Slashdot Mirror
Forbes Asks Readers To Disable Adblock, Serves Up Malvertising (engadget.com)
Deathlizard writes with a report at Engadget that when this year's "Forbes 30 Under 30" list came out , "it featured a prominent security researcher. Other researchers were pleased to see one of their own getting positive attention, and visited the site in droves to view the list. On arrival, like a growing number of websites, Forbes asked readers to turn off ad blockers in order to view the article. After doing so, visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information."
And with laws like the DMCA you can be sued for telling other how to bypass the ad block block.
Seriously, this is why we run ad blockers, and why I stopped reading Forbes. They need revenue, and I don't trust them to vet their advertisements, so I get my news elsewhere.
Which is sad, because I like a lot of their articles.
Never underestimate the stupidity inherent in all human beings.
What's a redear?
Escher was the first MC and Giger invented the HR department.
Man this place going to the dumps...
Jack of all trades,master of none
Matter of fact they do it in the story just below this one
http://politics.slashdot.org/s...
Seriously I know for some reason they have relentless need to plug Ask Ethan but seriously could they at least do it by posting a link to an archive site. Archive.is comes to mind as a good alternative to links to Forbes
I hate the DMCA as much as the next guy but there's no DRM involved in blocking ads. Now, if you told people how to get around a paywall (even a trivial one) then you'd have a point.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
is convinced the ads just got too annoying, but in my experience there's no amount of annoying in ads that makes Joe or Jane average run screaming from them. I'm guessing it's relatives sick of cleaning malware. I run some ads on my site to pay for bandwidth and what have you and I've stuck with plain Google ads even though other folks might pay more because I can't be bothered dealing with serving up malware to my users. Both AVGN & Penny-Arcade have seen their sites taken down by Malvertisements and now even Forbes?
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
I'll accept content from the domain that's in my address bar, and that's it. If somebody wants to show me ads, it's going to have to be from their own domain.
I don't respond to AC's.
There was a time before advertising infested the internet. Then the first ads started to appear, and many of us warned, "If you support those sites, soon the whole place is going to go to shit. The internet will turn into a clusterfuck of excessive commercialization, fake reviews, astroturfing, and meaningless click-bait content designed to sell eyeballs to advertisers". But did people listen? No, because there were dancing monkeys.
When javascript-infested sites first started appearing, many of us warned, "Are you people fucking insane? Giving random sites the ability to run imperfectly sandboxed code on your computer is going to be a disaster. It'll result in horrifically annoying behavior like pop-unders, unclosable windows, auto-playing audio, and most likely malware. It'll result in behavioral tracking on a scale you can't imagine. It'll result in wholesale transfer of control away from the owner of each computer, to ad companies. Is that what you fools WANT?"
But did people listen? No. Like mice hooked on opiates they pushed the lever and and again for the next hit, without considering the long term ramifications, until it's become hard for most people to use the web without javascript, because we let it become so ubiquitous that nothing fucking works without it. We were too stupid to say "no" when the camel's nose first entered the tent. Now, here's the camel!
The same WILL happen with sites that refuse to serve content if you block ads. A few of us see where that road goes and will say "no thanks", but most of us are far too stupid. The end result will be a web completely unusable if you don't want to let the ad-men control your computer. The end result is TV 2.0, rather than what the internet used to be: a democratic medium where everyone had a voice. It's a wholesale transfer of control from everyone, to a few.
We all get what most of us deserve. Unfortunately, most of us are drooling mouth-breathers.
I've rarely seen a website so encumbered with shit, like Forbes'. Not only should one not stop using ad-blockers when visiting them, one should simply never visit Forbes at all. Add it to the list of blocked sites.
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
because it's a big and trusted name
And trying hard to rectify that...
Adblock plus is telling me it's blocked 13 ads on this page and that's with the excellent karma opt-out.
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
Now stop linking to Forbes, slashdot. Archive.is if you need to. That website has been a steaming pile of shit since they started demanding what you think and see, of course they think nothing of demanding what your computer processes and does. They are tyrants, STOP LINKING FORBES
uBlock doesn't appear to be affected on Forbes. Read articles, see no ads.
Note that browser makers Google, Microsoft, and Apple have continually pushed for DRM to become part of web standards.
And that they obtained considerable financial influence over the browser maker thought most likely to resist (Mozilla).
And that Mozilla gave in on DRM and continues to make inexpicable blunders and lose market share.
After such a relentless campaign to ensure all available browsers contain DRM, I wouldn't be at all surprised to see DRM used to protect ads, particularly in video. Stopping you from reading/recording a video stream necessarily stops you from altering it.
Damn, am I ever so happy (as always) that the proven tech leader was ousted as Mozilla's CEO in favor of the former head of marketing.
Whenever I encounter a page that requires me to turn off adblock: I close the site.
I went ahead and went to the Forbes site (which it says I'm "still" using an adblocker, in the same sense that I'm "still" a carbon based life form), and then I went and grabbed one of the scripts that they serve on the main page in lieu of fucking content.
Here's a link: I originally put a TINY amount of it here, but it was SO shitty than even after cutting it down it would just ruin you.
view-source:http://i.forbesimg.com/welcomead/scripts/12662fd2.vendor.js
Just go read that script. It might make you cry.
blah blah blah just megabytes of this shitscript to push through an article that maxes out at a kilobyte. It's fucking ludicrous.
And that's without all the ads (which are meant to own your head, and of course maliciously own your computer, and DO YOU THINK THEY ARE LIABLE FOR SERVING ADS THAT TURN YOUR MACHINE INTO A RUSSIAN SERVER?)
Stop. Linking. Forbes.
It's a pile of shit website. If you must, EACH link should go through archive/is or some other service to neuter the malware and bullshit. Stop enabling these fucks. If you need to serve megabytes of malware and bullshit just to put text on the screen, drink bleach kthx
Fuck Forbes, they supported SCO back in the mid-00s and portrayed Linux users and supporters as a bunch of communists. Forbes gets filtered by my mental adblock way before it gets loaded by my browser.
in court. Again, it's a bad law, but it's not a "Do any evil thing you want" law. If a company dumps toxic waste they don't get to say "You can't complain, the DMCA says so!". Now, the law _has_ been abused to silence critics. But again, completely different from what you or the Grandparent are suggesting.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
For Forbes you'll need a cookie editor. I tested it with uBlock origin, but I suspect it will work fine with hosts solutions, including APK's. The two weaknesses of APK's host engines are: a hosts solution currently has reasonably easy workarounds if an advertiser wants to fight (and they do- advertisers are just like spammers, and they deleted usenet and almost ruined email), and I'm pretty sure the Host Engine is not multiplatform.
I could be wrong about the second one, and the first one isn't *really* a weakness compared to today's reasonably simple adblockers. Other complaints, such as search depth being a problem, are somewhat valid, but are also subject to being fixed at the OS level.
Anyway, if someone using the host engine wants to test the cookie fix (I found it on https://www.reddit.com/r/Adblo... and put the cookie values later in this thread), that would probably be useful for the other users of that.
Interesting claims. Visitors were "immediately served with pop-under malware", although there is only one citation given, which is a link to a picture (presumably a screenshot) on @bbaskin's private Twitter account, which can only be seen by a "confirmed follower". Uh, okay. Nonetheless, this malware was "primed" to infect their computers and "likely" to do a lot of horrible stuff. Having run out of conjectures (let alone facts) about Forbes by the third paragraph, the rest of the article is padded out by a list of past incidents involving DailyMotion and MSN, followed by some bloviating which even Bennett Haselton might be ashamed of.
I'm totally sure that this isn't just attention-whoring from a litigious sex columnist who, after publishing The Adventurous Couple's Guide to Strap-On Sex and her second edition of The Ultimate Guide to Cunnilingus, apparently ran out of ideas and re-styled herself a computer security journalist.
Yes, I know malware is served through advertising, but this article is about a specific claim of Forbes being used as an injection vector with literally nothing backing it up. Also, let me note that there's nothing wrong with being a sex columnist. I just don't think that automatically means you should write about computer security.
"They were pure niggers." – Noam Chomsky
> Then what means of deploying an application across platforms isn't fundamentally broken?
The part where you deploy an application. That part is broken.
Did you follow the link to your spreadsheet? Or was it to a news article? There's an application you have for "display a news article". It's a browser running HTML with no scripting enabled. That displays text just fine- it's the only fucking purpose.
The reason scripts are FUNDAMENTALLY broken is that they are code. The fact that they are code that is treated by browsers as if they are just part of the browsing experience is ludicrous. If you want to use like Google Docs, that's a pretty good time to need code, so if you click through some script-enable dialogs, or honestly even a UAC in Windows for that, that could be reasonable. If the majority of browsers in the world just download and execute code, you are asking for exactly the security shitstorm we constantly and ceaselessly see. Running javascript is AS RISKY as running raw opcodes, because at any given day since Javascript's release, there's been multiple exploits to turn the javascript straight into those opcodes. The fact that the world is full of fools who think you need a webapp to display a news story is hideous.
I hypothesize we are at the beginning of a bifurcation of the WWW. Websites are going to have to decide how many potential users they are prepared to forego to try and force compliance. Users are going to have to decide how many websites they are prepared to forego in order to respect themselves, their time, their privacy, and their personal security.. Especially on my smartphone I had already gotten to the point where the pain of dealing with all the crap popups was discouraging me from using web (as opposed to the internet) at all. So the availability of solid ad-blocking was finally enough to induce me to upgrade to an Apple 6S. Now I'm noticing that a lot of websites, including slashdot, don't load at all. How do I feel about that? Well, it would have been nice to be able to visit slashdot from my mobile but, frankly, I'm already writing it off. There are plenty enough other sites on the web and I expect I will eventually reconcile fully to not going to certain sites -- just as I avoid porn sites. The toughest thing? it would nice to have a browser that didn't even waste my time taking me to sites which were going to block access. Hopefully that will come out as a feature in new ad-blocking software. All in all, I have to say the fresh air from not having to deal with the endless shit thrown up by the 'advertisers' (pimps) is more than worth the price of admission...er, being denied admission! :-) This is something everyone is going to have decide on their own. And I guess, from time to time, I may be tempted to drop my shields so I can let a site molest me in return for letting me see their "content". But probably not very often and maybe not at all. Fuck Forbes, along with the Times, etc. If 3/4 of the websites disappear from my web I think I will be just fine with that in the longer run. All the browsing was giving me ADHD anyway.
Why can't websites just put up static ads instead of all this privacy-invading, abusive advertising? Yeah, I'm sure they will say there isn't enough money in that. But if enough people refuse to go along with the compliance training, I expect they will rethink that. If nothing else, websites which don't block me and put up static ads know a little about me just on the basis of my voting with my feet. That ought to be some sort of a differentiation. Eventually, I expect the differentiation will be between low class people (who allow themselves to be abused in return for candy) and those of higher class who actually think longer term and respect themselves a little more. We'll see. I don't expect it to take that long, really.
My experience is that most ads are abusive in some way. I use these add-ons in Firefox: uBlock Origin ad blocking, NoScript, and Ghostery.
It amazes me that, when I go to the Ally Bank web site to see my accounts summary at the following URL, Ghostery says "Ghostery found 8 trackers":
https://securebanking.ally.com/#/accounts/summary
The Ally Bank URL contains the words "secure banking"!
Here are the trackers:
Advertising.com
Google DoubleClick Floodlight
Google DoubleClick Spotlight
Google Dynamic Remarketing
MediaMath Advertising
Omniture (Adobe Analytics)
Qualtrics
RUN (https://match.rundsp.com/)
There is nothing "secure" about notifying other companies that I am looking at a summary of my bank accounts!
Advertisers choose the Internet over radio and TV in part because the Internet gives more detailed reach statistics than radio and TV.
Yes, anything is possible, just as it is possible the sun will super nova tomorrow and destroy the earth... or the planet will get hit by an untracked meteor; or how about the nemesis theory?
This is a prime example of someone who gets their computer taken over by a botnet.. doesn't care, don't even look. Just merrily goes about their life oblivious while their computer is used for nefarious purposes, like serving malware to other idiots.
Next to nobody is willing to pay for a whole month just to read one article found through a search engine or through a citation shared by a friend. Imagine having to do this to read one article from each of ten different publications in a month.[1]
[1] "Adblockers say, 'Find a better business model.' But can you really?" posted on 2015-10-12
Okay, I DO understand the point that content producers make that it cuts into their revenue. And I DO believe they should be paid for their labors.
But that doesn't mean I'm going to work a second job just to turn the proceeds over to them.
Malvertising is a ubiquitous, ongoing problem. And I'm not exposing any systems I have control over to that. Because the amount of work it takes to clean up from that sort of infection is VERY non-trivial. And if it causes me to lose data on a business machine? Oh HELL no!
Current internet advertising is a dirty, disease-ridden whore, and ad blockers are condoms.
Chas - The one, the only.
THANK GOD!!!
Except that the vast majority of major sites use dns lookups to do geolocation cdn and load balancing for performance (both yours and theirs). By hard coding addresses you miss out on that. That's just one of many reason why the internet stopped using host files and switched to dns.
It's the same as with dead tree magazines - if you don't pay for it then that magazine is dead.
Which means the majority of articles would be dead to the majority of people, as the majority of people would not have the resources to maintain a subscription to the majority of periodicals, including the effort to obtain back issues. How does it benefit the public to make the majority of articles dead to the majority of people?
One side effect of moving to closed access, where articles are spread out across several publications each with its own monthly or annual subscription, is that it'll become cost prohibitive for an individual to sample the viewpoints of several different publications. This means people will end up sucked into the echo chamber of one single publication's editorial bias.
Also, for what it's worth, the MOAB hosts based ad blocker doesn't seem to trigger their advertising popup. Though if you're running a hosts based ad blocker, you could just add their site to it, and that'd solve your little Forbes problem, too.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I run uBlock Origin and I cannot fault how well it works. As stated above and I quote, "Adblock alone has reduced my need for family-based PEBKAC support by nearly 95% in the last five years". This is true for me also. Ads are a plague on the internet and are the root cause of nearly all the issues in my view from personal experience. If a site asked me to disable my ad-blocker, I'll take my business elsewhere and I don't give a flying s**t what else anyone else has to say, (any negative comments suggest user is in the ad industry).
They are of course reliant on Google page rank so the Googlebot gets special treatment.
I can survive without you. Can you without me?
Oh, you cannot survive with me blocking your ads? Ok. Accepted. Die.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You just repeated what you've already said. You're arguing with yourself over local cached resolution being faster because I never said or claimed anything about that.
Let me spell it out for you. CDN is faster in the sense that downloading something from a server 10 miles from you is faster than downloading something from a server 10 thousand miles from you. They decide which server to direct you to by geolocating your ip address in the dns request.
When did I lose? OpenDNS maybe patched against one form of dns spoofing but not all of them. And all the other things I asked still apply but you conveniently ignored them. And I said that other anonymous coward said something stupid. I never said this anonymous coward was stupid. I mean really can't you tell the difference between these two anonymous cowards?
CDN introduces the possibility of tracking? What are you joking? You have to connect to their server at some point to get the web page, they can just track you then. Why would they spend all this money building a cdn infrastructure to do something they could do on their web server? This is why I ask you for details and this is why you won't give them. Because there's nothing behind your claims, they're hollow, when you try to go deeper it becomes obvious.