Forbes Asks Readers To Disable Adblock, Serves Up Malvertising

Deathlizard writes with a report at Engadget that when this year's "Forbes 30 Under 30" list came out , "it featured a prominent security researcher. Other researchers were pleased to see one of their own getting positive attention, and visited the site in droves to view the list. On arrival, like a growing number of websites, Forbes asked readers to turn off ad blockers in order to view the article. After doing so, visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information."

And with laws like the DMCA you can be sued for

[Joe_Dragon]

And with laws like the DMCA you can be sued for telling other how to bypass the ad block block.

Re:And with laws like the DMCA you can be sued for

And with laws like the DMCA you can be sued for telling other how to bypass the ad block block.

[citation needed]

Re:And with laws like the DMCA you can be sued for

[Mitreya]

you can be sued for telling other how to bypass the ad block block.

I wonder, can Forbes be sued for the damage that they have facilitated?
If users can demonstrate that infection came from them?

Re:And with laws like the DMCA you can be sued for

Even if they could in theory, who's going to pay the tens of thousands of dollars just to get an attorney on retainer and file a case? Especially knowing that if you lose you might have to pay Forbes' legal bill too.

Re:And with laws like the DMCA you can be sued for

It's US Criminal Code, Section 2701. This law is closely tied to the European Directive 2001/29/EC. Please review it, not with the understanding of a reasonable person, but with the approach of a lawyer for whom the details of the law is critical, and their client's interests paramount over reason.

Re:And with laws like the DMCA you can be sued for

[Bite+The+Pillow]

Yes, Forbes can be sued for facilitating. They can also be sued for liking blue, for farting an aerosol dye, and for starting the French Revolution.

Will it be successful? I don't know where to start. Why don't you tell me the last grade you graduated from, and I'll just wing it.

You could read ahead, if you like, so I don't have to hold your hand through the internet bar exam.

I wonder, what did that guy in the stall next to me eat last night? Pure sulphur? Dead curry filled corpses? Raw farts in jars? I can wonder out loud for no reason, too. It's purely rhetorical, so you think I'm smarter than I am.

Re:And with laws like the DMCA you can be sued for

[Altanar]

Here's law verbatim

(a)Offense.—Except as provided in subsection (c) of this section whoever—

• (1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or
• (2) intentionally exceeds an authorization to access that facility;

and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section.

In other words, if something is preventing you from accessing content, bypassing it is a violation. Blocking ads itself isn't a violation, but blocking something that hides content unless you turn off ad blocking is.

Re:And with laws like the DMCA you can be sued for

[Opportunist]

By that silly law it's even illegal to keep the malware from infecting you.

That law is seriously broken. It's like making it illegal to keep a burglar from entering your house.

Re:And with laws like the DMCA you can be sued for

[Opportunist]

Of course you can sue them!

Oh, you mean whether you can win that suit? No, no you can't. That law is supposed to protect them from us, not for us to be used.

Re:And with laws like the DMCA you can be sued for

[KGIII]

The law is broken, I agree. But, there's similar precedent with just the analogy you made. You can not, for example, use a shotgun booby-trap to keep a burglar from entering your house.

Re:And with laws like the DMCA you can be sued for

[godefroi]

Are we sure that the law isn't referencing a BUILDING? The way I read it, it's talking about lying your way into a colo facility or some such.

Re:And with laws like the DMCA you can be sued for

[DedTV]

While we usually associate "facility" with just physical space, the (standard and legal) definition of the word it also includes the equipment necessary for doing something which extends the section to also include "virtual space" like a website.
It's intended to target hackers but it's use of a word with a wide definition like "facility" rather than something more specific means that legally, bypassing an "adblock block" or telling others how to do so would be illegal under the law as it "intentionally exceeds an authorization to access that facility" by bypassing their requirement that you accept viewing their ads in return for consuming the content on their site.

Welcome to why I run an adblocker

[Phydeaux314]

Seriously, this is why we run ad blockers, and why I stopped reading Forbes. They need revenue, and I don't trust them to vet their advertisements, so I get my news elsewhere.

Which is sad, because I like a lot of their articles.

Re: Welcome to why I run an adblocker

[ArmoredDragon]

Use anti-adblock killer. Anyways, I think this would be a good thing to start lawsuits over. That is, if Forbes serves you a ransomeware ad, hold them liable for the cost.

If the courts find Forbes not liable, then we need laws to make it happen.

Re: Welcome to why I run an adblocker

Or just stop visiting their site.
Lets see if they can keep existing while doing this.

Re: Welcome to why I run an adblocker

[ArmoredDragon]

Considering they don't get ad revenue from adblockers anyways, I don't think they care if people who use adblockers stop visiting anyways.

Re:Welcome to why I run an adblocker

[Dutch+Gun]

For many years I used no-script instead of an ad-blocker, which almost amounted to the same thing, as the most obnoxious or dangerous ads rely on scripting. The difference is that the modern web utterly breaks without scripting, and it was just too much of a pain in the ass to try to figure out what to whitelist when sites are often pulling from many dozens of different domains for various javascript pieces, services, or what have you. So, I uninstalled no-script and installed ublock-origin instead, because nowadays, I figure most malware I'd see would be from ads.

We see from this that the ad networks still don't have malware under control, so I won't disable ad-blocking. That's essentially like asking me to disable my firewall or anti-virus to read an article - it will never happen, ever, unless I'm using a browser instead a disposable virtual machine image or something equally safe.

Until we get a mechanism to ensure that advertisers can't run arbitrary scripting, launch Flash or Java, or provide their own arbitrary content, I'll continue to block ads purely for safety reasons. Even static images or multimedia has proven to be dangerous, as the recent stagefright debacle on Android has shown. Honestly, most normal ads don't bother me all that much, and I'm aware they pay for a lot of content. But I'm not going to be lowering my shields to read your article, sorry. There's just too much malware out there today, and a lot of it is REALLY bad. My personal safety comes first.

Re:Welcome to why I run an adblocker

[martin-boundary]

Which is sad, because I like a lot of their articles.

I don't really like their articles very much, but I'm lazy and I click on TFA's links simply because it's what slashdot serves for dinner.

Re: Welcome to why I run an adblocker

[F.Ultra]

Actually I think that they do to some extent. Adblock users might spread links to Forbes articles which in turn might increase the number of non adblock users on their site. As the number of adblocker users increase this effect waters off of course.

Re: Welcome to why I run an adblocker

[l0n3s0m3phr34k]

Thanks for the tip! Installed the "Disable Anti-Adblock", made sure Forbes was not in my allowed list, and now can see their site. Left a response about them serving up malware, that "Forbes right to profit is not greater than my right to protection."

Re: Welcome to why I run an adblocker

[Blue+Stone]

Strange. I installed "Disable Anti-Adblock" Firefox extension and Forbes most definitely did not let me into the site. I think that extension (or is it add-on ...wtf Mozilla?) is broken.

Re: Welcome to why I run an adblocker

[tepples]

Or just stop visiting their site.

If the top four or five results from a DuckDuckGo or Google search are from sites that deploy anti-ad-blocking measures, it's going to become hard to find things through web search without having to waste your time clicking the back button more often than not.

Re: Welcome to why I run an adblocker

[l0n3s0m3phr34k]

It said a prereq is the real Adblock Plus, do you have that installed too? After the install, Forbes did have issues with me posting a comment; and the "anti adblock" plugin is " preliminarily reviewed" and is probably buggy. I'd guess this kind of plugin is a constant "arms race" with the malware / ad spammers and is never completely stable lol.

Re:Welcome to why I run an adblocker

[Darinbob]

Yup a week or two ago was the last time I tried to go to Forbes. It refused to let you continue with adblocker and noscript on. No big loss.

Re: Welcome to why I run an adblocker

[nmb3000]

If using NoScript, you also need to allow a bunch of third party scripts before it will show you the content.

Ironically for me, I didn't even need to disable AdBlock. Just temporariliy allowing Javascript was enough to satisfy the "disable your adblocker" message and let me in.

Re: Welcome to why I run an adblocker

[Shadow99_1]

I usually just open the top several results in their own tabs as is. It's quite often I don't get exactly what I want for a lot of things my parents want my help with for instance. Google and DuckDuckGo have issues answering questions like 'methods for marking property borders' or 'border trees'. I had talked to a law professor about the subject and they wanted to see information on the topic. Even the top 20 results from the search engines gave me lots of stuff that didn't do me a bit of good.

Helping them over the last few years has lead to me getting in the habit of opening as many as 10 or even 15 tabs when searching for stuff and then quickly sorting through them to see if they are useful at all.

Re: Welcome to why I run an adblocker

[mattcoz]

Exactly the same thing happened with me, I'm glad I decided to just find the news elsewhere.

Re:Welcome to why I run an adblocker

[Lehk228]

I find little of value is lost most of the time blocking scripts on unknown domains

Re: Welcome to why I run an adblocker

[ArmoredDragon]

This is because of some cookie that Forbes gives you which tells them that ad blocking is disabled. I don't know the exact details (only read about it) if you just make this cookie on your own then you'll skip past it anyways.

Re: Welcome to why I run an adblocker

[Blue+Stone]

Ah, thanks!

Re: Welcome to why I run an adblocker

[Ferocitus]

Irony on the noscript,net page...
Forbes: "The real key to defeating malware isn't antivirus but approaches like Firefox's NoScript plug-in, which blocks Web pages from running potentially malicious programs" (Dec 11, 2008, Andy Greenberg, Filter The Virus Filters).

Re: Welcome to why I run an adblocker

[hucker75]

Thanks! Anti adblock killer installed and running successfully. Forbes is now workable.

(Re)?Dear Slashdot

[TeknoHog]

What's a redear?

Re: (Re)?Dear Slashdot

[ChunderDownunder]

Rudolph the red-nosed red ear?

Re:(Re)?Dear Slashdot

It's an ex girlfriend you hook up with again.

Re:(Re)?Dear Slashdot

[wierd_w]

A redear is what you get when Dr Frankenstein and roadkill get together.

Re:(Re)?Dear Slashdot

[MrKaos]

What's a redear?

It's the opposite of a wrytur with bad smelling.

Re:(Re)?Dear Slashdot

[rossdee]

time to remind people to wear appropriate headgear, With 30 below zero windchill your ears can get red in no time
Lets see how the Cold Avenger Expedition balaclava goes.

Re:(Re)?Dear Slashdot

[Quirkz]

I don't know, but it reminds me of that joke about Pete and Repeat sitting in a tree. Pete fell out. Who was left?

What the F is Redears?

[Stan92057]

Man this place going to the dumps...

Re:What the F is Redears?

[serviscope_minor]

Man this place going to the dumps...

Slashdot---going to the dumps since 1997.

Get a grip. I've been here well over a decade now and people have ALWAYS been complaining about typos in the summary, dups and other such things.

Re:What the F is Redears?

[peragrin]

At least the frosty piss/ first post meme finally died.

Re:What the F is Redears?

[Areyoukiddingme]

At least the frosty piss/ first post meme finally died.

It didn't so much die as get crowded out by the cow guy. Now that he's gone quiet, it will probably come back.

Re:What the F is Redears?

[LunaticTippy]

Pff, you call that complaining about slashdot? I remember when people could really bitch about how this site is going to hell.

Yet Slashdot continuously links to Forbes

[Crashmarik]

Matter of fact they do it in the story just below this one
http://politics.slashdot.org/s...

Seriously I know for some reason they have relentless need to plug Ask Ethan but seriously could they at least do it by posting a link to an archive site. Archive.is comes to mind as a good alternative to links to Forbes

Re:Yet Slashdot continuously links to Forbes

[wierd_w]

Forbes is a famous news source catering to rich conservatives. It features mostly business news, and political news with an economic or business bent.

Similar to Wall Street Journal, or Fortune magazine.

The stories on Forbes are often biased. Readers should take that with a grain of salt.

Re:Yet Slashdot continuously links to Forbes

[ChunderDownunder]

Well I guess it has overlap with rich conservatives who work in IT but I'm not sure the relevance to a tech forum.

Re:Yet Slashdot continuously links to Forbes

Might also want to mention that Forbes is run by editor-in-chief Steve Forbes, 2-time GOP presidential hopeful-- in 1996 and again in 2000. His main campaign issue was the so-called "flat tax".

I actually think the Forbes tech articles in the last few years have been pretty good. The rest of it, especially anything having to do with economics or the economy, is pretty much garbage tho.

Uh, no

[rsilvergun]

I hate the DMCA as much as the next guy but there's no DRM involved in blocking ads. Now, if you told people how to get around a paywall (even a trivial one) then you'd have a point.

Re:Uh, no

[wierd_w]

It could be argued, that the "No, really, let us show you the ads, because it pays for the content" mechanism is a payment mechanism to view protected content. By circumventing that to get unpaid access to the content, you are engaging in circumvention of a rights management system, and thus fall victim.

That's the thing with DRM-- it can be extremely feeble-- it still counts when considering the DMCA.

It could be argued that reading the article without "paying" for it (with your advert exposure) is piracy, and that to prevent you from doing this, the anti-blocker script was introduced.

Still a load of bullshit-- The need to circumvent protections that are onerous and not in the public good (or that prevent authorized special exception use, such as via a library) is very important but given short shrift as far as the DMCA is concerned.

Re:Uh, no

The DMCA makes it illegal to go against encryption schemes, not generic hurdles. It's a bit more specific than you are implying.

Re:Uh, no

[tepples]

Then encrypt the article with a key derived from the hash of the ad.

Re:Uh, no

[dissy]

It could also be argued, much more concisely in fact, that the advertisers are guilty of violating the Computer Abuse and Fraud Act, one count accessing a computer system without authorization, multiple counts accessing computer networks without authorization, plus the multiple counts of fraud and counterfeiting their malware performs on their behalf.

I'm OK with a DMCA violation that is a $150,000 fine (max penalty) so long as these people get their 60 years in prison (max sentence) as well.

Re: Uh, no

Working to patent your idea now ;)

Re:Uh, no

[thegarbz]

Don't you by very nature of the HTTP protocol need to ASK for this content? I know this is splitting hairs but I can't imagine that your reasoning would fly.

Re:Uh, no

[wierd_w]

No. No it isnt.

Here's a link--
https://www.law.cornell.edu/us...

And here's the pertinent section's text.

(a)Violations Regarding Circumvention of Technological Measures.â"
(1)
(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title. The prohibition contained in the preceding sentence shall take effect at the end of the 2-year period beginning on the date of the enactment of this chapter.

and

By Forbes demanding deactivation of adblockers to view the content, they have instituted a "Technological Measure" as described in the last part of section B--"or a process or a treatment, with the authority of the copyright owner, to gain access to the work."-- which makes the use of an anti-adblocker blocker an illegal circumvention technology.

It being weak as fuck does not matter. It is a technological measure, instituted to gain "authorized" access to the works that they hold copyright to, and being made to see adverts so that they get money can be seen as "a process or treatment with the authority of the copyright owner to gain access to the work."

Encryption is not necessary. Just an attempt to institute a technological measure to cockblock free access.

Re:Uh, no

[Opportunist]

I would have loved not to ask for that content, alas they didn't let me.

Re:Uh, no

[wierd_w]

Damnit. Stupid missing close tags.

Here's the other section--

(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, thatâ"
(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
(C) is marketed by that person or another acting in concert with that person with that personâ(TM)s knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.
(3) As used in this subsectionâ"
(A) to âoecircumvent a technological measureâ means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and
(B) a technological measure âoeeffectively controls access to a workâ if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

Re:Uh, no

[noodler]

In my opinion you'd be wrong. It's not the advertisers that are guilty, its the website you visited. It's their fault for choosing a malicious advertiser. If they want they can then sue their advertisers.

Re:Uh, no

[dissy]

Don't you by very nature of the HTTP protocol need to ASK for this content? I know this is splitting hairs but I can't imagine that your reasoning would fly.

That's the entire point.
I asked for an image. Not executable code, not an image with executable code, but an image.
(Note I made no complaint about getting that image I asked for)

Say you ask me to send you money. Are you arguing you have no right to complain about the anthrax in the envelope so long as I actually did include money along with it too?

Re:Uh, no

[Intron]

The problem is that Forbes doesn't know who the advertisers are. They sell ad space to a company which in turn sells some number of hits to many different advertisers, mostly through automated means. Some malware distributor buys some hits with a stolen credit card number, uploads the malware and neither Forbes nor their ad service has any way to track down the source. IP will turn out to be a Starbucks or Internet cafe.

Re:Uh, no

[thegarbz]

My point was the protocol is the problem. You may have asked for one thing but your computer asked for everything. The nature of the protocol is that you have to ask for it. You ask for the executable code and then you execute it (and by you I mean your computer which at this point would likely be giving you the shits like computers often do).

Your analogy would be more correct not if I asked you for money, but if I asked you for everything you have in a specific little black box and I assumed there was money in it. You send me money and anthrax in the box... and then I complain about the anthrax.

Re:Uh, no

[dissy]

I do suppose it depends what countries laws you live under, yes. I (perhaps mistakenly) assumed US laws as that is where Forbes is headquartered.

But under US law it doesn't matter what the computer does, only what the person does and/or intended to do. This has been upheld in cases 100% of the time that I'm aware of.

After all changing a "1" to a "2" in a URL address bar of your browser to access another UID's data is a criminal act under the Computer Abuse and Fraud act, due specifically to such an act making the server give you data that the server owner did not intend, despite the (mis)configuration of that server stating explicitly that such a request was allowed.

Re:Uh, no

[noodler]

The problem is that Forbes doesn't know who the advertisers are.

Yes, but technically it's their problem. They should take responsibility and push for advertisers to behave morally.
The whole system is rotten to the core.
People can't trust sites because sites can't trust their ad distributors because the ad distributors can't trust the advertisers. And noone in the chain after the user takes any responsibility for making a safe advertising system. And then they whine when people use ad blockers as their last line of defence.
I mean, it's beyond ridiculous.

Re:Uh, no

[thegarbz]

Ok fair enough I wasn't aware that this had already been tested in court.

Re:Uh, no

[q4Fry]

Arguably, if you are using AdBlock, your computer expressly didn't ask for it.

Re:Uh, no

[david_thornley]

It could be argued that accessing the content without the ads, in those circumstances, would be unauthorized access and we're in CFAA territory. Forbes has the right to put whatever conditions they want on access, and bypassing them is legally dangerous.

Re:Uh, no

[thegarbz]

Well then you wouldn't have a case regardless.

My brother

[rsilvergun]

is convinced the ads just got too annoying, but in my experience there's no amount of annoying in ads that makes Joe or Jane average run screaming from them. I'm guessing it's relatives sick of cleaning malware. I run some ads on my site to pay for bandwidth and what have you and I've stuck with plain Google ads even though other folks might pay more because I can't be bothered dealing with serving up malware to my users. Both AVGN & Penny-Arcade have seen their sites taken down by Malvertisements and now even Forbes?

Re:My brother

[SvnLyrBrto]

In my case, it really was the ads just getting too annoying. I never used to block ads when they were just a .gif banner at the top of the site, or a static image in the sidebar. Popups began the annoyance, and I blocked them but not ads in general for a while. I think it was X10 and their pop-under ads that provoked me into using a general ad blocker.

Re:My brother

[JaredOfEuropa]

This. I remember that at some point pop-ups were rife, as were sites plastered with ads everywhere. Then Google set a good standard for unobtrusive ads, which has held for a good while, but lately the ad wars of old have flared up again. I don't see many pop-ups (or rather: notifications that the browser has blocked one), but banners are getting noisier again. Sometimes literally, with roll-over sound and video, sometimes just in terms of bounciness. Now there are interstitials, interscrollers, and "sponsored content" disguised as actual content, to get around ad blockers. Until we figure out how to get around those. Ads were fine when it was just banners, but advertisers and web masters have pretty much crapped the beds they sleep in by reviving the online loudness war.

Re:My brother

[cyn1c77]

In my case, it really was the ads just getting too annoying. I never used to block ads when they were just a .gif banner at the top of the site, or a static image in the sidebar. Popups began the annoyance, and I blocked them but not ads in general for a while. I think it was X10 and their pop-under ads that provoked me into using a general ad blocker.

Same here. I tried hard to never block ads to make sure the sites got their revenue.

But for me it was the video ads. I started getting annoyed and distracted when animated GIFs were used, but the extra audio that I couldn't turn off pushed me over the edge.

Now if the site can't be viewed with both NoScript and AdBlock, I just go elsewhere.

As far as I'm concerned, advertisers and site owners have done this to themselves by designing their ads specifically to piss me off.

Re:My brother

[hawk]

Except for trackers, such as double-click, I've never blocked an ad for being an ad. I don't even use a list on adblock.

I *do* block anything that blinks, wanders around, animates, or makes noise, including the purported content, such as rollbars of "content" for the local paper.

If it's static, I keep it; if it's dynamic, it goes.

It just makes it hard to read . . .

hawk

Re:My brother

[jwhitener]

The rise of mobile has made a lot of relatives hate ads. I'll send them a link (forgetting I use adblock for android) and it literally makes their phone crawl to a halt because 50 different things are trying to load, half of them ads.

Content from one domain

[DogDude]

I'll accept content from the domain that's in my address bar, and that's it. If somebody wants to show me ads, it's going to have to be from their own domain.

Re:Content from one domain

If web sites allow advertisers to run scripts from the main domain, then these ad scripts will get access to everything, login cookies and all.

Web sites allow advertisers to run scripts from the main domain. Advertisers doesn't want to.
The reason is that advertisers doesn't trust the content providers. They need the end user to connect to the advertiser directly to verify that there is a legit access and not just the content provider trying to fake accesses.

When a content provider asks you to trust them and disable ad-block, remember that there is no trust between the advertiser and the content provider.

Re:Content from one domain

[Tony+Isaac]

Like other solutions, this one is temporary at best. Sites are already starting to serve third-party ads from their own sites. They'll get better at it with time, until self-hosted ads will be as obnoxious as the third-party ads are now. Many sites have already succeeded in reaching this goal.

Re:Content from one domain

[arth1]

PrivacyBadger has its own set of problems, like breaking down on SSO sites (like the Kinja empire, or Disqus), where you do want cookies to be shared, but only with certain sites.
The problem is that there are two different kind of cookies for the same domain - one evil, tracking, and one single signon that's needed. PB detects the tracking cookie and throws the baby out with the bathwater blocking your SSO auth token too.

With PrivacyBadger, you either have to let cookies for specific domains through for all sites, or disable PB completely for a site. Or, after the tenth time PB has prevented a site from working, and you're too stressed to figure out just which domain it objects to this time, you simply uninstall it.

we all get what most of us deserve

There was a time before advertising infested the internet. Then the first ads started to appear, and many of us warned, "If you support those sites, soon the whole place is going to go to shit. The internet will turn into a clusterfuck of excessive commercialization, fake reviews, astroturfing, and meaningless click-bait content designed to sell eyeballs to advertisers". But did people listen? No, because there were dancing monkeys.

When javascript-infested sites first started appearing, many of us warned, "Are you people fucking insane? Giving random sites the ability to run imperfectly sandboxed code on your computer is going to be a disaster. It'll result in horrifically annoying behavior like pop-unders, unclosable windows, auto-playing audio, and most likely malware. It'll result in behavioral tracking on a scale you can't imagine. It'll result in wholesale transfer of control away from the owner of each computer, to ad companies. Is that what you fools WANT?"

But did people listen? No. Like mice hooked on opiates they pushed the lever and and again for the next hit, without considering the long term ramifications, until it's become hard for most people to use the web without javascript, because we let it become so ubiquitous that nothing fucking works without it. We were too stupid to say "no" when the camel's nose first entered the tent. Now, here's the camel!

The same WILL happen with sites that refuse to serve content if you block ads. A few of us see where that road goes and will say "no thanks", but most of us are far too stupid. The end result will be a web completely unusable if you don't want to let the ad-men control your computer. The end result is TV 2.0, rather than what the internet used to be: a democratic medium where everyone had a voice. It's a wholesale transfer of control from everyone, to a few.

We all get what most of us deserve. Unfortunately, most of us are drooling mouth-breathers.

Re: we all get what most of us deserve

[snowsnoot]

What about an ad-blocker that still downloads the ad but doesn't display it? I guess they can still track you somehow but they won't know if you're seeing the ads or not.

Re: we all get what most of us deserve

I guess they can still track you somehow but they won't know if you're seeing the ads or not.

Right - it still feeds the data-collection and mass behavior-tracking and profiling machine, is potentially still an attack vector, and still counts against any bandwidth caps you may have.

Re:we all get what most of us deserve

[umafuckit]

You present it as though there were a choice. As internet access spread beyond a small number of geeks (and people started to buy stuff via the internet) then adverts began to appear in earnest and what you describe is more less inevitable. Telling people (at least the non-tech "general public") not to use sites that have advertising is akin to telling them not use the web at all. When a platform becomes as widely used and powerful as the web then it inevitably becomes of interest to the rich and powerful who wish to control it. This is what is happening to the web and it will continue to happen. That's not "our" fault, it's just how things are.

I think the internet will remain a medium for making your voice heard--anyone can start a website, for instance--but we will increasingly give up control to use it. This has been happening continuously. e.g. who bothers to make a website to put up family photos and so forth for their relatives? Nobody really. It's all on the Facebook private sub-internet.

Re:we all get what most of us deserve

[johannesg]

And yet, none of that is as bad as video. Simple text, something you could read in five or ten seconds yourself, now has to be packed into a video that takes five minutes to play. That's not advertising you can simply blacklist. It's the content you want, packed in a format that's almost useless for quick viewing or for viewing on a slow connection.

There's another camel sticking his nose into the tent. Don't let it enter. Say no to videos of people just reading text.

Re:we all get what most of us deserve

[thegarbz]

From what I can see what we have gotten is for the most part an internet that is far more content heavy and useful than the internet of the past. An internet where in exchange for a small amount of information we get otherwise free services that have a tangible benefit in our lives rather than a poorly organised library of badly laid out content.

I don't like ads. I run an adblocker, I ignore clickbait articles, and I don't visit Forbes. But man I greatly prefer what we have now to the internet of old.

If this is what we deserve then I say bring it on. The bitter irony is that the sites most actively attempting to block content were the sites that provided the worst content to begin with or the sites who have had a very small and specific content that people used to pay for anyway.

Re:we all get what most of us deserve

[swillden]

You present it as though there were a choice. As internet access spread beyond a small number of geeks (and people started to buy stuff via the internet) then adverts began to appear in earnest and what you describe is more less inevitable.

This is true, it was inevitable, but you give the wrong reason.

Telling people (at least the non-tech "general public") not to use sites that have advertising is akin to telling them not use the web at all. When a platform becomes as widely used and powerful as the web then it inevitably becomes of interest to the rich and powerful who wish to control it.

No, the reason advertising was inevitable on the web has nothing to do with class warfare.

The real reason is that while it's practical to self-fund a small server in your basement, dorm room or university computer room that can serve static or semi-static content to a small population of users, it's an entirely different proposition to build and operate infrastructure capable of serving dynamic information to a billion users. Doing the latter requires tens of billions of dollars of infrastructure and billions of dollars of annual operation expenses.

Scaling the web up to where it could serve the entire population of the developed world, as it does now, required lots and lots of money. Where was that money going to come from? It ultimately had to come from the users, and there were really only two obvious ways for that to work: subscriptions or advertising. A subscription-based approach would have either placed barriers all over the web that made its core feature -- hyperlinking -- nearly useless, or else required the establishment of some sort of enormous micropayments system. But micropayments suck in all sorts of ways. I won't go into why because that's another (lengthy) post.

Advertising, however, has long proven to be the ideal way to fund large-scale mass media infrastructure. It made inexpensive newspapers possible, and then paid for free radio and television broadcasts, paying for armies of reporters and tens of thousands of local radio and TV broadcast stations. It works even better in the case of the web. It scales beautifully with the size of the audience, adds no friction to cross-site links and enables the economic creation and distribution of all sorts of mass-market content and services. Further, on the web it's possible to do targeted advertising, which increases the revenue potential and therefore decreases the amount of advertising necessary to fund the web (if you think there's a lot of advertising on the web now, be glad you're not seeing what it would look like without targeting).

Advertising also sucks. It gets in the way of the content that users are actually seeking. Advertisers devise and implement various tricks to make their ads more prominent than others, and more prominent than the content it's bookending. On TV, for example, ads are louder than most programs. Users develop schemes to avoid having to see the unwanted advertising content, and advertisers find ways to thwart these schemes. On the web, it's potentially even worse because of the possibility of malware getting inserted into advertising channels. And targeted advertising creates privacy concerns.

BUT the servers have to be funded somehow, and the old web model of donated equipment and bandwidth simply can't serve the entire population. And while advertising sucks, it sucks much less than the other alternative funding mechanisms.

So, advertising is inevitable. And given that there's a big money hose, it's then inevitable that the rich and powerful will be looking to find ways to siphon some of that money off for themselves. But that's an effect, not the cause, of advertising on the web.

Fuck off, Forbes

[blind+biker]

I've rarely seen a website so encumbered with shit, like Forbes'. Not only should one not stop using ad-blockers when visiting them, one should simply never visit Forbes at all. Add it to the list of blocked sites.

Re:Fuck off, Forbes

Maybe the Forbes site has been hacked and they don't know about it yet.
Or ... Maybe Forbes is now in cahoots with an international criminal gang and just not willing to admit it.
Who the eff knows. I certainly don't.

P.S.
I use an ad blocker and never turn it off. I don't even get the request to turn it off.

Re:Fuck off, Forbes

[MikeKD]

I just figured he was referring to the writing in Forbes

Re:Fuck off, Forbes

[Darinbob]

The most ridiculous ones are showing up on youtube. I have twice seen non-skippable ads show before videos tha are movie previews. As in, have to watch the ads before you can see the ads.

Re:Fuck off, Forbes

[Silly22]

Not only is Forbes.com encumbered with shit, it's the most likely website to crash/freeze my PC. I use Chrome and on more than one occasion, their linkbait titles have caused me much grief.

Re:And that's why...

[Deadstick]

because it's a big and trusted name

And trying hard to rectify that...

Culpable?

[ramriot]

I wonder if them asking you to turn off your adblocker and then serving you malware (an acknowledged reason people use adblockers to avoid) makes them at least partly culpable for any resulting infection?

If not then next time I see one of these notices I will drop them an email with my Terms Of Servicing for them to agree too before I disable my malware protector (adblocker).

I don't turn off Ad Block

[movdqa]

I am considering setting up a disposable Linux VM for reading sites that won't show you content with AdBlock on. But there's no content worth risking your machine. And there are multiple sites for news articles - Forbes isn't unique - and their articles are sometimes quite poor.

Re:I don't turn off Ad Block

[AHuxley]

Yes soon this might be the only way. A VPN setup that can fail and will not revert to the ISP IP and a Linux VM.

Slashdot

[jeremyp]

Adblock plus is telling me it's blocked 13 ads on this page and that's with the excellent karma opt-out.

Re:Slashdot

193 huh? Sounds like you picked up some kind of malware which injects ads into websites. Perhaps you picked it up at Forbes?

Re: Slashdot

[Z00L00K]

Or the ISP injects them into the stream.

And guess where the very next /. story links to?

[wernst]

And it was with no sense of irony that I report the very next Slashdot story, about the North Korean Nuke, links to Forbes' story that asks me to what? Disable my Ad Blocker.

Perhaps one thing sites like Slashdot can do about websites that encourage people to disable their adblockers is to not link to them? Maybe?

Hahahahahaha

[cfalcon]

Now stop linking to Forbes, slashdot. Archive.is if you need to. That website has been a steaming pile of shit since they started demanding what you think and see, of course they think nothing of demanding what your computer processes and does. They are tyrants, STOP LINKING FORBES

Try uBlock

[Rip!ey]

uBlock doesn't appear to be affected on Forbes. Read articles, see no ads.

Re:Try uBlock

[cfalcon]

> People who scream that they should be able to use ad blockers because they don't want to see ads sound like self-entitled jerks.

I don't give a fuck what name you call me, I'm not watching your fucking ads. Go to hell.

Re:Try uBlock

[epyT-R]

No one is obligated to prop up your artificial scarcity dependent business model. Your rights end where others' systems begin. If you don't like it, put your site behind a paywall and find out what it's really worth to most people.

They Made Mozilla Their Bitch For a Reason

[Kunedog]

Note that browser makers Google, Microsoft, and Apple have continually pushed for DRM to become part of web standards.

And that they obtained considerable financial influence over the browser maker thought most likely to resist (Mozilla).

And that Mozilla gave in on DRM and continues to make inexpicable blunders and lose market share.

After such a relentless campaign to ensure all available browsers contain DRM, I wouldn't be at all surprised to see DRM used to protect ads, particularly in video. Stopping you from reading/recording a video stream necessarily stops you from altering it.

Damn, am I ever so happy (as always) that the proven tech leader was ousted as Mozilla's CEO in favor of the former head of marketing.

Re:They Made Mozilla Their Bitch For a Reason

[aix+tom]

Funny anecdote:

One site I frequent now and then shows short ads before the clips (with a timer how long the ad takes). So I usually open the tab, look how long it takes, then go on to another tab to do something else in the meantime. Works great. Only ONE time I got back to the page, see the last few seconds of the add, think "this looks interesting, what was that?" Of course they not only restricted fast forward during the ad, they also restricted rewind. So they themselves prevented me from watching the ad. Well. Serves them right. ;-)

Re:They Made Mozilla Their Bitch For a Reason

[mysidia]

Stopping you from reading/recording a video stream necessarily stops you from altering it.

Except the content providers WANT to alter it in real-time, in order to change out their ads, and taylor them to specific viewers, and gather tracking statistics.

If they would just include the AD in the actual video content, instead of making it a separate object: then the Ad-Blocking software would be a non-issue, as the software wouldn't be able to filter out content from the video stream due to the enormous amount of processing that would take.

Re:They Made Mozilla Their Bitch For a Reason

[mridoni]

The faggots, of course, think it was all about "homophobia".

I wonder how they got that idea.

Re:They Made Mozilla Their Bitch For a Reason

[vel-ex-tech]

Ok, mi, we're going to need some big [citation needed] there.

No, seriously, I can totally get into a good conspiracy theory. Personally I only cared because they were talking about browser-served ads. Well, then Firefox started seriously sucking dicks, and I really had no reason to go back. I mean like causing my gaming rig's fans to spin all the way up visiting simple sites like the red site!

I'll be out back smoking a faggot.

No, seriously. Ok, not being sarcastic. It's true! I really want to believe!

That's how fucked up the world is today. Truth be told, it was pretty fucking strange how it all happened. *lights up*

Re:They Made Mozilla Their Bitch For a Reason

[vel-ex-tech]

No, ok, I looked on Breitbart even. I can't find evidence of Eich objecting to DRM being the cause of his internet lynch mob target status.

Why did you even link to Advocate?

Eh, there's probably too much blood in my alcohol stream at the moment. I still think Eich's outsting was weird, but I do like my conspiracy theories to have some semblance of truth. Just a teensy bit, at least.

Here, have an American Spirit black. It's a damned good fag.

Re:They Made Mozilla Their Bitch For a Reason

[mi]

Ok, mi, we're going to need some big there. [...] No, seriously, I can totally get into a good conspiracy theory.

Well, look at the timeline:

• For over a year since W3C accepted DRM as part of HTML in February 2013, Mozilla resisted
• Brandon Eich, a Mozilla veteran, inventor of JavaScript, is ousted on April 3, 2014 on trumped-up "charges" of being "anti-gay".
• The new CEO, picked on April 14, is not a techie, but a marketing specialist
• In May 2014 Mozilla gives in

This makes for a much better conspiracy theory than most and would've warranted a Pulitzer-winning journalistic investigation, don't ya think? Was it really Mr. Eich's donation — made privately and in personal capacity — to a group opposing to "gay marriage", that ended his appointment?

Re:They Made Mozilla Their Bitch For a Reason

[retchdog]

yeah, they don't really care about whether you watch the ad. they care about convincing the person hiring them that they're making a "good effort" to show the ad and that their viewership statistics are at least approximately correct.

so why disable rewind? because there are people (and semi-organized companies) who will intentionally re-watch ads, both manually and automatically, to inflate the view counts. disabling rewind doesn't do a whole lot about this, but some clueless manager will check it off on their list. the online ad industry is a total fucking joke, and a great example of how capitalism can also build Potemkin villages when the margins of return are slim and market information is sparse.

Re:They Made Mozilla Their Bitch For a Reason

[mi]

Me too. Mr. Eich was never observed expressing a fear of homosexuals, nor even any disapproval of them.

Yes, it is a very common trick to conflate opposition to gay marriage with such disapproval and even fear, but we are on /., so we wouldn't be partaking of such a fallacy, would we?

Moreover, when we catch somebody doing so elsewhere, we might be tempted to call them some derogatory names, would we not?

Re:They Made Mozilla Their Bitch For a Reason

[Intron]

Wikipedia says: "Critics of Eich within Mozilla tweeted to gay activists..." So were they pro gay marriage critics or pro DRM critics? It's an interesting question.

Re:They Made Mozilla Their Bitch For a Reason

[Zero__Kelvin]

He can express homophopia without the logical conclusion being that his homophobia was the motivation.

Re:They Made Mozilla Their Bitch For a Reason

[SirLordGodfrey]

Even if he is homophobic, as long as he doesn't let that influence any of his hiring processes (how would he know someone was gay anyway? maybe if they were ultra stereotypical gay men/women..) or (most likely he did this) delegated such duties to others without a similar fear...

Who cares? He donated HIS OWN money to something to prevent gay marriage, NOT MOZILLA'S money.

I mean shit, they basically forced him to resign because they didn't like his views on the matter (since NONE OF MOZILLA'S money was used).

I myself am firmly for marriage between any two consenting adults, and as far as anyone's concerned what two consenting adults do with each other is nobody's business anyway.

Re:They Made Mozilla Their Bitch For a Reason

[Zero__Kelvin]

It seems we are in complete agreement. I think the funniest thing about homophobia is the ridiculous belief that gay men want to sleep with all men. Most of the homophobes have nothing to worry about, especially the typical slashdot reader. They are worried that a man will want them, when nobody male or female would be interested.

Article author is activelt responding

[l0n3s0m3phr34k]

So I'm waiting for his comments to mine..."Forbes has ZERO right to complain about this! They've already been shown very recently to have advertisers that are serving up malware using pop-unders. So if Forbes can't get their act together and actually do proper due diligence, their response is instead "turn off your protection"? Pretty lame, and this policy is actually really poor for a "business magazine" to do. Luckily there are plugins for stopping the adblock checks...Forbes "right to profit" is not greater than my need to protect myself.".

Re: Article author is activelt responding

[Z00L00K]

It's like a whore that only do business with customers without a condom.

Re: Article author is activelt responding

[l0n3s0m3phr34k]

I actually tried posting something just like that, but Forbes just said "Please reload the page and try posting again." I just checked the article again, and my post has been removed. Seems like Lewis DVorkin (the author) is getting some serious feedback from many other readers already...so even though I've been "censored" I think he's getting the message anyway.

Your content is not worth it.

[amberdalan]

Whenever I encounter a page that requires me to turn off adblock: I close the site.

Re:Your content is not worth it.

[cfalcon]

Closing the site is fine, but it would be better to simply read their content. The technical workarounds should get easier as sites fight this losing battle- they'll invest more and more into garbage that can be fixed easily on clientside.

But just leaving the shitsites alone is also fine.

Re:Your content is not worth it.

[tepples]

So what do you do when a web search returns four results in a row that require you to turn off your blocker? Having to close a bunch of sites in a row makes searching the web more tedious.

Re:Your content is not worth it.

[epine]

It shouldn't be a difficult matter for some one or two to author a Google AdBlock-Block Filter plug-in that removes search results that you can't (by choice and sanity) actually view, once enough demand exists.

I'm entirely in favour of this demand existing.

Re:Your content is not worth it.

[amberdalan]

First: My search-fu is strong.
Second: Its actually quite the time saver as in, "meh, maybe I should get back to work."
Third: Chain of trust. When a site insists that you not continue without disabling your security, they insist that you trust them, and everyone they have decided to trust, and everyone they have decided to trust.

In the day and the age of the drive-by download, I've been burned. I've been tricked. I paid that price in time, and data loss. Websites I completely trusted had compromised advertising. It led to a hard rule. Always use protection.

My protection has a pretty large hole that ANY website could happily display all the ad content they wanted to me. Any content they directly host, (and therefore, take responsibility for) is allowed through. This gaping wound of security is covered by other software precautions in-case they get hacked... ('cause that never happens)

Re:Your content is not worth it.

[bearvarine]

This is the most appropriate and ethical response. Vote with your feet and close the site. They WILL get the message.

Stop linking to Forbes

[cfalcon]

I went ahead and went to the Forbes site (which it says I'm "still" using an adblocker, in the same sense that I'm "still" a carbon based life form), and then I went and grabbed one of the scripts that they serve on the main page in lieu of fucking content.

Here's a link: I originally put a TINY amount of it here, but it was SO shitty than even after cutting it down it would just ruin you.
view-source:http://i.forbesimg.com/welcomead/scripts/12662fd2.vendor.js

Just go read that script. It might make you cry.

blah blah blah just megabytes of this shitscript to push through an article that maxes out at a kilobyte. It's fucking ludicrous.

And that's without all the ads (which are meant to own your head, and of course maliciously own your computer, and DO YOU THINK THEY ARE LIABLE FOR SERVING ADS THAT TURN YOUR MACHINE INTO A RUSSIAN SERVER?)

Stop. Linking. Forbes.

It's a pile of shit website. If you must, EACH link should go through archive/is or some other service to neuter the malware and bullshit. Stop enabling these fucks. If you need to serve megabytes of malware and bullshit just to put text on the screen, drink bleach kthx

Re:Stop linking to Forbes

[MrKaos]

This.

The way ads are shoved down your throat by a bunch of marketing clods shows that they just don't understand the net as anything more than a delivery mechanism. Perhaps this is the advertising industries re-imagining of cheap TV advertising for the Internet? The early days of the net was always about delivering more specific information and that your capability to share that information on the subject dictated authority that was worthy of my hard earned money.

I try to not allow advertising to reach me mostly because I don't have time for it. I don't watch TV or listen to commercial radio so the only advertising that really reaches me is from the net or accidentally encountered. Forbes is not a site I choose to visit, essentially because it holds little interest so in one respect, their campaign has backfired. I've certainly learned a lot more about ad-blocking techniques than I did before by veiwing this at -1 and 0. Would it be possible to see more upmodding of these please moderators?

Latley though the decision about avoiding advertising has been more about protecting my mental health. I don't know if there is any science behind it's long term consequences on people in comparison to the amount of money poured into making advertising effective. To me the messages are so 'in-my-face' toxic that I turn away, mute or do anything not to be exposed to it. One of my friends won't let his kids be exposed to it anymore.

I hope that people one day realise that the void in their life is caused by exposure to the advertising that promises to fill that void.

Re:Stop linking to Forbes

[aix+tom]

Of course not. Just like the peasants have been made liable for looking at the lord in the wrong way, the lord has never been made liable for screwing the peasants daughter.

Re: Stop linking to Forbes

[Z00L00K]

Which lord? There are many in the house of lords.

Fuck Forbes

[jason8]

Fuck Forbes, they supported SCO back in the mid-00s and portrayed Linux users and supporters as a bunch of communists. Forbes gets filtered by my mental adblock way before it gets loaded by my browser.

Which exploit?

[Wootery]

Is it known how the exploit worked?

Did it depend on Flash, or on a specific browser and OS?

Re:Which exploit?

[cfalcon]

The exploit is social engineering. First they shame you into turning off your adblocker ("You're STILL using an adblocker, please enjoy our ad-light experience!"), and then, once you are fooled, they shove the malware in.

As to which exact drive by download exploit the malware used- who cares? They will never be fixed, scripts are fundamentally broken.

Spell Check Is Your Friend

[JustAnotherOldGuy]

"Forbes Asks Redears To Disable Adblock..."

(sigh)

Oh wait, is "Redears" the name of some guy that uses Adblock?

Re: Spell Check Is Your Friend

[bestweasel]

Yes and he's embarrassed about it. Don't make it worse.

The solution is cookie editing

[cfalcon]

Reddit has a solution that is reasonably easy to google:
https://www.reddit.com/r/Adblo...

These instructions are for Chrome. The only thing you need (besides an adlbocker!) is a cookie editor that can import JSON. For Chrome, EditThisCookie works.

Here's the cookies:

[ { "domain": ".forbes.com", "hostOnly": false, "httpOnly": false, "name": "dailyWelcomeCookie", "path": "/", "secure": false, "session": false, "storeId": "0", "value": "true", "id": 3 }, { "domain": ".forbes.com", "hostOnly": false, "httpOnly": false, "name": "welcomeAd", "path": "/", "secure": false, "session": true, "storeId": "0", "value": "true", "id": 9 } ]

I tested this with Chrome and uBlock Origin. I'm willing to bet it works with adblock (based on the URL) and likely hosts based solutions as well.
For Firefox, you just need to be able to edit the cookies with either the above string or a similar one. I couldn't (in about 2 minutes) find the interface for Edit Cookies+, but if you can find it, it should work.

When Forbes dicks around with their shit again in a month, to reduce functionality further, rest assured that there will be this as a solution, or a tamper/grease/violent monkey script, or whatever. They'll never win. But they will gladly load up the machines of any less technical users with malware, just as often as they can, given that the law seems to allow it. Somehow.

Re:The solution is cookie editing

[cfalcon]

By the way, if anyone wants to throw in a link to a working cookie editor in Firefox that would be pretty sweet. "Edit Cookies" looks abandoned and useless, and "Cookie Manager+" (I merged the names in my OP) seems hard to use- it's supposed to be like, hamburger -> wrench -> Manage Cookies, but it's not there for me.

Re:The solution is cookie editing

[bjs555]

CCleaner provides a cookie editor under Options, Cookies. At the screen that opens you can right click a listed cookie and then click Delete now. Is that what you had in mind?

Re:The solution is cookie editing

[cfalcon]

Most adblock detection works by trying to download hostile content, and then checking to see if it downloaded. Then it stops the rest of the page from loading if you are running a properly secured system. In Forbes case, the workaround is to save cookies that make Forbes think you are running a standard issue garbage install, and then it works normally.

Hosts and the current generation of adblockers are BOTH vulnerable to this attack, because they check to see if the hostile payload is present. The cookies workaround SHOULD work with a hosts solution too... but long term, you will need an adblocker that pretends to (or actually DOES) grab the hostile payload, but never executes or renders it in any way. Essentially, the sandbox that the scripts are running in needs to become much tighter, such that there's a decoupling of what is DISPLAYED (what YOU need to see, which never ever includes an ad) and what the script THINKS is displayed (which is whatever payload it's trying to drop). The risk here is that *scripting always sucks*, so they will probably be able to still get a lot of drive by crap even through that.

Re:The solution is cookie editing

[cfalcon]

That's good to know, but not what I meant. No, the fix to the Forbes issue requires you to import the cookies with values as listed. The list in question is valid as JSON, but really anything that sets it would work. It's not about clearing cookies in this case, it's about setting them to specific values. In Chrome, "Edit This Cookie" does this just fine. Whenever people are like "how do I $THING", I normally try to answer for Firefox and Chrome if I can, and I couldn't get a cookie editor to work in Firefox.

Offtopic also- how good at cleaning cookies is CCleaner? Like, does it get cookies from Chromium, Opera, Palemoon? Is there a list? I know it's a Windows only guy, but how well does it nuke cookies?

Re:The solution is cookie editing

[bjs555]

Oh, I see. You want to modify the cookie not just delete it. I'm running Firefox. I can see a cookies.sqlite file in %APPDATA%\Mozilla\Firefox\Profiles\. Perhaps an sqlite editor like the one at http://sqlitebrowser.org/ would allow you to edit values. Sorry, I'm not very familiar with sqlite files.

There's no way that would hold up

[rsilvergun]

in court. Again, it's a bad law, but it's not a "Do any evil thing you want" law. If a company dumps toxic waste they don't get to say "You can't complain, the DMCA says so!". Now, the law _has_ been abused to silence critics. But again, completely different from what you or the Grandparent are suggesting.

Re:There's no way that would hold up

[Opportunist]

I would never claim that something can't work in court when it comes to copyright. Judges understand so little about the technical side or the implications of their verdicts that a crafty lawyer could easily spin it enough to turn black into white.

It's copyright we're talking about after all. And there's no sense and logic in laws concerning sex, drugs and copyright.

Re:There's no way that would hold up

[Intron]

Indeed, and if you have enough cash you can argue your case in court for a year or two and win. If you don't die of a stress induced illness before then obviously.

Don't be ridiculous; you can't win. If it looked like you had a chance of winning, the company would settle but require you to sign an agreement not to reveal the results. Just because a law is bad doesn't mean it can't still be used.

Not a problem for me...?

[JustAnotherOldGuy]

I'm using Adblock and I can all the articles on Forbes without any problem. (??)

Easy fix

[eyepeepackets]

My response when I first ran into this a couple of weeks ago: "Fuck you Forbes. Bye."

There is nothing on their site that can't be had elsewhere, there is nothing special about them at all.

If it is true that they really are serving up malware, then perhaps the resulting lawsuits and bad reputation will take them down.

Re:Easy fix

[cfalcon]

No, it's a shell game. They'll never get caught.

See, Forbes says "Oh, we send all the advertisements to these third party networks, of which ONE was bad. We're following best practices, can't sue us!"
Then you find the network that served the shit ads, and they have some excuse about a contractor. "We're following best practices, can't sue us!"
The contractor has an excuse, if you can even find him, if he's even a person instead of some bot-generated identity. Can't sue what doesn't legally exist!

This is why ads (and really scripts) are such a bad idea. Forbes is a huge company, and they can turn your machine into a russian kiddy porn server, and face no legal repercussions. Without the force of the law to fall on them, they'll simply do whatever they can get away with- which is everything.

Re:Hosts files do a better job for less

[cfalcon]

For Forbes you'll need a cookie editor. I tested it with uBlock origin, but I suspect it will work fine with hosts solutions, including APK's. The two weaknesses of APK's host engines are: a hosts solution currently has reasonably easy workarounds if an advertiser wants to fight (and they do- advertisers are just like spammers, and they deleted usenet and almost ruined email), and I'm pretty sure the Host Engine is not multiplatform.

I could be wrong about the second one, and the first one isn't *really* a weakness compared to today's reasonably simple adblockers. Other complaints, such as search depth being a problem, are somewhat valid, but are also subject to being fixed at the OS level.

Anyway, if someone using the host engine wants to test the cookie fix (I found it on https://www.reddit.com/r/Adblo... and put the cookie values later in this thread), that would probably be useful for the other users of that.

https://en.wikipedia.org/wiki/Red_deer

[dillee1]

https://en.wikipedia.org/wiki/...

Donation-supported public benefit corp

[tepples]

And the elsewhere site is going to somehow support itself without any revenue from ads? How?

By being a public benefit corporation and accepting donations from its readers. One example of a public benefit corporation is SoylentNews, and that's where a lot of us will end up should Slashdice go full betard or put up anti-adblock measures.

Prove you're not inflating view/click counts

[tepples]

Say you run a site that serves ads on your own domain. Now someone wants to advertise on your site but wants accurate reach metrics. How are you going to convince an advertiser that you are providing view counts and click counts that aren't inflated?

Re:Prove you're not inflating view/click counts

[DogDude]

How does anybody prove that xxx number of people heard some radio station? Or watch some TV show?

Re:Prove you're not inflating view/click counts

[tepples]

Advertisers choose the Internet over radio and TV in part because the Internet gives more detailed reach statistics than radio and TV.

Re:Prove you're not inflating view/click counts

[iTrawl]

Squid Ad reverse proxy. Have your advertising network put a load balancing proxy in front of you to serve the /ad routes. Ad blocking should also get interesting then. I used /ad as an example, but I assume "random uuid that selects either an ad or a legit website resource" would be more effective as nobody would be able to tell what's an ad and what's a picture of a cat stealing your passwords.

Re:Prove you're not inflating view/click counts

[Lumpy]

You are HILARIOUS.

Advertisers choose internet over TV and Radio because of only one reason, INTERNET ADS ARE INSANELY CHEAP.

There is no other reason.

Re:Prove you're not inflating view/click counts

[tepples]

It becomes your problem when the majority of sites on a search result page start demanding a monthly subscription. You click the back button and the second result, and it too demands a monthly subscription. Likewise with the third. How many paywalls are you going to bounce off before you give up on using the web?

Primed? Likely?

[retchdog]

Interesting claims. Visitors were "immediately served with pop-under malware", although there is only one citation given, which is a link to a picture (presumably a screenshot) on @bbaskin's private Twitter account, which can only be seen by a "confirmed follower". Uh, okay. Nonetheless, this malware was "primed" to infect their computers and "likely" to do a lot of horrible stuff. Having run out of conjectures (let alone facts) about Forbes by the third paragraph, the rest of the article is padded out by a list of past incidents involving DailyMotion and MSN, followed by some bloviating which even Bennett Haselton might be ashamed of.

I'm totally sure that this isn't just attention-whoring from a litigious sex columnist who, after publishing The Adventurous Couple's Guide to Strap-On Sex and her second edition of The Ultimate Guide to Cunnilingus, apparently ran out of ideas and re-styled herself a computer security journalist.

Yes, I know malware is served through advertising, but this article is about a specific claim of Forbes being used as an injection vector with literally nothing backing it up. Also, let me note that there's nothing wrong with being a sex columnist. I just don't think that automatically means you should write about computer security.

Re:Primed? Likely?

[cfalcon]

It *might* be a hatchet job. But remember, malicious code is not written by script kiddies- it frequently tries to detect what it is running on, and ONLY sends the payload if it passes a whole bunch of checks. It wants to put off landing on the desk of a security researcher as long as possible. So someone being lucky enough to find the malware, but being unable to repro, is not exactly uncommon these days.

Maybe we should stop downloading and running code when we want to read a news article?

Re:Primed? Likely?

[retchdog]

I'm not saying that it is a hatchet job. I'm saying that the article literally says nothing, except maybe if you're a follower of @bbaskin. I wouldn't know, since I am not.

Maybe we should stop reading shrill fact-free articles which somehow make it to slashdot.

Re:Primed? Likely?

[Rurik]

The account was made private, temporarily, to try and reduce the spread of the tweet due to that article. It didn't work as the text was still visible on news articles, and because people couldn't then see the actual updates. So, the account was made public again.

Re:Primed? Likely?

[Rurik]

FYI, bbaskin here. The article ran with my initial tweet but did nothing to ask me for more, or read additional tweets where I gave more details. I've made comments there, and other places (even here), with more details but all were downvoted. The account was protected to try and slow its spread, but that didn't work, so it's public again. And people can read the additional details, but none will.

Re:Primed? Likely?

[retchdog]

article ran with my initial tweet but did nothing to ask me for more

hard-hitting journalism in the twitter age.

Txn fees too high for pay per page

[tepples]

A paywall could be practical if it were possible to pay per page. But right now it's not because the credit card networks charge a swipe fee far too large for that to be practical. Even Bitcoin imposes a transaction fee of 0.0001 BTC (about 4.5 cents) payable to the miner who verifies your block.

Re: Txn fees too high for pay per page

[Z00L00K]

You can have a paywall with a monthly fee or pay once per year as a normal dead tree subscription do.

Re:Txn fees too high for pay per page

[epyT-R]

That may be, but that doesn't justify the expectation that people leave their systems vulnerable just to prop up the existing model.

Re:Txn fees too high for pay per page

[tepples]

Would this tab be within a site or across sites? Each has its own practical problems, and once you clarify, I'll do my best to explain these problems.

Re:Hosts files do a better job for less

[tepples]

To block Forbes crap from resolving, add these lines to your hosts file:

0.0.0.0 www.forbes.com
0.0.0.0 forbes.com

What isn't broken?

[tepples]

scripts are fundamentally broken.

Then what means of deploying an application across platforms isn't fundamentally broken? Or should anyone who makes an app expect to have to make it six times, once for each platform (Windows, OS X, GNU/Linux, Android, iOS, and Windows Phone)?

Re:What isn't broken?

[cfalcon]

> Then what means of deploying an application across platforms isn't fundamentally broken?

The part where you deploy an application. That part is broken.

Did you follow the link to your spreadsheet? Or was it to a news article? There's an application you have for "display a news article". It's a browser running HTML with no scripting enabled. That displays text just fine- it's the only fucking purpose.

The reason scripts are FUNDAMENTALLY broken is that they are code. The fact that they are code that is treated by browsers as if they are just part of the browsing experience is ludicrous. If you want to use like Google Docs, that's a pretty good time to need code, so if you click through some script-enable dialogs, or honestly even a UAC in Windows for that, that could be reasonable. If the majority of browsers in the world just download and execute code, you are asking for exactly the security shitstorm we constantly and ceaselessly see. Running javascript is AS RISKY as running raw opcodes, because at any given day since Javascript's release, there's been multiple exploits to turn the javascript straight into those opcodes. The fact that the world is full of fools who think you need a webapp to display a news story is hideous.

Re:What isn't broken?

[tepples]

There's an application you have for "display a news article". It's a browser running HTML with no scripting enabled.

Without scripting, how does the user navigate through a photo gallery attached to a news article? Or did you mean reload the entire page when the user follows the "Next Photo" or "Previous Photo" link?

Re:What isn't broken?

[cfalcon]

Without lava running along the floor, how does the home owner rapidly burn off unwanted feet? Or did you mean he has to carry a blowtorch with him any time he wants to melt his own feet?

Re:What isn't broken?

[tepples]

In this analogy, how would you avoid the existence of lava in the first place?

Re:What isn't broken?

[bingoUV]

What if the user opens the images in different tabs?

Re:What isn't broken?

[Ken+D]

It's this amazing piece of technology... It's called a scrollbar. Since many pages load all the images into memory anyway, why force me to click and click and only let me look through a peep hole at one image at a time? I hate photo galleries. In general they are not necessary. You have thousands of images that you need to actually navigate in? Then you need a solution. You want to show me 32 images? Just show them to me damn it.

Re:What isn't broken?

[Cederic]

What, you mean the way the web was working perfectly well a dozen years ago?

Re:What isn't broken?

[Wootery]

Agreed. There's very little actual merit to this sort of fancy JavaScript nonsense.

I accidentally the whole article

[tepples]

I'm using Adblock and I can all the articles on Forbes without any problem. (??)

I too "can" all the articles on Forbes. I put them in the can, the trash can.

0.0.0.0 www.forbes.com

Moychandising

[tepples]

As in, have to watch the ads before you can see the ads.

That's nothing. The trailers before The Force Awakens are also ads before ads. Like Transformers and The Wizard, it's a two hour toy commercial.

Re:Some things exaggerated

[cfalcon]

> his is an advertisement network issue.

So they hired a hitman. Who cares who they contracted out their illegal deeds to?

Bifurcation of WWW: pimped and free

[tanstaaf1]

I hypothesize we are at the beginning of a bifurcation of the WWW. Websites are going to have to decide how many potential users they are prepared to forego to try and force compliance. Users are going to have to decide how many websites they are prepared to forego in order to respect themselves, their time, their privacy, and their personal security.. Especially on my smartphone I had already gotten to the point where the pain of dealing with all the crap popups was discouraging me from using web (as opposed to the internet) at all. So the availability of solid ad-blocking was finally enough to induce me to upgrade to an Apple 6S. Now I'm noticing that a lot of websites, including slashdot, don't load at all. How do I feel about that? Well, it would have been nice to be able to visit slashdot from my mobile but, frankly, I'm already writing it off. There are plenty enough other sites on the web and I expect I will eventually reconcile fully to not going to certain sites -- just as I avoid porn sites. The toughest thing? it would nice to have a browser that didn't even waste my time taking me to sites which were going to block access. Hopefully that will come out as a feature in new ad-blocking software. All in all, I have to say the fresh air from not having to deal with the endless shit thrown up by the 'advertisers' (pimps) is more than worth the price of admission...er, being denied admission! :-) This is something everyone is going to have decide on their own. And I guess, from time to time, I may be tempted to drop my shields so I can let a site molest me in return for letting me see their "content". But probably not very often and maybe not at all. Fuck Forbes, along with the Times, etc. If 3/4 of the websites disappear from my web I think I will be just fine with that in the longer run. All the browsing was giving me ADHD anyway. Why can't websites just put up static ads instead of all this privacy-invading, abusive advertising? Yeah, I'm sure they will say there isn't enough money in that. But if enough people refuse to go along with the compliance training, I expect they will rethink that. If nothing else, websites which don't block me and put up static ads know a little about me just on the basis of my voting with my feet. That ought to be some sort of a differentiation. Eventually, I expect the differentiation will be between low class people (who allow themselves to be abused in return for candy) and those of higher class who actually think longer term and respect themselves a little more. We'll see. I don't expect it to take that long, really.

Way out of control. Far worse than people say.

[Futurepower(R)]

My experience is that most ads are abusive in some way. I use these add-ons in Firefox: uBlock Origin ad blocking, NoScript, and Ghostery.

It amazes me that, when I go to the Ally Bank web site to see my accounts summary at the following URL, Ghostery says "Ghostery found 8 trackers":
https://securebanking.ally.com/#/accounts/summary

The Ally Bank URL contains the words "secure banking"!

Here are the trackers:
Advertising.com
Google DoubleClick Floodlight
Google DoubleClick Spotlight
Google Dynamic Remarketing
MediaMath Advertising
Omniture (Adobe Analytics)
Qualtrics
RUN (https://match.rundsp.com/)

There is nothing "secure" about notifying other companies that I am looking at a summary of my bank accounts!

Re:Way out of control. Far worse than people say.

[hene]

I also liked those add-ons before. Since NoScript has become PITA to use I switched to uMatrix. I picked it up from similar conversation here in slashdot. You might like it too.

Re:Way out of control. Far worse than people say.

[KGIII]

Heh... One of my faves - I've been using it for quite a while. (It was on Opera before it made it to Firefox.) There's also an HTTP Switchboard that's a bit of work but great after you put the work in. I just use uMatrix and uBlock most of the time. The author is the same for all three. Oddly, he doesn't seem to accept donations.

At any rate - you can backup (export) your settings. I make it a point to do so because I use more than one computer and it's nice to have a basic rule-set that works for the vast majority of places. If you're not doing so then you might want to. Although, before I did that, I actually got pretty good at visiting a few sites (right after install) and setting the permissions at my most frequently used sites.

It is whitelisting and it does take some time. But, once you've done it - it's done, as long as you keep a regular backup. It does take some time but, in my opinion, it is time well spent. It's not entirely unusual to see a site with a couple hundred of disparate things being loaded - from all across the 'net. I've kind of figured out what I need to do but I still have to tweak and poke. I sometimes do it for sites that I was only going to visit once but I almost always make my changes a few at a time and then refresh to see if it's working. After a while, you get pretty good at figuring it out.

They're too personal and everyone will have different needs but, really, I think it'd be interesting to have a repository that housed an oft-updated exported rule set to make things easier. A quick check indicates that I've got about 35 pages worth of rules.

Why cant the browser run as its own user id?

[Marrow]

Can we enumerate the reasons why the the browser needs to run with the same user ID as the person that owns files?

I can think of one: access to local files for upload or download. But it seems like there could be a mechanism to hand off files to and from the browser that doesn't give it direct access. Some IPC mechanism or a filesystem-based dmz.

At this point, I really do not understand why the industry is not moving to make the browser an untrusted entity on the computer. Taking away its ability to access files, navigate the filesystem, or run programs.

Re:Why cant the browser run as its own user id?

[Bite+The+Pillow]

Because fuck you, also stupid users. And too many prompts and going to click yes anyway.

Have you met people? You're smarter than most of them. You can read. I assume, because you posted marginally on topic.

Extra clicks to view my bank account, or my spank account, and you lost me. Imma disable this extra click shit.

IOW because users.

Re:Why cant the browser run as its own user id?

I use ChromeOS for web, and Debian within Crouton for my own stuff. So in a sense, I do exactly that already.

Re:Why cant the browser run as its own user id?

[cfalcon]

One thing I've always wondered about was the choice to run everything at ring 3 or ring 0. There's probably a reason I don't understand, but the original intention was a hierarchy. If user stuff was commonly at ring 2 or whatever, then you could have less trusted crap like network drama at ring 3. Maybe someone will post the reason, I dunno.

The bigger thing is, the industry IS moving in this direction. SE Linux in particular offers a pretty good solution here.

I think the core problem is often that there's just so goddamned many vectors available thanks to how overly robust and powerful the scripting is.

No, we really do run adblock to defeat malware

[Marrow]

Your claim that you never had a problem could end tonight, tomorrow, or the day after. Then what? Are you going to apologize to everyone for failing to understand the problem and telling them it was safe. Esp when professional security researchers are telling you its NOT safe?

The www is a infinite bag of untrusted/untrustworthy data that your your flawed browser sifts through. Its was already a disaster waiting to happen. The problem is, the disaster has become automated, financed, and profitable.

Bad slashdot

[clintp]

Yes, and slashdot linked directly to Forbes earlier today. The warning looked suspicious, so I didn't fall for it.

Re:I don't run adblock and never had an issue

[duke_cheetah2003]

Yes, anything is possible, just as it is possible the sun will super nova tomorrow and destroy the earth... or the planet will get hit by an untracked meteor; or how about the nemesis theory?

This is a prime example of someone who gets their computer taken over by a botnet.. doesn't care, don't even look. Just merrily goes about their life oblivious while their computer is used for nefarious purposes, like serving malware to other idiots.

Re: Hosts files do a better job for less

[Z00L00K]

The catch is that you need to maintain the list for each computer. A DNS blocking may be a bit more effective, but in some cases there are sites that should only be partially blocked and then a DNS block won't be feasible.

Re: I don't run adblock and never had an issue

[Z00L00K]

You haven't had a problem that you know of because you are oblivious and don't realize that your computer is now serving spam to others.

Having to subscribe to 10 different sites

[tepples]

Next to nobody is willing to pay for a whole month just to read one article found through a search engine or through a citation shared by a friend. Imagine having to do this to read one article from each of ten different publications in a month.[1]

[1] "Adblockers say, 'Find a better business model.' But can you really?" posted on 2015-10-12

Re:Having to subscribe to 10 different sites

[Z00L00K]

It's the same as with dead tree magazines - if you don't pay for it then that magazine is dead. And some magazines do die from time to time while new ones are created.

If your brand isn't strong enough you won't survive. If you have the urge to run ads - then you should demand from the ad server to only serve ads that are passive and don't bloat out the content with animations and noise - or serve them yourself.

Re:Having to subscribe to 10 different sites

[bingoUV]

Obviously there are better business models. One example is to butcher goats "properly" and sell Halal meat.

The entire article is idiotic.

About the "side-door" business :

Why is this important? Because if it is increasingly likely that we have no relationship with the sites we visit, it is also increasingly unlikely that we will voluntarily support these sites.

No one is entering through the side door. When you click on http://xyz.com/articles/1/2/3/... , you reach one of the servers serving pages of XYZ.com. This server is the front door - and will remain whether you visit the "home page", or you visit an article directly.

To suggest that websites âoefind another business modelâ is to either ask media to spontaneously devise a heretofore never invented model, or to walk the âoeotherâ well-trodden path of subscriptions

Every industry devised, at least once, a "heretofore never invented model". Nothing unimaginable about it.

Re:Having to subscribe to 10 different sites

[tepples]

When you click on [a web page], you reach one of the servers serving pages of XYZ.com. This server is the front door

So why should someone who wants to enter through a particular business's front door even once have to purchase an entire month's or even a year's worth of leave to enter through that business's front door? Now multiply this by a dozen front doors visited in a single day.

Every industry devised, at least once, a "heretofore never invented model". Nothing unimaginable about it.

What might this model be that you have devised that none other in the industry has?

Re:Having to subscribe to 10 different sites

[bingoUV]

Both your statements are addressing straw men. I didn't say anyone should have to purchase anything from any front door. Nor did I talk about any model that I have devised. BTW I didn't devise the butcher's business model, and I don't earn a penny from it.

Re:Having to subscribe to 10 different sites

[tepples]

I am not 100 percent sure of what you're trying to say, but I get the impression that you're insinuating that operators of web sites whose content isn't compelling enough to be worth a whole month's subscription ought to try becoming butchers instead of operating web sites. Do I understand you correctly?

Re:Having to subscribe to 10 different sites

[bingoUV]

No, I'm saying those who fail to find a viable "ethical" business model cannot claim that business model doesn't exist because clearly millions exist e.g. butcher.

Re:Having to subscribe to 10 different sites

[tepples]

In that case: Butcher is a red herring because while it is a business model, it is not an information publication business model.

Re:Having to subscribe to 10 different sites

[bingoUV]

Read the article you quoted. Its title is not "Adblockers say, 'Find a better information publication business model.' But can you really?"

Re:Having to subscribe to 10 different sites

[tepples]

The statement you wrote about the article's title is true in the literal sense. But I doubt that the intent of the article was to encourage to encourage people to leave the industry of publishing information entirely. Evidence that this was not the intent is the quotation in the lead section: "since the dawn of publishing periodicals there have really been only two business models" (my emphasis). But just to be sure, I will forward your suggestion to leave publishing to the article's comment section for clarification on whether that was the intent of the article.

Re:Having to subscribe to 10 different sites

[bingoUV]

Two points:

1. Having no business model is a legitimate complaint. A person must eat. Having no business model when you have strong reservations about what you are ready to do for a living is not a complaint at all. So not only was it the literate interpretation, but it was the only sensible interpretation for a complaint.

2. The article had many other incorrect/misleading/inapplicable messages which I also pointed out.

From my cold, dead hard drive...

[Chas]

Okay, I DO understand the point that content producers make that it cuts into their revenue. And I DO believe they should be paid for their labors.

But that doesn't mean I'm going to work a second job just to turn the proceeds over to them.

Malvertising is a ubiquitous, ongoing problem. And I'm not exposing any systems I have control over to that. Because the amount of work it takes to clean up from that sort of infection is VERY non-trivial. And if it causes me to lose data on a business machine? Oh HELL no!

Current internet advertising is a dirty, disease-ridden whore, and ad blockers are condoms.

Re:Hosts files do a better job for less

[cm5oom]

Except that the vast majority of major sites use dns lookups to do geolocation cdn and load balancing for performance (both yours and theirs). By hard coding addresses you miss out on that. That's just one of many reason why the internet stopped using host files and switched to dns.

Now you want to take us back to dead trees

[tepples]

It's the same as with dead tree magazines - if you don't pay for it then that magazine is dead.

Which means the majority of articles would be dead to the majority of people, as the majority of people would not have the resources to maintain a subscription to the majority of periodicals, including the effort to obtain back issues. How does it benefit the public to make the majority of articles dead to the majority of people?

Re:Now you want to take us back to dead trees

[Z00L00K]

That's right - articles will be dead to people and the magazine will deserve to die if it's not able to accept that people don't want ads infesting their computers and not able to get a payment model that works. Micropayments - looks nice in theory but are in practice not easy to manage due to too much overhead.

Re: Hosts files do a better job for less

[l0n3s0m3phr34k]

Or you could just stick the blacklist in your firewall...Squidguard+PFSense works rather well!

Editorial echo chamber

[tepples]

One side effect of moving to closed access, where articles are spread out across several publications each with its own monthly or annual subscription, is that it'll become cost prohibitive for an individual to sample the viewpoints of several different publications. This means people will end up sucked into the echo chamber of one single publication's editorial bias.

Re:Editorial echo chamber

[bmo]

This means people will end up sucked into the echo chamber of one single publication's editorial bias.

They don't now?

To say that having to pay for content causes siloing is nonsense in the light of the current system of 'free' echo chambers.

On the subject of ad-blocking itself, I block on the hosts file level and whitelist js per site *because serving up malware with ads has gone on for over a decade* and the advertising 'community' (such as it is) refuses to clean up its act and has thumbed its nose at users ever since the NSF AUP was removed from the 'net.

--
BMO

Re:Editorial echo chamber

[tepples]

This means people will end up sucked into the echo chamber of one single publication's editorial bias.

They don't now?

To say that having to pay for content causes siloing is nonsense in the light of the current system of 'free' echo chambers.

The difference is that in an ad-supported environment, they can click over to another site (a different silo) and view its possibly opposing bias at a negligible marginal cost. With all-you-can-eat paywalls, this becomes cost prohibitive.

Re:Editorial echo chamber

[Areyoukiddingme]

This means people will end up sucked into the echo chamber of one single publication's editorial bias.

So, exactly like it was for half of the 20th century, if not the past 3 centuries?

This is precisely what the desired outcome is. Old media still exists. Old media had so much money to start with that even the past 20 years of missteps means they're still wealthy beyond our understanding. That plus being part of media conglomerates that make movies that have been making billions means they're still well funded. And they resent having to share your mindspace with anyone else.

They want it all. They want to own you from top to bottom, eyeballs, ears, and brain. They want their messages to be the first thing you see and hear when you wake up in the morning and the last things you see and hear when you go to bed at night. (The 6:00AM news and the 11:00PM news.) They want to drum their message into you until you can't even imagine questioning it, let alone actually question it. They hate this Internet thing, and would like nothing more than to turn it into a series of TV shows (that you pay for) and magazines (that you pay for). They want you to pay them for the privilege of having your brain owned.

It remains to be seen if the Millennials will fall for it.

Easily Solved

[Greyfox]

Google News seemed to want to serve me up a bunch of their pages. I just went into "Personalize" and turned their site all the way down. It's not like I'm not going to see the same story from 18 other news outlets or anything.

Also, for what it's worth, the MOAB hosts based ad blocker doesn't seem to trigger their advertising popup. Though if you're running a hosts based ad blocker, you could just add their site to it, and that'd solve your little Forbes problem, too.

Re:Easily Solved

[evilviper]

Actually, all you have to do is set your user-agent to:

      Mozilla/5.0 (compatible; Googlebot/2.1; http://www.google.com/bot.html)

Then Forbes will serve you the full page, even if you're using Adblock. Lots of other sites will serve you their full page, instead of just an introductory paragraph, then begging you to sign-up or sign-in.

This is EXACTLY the kind of thing Google tells webmasters they are not allowed to do... Serving up different content for its bot, than other users. Why they haven't yet smacked-down the numerous sites doing exactly that, escapes me. Maybe they need to see a bunch of user complaints about Forbes coming in.

Re:Easily Solved

[toddestan]

That's because Google makes their money off of ads they place on sites like Forbes. If it gets bad enough that people might stop using Google search, then they might do something because they also make money serving up ads with their search results. But otherwise, I wouldn't trust Google to do anything about it.

Ads industry has ruined the internet

[DNX+Blandy]

I run uBlock Origin and I cannot fault how well it works. As stated above and I quote, "Adblock alone has reduced my need for family-based PEBKAC support by nearly 95% in the last five years". This is true for me also. Ads are a plague on the internet and are the root cause of nearly all the issues in my view from personal experience. If a site asked me to disable my ad-blocker, I'll take my business elsewhere and I don't give a flying s**t what else anyone else has to say, (any negative comments suggest user is in the ad industry).

Re:Ads industry has ruined the internet

[Lumpy]

Yep. Do not feel bad about blocking all ad's. until the ad's are no longer laced with malware, feel good about blocking every bit if that crap.

Boo hoo website admin... you don't deserve any ad revenue if you are using doubleclick or other ad serving companies. you want ad supported revenue, then get off your lazy asses and get your advertisers yourself and host your ad's locally.

Is this the same Forbes?

[Hognoxious]

Is this the same Forbes that StartsWithABang is always linking to? I think timothy should find the person who keeps posting his stories and totally fire his useless ass.

Re:Is this the same Forbes?

[Areyoukiddingme]

Is this the same Forbes that StartsWithABang is always linking to? I think timothy should find the person who keeps posting his stories and totally fire his useless ass.

I'll just leave this here:

How We Know North Korea Didn't Detonate a Hydrogen Bomb
Posted by timothy on Saturday January 09, 2016 @05:02PM from the still-weaponizing-fan-death dept.
StartsWithABang writes:

Forbes Should be sued

[terminal.dk]

They put readers at unnecessary risk causing readers to become infected. All this with one motive only. Financial gain from crap displayed at users computers

Re:Content from one domain - yes

[arth1]

That doesn't work when the same address serves both content you want and content you don't want. Like single signon tokens and tracking cookies.

Or when the serving site isn't static. Especially with IPv6, you have a problem. Imagine a /64 block where every odd numbered IP serves content and every even numbered IP serves ads or tracking cookies.

And it doesn't work through proxy servers, which by their very nature fetch content for you and serve it all down the same pipe. You never know the remote IP addresses at all.

Change useragent to Googlebot to read Forbes w/ AB

[cshay]

They are of course reliant on Google page rank so the Googlebot gets special treatment.

Dear Adblock-blockers

[Opportunist]

I can survive without you. Can you without me?

Oh, you cannot survive with me blocking your ads? Ok. Accepted. Die.

Re:Some things exaggerated

[Cederic]

It needs to be clear that Forbes was not compromised and there is no technical wrongdoing on their part in this matter

Using a request to view their content as an excuse to distribute malware is a pretty fucking big technical wrongdoing.

If they can't vet the content they're presenting then they shouldn't fucking present it, unless they want blacklisting by anti-malware lists - e.g. the ones Google and Microsoft maintain.

Re:Some things exaggerated

[Rurik]

Really a philosophical wrongdoing :)

Ad blocking to fit under your cap

[tepples]

I disallow third-party links and if things break, they keep the pieces.

When you discover that the first several results from a search on a search engine "break", good luck letting sites "keep the pieces" while keeping some sense that search engines are still useful. Imagine performing some random web search, but you discover that the first five results on the page that look relevant are broken due to your ad blocking policy. But you don't know they're actually broken until you've already spent time viewing them. Your back button is going to get a lot of workout, and you'll spend a lot of time looking at broken pages.

But an anti-ad browser can download the shit without actually rendering it.

Which defeats the use of content blocking tools to prevent extra usage charges from the user's Internet service provider. This becomes important when satellite and mobile ISPs are charging $5 to $15 per GB.

Render the ad in a memory bitmap, and pass it back to the checking sw. But don't actually display it.

Solve Media defeats that by requiring the user to type in text from the ad.

and if facebook/newspapers breaks on a work computer then it is a good thing for productivity!

But potentially a bad thing for employee morale, as blocking newspapers affects what an employee can do during 10 minute breaks. That which negatively affects employee morale eventually affects employee retention.

Re:Ad blocking to fit under your cap

[oreaq]

When you discover that the first several results from a search on a search engine "break", good luck letting sites "keep the pieces" while keeping some sense that search engines are still useful. Imagine performing some random web search, but you discover that the first five results on the page that look relevant are broken due to your ad blocking policy. But you don't know they're actually broken until you've already spent time viewing them. Your back button is going to get a lot of workout, and you'll spend a lot of time looking at broken pages.

For 5 pages this takes 5 or 10 seconds. Not a lot of time compared to the damage done by a compromised computer. It's like everything else in live. You can cry about all the time it takes to put on a condom or you can not get AIDS. Your choice.

The ad revenue system is not structured safely

[Marrow]

The site does not choose the ads based on safety. The site sets aside space that is sold to different ad brokers who use brokers who have no idea what ads are going to be run. It is dangerous by design.

Until websites stop running content provided by other (anonymous) people, there ARE no safe ads. Its broken by design.

Re:The ad revenue system is not structured safely

[gbcox]

I understand your point, but if you believe a store is unsafe to visit, you don't go to that store. You don't decide, oh - I'll just shoplift. Some sites allow you to pay so you can avoid the ads, and the response from some has been: "Why would I pay when I can just use an ad-blocker"? Some people I'm sure are using ad-blockers to protect against malware, but the vast majority of people do so because they just don't want to be bothered by the ads. Obviously there are safe ads, otherwise everyone would be freaking out about it. Regarding the point about sites choosing ads, brokers, etc. It is still the responsibility of the site to ensure the ads which appear there are safe. It's their site. If the broker they have chosen is a bad apple, they need to choose another broker. That is standard premise liability law.

Re:And that's why...

[stooo]

>> And the elsewhere site is going to somehow support itself without any revenue from ads?
With reasonable ads: do ads locally, single picture only, and on less than 5% of the web page. No sound. No script. No tracking.

Re:Hosts files do a better job for less

[cm5oom]

That is one of the stupidest things I heard in a while. All they need for the tracking part is the geolocation. Do you really think they would spend billions of dollars building data centers closer to people if it didn't offer lower latency.

Re:Hosts files do a better job for less

[cm5oom]

Except that it doesn't actually fix the problem, you're still getting the address from dns now you're just caching it for a while. In fact you could make things worse if you get a bad address in your host file depending on how often you update it. Why don't you cut out the useless step and use a protocol that authenticates the source like dnssec or tls with pinned certs.

No Worries

[wkwilley2]

Hell, even If I disabled Adblock on my computer, Forbes still wouldn't work.

Looks like I'll never need to visit Forbes again.

Re:Hosts files do a better job for less

[cm5oom]

How? No no really, how?

Re:Hosts files do a better job for less

[cm5oom]

I just find it hard to believe that you're paranoid enough to think this happens often to dns but not paranoid enough to think it could happen to the person making the host file or paranoid enough to use a real solution that would fix the problem.

Re:Hosts files do a better job for less

[cm5oom]

Could you be more specific? As in go into more details on how exactly building data centers all over the world helps them to track people. You're the one that made this claim so you back it up.

Re:Hosts files do a better job for less

[cm5oom]

How do those hardcoded favorites get in your host file? Who puts them there? Can they keep a log of which sites are your favorites? (obviously they can). Why are their addresses more trust worthy? Aren't they just getting the addresses from dns as well? So couldn't they be fooled they same way you could be? etc. etc. etc.

I see a lot of buzz words in your posts but not many details. How about you go into the details and explain exactly how it's better and why it's not vulnerable to this stuff.

Re:Hosts files do a better job for less

[cm5oom]

I said the cdn was faster not the resolving. You're fooling yourself by misunderstanding my posts.

Re:Hosts files do a better job for less

[cm5oom]

So this program put the address in your host file and it's running on your computer? Where does it get the addresses from? How do you know you can trust them?

How about you stop accusing me of half truths and start giving some truths of your own. I'm asking you for details and this is all you give me? I mean seriously one sentence with 8 words for details and the rest of your post is marketing buzz words and ad hominem.

Re:Hosts files do a better job for less

[cm5oom]

Could you be more specific? As in how this allows them to track in ways that software can't.

Re:Hosts files do a better job for less

[cm5oom]

You just repeated what you've already said. You're arguing with yourself over local cached resolution being faster because I never said or claimed anything about that.

Let me spell it out for you. CDN is faster in the sense that downloading something from a server 10 miles from you is faster than downloading something from a server 10 thousand miles from you. They decide which server to direct you to by geolocating your ip address in the dns request.

Re:Hosts files do a better job for less

Learn to read: Again, business doesn't invest billions minus ROI in tracking/advertising data for no roi. It's valuable to them and others they sell it to. You call us stupid? Users like me turn off javascript that track them and turn on the largely useless DNT no advertiser obeys (giving away tracking is valuable in and of itself also) and referrer values in headers. You are the stupid one if you can't understand any of that. I don't think you're stupid. I think you're an advertiser or webmaster who can't stand that better than 50% of users online have killed your profit model and continue to grow in doing so. Your days are numbered and your profit model is dying and you know it. You can attempt to forums slide bury this (another advertiser tactic) but the truth's out there and the majority of people know it and are doing it. HBO was successful on television and so are adblockers and hosts is the best one that does a lot more for a lot less using what you have already instead of adding a crippled more that's easily blocked by clarityray with addons that are bought up by advertisers. Why don't you just admit you're an advertiser already? It's pitifully clear and your favorite color must be transparent as I can see right through you and your motivations easily.

Re:Hosts files do a better job for less

[cm5oom]

When did I lose? OpenDNS maybe patched against one form of dns spoofing but not all of them. And all the other things I asked still apply but you conveniently ignored them. And I said that other anonymous coward said something stupid. I never said this anonymous coward was stupid. I mean really can't you tell the difference between these two anonymous cowards?

Re:Hosts files do a better job for less

No matter how you cut it blocking ads and local resolution's faster. Especially combined. Repeating myself? Who is saying "be more specific" on ROI and business investment in tracking and advertising? You are. They don't invest in it for no return. Cdn based on dns introduces the possibility of tracking and redirection. I avoid it and gain speed by locally faster resolved ip addresses cached in memory here and avoid all the possible security problems in 1 file I have already instead of addons that are bought out by advertisers to not work by default and advertisers know most people won't change the defaults. They don't obey DNT either. That gives away they value tracking data too. Just admit you're an advertiser or webmaster losing money already. Your lies aren't working and your name calling tells us you're frustrated into it by being outsmarted at every single move.

Re:Hosts files do a better job for less

[cm5oom]

Still wait for you to say how building data centers all over the world helps them track people.

You keep accusing me of being an advertiser so I'll make an accusation of my own. You're apk and you're shilling for your own product. That's why you keep mentioning him and his product instead of using the generic term hosts file like I have been.

Re:Hosts files do a better job for less

OpenDNS is patched and isp dns aren't. I am safer with them than without them. I haven't seen OpenDNS have issues with redirect poisoning so your weak point is worth zero. What I know is the hosts method of favorites works and adblocking in it does the rest. It also protects against botnets and maliciously coded sites if you have to use javascript on them. I usually don't. It's a huge risk for security and tracking and slows you down a lot too. There's little questioning this and more than 1/2 of internet users are wising up to it going faster, safer, and more reliably online and the advertisers know it even admitting they have screwed up in openbid advertising models allowing malware infestations and selling our data to others for profit. Hosts files protect me from all that and gain me more speed than any other single solutions do and for far less using what I already have. They don't build these cdn for no reason. Business exists to profit at the expense of others, literally. You have repeatedly called others stupid and when you are confronted with facts you can't defeat you give it away by your name calling. It's so obvious.

Re:Hosts files do a better job for less

[cm5oom]

CDN introduces the possibility of tracking? What are you joking? You have to connect to their server at some point to get the web page, they can just track you then. Why would they spend all this money building a cdn infrastructure to do something they could do on their web server? This is why I ask you for details and this is why you won't give them. Because there's nothing behind your claims, they're hollow, when you try to go deeper it becomes obvious.

Re:Hosts files do a better job for less

[cm5oom]

And you ignored my other points once again even tho I remind you in my last post. Why don't you want to answer them?

Re:Hosts files do a better job for less

[cm5oom]

You have to connect to their server to get the web page. They get your ip address from that (obviously since they need it to send the data back to you). They don't need a cdn or dns request to do geolocation, all they need is for you to connect to their server. You aren't using facts you're using smoke and mirrors to misdirect.

Re:Hosts files do a better job for less

[cm5oom]

I said geolocation only needs an ip address. They can get your address from any means that you uses to connect to them whether that be dns lookups or connecting to their web servers. Who said anything about "to be good"? The do cdn to deliver content to their customers faster. Say there's two websites with the same kind of content, one takes 5 seconds to load and the other takes 30 seconds to load, which would you rather visit?

Trying again to answer a butcher shop analogy

[tepples]

In the other chain of replies, you cited names of logical fallacies. This indicates to me that you desire a more rigorous argument rather than a casual one. Per your request, I will attempt a more rigorous argument. There are two options for a third business model: it can be one for publishing information, or it can be one for something other than publishing information. I will handle each of these possibilities:

Assume the third business model is a business model for publishing information Both advertising and subscriptions existed for decades before the Internet. It is possible for a third to be discovered in the remainder of your lifetime, but because it has not already been discovered, I don't see it as likely. Probability matters because a rational investor shuns a business whose revenue source is unlikely to be discovered. Assume the third business model is a business model for something other than publishing information If an existing business publishing information in exchange for advertising were to switch to such a business model, such as a news site becoming a butcher shop, it would not be able to repurpose a substantial fraction of its existing assets for the new line of business.

As for the "side door" business, I can express the idea that I believe the author was trying to get across in terms of butcher shops. Like web sites that publish information in exchange for a subscription fee, butcher shops typically have a minimum order size to account for the overhead of processing the payments of its customers.

Re:Trying again to answer a butcher shop analogy

[bingoUV]

Unfortunately, if you think butcher shop was an analogy, I haven't been clear enough. Butcher shop is a real counter-argument to the "no business model" argument the article seems to make.

Like if someone said no car exists, and I point out a Toyota Camry "car" going past. Toyota Camry is not an analogy.

Both advertising and subscriptions existed for decades before the Internet. It is possible for a third to be discovered in the remainder of your lifetime, but because it has not already been discovered, I don't see it as likely. Probability matters because a rational investor shuns a business whose revenue source is unlikely to be discovered.

1. New business models with far smaller customer base are discovered every year.
2. Who cares? Not my problem if it doesn't exist. Urban slang - they can suck it. I never assumed the role of godfather for the "information publication" industry, I am not trying to find a business model for them, and if I suggest some in casual conversation which is overheard by passers by, I don't intend to profit by the idea.

This is why I pointed out that I didn't invent the butcher shop business model and I ok with other people's invented business models succeeding. "Find another business model for yourself" is still a valid argument, since they keep finding flaws in their own business model. I am not their nanny.

If an existing business publishing information in exchange for advertising were to switch to such a business model, such as a news site becoming a butcher shop, it would not be able to repurpose a substantial fraction of its existing assets for the new line of business.

1. "News site" need not become a butcher shop. A "news site" has no right to exist. Human members of that organization can be said to have the right - and they can join existing butcher shops, or start new ones. Preferably not all in the same locality, but whatever floats their boat.

2. Who cares? Not my problem. Even if they cannot repurpose their assets for a new business model, it is still a valid argument to say "find a new business model for yourself" when they find flaws in their own business model. Again, I am not their nanny.

You'd be affected as a user of their services

[tepples]

In this comment, I shall address your "not my problem" angle.

Like if someone said no car exists, and I point out a Toyota Camry "car" going past. Toyota Camry is not an analogy.

The argument in this case would be "no such car exists", with the scope of "such car" defined implicitly by the rest of the paragraph.

they can suck it. I never assumed the role of godfather for the "information publication" industry

Yet as a user of Slashdot, you presumably use the products and services of said industry and would thus be affected by the drastic contraction that you propose. Once you need to buy a year's subscription for Google Search, another for Slashdot, and another for each site linked from Slashdot, where do you plan to hang out on the web? And with the end of ability to find professionally written material through a web search at no additional charge, how will there remain enough demand for home Internet connections to sustain a market for affordable home Internet connections like yours?

A "news site" has no right to exist. Human members of that organization can be said to have the right - and they can join existing butcher shops, or start new ones.

Thank you for clarifying the extent of the changes that you wish would happen to the web. Just to be absolutely sure that I understand, would you agree with the following summary of your central thesis?

Companies operating ad-supported web sites ought to switch to subscriptions. Those that can't turn a profit with a paywall ought to wind up operations and return their assets to their investors, and their former employees ought to retrain for a different industry, such as opening a butcher shop.

Re:You'd be affected as a user of their services

[bingoUV]

Part 1: Arbitrariness of the insistence in remaining in information publication industry:

The argument in this case would be "no such car exists", with the scope of "such car" defined implicitly by the rest of the paragraph.

Let us assume that "such" is forcefully deduced from context when "such" is not mentioned. Even then, "such" car is not necessary for commuting. It is not described how "such" car is preferable to any other car. Any car would do, so the ensuing much wringing of hands is not justifiable from "such" car not existing.

Part 2: You not even acknowledging that I am making a "not my problem" argument :

1. drastic contraction that you propose
2. Once you need to buy a year's subscription for Google Search, another ...
3. ought to switch to subscriptions

I have emphasized multiple times that I do not propose they move to subscriptions. How?
1. By not saying they move to subscriptions
2. By saying I am not proposing ANYTHING for the industry
3. By saying I am not their nanny.

I mention the possibilities of moving to other industries only when representatives of the industry point out the flaws in their own business model.

Even when you set out to address my "not my problem" angle, you still
1. assume I am making it my problem
2. assume I am proposing some solution or the other
3. find fault with my imaginary proposal.

Part 3 : Points in which you address my "not my problem" angle.

Hypothetical situation : If the success of the industry is dependent on my suggesting something to them, and not being their nanny I refuse to suggest anything at all to them, the industry folds. You make some good points in such an imaginary situation:

where do you plan to hang out on the web?

I hung out on the web in 2001-2003. I saw a rise of obnoxious advertising in this period, but the best parts of the web were free of any advertising in this period.

Now that the cost of hosting is 10^5 times lower and direction of innovation has changed, I am having trouble being afraid at all from the death of such an industry.

Imagine. "Information" publication industry, holding on to centuries old ways after the "information" technology revolution. And being proud of it - by saying these are the 2 business models being practiced for hundreds of years so obviously we can't do anything.