, advertising agencies and advertisers deserve script blocking. Some advertisers end up suffering pretty badly for going with the wrong agencies and producing the worst sort of intrusive ads. Remember people, it is the internet and not the store and people will remember exactly why about you ad that drove them to hate a product.

      --
      Chaos - everything, everywhere, everywhen
    4. Re:Ffs by Anonymous Coward · · Score: 0

      All ads are meant to hurt you by controlling you. This means that there are no good ads.

    5. Re:Ffs by AmiMoJo · · Score: 1

      Tragedy of the commons. It's easier to slaughter the weak ones than to grow a sustainable hurd.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. ABP? by FatdogHaiku · · Score: 2

    So, would Ad Blocker Plus stop an invisible ad? I would hope so as long as the code calls an ad... visible or not...

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    1. Re:ABP? by Z00L00K · · Score: 3, Informative

      If the ad detection filter can catch it then the invisible ad will be stopped.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    2. Re:ABP? by Blue+Stone · · Score: 1

      Well, speaking personally, I use ABP's "Select element to hide" function on all those EU cookie banner pop-ups - if I can't just ignore them (and rather than close them via clicking 'OK') - so that would probably select the malvertisement.

      Bloody EU legislators legislating mandatory spam pop-ups. What the actual F?

      --
      Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
    3. Re:ABP? by Anonymous Coward · · Score: 0

      BTW, I get "this site uses cookies" popups on US sites now too. Perhaps showing those silly messages to everyone was easier than trying to show them to just people in the EU? A couple of example sites where I have been seeing them are neowin.com and dilbert.com.

    4. Re:ABP? by amorsen · · Score: 1

      Bloody EU legislators legislating mandatory spam pop-ups. What the actual F?

      The sites could just stop tracking non-logged-in users, then they would not have to put up cookie warnings.

      Self destructing cookies combined with I don't care about cookies solve most of the problem though.

      --
      Finally! A year of moderation! Ready for 2019?
    5. Re:ABP? by Anonymous Coward · · Score: 0

      Bloody EU legislators legislating mandatory spam pop-ups. What the actual F?

      No they don't. The rules are that you cannot set tracking cookies (there is an exception for expected functionality, e.g. "remember me" and shopping baskets), without the user actively consenting to being tracked.

      Which has resulted in web sites protesting by adding the spam popups that basically say "we track you and there is nothing you can do about it" with some even adding some crap about "you consent", which is definitely not actively consenting, and by most peoples definition is not consent at all (just try to say "you hereby consent to having sex with me" to the next woman you meet).

  4. NoScript or hosts: take your pick by tepples · · Score: 3, Informative

    Services such as ClarityRay defeat your blocking.

    But there are two ways around ClarityRay: either block access to the servers that serve these scripts or block the browser from executing any scripts. Sites are unlikely to hide text from no-script users because that also hides text from search engines.

    1. Re:NoScript or hosts: take your pick by gstoddart · · Score: 4, Insightful

      What's Clarity Ray?

      Honestly, I have no idea why people accept sites should by default be allowed to run scripts, or the 15 sites they cross link to should run scripts just because you loaded the page.

      And, FYI, I've seen an increasing number of sites which render their content with javscript, and you only see a blank page without it. Of course, if you know how to view the page source and don't much care about the formatting the text is usually right there.

      Me, I'd just as soon punch the average web site administrator in the nose as assume I have any reason to allow them to run scripts. My default position on scripts is "piss off", and I'll enable them if I think I care or trust you. But your third parties? They can always piss off.

      --
      Lost at C:>. Found at C.
    2. Re:NoScript or hosts: take your pick by Opportunist · · Score: 1

      How does it do that? By disallowing my access to a site?

      Ok. Accepted.

      NEXT!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:NoScript or hosts: take your pick by Jahta · · Score: 5, Informative

      What's Clarity Ray?

      Honestly, I have no idea why people accept sites should by default be allowed to run scripts, or the 15 sites they cross link to should run scripts just because you loaded the page.

      And, FYI, I've seen an increasing number of sites which render their content with javscript, and you only see a blank page without it. Of course, if you know how to view the page source and don't much care about the formatting the text is usually right there.

      Me, I'd just as soon punch the average web site administrator in the nose as assume I have any reason to allow them to run scripts. My default position on scripts is "piss off", and I'll enable them if I think I care or trust you. But your third parties? They can always piss off.

      ClarityRay is an Israeli "ad security" company, acquired by Yahoo last year - ClarityRay Battles Ad Blockers With $500K In Funding. Fun quote from TFA - “We believe ad-blocking today is a lot like how pirate MP3s were before iTunes: they point to a valid consumer need, but do so in an unsustainable manner business wise,” says co-founder and CEO Ido Yablonka. Though if you are also running NoScript it's hard to see how they can do anything meaningful.

      And you are spot on about the whole transitive trust aspect. Just because I may trust "site x" that doesn't mean that I trust the dozen other sites "site x" have partnered with who are trying to send me ads and scripts.

    4. Re:NoScript or hosts: take your pick by sexconker · · Score: 2

      Pretty much.

      The only way to defeat ad blockers is to wait for verification that the ad was served before you deliver content.
      Then you have to hope that users are willing to add an exception for your site to allow ad and a plethora of shitty scripts and tracking crap in order to see your content.

      There have been exactly two cases where I've allowed ads to allow content:
      1 - Watching South Park episodes on the official site.
      2 - Watching the first 4 episodes of The Expanse on syfy.com before the TV premier.

      In both cases I just used IE instead of FF and muted and browsed elsewhere whenever the ads came on.

    5. Re:NoScript or hosts: take your pick by nospam007 · · Score: 1

      "There have been exactly two cases where I've allowed ads to allow content:
      1 - Watching South Park episodes on the official site.
      2 - Watching the first 4 episodes of The Expanse on syfy.com before the TV premier."

      I bet you regret the Siffi case.

    6. Re:NoScript or hosts: take your pick by Darinbob · · Score: 1

      Not true. I have no script and many very common sites are completely blank until I turn on some scripts.

    7. Re:NoScript or hosts: take your pick by sexconker · · Score: 1

      No, I'm mostly liking The Expanse so far. It's not quite what I was hoping for, but it's more than I was expecting.
      I also mostly like Dark Matter, I liked Childhood's End, and am on the fence about 12 Monkeys.

      These aren't like Continuum, Magicians, Alphas, Eureka, or whatever else they shit out.

    8. Re:NoScript or hosts: take your pick by tepples · · Score: 1

      Which sites? And do they remain blank if you also turn off CSS?

    9. Re:NoScript or hosts: take your pick by tepples · · Score: 1

      NEXT!

      Say you search for something using a generic web search engine such as DuckDuckGo or Google. Then you discover that the top three relevant results also disallow your access because they detect an ad blocker. Now you have wasted your time on three different sites, and you just want the web to work. Now what do you do?

    10. Re:NoScript or hosts: take your pick by Darinbob · · Score: 1

      Not sure. Pages aren't completely blank but generally only have a header from whatever site it is but the article is blank. I'd have to start browsing random sites again to find one. And I have no idea how to enable/disable css. Just reporting that when I browse normally with noscript I see pages without the main body of the text until I start enabling scripts one by one.

    11. Re:NoScript or hosts: take your pick by Opportunist · · Score: 1

      Find a better adblocker that gets around it.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    12. Re:NoScript or hosts: take your pick by AmiMoJo · · Score: 1

      Sites that use JavaScript to load content can easily be fixed by changing your user agent to the one used by the Google spider. They play nice when it's Google.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  5. WTF is the "Cookie Law" by darkain · · Score: 0

    Being just your average guy from across the pond over here in the state, I have absolutely no idea what this whole "Cookie Law" bullshit is even about. Thus, here is a source: https://cookiepedia.co.uk/eu-c...

    Can someone tell me who the hell thought of this directive? And why put the burden on every single web site owner, instead of putting the burden on the very few user against commonly used?

    1. Re:WTF is the "Cookie Law" by Midnight+Thunder · · Score: 3, Interesting

      Actually, why can't this be done by the browser? Browsers could easily have an option, whereby any time you access a new site or domain, that tries to set a cookie or use the local browser storage, you get warned.

      A better law could simply require sites to have an info page listing what is being tracked? Maybe a standard http://..../privacy/ or http://..../cookies/ section? Could make the advertisers uncomfortable :)

      --
      Jumpstart the tartan drive.
    2. Re:WTF is the "Cookie Law" by Anonymous Coward · · Score: 1

      And why put the burden on every single web site owner, instead of putting the burden on the very few user against commonly used?

      I would love to give an answer here, but I can't really get my head around what you mean with that last part.

      The idea behind the law is that the users should be informed if a page tracks them, and ensure that it is an opt in system rather than opt out.
      It would probably have been better if the browser behaved a bit like noscript but with cookies instead of scripts, but politicians seldom finds a good solution.
      Anyway, the burden is put on the single web site owner because he is the one who wants to track the users.
      It makes sense to put the burden on the one who benefits from it, otherwise you repeat the whole DMCA crap that is open for abuse without any reason for the one who benefits to hold back.

    3. Re:WTF is the "Cookie Law" by wonkey_monkey · · Score: 1

      on the very few user against commonly used?

      Huh?

      Did you mean "user agents"? If so, how is a browser supposed to determine which cookies are, or are not, strictly necessary for a particular action requested by the user?

      --
      systemd is Roko's Basilisk.
    4. Re:WTF is the "Cookie Law" by Coisiche · · Score: 1

      Apologies for the source but here's a bit of a humorous summary of the Cookie law as implemented in the UK.

    5. Re:WTF is the "Cookie Law" by Anonymous Coward · · Score: 0

      Me no sure, but me think it Oscar the Grouch

      Sincerely,
      Cookie Monster

    6. Re:WTF is the "Cookie Law" by Anonymous Coward · · Score: 0

      Political theater... so the majority idiot voters who don't know any better think they are being served by government/politicians. Any field that you know anything about reveals a lot of this kind of thing going on in every country, U.S. political theater is just at a higher level (i.e. you have to know more to see how stupid/malicious it is).

    7. Re:WTF is the "Cookie Law" by Anonymous Coward · · Score: 0

      Being just your average guy from across the pond over here in the state, I have absolutely no idea what this whole "Cookie Law" bullshit is even about. Thus, here is a source: https://cookiepedia.co.uk/eu-c...

      Can someone tell me who the hell thought of this directive? And why put the burden on every single web site owner, instead of putting the burden on the very few user against commonly used?

      In the European Union, personal data belongs to the person, unlike the US approach where it belongs to the business that collects it. Two of the principles of data handling in the EU is that a person's permission should be asked before collecting personally identifying data (this can be implicit permission, such as when you hand a store clerk your credit card) and that people should be able to know what data is being collected on them. The rules can't be circumvented by outsourcing data handling to a third party. The concept that "my data belongs to me" is genuinely felt in the EU but appears to be baffling to most Americans, in much the same way that the equation "widespread handgun ownership = freedom" is baffling to most Europeans.

      The "Cookie Law" is not really about cookies and is widely misinterpreted. It merely affirms that these two principles apply to websites - if you are collecting personally identifying data about your visitors you need to let them know first. Many websites show advertisements from third-party ad networks and those networks have a business model based on collecting as much information as possible about everyone and tracking people everywhere they go on the web. Therefore each website that lets these third party ad networks collect data on their visitors needs to get permission, rather than silently collecting this data in the background.

      It is not relevant whether this collection is via HTTP cookies, HTML LocalStorage tricks or anything else. It is not relevant that their full legal name may not be part of the personal data. On the other hand,where people are explicitly identifying themselves to the website (such as log-in forms) you don't need a separate warning to tell people that the website will be able to identify them. Also cookies that don't attempt to individually identify each user (for example a cookie that identifies the user's preferred text size) are not relevant because they don't contain personally identifying data.

      The burden is not on every website owner, only those that want to track users, or who are letting third-party agencies track users. If websites insist on adopting business models that are inherently in tension with user privacy rights then they can't be surprised if there is some regulatory push-back.

    8. Re:WTF is the "Cookie Law" by LQ · · Score: 3, Funny

      Here in UK, we're having a referendum this year or next on leaving the EU. It's this sort of bureaucratic nonsense that pushes people to vote to leave.

    9. Re:WTF is the "Cookie Law" by gstoddart · · Score: 1

      You can do these things, but you have to take ownership of it, and you have to be fairly diligent about it.

      My mom? Probably not so much.

      So, someone came up with a strategy whereby if they just said "we set teh cookies", then they're covered. That it might be cookies from 10 external partners which add nothing at all to your overall experience, well, that's a little detail to gloss over.

      I block the heck out of this crap, use extensions to block stuff, and keep blacklisting stuff or adding rules to Chrome. But I wouldn't expect your average user to be willing to do that.

      The problem is the default position of the web is everybody wants you to run the browser in the most insecure, wide open method possible to allow their precious pile of shit to work as envisioned.

      Me, I see a page which tells me I need to enable javascript, or turn on cookies ... and the back button is all they'll see. Because I have no intention of trusting most web sites, and not at all their third part ad/analytics companies.

      --
      Lost at C:>. Found at C.
    10. Re:WTF is the "Cookie Law" by Z00L00K · · Score: 1

      Firefox has that option, then it's possible to configure if it shall be denied, accepted or just valid for the session. I usually select the last because it looks to the site as if the cookie was successfully set but next visit after a browser restart it's not there anymore. And I also try to avoid third-party cookies as much as possible.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    11. Re:WTF is the "Cookie Law" by Anonymous Coward · · Score: 1

      The only shocking thing about it is how easy manipulation of public opinion through mass media still is.

    12. Re: WTF is the "Cookie Law" by Anonymous Coward · · Score: 0

      Come on that's exactly how it's not been, or we wouldn't have ended up in a situation where Germany and Sweden alone have taken about half of refugees coming to Europe last year.

    13. Re:WTF is the "Cookie Law" by turbidostato · · Score: 1

      "The "Cookie Law" is not really about cookies and is widely misinterpreted. It merely affirms that these two principles apply to websites - if you are collecting personally identifying data about your visitors you need to let them know first."

      The problem is, of course, that the "Cookie Law" neither affirms those rights nor was intended to do so, just pretend. Like going through the movements but still not dancing.

    14. Re:WTF is the "Cookie Law" by Anonymous Coward · · Score: 0

      The US simply says, "bring on the rape-gauntlets, we're armed."

      European anti-gun nuts vs. European anti-immigrant nuts... Round 1... FIGHT! (In the US, this would be round 2934809127495. And still no decision.)

    15. Re:WTF is the "Cookie Law" by Anonymous Coward · · Score: 0

      The only ones I see are on Slashdot, actually. It's quite annoying.

    16. Re:WTF is the "Cookie Law" by Anonymous Coward · · Score: 0

      This was the essence of Benn's anti-EU argument: it turned the UK into nothing but slavedrivers, i.e. bankers, but - thanks to fiscal dumping/labour aristocracy - without the complementary heavy industry of the last Empire.

    17. Re:WTF is the "Cookie Law" by JaredOfEuropa · · Score: 1

      This law is the worst, dumbest idea in the history of bad ideas. Actually the intention itself isn't bad, but the law is. Because "collecting personal data" is also interpreted to mean cookies of pretty much any kind, meaning it applies to almost all website. Thus on almost every bloody site you visit, you first have to click through this stupid and pointless warning. The net effect has been pretty much zero; and as the article suggests it may actually be dangerous: people are now so used to clicking away these warnings that the do so without really looking at them. Thankfully an increasing number of companies and organisations are starting to ignore this law.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    18. Re:WTF is the "Cookie Law" by amorsen · · Score: 1

      Because it is the bloody server owner who inflicts the tracking cookies on its users. Therefore it's their responsibility to make sure that the users are informed about being fucked over.

      --
      Finally! A year of moderation! Ready for 2019?
    19. Re:WTF is the "Cookie Law" by amorsen · · Score: 1

      Do you ever restart your browser? I mean other than for kernel or browser updates?

      Self destructing cookies gets this right. That add-on should be built-in functionality with an opt-out for the few who don't want it.

      --
      Finally! A year of moderation! Ready for 2019?
    20. Re:WTF is the "Cookie Law" by amorsen · · Score: 1

      Because "collecting personal data" is also interpreted to mean cookies of pretty much any kind, meaning it applies to almost all website.

      That is because almost all websites collect personal data. They could just stop doing that; they have no legitimate reason to do so. Then the cookie warnings would go away.

      --
      Finally! A year of moderation! Ready for 2019?
    21. Re:WTF is the "Cookie Law" by tlhIngan · · Score: 1

      This law is the worst, dumbest idea in the history of bad ideas. Actually the intention itself isn't bad, but the law is. Because "collecting personal data" is also interpreted to mean cookies of pretty much any kind, meaning it applies to almost all website. Thus on almost every bloody site you visit, you first have to click through this stupid and pointless warning. The net effect has been pretty much zero; and as the article suggests it may actually be dangerous: people are now so used to clicking away these warnings that the do so without really looking at them. Thankfully an increasing number of companies and organisations are starting to ignore this law.

      Well, the intention is that the consumer is to start questioning why. I mean, if I go a browse a few pages, not logging in or anything, WHY is it setting cookies? Why does it need to track me? Fine, sure, if I log in, you need a cookie to track that. But if I'm a guest, why are you doing it? Why do you need session cookies when I'm just pulling information?

      I mean, we asked why people stored cookies just to view static web sites. And most web content is static - if I'm finding information out about a car, I don't need a cookie to track me as I view the options and features and specifications.

      Etc. etc. etc.

    22. Re:WTF is the "Cookie Law" by Anonymous Coward · · Score: 0

      "They could just stop doing that; they have no legitimate reason to do so."

      This is so fucking clueless and stupid its amazing.

    23. Re:WTF is the "Cookie Law" by hucker75 · · Score: 1

      There are thousands of such petty issues, and some not so petty. But it's the principal of the thing, we will not be ruled by someone in another country. Oh and it's not petty getting a banner on every single website I visit, it's as annoying as ads. Anyone got an adblocker that blocks cookie notices?

    24. Re:WTF is the "Cookie Law" by Anonymous Coward · · Score: 0

      Do you ever restart your browser?

      He said Firefox.

      "Firefox has crashed. Do you want to send an error report?"

    25. Re: WTF is the "Cookie Law" by Anonymous Coward · · Score: 0

      The result of that law was that 'big' sites like dladhdot outsourced their compliance, quite a few to the same srrvice that displayed a 'modal dialog' with a huge button to accept full unlimited tracking an an inconspicuous link with misleading text that leads to a page where you can choose between all, somewhat less and ' essential' cookies with a slider. If you used that, it would sit there for minutes trying to collect opt-out cookies from dozens of ad and tracking networks (and then telling you that it didn't work, because most were blocked via /etc/hosts)

  6. Need a WYSIWYG browser by Anonymous Coward · · Score: 0

    If the user can't see the iframe, then the iframe does not get the click.

    1. Re:Need a WYSIWYG browser by SQLGuru · · Score: 1

      The problem is that @ opacity 0%, it's still being rendered and the software believes it to be visible.....it's just that it's as visible as good quality glass covering a picture....it's there, but you eyes look through it.

    2. Re: Need a WYSIWYG browser by bondsbw · · Score: 1

      And even if transparent overlays were treated as a special case, all they would have to do is set the ad to 1% opacity.

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
    3. Re:Need a WYSIWYG browser by Mikkeles · · Score: 1

      My initial thought as well. The difficult part is: what opacity is invisible? For example: a frame with a single background colour and no border may just be interpreted as part of the legitimate widget for clicking.

      --
      Great minds think alike; fools seldom differ.
    4. Re: Need a WYSIWYG browser by U2xhc2hkb3QgU3Vja3M · · Score: 1

      But the fix would be equally easy, just block things set a both 0% and 1% opacity!

      Oh wait...

  7. somebody remind me why we all run adblockers? by Anonymous Coward · · Score: 1

    Please.

  8. Need a good HOSTS file by 110010001000 · · Score: 4, Funny

    I was thinking of this the other day: we need someone who can maintain a good HOSTS file that we can all subscribe to. Anyone know of anyone like that? As a bonus, the maintainer should be grumpy.

    1. Re:Need a good HOSTS file by Anonymous Coward · · Score: 0

      http://winhelp2002.mvps.org/hosts.htm

      You are welcome in advance.

    2. Re:Need a good HOSTS file by Anonymous Coward · · Score: 0

      Pft...what kind of an idiot thinks he can block ads with a hosts file?

    3. Re:Need a good HOSTS file by Anonymous Coward · · Score: 0

      What kind of idiot thinks he can't?

      How the hell is the ad supposed to retrieve data from we_know_everything_about_you.com when your hosts file points we_know_everything_about_you.com to 0.0.0.0?

    4. Re:Need a good HOSTS file by Anonymous Coward · · Score: 0

      For a quick example - anyone behind a proxy server. So for example most companies. Host files are ignored when you are using a proxy. For home users, a host file can work. For smaller businesses (or even those few large ones that don't use proxies), hosts files likewise work. But for your average medium to large business - nope.

    5. Re:Need a good HOSTS file by Anonymous Coward · · Score: 0

      I switched to a HOSTS file solution, but it didn't block out all the ads for HOSTS files solutions I'd see spammed across Slashdot.

    6. Re:Need a good HOSTS file by radarskiy · · Score: 1

      "How the hell is the ad supposed to retrieve data from we_know_everything_about_you.com when your hosts file points we_know_everything_about_you.com to 0.0.0.0?"

      By retrieving the data from 98.62.81.5

    7. Re:Need a good HOSTS file by GrumpySteen · · Score: 2

      As a bonus, the maintainer should be grumpy.

      But I don't want to maintain anything.

    8. Re:Need a good HOSTS file by e5150 · · Score: 1

      See also: http://someonewhocares.org/hos... http://pgl.yoyo.org/adservers/... (not hosts formatted: https://spam404bl.com/spam404s... and http://mirror2.malwaredomains.... ) I'm using a shell script to aggregate those into a blacklist used by dnsmasq for my LAN (altough it is somewhat discouraging to see how often my android devices tries to phone home when on my wifi).

    9. Re:Need a good HOSTS file by antdude · · Score: 1

      Neither did uBlock Origin. /. has its own ads. :(

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  9. Can we please stop that idiocy? by Anonymous Coward · · Score: 0

    Every page loads half a dozen tracking scripts, but the actual web site has to warn that it wants to place some cookies? And then I can't delete the cookies or I'll get the same warning, which obscures part of the page or even blocks interaction with it, every time I visit that page? If you give a politician a gun and a bullet, he shoots you in both feet.

  10. Hmmm ... by gstoddart · · Score: 3, Interesting

    So shit I don't allow (popups and scripts) being used to tell me that something else I don't allow (cookies) is being used to fool people into clicking ads they don't even see, from companies we shouldn't trust, so we can see ads for stuff we don't want, so some asshole can get revenue for ad clicks?

    And people wonder why we keep saying allowing arbitrary sites to execute scripts and Flash isn't a completely moronic practice??

    I'm sorry, but EVERYTHING about internet ads and how most sites work is in direct opposition to sensible security practice.

    Sorry, but this is precisely why I will continue to block the hell out of any form of ads, because I have no choice but to assume any 3rd party actor called in from a site I am visiting isn't a hostile actor ... and with sufficiently advanced incompetence, "hostile" takes on a very broad meaning.

    The internet got so thoroughly broken when ads came along it isn't funny. Because they seem to want to force us to use terribly insecure technologies on the chance that some small subset of the shit on the interwebs is what we want and can be trusted.

    --
    Lost at C:>. Found at C.
    1. Re:Hmmm ... by Anonymous Coward · · Score: 0

      Pretty much this.
      Those sites can all die before I enable scripts and ads again.

  11. Advertisers kill yourselves by Anonymous Coward · · Score: 0

    I run umatrix, ublock origin subscribed to most of the blocklists and https everywhere. I also run squid on my router with some blocklists to perform further probably redundant adblocking at the router level.

    When sites I visit don't work properly, I will take a look at all the shitty scripts they are trying to run from the umatrix panel. If it's a couple scripts on the originating website's server, I might allow them temporarily. If there's like 50 scripts being loaded from third party sites, I just close the tab.

    Fuck off with the ads and scripts. The sooner advertising becomes unprofitable and dies out on the web, the better we'll all be.

  12. Quick! More laws! by Anonymous Coward · · Score: 0

    That's sure to fix everything.

  13. I Was Immediately Suspicious by sudon't · · Score: 1

    When I first began seeing these "Cookies Exist" banners, (I see a lot of them, using a European server through my VPN), I was immediately suspicious. I mean, who needs to be told web sites use cookies? Why do you have to click something? I was surprised to find out this was an actual EU law. Glad my initial paranoia's been vindicated, though.

    --
    -- sudon't

    Air-ride Equipped

  14. Why? by U2xhc2hkb3QgU3Vja3M · · Score: 1

    Why are we at this point? Why let ads be HTML+CSS+Javascript in the first place?

    Forcing ads to go back to being simple PNG or JPEG images with an HREF link would solve a lot of problems. Non-annoying, static images would probably lower the number of people installing ad blockers too.

    1. Re:Why? by Anonymous Coward · · Score: 0

      Gosh durn change, that's what! Why can't we go back to using Gopher and Telnet? That would solve a lot of problems, too! And you know what I think of all this business with "The Cloud" bs? http://imgur.com/gallery/91sn32Q

  15. In case you missed it.... by VoiceOfDoom · · Score: 1

    ...some amusing background on the cookie law https://silktide.com/the-stupi...

    Aside from degrading the web experience for millions of users, costing companies money better spent on accessibiity or security improvements and trashing analytics, it was only a matter of time before someone caught on to the nefarious possibilities of a popup that the user has been conditioned to see (and accept without scrutiny).

    This law was one of the bloody stupidest moves in the history of technology and serves only to reinforce the unfortunate attitude that clicking a box can equate to "informed consent". A classic case of confusing the success of a mechanism with the desired outcome.

    --
    "Life is pain Highness. Anyone who says otherwise is selling something"

    Westly, The Princess Bride

    1. Re: In case you missed it.... by Frankzy · · Score: 1

      You mean money better spent on the boards paychecks

  16. Privacy & Data Protection by Martin+S. · · Score: 1

    The entire EU is covered a common Data Protection law to ensure peoples' privacy is respected by companies collecting private data. Some idiotic jobsworths have interpreted this have chosen to interpret this that everybody must opt-in to visit a website.

    There is no such requirement in the directive, here is the UK Information Commissioner guidance on what is required.

    https://ico.org.uk/for-organis...

  17. Who buys these ads? by Anonymous Coward · · Score: 0

    WTF? I buy web advertising (Google Adwords) and I pay per click. Why would I pay a web site for a click from some one who has not even decided if my product is relevant?

    Or is this another Adsense Scam (click fraud)? Click fraud showed up in my ad performance years ago. Every few years I try (then give up) on Adsense.

    These ads scam advertisers and advertisees.

    I wish this was the worst thing people did.....maybe we can get some folks fighting with guns to start fraudulent advertising sites.

  18. Accepting clicks on invisible things by wvmarle · · Score: 1

    How about: browsers do not accept clicks on items with less than 100% opacity? Or at least something like 50% opacity? I can't think of a legitimate reason to make user click on something invisible, so there's no reason to make anything invisible clickable.

  19. I don't care about cookies by Patabugen · · Score: 1

    There's a browser extension for people who wish to hide the nonsense cookie notices:
    http://www.kiboke-studio.hr/i-...